07. Real-time Scanning Does Not Work In Linux Malware Detect Manager (Plesk)

Are you facing issues while trying to enable real-time monitoring from the plugin interface?

When you try to save the changes you get a message "Configurations has been updated!" but it still shows: Monitoring is currently Disabled.

This article will help you with resolving such instances:

Follow theses steps:

  1. * Login to your server as root, via ssh and issue the following command

    # tail -1000 /var/log/messages | grep inotify 

    Look for any error that resembles  "Failed to watch the directory, upper limit on inotify watches reached!"

    This will make sure that inotify is the actual issue.  

    Once you have confirmed that maximum inotify watchers limit is the reason behind the issue, proceed to the next step.
  2. * Increase inotify watchers in /proc/sys/fs/inotify/max_user_watches:

     

    # echo "100000" > /proc/sys/fs/inotify/max_user_watches

     

    Try to enable real-time monitoring again. If this does not work; increase the number accordingly. ( This maximum number greatly depends on the number of files to be monitored. )

    If after increasing the maximum inotify watchers,  real-time scanning is working, change the same in :  /etc/sysctl.conf 

     

    fs.inotify.max_user_watches=100000

     

    Then, issue the following command so that the changes take effect.

    # sysctl -p

     

    If this still does not work even after increasing the max_user_watches to a large number ( greater than 100000 )  then max_user_watches might be reset by maldet itself. In that case, go to the next step.

     

  3. * Edit /usr/local/maldetect/maldet and change home in line number 1227 to /var/www/vhosts.

    ie,  after editing, line number 1227 should look like this:

                    users_tot=`cat /etc/passwd | grep -ic /var/www/vhosts`

  4. * For the most case, real-time scanning should be working at this point.  Continue with the following steps if it still does not work.

    Install "inotify-tools" (Centos) from the epel repository. ( You need to have epel repository enabled )

    # yum --enablerepo=epel -y install inotify-tools

    Now, "cd" to the maldet directory ( /usr/local/maldetect/inotify/ ) and backup the old "inotifywait"

    # mv inotifywait inotifywait.bak

    Now that we have safely backed up the "inotifywait" we can create a soft link in the maldet directory to "inotifywait".

    # ln -s /usr/bin/inotifywait /usr/local/maldetect/inotify/inotifywait

    That's it. This should do the trick. If you are still facing issues with the plugin, feel free to open a ticket with us from the following link:

    https://admin-ahead.com/portal/submitticket.php?step=2&deptid=2

  • 212 Users Found This Useful
Was this answer helpful?

Related Articles

05. How to use Linux Malware Detect Manager (Plesk) Extension

Please click here for a complete demo of the Linux Malware Detect Manager (Plesk) extension....

02. Versions and Features

Features: Install Linux Malware Detect Manager (Plesk). Scan specified directories. Scan...

08. Linux Malware Detect Manager (Plesk) Real Time Monitoring disabled + inotify

Real-time monitoring stay disabled even though you enable it from the Linux Malware Detect...

12. What is "Restoration not supported" under report tab?

There are instances where a file has been detected as an infection and has been quarantined by...

10. How to update the Linux Malware Detect Manager (Plesk) Extension?

Updating the Linux Malware Detect Manager (Plesk) Extension-->Login into the  Plesk control...