I am posting this in the bugs section because it is bugging me. Yesterday, I grew into the cluster version of nodeworx and while I am mostly pleased, it appears that the process creates several hidden files in the /etc/ and /dev/ directory which drives rkhunter bonkers.
These files appear to be duplicates for the most part of the non hidden versions. Are these files created by the cluster/load balancer creation, can they be safely deleted or am I going to be constantly bugged by this every time rkhunter checks for intrusion?
Whenever InterWorx writes to a system file, it does a couple things:
1.) If the .FILE.orig file doesn’t exist, it creates it. This file is the original file before InterWorx has ever touched it for the first time.
2.) It also creates a backup of the file as .FILE. This file is so that you always have a backup of the file before InterWorx makes any changes.
Especially in a clustered setup, we don’t recommend you delete them. Those .orig files in /etc are what get put back in place when you uncluster a box.
The problem I am running into here is the use of hidden files in /etc dir. I have never seen that used before and most security scanners will flag them as dangerous, ie something got hacked. Is the use of hidden files by interworx part of the setup?
I understand about backing up the files that are edited by the system but saving them as hidden makes life a little more annoying as hidden files in the /etc dir and other areas that they do not belong raises a red flag to hack attempts, rootkits, security issue and such.
Let me amend my previous post. This is not a bug because it annoys me It does worry me as it could potentially hide suspicious activity on my interworx servers because I can no longer depend on my security scanners searching for hidden files in system directories and adds extra work.
I would suggest modifying interworx not to save hidden files in system directories. Just save them without the dot.
It does worry me as it could potentially hide suspicious activity on my interworx servers because I can no longer depend on my security scanners searching for hidden files in system directories and adds extra work.