Forge Home


Install and configure Linux Malware Detect


49,407 latest version

4.3 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.3.1 (latest)
  • 1.3.0
  • 1.2.0
  • 1.1.0
  • 1.0.0
released Jul 19th 2017
This version is compatible with:
  • Puppet Enterprise 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.0.0 < 5.0.0
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'nexcess-maldet', '1.3.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add nexcess-maldet
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install nexcess-maldet --version 1.3.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



nexcess/maldet — version 1.3.1 Jul 19th 2017


Table of Contents

  1. Description
  2. Usage
  3. Reference
  4. Copyright


This module installs and configures Linux Malware Detect (Maldet)

This module has been tested with Maldet verions:

  • 1.4.x
  • 1.5

By default Maldet is installed from source using the Maldet {} type/provider. If you prefer to use a package, simply use the "package_name" parameter to specify the name of your package, and it will use that instead (assuming any necessary repositories have been enabled).

Maldet will setup a cronjob that runs a daily scan on certain paths on the servers home directory depending on what directories it sees as present on a server.

It will also setup an inotify service to watch and scan changed files under certain directories (set to /tmp, /var/tmp, /dev/shm, and /var/fcgi_ipc by default).

Both the cron job and service are managed by the daily_scan and service_ensure parameters, respectively.


include ::maldet



Public Classes

  • maldet: Main class that includes all other classes.

Private Classes

  • maldet::install: Installs Maldet
  • maldet::config: Manages configuration file and daily malware scan for Maldet
  • maldet::service: Manage Maldet inotify service


Name, Type, (Default)

version String ('1.5')

Version of Maldet to install.

package_name String ('')

Optional package name to use. Will install from source if left empty.

ensure String ('present')

Whether to install or remove maldet. Valid values are "present" or "absent".

service_ensure String ('running')

Whether the maldet inotify monitor service should be running.

daily_scan Boolean (true)

Whether to enable maldet's daily scan cron job.

mirror_url String ('')

Base URL to download maldet source tarball from. Defaults to ''

config Hash ({ 'autoupdate_version' => false })

Hash of config options to use. Booleans are converted to 0 or 1. Options with multiple values such as email_addr and scan_tmpdir_paths should be specified as an Array. Uses defaults provided from Maldet source, except daily version updates are disabled by default.

See for available configuration options.

monitor_paths Array[String] ({})

List of paths that the maldet service should monitor files under. Note that directories containing.

ignore_file_ext Array[String] ({})

List of file extensions to ignore.

ignore_inotify Array[String] ({})

List of paths to exclude from inotify monitor mode.

ignore_paths Array[String] ({})

List of paths to exclude from scans.

ignore_sigs Array[String] ({})

List of signatures to exclude.

cron_config Hash ({})

Separate hash of config options to override main config options during maldet's daily cron job.

cleanup_old_install Boolean (true)

Whether old backups of /usr/local/maldetect created by Maldet's should be removed.

manage_epel Boolean (true)

Setup epel repository on Redhat based systems (required for some dependencies)


Supported Operating Systems are:

  • RHEL 6/7
  • CentOS 6/7
  • Ubuntu 16.04


   Copyright 2016

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   See the License for the specific language governing permissions and
   limitations under the License.