Download & Install Maldet.
tar -xzvf maldetect-current.tar.gz
Go to the maldetect directory and run the installer script 'install.sh' as root:
Next, make a symlink to the maldet command in the /bin/ directory.
ln -s /usr/local/maldetect/maldet /bin/maldet
Configure Maldet, Install Nano editor if its not installed ( yum install nano )
Enable email alert by changing the value to '1'.
Set your email address .
We will use the ClamAV clamscan binary as default scan engine because it provides a high-performance scan on large file sets. If its not installed you can install it using ( yum -y install clamav clamav-devel ) then update using ( freshclam ) command.
Change value to '1' on line 114.
Next, enable quarantining to move malware to the quarantine automatically during the scan process. Change value to '1' on line 180.
Change value to 1 on line 185 to enable clean based malware injections.
Save and exit.
Use Real-Time Monitoring with Maldet for active monitoring.
The inotify monitoring feature is designed to monitor paths/users in real-time for file creation/modify/move operations. This option requires a kernel that supports inotify_watch (CONFIG_INOTIFY) which is found in kernels 2.6.13+ and CentOS/RHEL 5 by default.
There are three modes that the monitor can be executed with and they relate to what will be monitored, they are USERS|PATHS|FILES.
e.g: maldet --monitor users
e.g: maldet --monitor /root/monitor_paths
e.g: maldet --monitor /home/mike,/home/ashton