Announcement

Collapse
No announcement yet.

Hidden Files

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hidden Files

    I am posting this in the bugs section because it is bugging me. Yesterday, I grew into the cluster version of nodeworx and while I am mostly pleased, it appears that the process creates several hidden files in the /etc/ and /dev/ directory which drives rkhunter bonkers.

    /etc/.pwd.lock
    /etc/.hosts.allow.orig
    /etc/.hosts.deny.orig
    /etc/.hosts
    /etc/.hosts.deny
    /etc/.hosts.orig
    /etc/.exports.orig
    /etc/.fstab
    /etc/.hosts.allow
    /etc/.exports
    /etc/.fstab.orig
    /dev/.udev.tdb

    These files appear to be duplicates for the most part of the non hidden versions. Are these files created by the cluster/load balancer creation, can they be safely deleted or am I going to be constantly bugged by this every time rkhunter checks for intrusion?
    PCI, HIPAA, Managed Hosting Specialists. ZZ Servers

  • #2
    Whenever InterWorx writes to a system file, it does a couple things:

    1.) If the .FILE.orig file doesn't exist, it creates it. This file is the original file before InterWorx has ever touched it for the first time.

    2.) It also creates a backup of the file as .FILE. This file is so that you always have a backup of the file before InterWorx makes any changes.

    Especially in a clustered setup, we don't recommend you delete them. Those .orig files in /etc are what get put back in place when you uncluster a box.

    Socheat
    Socheat Sou
    InterWorx-CP | http://interworx.com
    InterWorx Control Panel

    Comment


    • #3
      The problem I am running into here is the use of hidden files in /etc dir. I have never seen that used before and most security scanners will flag them as dangerous, ie something got hacked. Is the use of hidden files by interworx part of the setup?

      I understand about backing up the files that are edited by the system but saving them as hidden makes life a little more annoying as hidden files in the /etc dir and other areas that they do not belong raises a red flag to hack attempts, rootkits, security issue and such.

      Let me amend my previous post. This is not a bug because it annoys me :) It does worry me as it could potentially hide suspicious activity on my interworx servers because I can no longer depend on my security scanners searching for hidden files in system directories and adds extra work.

      I would suggest modifying interworx not to save hidden files in system directories. Just save them without the dot.
      PCI, HIPAA, Managed Hosting Specialists. ZZ Servers

      Comment


      • #4
        We can definitely understand where you're coming from, and we'll take it into consideration for a future release.
        Socheat Sou
        InterWorx-CP | http://interworx.com
        InterWorx Control Panel

        Comment


        • #5
          Thank you.
          PCI, HIPAA, Managed Hosting Specialists. ZZ Servers

          Comment

          Working...
          X