This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
CSF Firewall / Re: Suspicious File Alert
« on: April 23, 2024, 06:28:10 PM »
In the end I just backed up the contents of the .root_0f8430_salt folder and then deleted it off the server.
I have yet to have anything complain about that action.
I have yet to have anything complain about that action.
2
CSF Firewall / Re: Suspicious File Alert
« on: April 19, 2024, 11:39:26 AM »
Looks like everything related to these tmp files was written on April 5th. 4 days before I got the server.
This is the logs
This is the logs
Code: [Select]
2024-04-05 02:45:24,425 [salt.loaded.int.module.pkg_resource:133 ][WARNING ][2158] 'version' argument will be ignored for multipl$
2024-04-05 02:45:27,521 [salt.loaded.int.module.pkg_resource:133 ][WARNING ][2158] 'version' argument will be ignored for multipl$
Code: [Select]
root 133 0.0 0.0 0 0 ? I< Apr10 0:00 [crypto]
3
CSF Firewall / Re: Suspicious File Alert
« on: April 19, 2024, 11:17:44 AM »
2 process that might have created the file. Both appear to be related to my host. I even opened a ticket with them to ask about this file alert and they said it was not theirs.
Code: [Select]
root 1357 0.0 0.0 346844 30000 ? Ss Apr10 0:00 /opt/saltstack/salt/bin/python3.10 /usr/bin/salt-minion -c /opt/imh-salt/ --pid-file=/var/run/inmotion-minion.pid
root 1826 0.0 0.0 969960 71564 ? Sl Apr10 6:50 /opt/saltstack/salt/bin/python3.10 /usr/bin/salt-minion -c /opt/imh-salt/ --pid-file=/var/run/inmotion-minion.pid MultiMinionProcessMa
5
CSF Firewall / Suspicious File Alert
« on: April 18, 2024, 03:32:40 PM »
I setup a new server last week and since I got the DNS to resolve correct (allowing it to send emails) I keep getting these 2 messages.
Note that I do not have this issue with my other install of CWP.
Time: Thu Apr 18 08:05:23 2024 -0700
File: /var/tmp/.root_0f8430_salt/pyall/certifi/core.py
Reason: Script, file extension
Owner: root:root (0:0)
Action: No action taken
Time: Thu Apr 18 08:05:23 2024 -0700
File: /var/tmp/.root_0f8430_salt/pyall/salt/grains/core.py
Reason: Script, file extension
Owner: root:root (0:0)
Action: No action taken
I scanned that directory with CalmAV and it found nothing.
Here is the file structure of the .root_0f8430_salt directory.
[root@ .root_0f8430_salt]# ls -l
total 52
-rw-r--r-- 1 root root 65 Apr 5 02:45 code-checksum
-rw-r--r-- 1 salt salt 40 Apr 1 20:23 ext_version
-rw-r--r-- 1 root root 13 Apr 5 02:45 grains
-rw-r--r-- 1 root root 158 Apr 5 02:45 minion
drwx------ 9 root root 4096 Apr 5 02:45 py3
drwx------ 6 root root 4096 Apr 5 02:45 pyall
drwx------ 3 root root 4096 Apr 5 02:45 running_data
-rw-r--r-- 1 root root 757 Apr 5 02:45 salt-call
-rw------- 1 root root 8629 Apr 5 02:45 salt_state.tgz
-rw-r--r-- 1 root root 8 Apr 5 02:45 supported-versions
-rw-r--r-- 1 root root 6 Apr 5 02:45 version
[root@ .root_0f8430_salt]#
Note that I do not have this issue with my other install of CWP.
Time: Thu Apr 18 08:05:23 2024 -0700
File: /var/tmp/.root_0f8430_salt/pyall/certifi/core.py
Reason: Script, file extension
Owner: root:root (0:0)
Action: No action taken
Time: Thu Apr 18 08:05:23 2024 -0700
File: /var/tmp/.root_0f8430_salt/pyall/salt/grains/core.py
Reason: Script, file extension
Owner: root:root (0:0)
Action: No action taken
I scanned that directory with CalmAV and it found nothing.
Here is the file structure of the .root_0f8430_salt directory.
[root@ .root_0f8430_salt]# ls -l
total 52
-rw-r--r-- 1 root root 65 Apr 5 02:45 code-checksum
-rw-r--r-- 1 salt salt 40 Apr 1 20:23 ext_version
-rw-r--r-- 1 root root 13 Apr 5 02:45 grains
-rw-r--r-- 1 root root 158 Apr 5 02:45 minion
drwx------ 9 root root 4096 Apr 5 02:45 py3
drwx------ 6 root root 4096 Apr 5 02:45 pyall
drwx------ 3 root root 4096 Apr 5 02:45 running_data
-rw-r--r-- 1 root root 757 Apr 5 02:45 salt-call
-rw------- 1 root root 8629 Apr 5 02:45 salt_state.tgz
-rw-r--r-- 1 root root 8 Apr 5 02:45 supported-versions
-rw-r--r-- 1 root root 6 Apr 5 02:45 version
[root@ .root_0f8430_salt]#
Pages: [1]