Security alert
-
Judging by @bdharrington7's code, his plugin is checking for new nodebb plugins in npm once a day and saving it locally in that npm.json file:
nodebb-plugin-finder/library.js at master ยท bdharrington7/nodebb-plugin-finder
One plugin to find them. Contribute to bdharrington7/nodebb-plugin-finder development by creating an account on GitHub.
GitHub (github.com)
-
Thanks. That was what I thought was happening and I don't think it is really a good idea.
@bdharrington7, is this a behavior that can be coded to be configurable, that is, for the admin to enable/disable automatic checking of NodeBB plugins.
-
Woah sorry I just saw this, been studying for interviews. I can put that in real quick
-
@BDHarrington7
I'm using OSSEC as my Host Intrusion Detection Systems (HIDS) and it's configured to send out alerts by email when it detects any activity on the server. In this case, it detected that the MD5/SHA1 checksum of certain files had changed, so it sent out an alert:
OSSEC HIDS Notification. 2014 Feb 21 03:44:49 Received From: (server-name) xxx.yyy.zzz.000->syscheck Rule: 552 fired (level 7) -> "Integrity checksum changed again (3rd time)." Portion of the log(s): Integrity checksum changed for: 'forum/node_modules/nodebb-plugin-finder/npm.json' Size changed from '34934' to '36289' Old md5sum was: '87b3c6a957af2d8135fb4ea2455f5b36' New md5sum is : '34206f1cbf9602d33e81e72b3b074e61' Old sha1sum was: '08764bf37603c005923f2afd7b215f44e304884b' New sha1sum is : '3995ed7931cdf60ef4c8c65b88afe43013ab5190'It worried me because I was not expecting the file to change, but that was before @psychobunny posted a reply to my question.
I'm paranoid about these things, but don't blame me. That's just my nature and a consequence of having a security background.
-
Cool stuff! I'll have to look at that for my server
