The maldet real-time monitoring daemon will not start. How can I fix this?

1. Double check that the default_monitor_mode is set:

Edit /usr/local/maldetect/conf.maldet and find and set:

default_monitor_mode="users"

2. Some users may also need to increase their inotify file watch limit on their systems before the maldet monitoring daemon will start.

To view your current limit:

cat /proc/sys/fs/inotify/max_user_watches

To raise your limit:

echo fs.inotify.max_user_watches=1048576 > /etc/sysctl.d/sentinel.conf
sysctl -p /etc/sysctl.d/sentinel.conf

Start the service:

systemctl restart maldet

Check the logs for any errors:

tail -f /usr/local/maldetect/logs/event_log  

Example error of when max_user_watches is too low:

Please increase the amount of inotify watches allowed per user via `/proc/sys/fs/inotify/max_user_watches'.
  • real-time monitoring, maldet
  • 3 Users Found This Useful
Was this answer helpful?

Related Articles

How can I fix incorrect date and times displayed in the extension?

Server Time Our extensions require that the date, time, and timezone be set correctly on the...

How can I fix the error: Kohana_Exception [ 0 ]: Directory APPPATH/cache must be writable?

This error means that the permissions on the Plesk extension are not set properly. Running the...

How can I fix the error: The licensing server was invalid or could not be reached ?

Outdated Packages 1. Make sure your openssl, curl, and ca-certificates packages are up to date....

How can I fix the error: The [imunify360] repository is installed but do not have an [exclude] line that excludes conflicting packages?

Warden requires that you use the ClamAV packages from the EPEL repository. In order to prevent...