The maldet real-time monitoring daemon will not start. How can I fix this?

1. Double check that the default_monitor_mode is set:

Edit /usr/local/maldetect/conf.maldet and find and set:

default_monitor_mode="users"

2. Some users may also need to increase their inotify file watch limit on their systems before the maldet monitoring daemon will start.

To view your current limit:

cat /proc/sys/fs/inotify/max_user_watches

To raise your limit:

echo fs.inotify.max_user_watches=1048576 > /etc/sysctl.d/sentinel.conf
sysctl -p /etc/sysctl.d/sentinel.conf

Start the service:

systemctl restart maldet

Check the logs for any errors:

tail -f /usr/local/maldetect/logs/event_log  

Example error of when max_user_watches is too low:

Please increase the amount of inotify watches allowed per user via `/proc/sys/fs/inotify/max_user_watches'.
  • real-time monitoring, maldet
  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

How can I fix the daily cron error: /etc/cron.daily/maldet: line 69: [: ==: unary operator expected?

There is a bug in the Linux Malware Detect v1.6.4 daily cron script. You can fix the error by...

How hard is it to uninstall if I do not require Sentinel Anti-malware any more?

Uninstalling Sentinel Anti-malware is as easy as going to Extensions -> My Extensions ->...

How can I view the contents of a file in the quarantine?

To View the File Contents Navigate to Sentinel Anti-malware -> Quarantine Click on a File...

How can I test that the Anti-malware detection is working?

Testing Sentinel Anti-malware Detection Download the eicar test malware into the httpdocs...

How can I enable automatic quarantine using Sentinal Anti-malware?

Sentinel Anti-malware can automatically quarantine viruses and malware the moment they are...