MX Linux Forum

Hey, guys!

I'm trying to use MALDET (https://www.rfxn.com/projects/linux-malware-detect/) as an antivirus in MX 21.3.

Problem is, it requires "inotify-tools" in order to actively monitor the system, and when I try to run it in active mode, it says that the system kernel doesn't support inotify-tools...

Any help is greatly appreciated.

Thanks!

Please post your QSI

Hi, Charles.

Thanks and sorry for the late reply.

I posted but then deleted the QSI, because I solved the problem.

I installed "inotify-tools" and the "ed" package which is also needed, and after that I ran (as root) "update-initramfs -cu" and restarted the computer. Worked like a charm. That was the trick - updating the filesystem after installing the packages and then restarting the PC...

Sorry for the trouble and I hope this post will help anyone else who had the same problem.

Ok, after formatting again and doing the same procedure, I again got the error that the kernel doesn't support inotify-tools. So here's my QSI:

System: Kernel: 5.10.0-23-amd64 [5.10.179-1] x86_64 bits: 64 compiler: gcc v: 10.2.1
parameters: BOOT_IMAGE=/boot/vmlinuz-5.10.0-23-amd64 root=UUID=<filter> ro quiet splash
Desktop: Xfce 4.18.1 tk: Gtk 3.24.24 info: xfce4-panel wm: xfwm 4.18.0 vt: 7
dm: LightDM 1.26.0 Distro: MX-21.3_x64 Wildflower January 15 2023
base: Debian GNU/Linux 11 (bullseye)
Machine: Type: Desktop System: Gigabyte product: Z170X-Ultra Gaming v: N/A serial: <filter>
Mobo: Gigabyte model: Z170X-Ultra Gaming-CF v: x.x serial: <filter>
UEFI: American Megatrends v: F23j date: 03/09/2018
CPU: Info: Quad Core model: Intel Core i5-7600K bits: 64 type: MCP arch: Kaby Lake family: 6
model-id: 9E (158) stepping: 9 microcode: F0 cache: L2: 6 MiB
flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 30399
Speed: 800 MHz min/max: 800/4800 MHz Core speeds (MHz): 1: 800 2: 800 3: 800 4: 800
Vulnerabilities: Type: itlb_multihit status: KVM: VMX disabled
Type: l1tf mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
Type: mds mitigation: Clear CPU buffers; SMT disabled
Type: meltdown mitigation: PTI
Type: mmio_stale_data mitigation: Clear CPU buffers; SMT disabled
Type: retbleed mitigation: IBRS
Type: spec_store_bypass
mitigation: Speculative Store Bypass disabled via prctl and seccomp
Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization
Type: spectre_v2 mitigation: IBRS, IBPB: conditional, STIBP: disabled, RSB filling,
PBRSB-eIBRS: Not affected
Type: srbds mitigation: Microcode
Type: tsx_async_abort mitigation: Clear CPU buffers; SMT disabled
Graphics: Device-1: NVIDIA GP107 [GeForce GTX 1050 Ti] vendor: Micro-Star MSI driver: nouveau
v: kernel bus-ID: 01:00.0 chip-ID: 10de:1c82 class-ID: 0300
Display: x11 server: X.Org 1.20.11 compositor: xfwm4 v: 4.18.0 driver:
loaded: modesetting unloaded: fbdev,vesa display-ID: :0.0 screens: 1
Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.0x11.2")
s-diag: 582mm (22.9")
Monitor-1: HDMI-1 res: 1920x1080 hz: 60 dpi: 92 size: 531x298mm (20.9x11.7")
diag: 609mm (24")
OpenGL: renderer: NV137 v: 4.3 Mesa 20.3.5 direct render: Yes
Audio: Device-1: Intel 100 Series/C230 Series Family HD Audio vendor: Gigabyte
driver: snd_hda_intel v: kernel bus-ID: 00:1f.3 chip-ID: 8086:a170 class-ID: 0403
Device-2: NVIDIA GP107GL High Definition Audio vendor: Micro-Star MSI
driver: snd_hda_intel v: kernel bus-ID: 01:00.1 chip-ID: 10de:0fb9 class-ID: 0403
Sound Server-1: ALSA v: k5.10.0-23-amd64 running: yes
Sound Server-2: PulseAudio v: 14.2 running: yes
Network: Device-1: Intel Ethernet I219-V vendor: Gigabyte driver: e1000e v: kernel port: f000
bus-ID: 00:1f.6 chip-ID: 8086:15b8 class-ID: 0200
IF: eth0 state: down mac: <filter>
IF-ID-1: wwan0 state: unknown mac: <filter>
Drives: Local Storage: total: 1.78 TiB used: 533.9 GiB (29.2%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/sda maj-min: 8:0 vendor: Toshiba model: TR150 size: 894.25 GiB block-size:
physical: 512 B logical: 512 B speed: 6.0 Gb/s type: SSD serial: <filter> rev: 12.3
scheme: GPT
ID-2: /dev/sdb maj-min: 8:16 vendor: Seagate model: ST1000DM010-2EP102 size: 931.51 GiB
block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s type: HDD rpm: 7200
serial: <filter> rev: CC43
Partition: ID-1: / raw-size: 488.28 GiB size: 479.55 GiB (98.21%) used: 8.21 GiB (1.7%) fs: ext4
dev: /dev/sda2 maj-min: 8:2
ID-2: /boot/efi raw-size: 256 MiB size: 252 MiB (98.46%) used: 25.3 MiB (10.0%)
fs: vfat dev: /dev/sda1 maj-min: 8:1
Swap: Kernel: swappiness: 15 (default 60) cache-pressure: 100 (default)
ID-1: swap-1 type: partition size: 8 GiB used: 0 KiB (0.0%) priority: -2 dev: /dev/sda5
maj-min: 8:5
Sensors: System Temperatures: cpu: 56.0 C mobo: 27.8 C gpu: nouveau temp: 49.0 C
Fan Speeds (RPM): N/A gpu: nouveau fan: 0
Repos: Packages: note: see --pkg apt: 2187 lib: 1192 flatpak: 0
No active apt repos in: /etc/apt/sources.list
Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list
1: deb http://deb.debian.org/debian bullseye-updates main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/debian.list
1: deb http://deb.debian.org/debian bullseye main contrib non-free
2: deb http://security.debian.org/debian-security bullseye-security main contrib non-free
Active apt repos in: /etc/apt/sources.list.d/mx.list
1: deb http://ftp.linux.org.tr/mx/repo/mx/repo/ bullseye main non-free
Info: Processes: 238 Uptime: 2m wakeups: 1 Memory: 31.31 GiB used: 1.4 GiB (4.5%)
Init: SysVinit v: 2.96 runlevel: 5 default: 5 tool: systemctl Compilers: gcc: N/A
alt: 10 Client: shell wrapper v: 5.1.4-release inxi: 3.3.06
Boot Mode: UEFI

Maybe try using Package Installer to upgrade the kernel

I just tried this in a VM, ( not totally clean, but almost totally clean.) and when I ran that install using sudo .. it worked and seems to run just fine ?
EDIT: fsearch is the only other package I have installed on this vm.

Hey again!

I just tried starting it up, and it was already running (no idea how): "maldet(8048): {mon} existing inotify process detected (try -k): 7860" (maldet -k is used to terminate active monitoring)

This is the error it returns when the active monitoring is already running - so I guess it somehow solved itself (no idea how, maybe it was an update to the system when I ran "sudo apt update/upgrade"?)

Anyway, thanks again, guys!

Excellent! possibly so, or a possible cache issue that resolved.

Please mark as solved.