Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 4.0.0 < 8.0.0
- , ,
Start using this module
Add this module to your Puppetfile:
mod 'nexcess-maldet', '4.1.0'
Learn more about managing modules with a PuppetfileDocumentation
Maldet
Table of Contents
Description
This module installs and configures Linux Malware Detect (Maldet)
This module has been tested with Maldet verions:
- 1.5
- 1.6
By default Maldet is installed from source using the Maldet {} type/provider. If you prefer to use a package, simply use the "package_name" parameter to specify the name of your package, and it will use that instead (assuming any necessary repositories have been enabled).
Maldet will setup a cronjob that runs a daily scan on certain paths on the servers home directory depending on what directories it sees as present on a server.
It will also setup an inotify service to watch and scan changed files under certain directories (set to /tmp, /var/tmp, /dev/shm, and /var/fcgi_ipc by default).
Both the cron job and service are managed by the daily_scan and service_ensure parameters, respectively.
Usage
include ::maldet
Reference
Classes
Public Classes
- maldet: Main class that includes all other classes.
Private Classes
- maldet::install: Installs Maldet
- maldet::config: Manages configuration file and daily malware scan for Maldet
- maldet::service: Manage Maldet inotify service
Parameters
Name
, Type, (Default)
version
String ('1.6')
Version of Maldet to install.
package_name
String ('')
Optional package name to use. Will install from source if left empty.
ensure
String ('present')
Whether to install or remove maldet. Valid values are "present" or "absent".
service_ensure
String ('running')
Whether the maldet inotify monitor service should be running.
daily_scan
Boolean (true)
Whether to enable maldet's daily scan cron job.
mirror_url
String ('https://cdn.rfxn.com/downloads')
Base URL to download maldet source tarball from. Defaults to 'https://cdn.rfxn.com/downloads'
config
Hash ({ 'autoupdate_version' => false })
Hash of config options to use. Booleans are converted to 0 or 1. Options with multiple values such as email_addr and scan_tmpdir_paths should be specified as an Array. Uses defaults provided from Maldet source, except daily version updates are disabled by default.
See https://www.rfxn.com/appdocs/README.maldetect for available configuration options.
monitor_mode
String ('disabled')
String matching one of the following:
- The word 'disabled'. This will disable the sysconfig configuration for monitor mode.
- The word 'users'. This will enable monitor mode in sysconfig for all local linux users.
- An absolute path to a line-spaced file, containing a list of paths to monitor.
monitor_paths
Array[String] ({})
List of paths that the maldet service should monitor files under. Note that directories containing.
ignore_file_ext
Array[String] ({})
List of file extensions to ignore.
ignore_inotify
Array[String] ({})
List of paths to exclude from inotify monitor mode.
ignore_paths
Array[String] ({})
List of paths to exclude from scans.
ignore_sigs
Array[String] ({})
List of signatures to exclude.
cron_config
Hash ({})
Separate hash of config options to override main config options during maldet's daily cron job.
cleanup_old_install
Boolean (true)
Whether old backups of /usr/local/maldetect created by Maldet's install.sh should be removed.
manage_epel
Boolean (true)
Setup epel repository on Redhat based systems (required for some dependencies)
Limitations
Supported Operating Systems are:
- RHEL 6/7
- CentOS 6/7
Copyright
Copyright 2021 Nexcess.net
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Dependencies
- puppetlabs-stdlib (>= 4.0.0 < 8.0.0)
- puppet-epel (>= 1.0.0 < 4.0.0)
- puppetlabs-yumrepo_core (>= 1.0.0 < 3.0.0)