[OzzModz] Ignore Files From Health Check

[OzzModz] Ignore Files From Health Check [Paid] 2.0.3

No permission to buy ($10.00)
Overview Updates (3) History Discussion
Ozzy47

Ozzy47

Well-known member
Ozzy47 submitted a new resource:

[OzzModz] Ignore Files From Health Check - Ignore self edited files from health check

At times we might need to edit core or addon files. The issue is that we are plagued with the dreaded file health check results showing up on the ACP index.

Well this addon solves that. Now if you have edited a file, you can add it to the ignore list and it will no longer show up in the count. This makes identifying any unwanted edited files more easily identifiable.

ACP Index Example:
View attachment 233087

Here is what the Non-ignored...
Click to expand...

Read more about this resource...
 
Hi,
will ignored files also not trigger and not be listed in the email that XF can send in case it finds modified files ?

Thanks
-Markus
 
I've got to admit that this is one of my biggest annoyances.

How does this ensure that the new files have been edited by you?

Can you assign a new "hash" and/or a specific edit time and date it was last saved for them so that if it is different than from what you edited it to (i.e., compromised and edited in some other means) it doesn't ignore the files as you whitelisted them?
 
No, you simply just ignore files via the eye icon in the ACP. No additional check is made to see if the file has been edited again. It would be just about useless as anyone editing files can remove the hash from the file, in affect not checking it ever again.
 
Ozzy47 said:
No, you simply just ignore files via the eye icon in the ACP. No additional check is made to see if the file has been edited again. It would be just about useless as anyone editing files can remove the hash from the file, in affect not checking it ever again.
Click to expand...
Would it be possible to lock in an edit date and if the file was modified after that date (also recorded on your side for manual verification in case someone changed that somehow too) it would flag it again?
 
I’m not sure if it’s technically possible, but I might look into it at some point in the future depending on how popular the addon becomes.
 
Ozzy47 said:
I’m not sure if it’s technically possible, but I might look into it at some point in the future depending on how popular the addon becomes.
Click to expand...
That would be most beneficial because if someone did access your site, they could edit a file that was already whitelisted, so one would know no difference whether there's a security breach or not unless they did a manual check of times edited to ensure that they weren't edited again.

It would be even better if you could create a CSV of the file with lines like:
name.php,946684799
(file name/timestamp of sorts)

...so if you had 100 files edited, you could upload and compare the check with the CSV you manually hold as the key.

Just added security. Not foolproof... but it would be a lot more secure.
 
Well, you could keep hashes offline (on a USB-Stick, etc.) and compare that to the hashes computed from the live files, but then agin somebody could have modified the code (or maybe even using a rootkit?) calculatin the hashes to hide modifications ...

There is no way to ever be 100% sure.
 
Ozzy47 said:
Honestly it’s no more foolproof than if someone edited the hash file to remove a file from being checked. But I get the idea.
Click to expand...
I think it would be even more secure than that if you can get the file's last modified date and compare the two.

You could update the hashes so it disappears altogether, but you can't update the last saved modified date. The only way that this can't be foolproof is editing this add on alone to ignore any CSV and say it's fine, while also updating the hashes of it so it's not flagged too.

If I understand why the errors are there in the first place by XF (to inform you of potential security breaches), hiding them with an eye doesn't make much sense unless you can check them by date instead of whitelisting them to where they are ignored and then become a huge breach (in my humble opinion).

But, I will watch/follow this as the warnings are annoying, but I do check the time modified manually.
 
Kirby said:
Well, you could keep hashes offline (on a USB-Stick, etc.) and compare that to the hashes computed from the live files, but then agin somebody could have modified the code (or maybe even using a rootkit?) calculatin the hashes to hide modifications ...

There is no way to ever be 100% sure.
Click to expand...
Is it possible to rewrite when a file was last modified to appear as if it was never touched? That's beyond my knowledge.
 
frm said:
You could update the hashes so it disappears altogether, but you can't update the last saved modified date.
Click to expand...
Uh? Of course you can - man touch.

www.php.net

PHP: touch - Manual

PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world.
www.php.net www.php.net

Even if there wasn't a nice way in userland - at kernel level (-> Rootkit) you can do everything.
 
  • Wow
Reactions: frm
frm said:
If I understand why the errors are there in the first place by XF (to inform you of potential security breaches), hiding them with an eye doesn't make much sense unless you can check them by date instead of whitelisting them to where they are ignored and then become a huge breach (in my humble opinion).
Click to expand...

Just showing them as edited does nothing either. Someone could always edit after you and you wouldn’t have a clue.
 
  • Like
Reactions: frm
Looks like I suppose there's really no way of verifying except a cross-comparison of a backed-up file vs. what's on the system, which could take a while to run.
 
frm said:
Looks like I suppose there's really no way of verifying except a cross-comparison of a backed-up file vs. what's on the system, which could take a while to run.
Click to expand...
Not even that unless you can proof (how?) that
  • the system performing the comparison is not compromised and giving you faked results
  • the verification data has not been tampered during transport/storage

Really, comparing two sets of files on an untrusted system doesn't gain you anything over calculating hashes and comparing those with known values.
 
Last edited:
You must log in or register to reply here.

Similar threads

Ozzy47
[OzzModz] Ignore Server Errors From Log [Paid]
Replies
6
Views
691
Ozzy47
Ozzy47
Back
Top Bottom