[OzzModz] Ignore Files From Health Check

[OzzModz] Ignore Files From Health Check [Paid] 2.0.2

No permission to buy ($10.00)

Ozzy47

Well-known member
Ozzy47 submitted a new resource:

[OzzModz] Ignore Files From Health Check - Ignore self edited files from health check

At times we might need to edit core or addon files. The issue is that we are plagued with the dreaded file health check results showing up on the ACP index.

Well this addon solves that. Now if you have edited a file, you can add it to the ignore list and it will no longer show up in the count. This makes identifying any unwanted edited files more easily identifiable.

ACP Index Example:

View attachment 233087

Here is what the Non-ignored...

Read more about this resource...
 

markus68

Active member
Hi,
will ignored files also not trigger and not be listed in the email that XF can send in case it finds modified files ?

Thanks
-Markus
 

frm

Well-known member
I've got to admit that this is one of my biggest annoyances.

How does this ensure that the new files have been edited by you?

Can you assign a new "hash" and/or a specific edit time and date it was last saved for them so that if it is different than from what you edited it to (i.e., compromised and edited in some other means) it doesn't ignore the files as you whitelisted them?
 

Ozzy47

Well-known member
No, you simply just ignore files via the eye icon in the ACP. No additional check is made to see if the file has been edited again. It would be just about useless as anyone editing files can remove the hash from the file, in affect not checking it ever again.
 

frm

Well-known member
No, you simply just ignore files via the eye icon in the ACP. No additional check is made to see if the file has been edited again. It would be just about useless as anyone editing files can remove the hash from the file, in affect not checking it ever again.
Would it be possible to lock in an edit date and if the file was modified after that date (also recorded on your side for manual verification in case someone changed that somehow too) it would flag it again?
 

Ozzy47

Well-known member
I’m not sure if it’s technically possible, but I might look into it at some point in the future depending on how popular the addon becomes.
 

frm

Well-known member
I’m not sure if it’s technically possible, but I might look into it at some point in the future depending on how popular the addon becomes.
That would be most beneficial because if someone did access your site, they could edit a file that was already whitelisted, so one would know no difference whether there's a security breach or not unless they did a manual check of times edited to ensure that they weren't edited again.

It would be even better if you could create a CSV of the file with lines like:
name.php,946684799
(file name/timestamp of sorts)

...so if you had 100 files edited, you could upload and compare the check with the CSV you manually hold as the key.

Just added security. Not foolproof... but it would be a lot more secure.
 

Kirby

Well-known member
Well, you could keep hashes offline (on a USB-Stick, etc.) and compare that to the hashes computed from the live files, but then agin somebody could have modified the code (or maybe even using a rootkit?) calculatin the hashes to hide modifications ...

There is no way to ever be 100% sure.
 

frm

Well-known member
Honestly it’s no more foolproof than if someone edited the hash file to remove a file from being checked. But I get the idea.
I think it would be even more secure than that if you can get the file's last modified date and compare the two.

You could update the hashes so it disappears altogether, but you can't update the last saved modified date. The only way that this can't be foolproof is editing this add on alone to ignore any CSV and say it's fine, while also updating the hashes of it so it's not flagged too.

If I understand why the errors are there in the first place by XF (to inform you of potential security breaches), hiding them with an eye doesn't make much sense unless you can check them by date instead of whitelisting them to where they are ignored and then become a huge breach (in my humble opinion).

But, I will watch/follow this as the warnings are annoying, but I do check the time modified manually.
 

frm

Well-known member
Well, you could keep hashes offline (on a USB-Stick, etc.) and compare that to the hashes computed from the live files, but then agin somebody could have modified the code (or maybe even using a rootkit?) calculatin the hashes to hide modifications ...

There is no way to ever be 100% sure.
Is it possible to rewrite when a file was last modified to appear as if it was never touched? That's beyond my knowledge.
 

Ozzy47

Well-known member
If I understand why the errors are there in the first place by XF (to inform you of potential security breaches), hiding them with an eye doesn't make much sense unless you can check them by date instead of whitelisting them to where they are ignored and then become a huge breach (in my humble opinion).

Just showing them as edited does nothing either. Someone could always edit after you and you wouldn’t have a clue.
 
  • Like
Reactions: frm

frm

Well-known member
Looks like I suppose there's really no way of verifying except a cross-comparison of a backed-up file vs. what's on the system, which could take a while to run.
 

Kirby

Well-known member
Looks like I suppose there's really no way of verifying except a cross-comparison of a backed-up file vs. what's on the system, which could take a while to run.
Not even that unless you can proof (how?) that
  • the system performing the comparison is not compromised and giving you faked results
  • the verification data has not been tampered during transport/storage

Really, comparing two sets of files on an untrusted system doesn't gain you anything over calculating hashes and comparing those with known values.
 
Last edited:
Top