[Change] updated README references for old shortargs to long form

[Change] updated scan_user_access_minuid 30 => 100
rfxn · Mar 1, 2021 · cbb8d87 · cbb8d87
1 parent 5587ab6
commit cbb8d87
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 12 deletions.
diff --git a/CHANGELOG.RELEASE b/CHANGELOG.RELEASE
@@ -1,8 +1,10 @@
-v1.6.5 | Apr 24 2020:
+v1.6.5 | ?? ?? 2020:
 [Fix] monitor mode white space detection; issue #354
 [Change] event_log/clamscan_log now record year in timestamp; issue #352
 [Change] -p|--purge will now trim the inotify_log; issue #350
 [New] -D|--dump-report to dump reports to stdout; pr #362
+[Fix] monitor mode will now fail to start if 'ed' is not installed; issue #350
+      inotify_log requires in-place inode pruning to prevent exponential growth
 
 v1.6.4 | Mar 18 2019:
 [New] add quarantine_on_error variable to control quarantine behavior when scanner engines such as ClamAV encounter an error

diff --git a/README b/README
@@ -198,8 +198,8 @@ and all options are well commented for ease of configuration.
 
 By default LMD has the auto-quarantine of files disabled, this will mean that
 YOU WILL NEED TO ACT on any threats detected or pass the SCANID to the '-q'
-option to batch quarantine the results. To change this please set quar_hits=1
-in conf.maldet.
+option to batch quarantine the results. To change this please set
+quarantine_hits=1 in conf.maldet.
 
 .: 8 [ IGNORE OPTIONS ]
 
@@ -303,7 +303,7 @@ option gives a detailed summary of usage options:
 
     -co, --config-option VAR1=VALUE,VAR2=VALUE,VAR3=VALUE
        Set or redefine the value of conf.maldet config options
-       e.g: maldet --config-option email_addr=you@domain.com,quar_hits=1
+       e.g: maldet --config-option email_addr=you@domain.com,quarantine_hits=1
 
     -p, --purge
        Clear logs, quarantine queue, session and temporary data.
@@ -383,15 +383,15 @@ are set in the interest of performance vs accuracy which is a fair tradeoff.
 
 The scan options can be modified in the hookscan.sh file if so desired, the default
 scan options are as follows:
---config-option quar_hits=1,quar_clean=0,clamav_scan=0 --modsec -a "$file"
+--config-option quarantine_hits=1,quarantine_clean=0,clamav_scan=0 --modsec -a "$file"
 
 There is a tangible performance difference in disabling clamav scanning in this usage
 scenario. The native LMD scanner engine is much faster than the clamav scanner engine
 in single file scans by a wide margin. A single file scan using clamav takes roughly
 3sec on average while the LMD scanner engine takes 0.5sec or less.
 
-To enable upload scanning with mod_security2 you must set enable the public_scan option
-in conf.maldet (public_scan=1) then add the following rules to your mod_security2 
+To enable upload scanning with mod_security2 you must set enable the scan_user_access option
+in conf.maldet (scan_user_access=1) then add the following rules to your mod_security2 
 configuration. These rules are best placed in your modsec2.user.conf file on cpanel servers
 or at the top of the appropriate rules file for your setup.
 
@@ -420,11 +420,11 @@ The default alerting options will apply and an e-mail will be sent when hits are
 can be changed in the hookscan.sh script by editing the --config-option values.
 
 To disable alerts append email_alert=0 to the --config-option values:
---config-option quar_hits=1,quar_clean=0,clamav_scan=0,email_alert=0
+--config-option quarantine_hits=1,quarantine_clean=0,clamav_scan=0,email_alert=0
 
 To change the e-mail address for alerts on upload hits, append email_addr=you@domain.com
 to the --config-option values:
---config-option quar_hits=1,quar_clean=0,clamav_scan=0,email_addr=you@domain.com
+--config-option quarantine_hits=1,quarantine_clean=0,clamav_scan=0,email_addr=you@domain.com
 
 The nature of uploads is such that they are performed either under the user that the HTTP
 service is running as or under that of a system user in an suexec style setup (i.e: phpsuexec).
@@ -435,8 +435,8 @@ Given that the maldetect installation path is owned by user root, we either need
 path world writable (777) or populate the pub path with user owned paths. It was undesirable
 to set any path world writable and as such a feature to populate path data was created. This
 feature is controlled with the --mkpubpaths flag and is executed from cron every 10 minutes,
-it will only execute if the public_scan variable is enabled in conf.maldet. As such, it is
-important to make sure the public_scan variable is set to enabled (1) in conf.maldet and it is
+it will only execute if the scan_user_access variable is enabled in conf.maldet. As such, it is
+important to make sure the scan_user_access variable is set to enabled (1) in conf.maldet and it is
 advised to run 'maldet --mkpubpaths' manually to prepopulate the user paths. There after, the
 cron will ensure new users have paths created no later than 10 minutes after creation.
 

diff --git a/files/internals/internals.conf b/files/internals/internals.conf
@@ -119,7 +119,7 @@ inotify_trim=131072
 hex_fifo_path="$varlibpath/internals/hexfifo"
 hex_fifo_script="$libpath/hexfifo.pl"
 hex_string_script="$libpath/hexstring.pl"
-scan_user_access_minuid=30
+scan_user_access_minuid=100
 find_opts="-regextype posix-egrep"
 email_template="$libpath/scan.etpl"
 email_subj="maldet alert from $(hostname)"