Imported Upstream version 1.5.1-rc3

.ca.def

@@ -1,5 +1,4 @@
 cat > /usr/local/maldetect/conf.maldet <<EOF
-#!/bin/bash
 #
 ##
 # Linux Malware Detect v1.5

README

@@ -309,14 +309,17 @@ The cronjob installed by LMD is located at /etc/cron.daily/maldet and is used
 to perform a daily update of signatures, keep the session, temp and quarantine
 data to no more than 14d old and run a daily scan of recent file system changes.
 
-The daily scan supports Ensim virtual roots or standard Linux /home*/user paths,
-such as Cpanel. The default is to just scan the web roots daily, which breaks
-down as /home*/*/public_html or on Ensim /home/virtual/*/fst/var/www/html and
-/home/virtual/*/fst/home/*/public_html.
+The daily scan supports a variety of control panel systems or standard Linux
+/home*/user paths. 
 
 If you are running monitor mode, the daily scans will be skipped and instead a
-daily report will be issued for all monitoring events. If you need to scan
-additional paths, you should review the cronjob and edit it accordingly.
+daily report will be issued for all monitoring events. 
+
+If you need to scan additional paths, you should review the cronjob and use one
+of the customization hook files, such as '/usr/local/maldetect/cron/custom.cron',
+to write in custom scanning execution. For configuration based cron changes, you
+can redefine any conf.maldet variables at '/etc/sysconfig/maldet' or 
+'/usr/local/maldetect/cron/conf.maldet.cron'.
 
 .: 11 [ INOTIFY MONITORING ]
 

cron.daily

@@ -1,7 +1,6 @@
 #!/usr/bin/env bash
 export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH
 export LMDCRON=1
-inspath=/usr/local/maldetect
 intcnf="$inspath/internals/internals.conf"
 
 if [ -f "$intcnf" ]; then
@@ -34,7 +33,7 @@ fi
 
 if [ "$find" ]; then
 	# prune any quarantine/session/tmp data older than 7 days
-	tmpdirs="$inspath/tmp $inspath/sess $inspath/quarantine $inspath/pub"
+	tmpdirs="$tmpdir $varlibpath/sess $varlibpath/quarantine $varlibpath/pub"
 	for dir in $tmpdirs; do
 	 if [ -d "$dir" ]; then
 	  $find $dir -type f -mtime +7 -print0 | xargs -0 rm -f >> /dev/null 2>&1

files/hookscan.sh

@@ -1,6 +1,5 @@
 #!/usr/bin/env bash
 file="$1"
-inspath=/usr/local/maldetect
 intcnf="$inspath/internals/internals.conf"
 
 if [ -f "$intcnf" ]; then

files/internals/functions

@@ -1,4 +1,3 @@
-#!/bin/bash
 ##
 # Linux Malware Detect v1.5
 #             (C) 2002-2016, R-fx Networks <proj@r-fx.org>
@@ -368,7 +367,7 @@ usage $0 [ OPTION ]
     -s, --restore FILE|SCANID
        Restore file from quarantine queue to orginal path or restore all items from
        a specific SCANID
-       e.g: maldet --restore /usr/local/maldetect/quarantine/config.php.23754
+       e.g: maldet --restore $varlibpath/quarantine/config.php.23754
        e.g: maldet --restore 050910-1534.21135
 
     -q, --quarantine SCANID

files/internals/internals.conf

@@ -8,11 +8,14 @@
 
 inspath=/usr/local/maldetect
 intcnf="$inspath/internals/internals.conf"
-intfunc="$inspath/internals/functions"
-cnffile="conf.maldet"
-cnf="$inspath/$cnffile"
+libpath="$inspath/internals"
+intfunc="$libpath/functions"
 
 logdir="$inspath/logs"
+confpath="$inspath"
+cnffile="conf.maldet"
+cnf="$confpath/$cnffile"
+varlibpath="$inspath"
 maldet_log="$logdir/event_log"
 clamscan_log="$logdir/clamscan_log"
 datestamp=`date +"%y%m%d-%H%M"`
@@ -50,16 +53,16 @@ logger=`which logger 2> /dev/null`
 clamdscan=`which clamdscan 2> /dev/null`
 
 suppress_cleanhit="$email_ignore_clean"
-ignore_paths="$inspath/ignore_paths"
-ignore_sigs="$inspath/ignore_sigs"
-ignore_inotify="$inspath/ignore_inotify"
-ignore_file_ext="$inspath/ignore_file_ext"
-quardir="$inspath/quarantine"
-sessdir="$inspath/sess"
-sigdir="$inspath/sigs"
-cldir="$inspath/clean"
+ignore_paths="$confpath/ignore_paths"
+ignore_sigs="$confpath/ignore_sigs"
+ignore_inotify="$confpath/ignore_inotify"
+ignore_file_ext="$confpath/ignore_file_ext"
+quardir="$varlibpath/quarantine"
+sessdir="$varlibpath/sess"
+sigdir="$varlibpath/sigs"
+cldir="$varlibpath/clean"
 tmpdir="$inspath/tmp"
-userbasedir="$inspath/pub"
+userbasedir="$varlibpath/pub"
 hits_history="$sessdir/hits.hist"
 quar_history="$sessdir/quarantine.hist"
 
@@ -86,21 +89,21 @@ lmd_hash_url="http://cdn.rfxn.com/downloads/maldet.current.hash"
 lmd_version_url="http://www.rfxn.com/downloads/maldet.current.ver"
 
 clamav_paths="/usr/local/cpanel/3rdparty/share/clamav/ /var/lib/clamav/ /var/clamav/ /usr/share/clamav/ /usr/local/share/clamav"
-tlog="$inspath/internals/tlog"
+tlog="$libpath/tlog"
 inotify=`which inotifywait 2> /dev/null`
 inotify_log="$inspath/logs/inotify_log"
 inotify_user_instances=128
 inotify_trim=150000
-hex_fifo_path="$inspath/internals/hexfifo"
-hex_fifo_script="$inspath/internals/hexfifo.pl"
-hex_string_script="$inspath/internals/hexstring.pl"
+hex_fifo_path="$varlibpath/internals/hexfifo"
+hex_fifo_script="$libpath/hexfifo.pl"
+hex_string_script="$libpath/hexstring.pl"
 scan_user_access_minuid=40
 find_opts="-regextype posix-egrep"
-email_template="$inspath/internals/scan.etpl"
+email_template="$libpath/scan.etpl"
 email_subj="maldet alert from $(hostname)"
 
-cron_custom_exec="$inspath/cron/custom.cron"
-cron_custom_conf="$inspath/cron/conf.maldet.cron"
+cron_custom_exec="$confpath/cron/custom.cron"
+cron_custom_conf="$confpath/cron/conf.maldet.cron"
 
 ## backwards compatibility for pre-1.5 deprecated config options
 if [ ! "$quarantine_hits" ] && [ "$quar_hits" ]; then

files/maldet

@@ -10,7 +10,6 @@
 PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
 ver=1.5
 
-inspath=/usr/local/maldetect
 intcnf="$inspath/internals/internals.conf"
 
 header() {

files/service/maldet.sh

@@ -16,7 +16,6 @@
 # Short-Description: Start/stop maldet in monitor mode
 ### END INIT INFO
 
-inspath=/usr/local/maldetect
 intcnf="$inspath/internals/internals.conf"
 
 if [ -f "$intcnf" ]; then