When you try to save the changes you get a message "Configurations has been updated!" but it still shows: Monitoring is currently Disabled.
This article will help you with resolving such instances:
Follow theses steps:
- * Login to your server as root, via ssh and issue the following command
# tail -1000 /var/log/messages | grep inotify
Look for any error that resembles "Failed to watch the directory, upper limit on inotify watches reached!"
This will make sure that inotify is the actual issue.
Once you have confirmed that maximum inotify watchers limit is the reason behind the issue, proceed to the next step. -
* Increase inotify watchers in /proc/sys/fs/inotify/max_user_watches:
# echo "100000" > /proc/sys/fs/inotify/max_user_watches
Try to enable real-time monitoring again. If this does not work; increase the number accordingly. ( This maximum number greatly depends on the number of files to be monitored. )
If after increasing the maximum inotify watchers, real-time scanning is working, change the same in : /etc/sysctl.conf
fs.inotify.max_user_watches=100000
Then, issue the following command so that the changes take effect.
# sysctl -p
If this still does not work even after increasing the max_user_watches to a large number ( greater than 100000 ) then max_user_watches might be reset by maldet itself. In that case, go to the next step.
- * Edit /usr/local/maldetect/maldet and change home in line number 1227 to /var/www/vhosts.
ie, after editing, line number 1227 should look like this:
users_tot=`cat /etc/passwd | grep -ic /var/www/vhosts` - * For the most case, real-time scanning should be working at this point. Continue with the following steps if it still does not work.
Install "inotify-tools" (Centos) from the epel repository. ( You need to have epel repository enabled )
# yum --enablerepo=epel -y install inotify-tools
Now, "cd" to the maldet directory ( /usr/local/maldetect/inotify/ ) and backup the old "inotifywait"
# mv inotifywait inotifywait.bak
Now that we have safely backed up the "inotifywait" we can create a soft link in the maldet directory to "inotifywait".
# ln -s /usr/bin/inotifywait /usr/local/maldetect/inotify/inotifywait
That's it. This should do the trick. If you are still facing issues with the plugin, feel free to open a ticket with us from the following link:
https://admin-ahead.com/portal/submitticket.php?step=2&deptid=2