Menu

Topic-icon Several problems

More
2 years 2 months ago #4648 by Jose
Replied by Jose on topic Several problems
The reason to have two fields with Download id is that the Update database plugin can be installed on free version of SCP, so it must have a field to include the Download id. But in future versions I will check if Download Id of SCP is filled and I will take that info, so you will not have to add it twice.

Regards,
Jose
The following user(s) said Thank You: chrishall57

Please Log in or Create an account to join the conversation.

  • flaemingwerbung
  • flaemingwerbung's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
2 years 2 months ago #4651 by flaemingwerbung
Replied by flaemingwerbung on topic Several problems
Just updated to Joomla 3.7.2 on the website where we just installed a new Joomla and Securitycheck Pro and ran the file-manager scan again. It comes up with three violations. All three are scans by SCP. One of them doesn't show a size. I'm not sure what the Permissions shown in red mean. It's 660. Is this the desired or the current permission? Ah, checked, it's the current permission. Looks fine to me. The permissions of the scans directory are 755. I had that repaired and the permission changed from 660 to 644. Which means it's now publically readable (denied by htaccess, though). This would normally be ok, if you want to serve this file with Apache. But normally this file is only shown from the Backend, probably with a php function opened and read and needs access with the user of the including file and not Apache I think. And 660 works. So, I think you should exclude the scans directory from warnings or at least do not use them for the system information security level. Repairing the three files succeeds with two, fails with one (because it got removed during the process - keep a maximum of three?) and a new one got added, that, of course, has wrong permissions. So, I always have at least *1* file with wrong permissions.

Please Log in or Create an account to join the conversation.

  • flaemingwerbung
  • flaemingwerbung's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
2 years 2 months ago #4652 by flaemingwerbung
Replied by flaemingwerbung on topic Several problems
Then I made the integrity check. Almost all files changed hash. I marked them now all as safe at once. That's the way to do it?

Please Log in or Create an account to join the conversation.

More
2 years 2 months ago #4653 by Jose
Replied by Jose on topic Several problems

So, I think you should exclude the scans directory from warnings or at least do not use them for the system information security level. Repairing the three files succeeds with two, fails with one (because it got removed during the process - keep a maximum of three?) and a new one got added, that, of course, has wrong permissions. So, I always have at least *1* file with wrong permissions.

Every task (integrity and permissions) generate a file, but the previous file is deleted before launching the task, so you should see only two files... Anyway you can include the entire folder as exception; to do that select the path and copy it into "Global Configuration -> File manager tab -> File/Folder exceptions; comma separated values" and set "Recursive folder exceptions" to Yes.

Then I made the integrity check. Almost all files changed hash. I marked them now all as safe at once. That's the way to do it?

Yes. Now try changing only a letter, for example, of any index.php file and launch a new file integrity scan. It should return only that file.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • flaemingwerbung
  • flaemingwerbung's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
2 years 2 months ago - 2 years 2 months ago #4656 by flaemingwerbung
Replied by flaemingwerbung on topic Several problems
Thanks for the exclusion information. I thought I had seen this somewhere, but I looked in the wrong place, in file-manager. Might be a good idea to add a button "configuration" on the file-manager to that setting, same for integrity and other config options that are directly related to a "tool".
What's the correct syntax? "*/com_securitycheckpro/scans/" Does this work?

I'm now working on another site where I did a akeeba backup after update and before doing the file permission check. As I said earlier, it's the files in the akeeba backup directory that are flagged. For instance, a new database backup sql file got changed from 660 to 644 which makes it word-readable (if there wasn't the .htaccess file). I think this shouldn't happen. Securitycheck should not give *more* permissions to files, only less. Or give more permsisions only in a second mode, that is less about security but rather about making all of Joomla run (which may include giving more permissiosn to some files).
I've also noted the third "category" where file manager finds wrong permissions. It's the cache which I just enabled. I don't remember the file permissions before I repaired. But after repairing they are 755 for directories and 660 for files That looks fine to me. So, there it doesn't change to world-readable. Btw, I noticed now that the filter shows only folders by default and I have to change the filter settings to also see the folders. I would like to see a third option "files and folders" and also be able to have this as the default. I was surprised after repairing that the repair log showed some folders (from cache) as well. I hadn't noticed that the filter shows only files by default.
I've now added this to the exlusions, would this work? */com_securitycheckpro/scans/,*/backup
Quick addition: no, it's not workign for exclusion. Do I have to add full paths? Or remove the asterisk? (simple globbing)
Last edit: 2 years 2 months ago by flaemingwerbung.

Please Log in or Create an account to join the conversation.

More
2 years 2 months ago #4657 by Jose
Replied by Jose on topic Several problems

What's the correct syntax? "*/com_securitycheckpro/scans/" Does this work?

No, you must add the entire path (you see it in Path row). It will be something like /home/mysite/public_html/securitycheck

I'm now working on another site where I did a akeeba backup after update and before doing the file permission check. As I said earlier, it's the files in the akeeba backup directory that are flagged. For instance, a new database backup sql file got changed from 660 to 644 which makes it word-readable (if there wasn't the .htaccess file). I think this shouldn't happen. Securitycheck should not give *more* permissions to files, only less. Or give more permsisions only in a second mode, that is less about security but rather about making all of Joomla run (which may include giving more permissiosn to some files).

Yes, maybe you're right, but I designed the feature to set standard permissions. Many people doesn't know what permissions mean, so I don't want to give them the ability to set an incorrect value. If for some reason you need to keep other permissions just add the files/folder as exceptions.

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.063 seconds
Powered by Kunena Forum

Login or Sign In