linux-malware-detect icon indicating copy to clipboard operation
linux-malware-detect copied to clipboard

Published 20 hours ago verified publisher icon rfxn

Maldet scan report not existing after account suspension

Open darkkean opened this issue 7 years ago • 0 comments

Hi,

I have a cPanel server with maldet v1.6.2.

I configured my maldet to auto-suspend accounts when hits are found.

quarantine_suspend_user="1"

Now I fired maldet -m users in the background to scan all accounts' files whenever they're created/modified.

When hits are detected, the auto suspension was successful. And when I check cPanel, the suspension reason contains the maldet command to run. Eg: maldet --report 170818-1425.27500.

Now when I run this command on the server, it returns nothing and it says report is not found.

# maldet --report 170818-1425.27500
Linux Malware Detect v1.6.2
            (C) 2002-2017, R-fx Networks <[email protected]>
            (C) 2017, Ryan MacDonald <[email protected]>
This program may be freely redistributed under the terms of the GNU GPL v2

{report} no report found, aborting.

And Indeed when I run maldet --report list | grep "170818-1425.27500" there's no such report ID.

However when I run cat logs/event_log | grep "account_name" it shows the logs and there was indeed a hit.

Please have a look.

darkkean avatar Aug 23 '17 00:08 darkkean