Open petrowsky opened 9 years ago
ar-jan
commented
9 years ago I've also gotten used to regular sh/websh lfd alerts, and I agree it would be very useful if we could recognize Skynet-initiated changes. I'd currently attribute almost any lfd warnings to BOA Skynet.
omega8cc
commented
9 years ago Thanks for the report and for the suggestions. We have disabled this for now, while working on a more complete solution: https://github.com/omega8cc/boa/commit/e5bb2198495dad44c1aa41f73e03e10f8aef9d70
omega8cc
commented
9 years ago The original issue has been fixed, but the part related to lfd alerts can't be solved by sending more e-mails. Instead, we should find a way to silence clearly confusing noise generated by firewall/lfd.
While I'm used to the normal lfd alerts for /bin/sh and /bin/websh, I was unprepared for a notice about a System integrity alert for /usr/bin/curl the other day.
After finding out that files.aegir.cc was having issues due to routers, Grace mentioned that BOA was checking for curl status and installing from repo based on https://github.com/omega8cc/boa/blob/master/BOA.sh.txt#L336.
My box is still on squeeze and had curl held/installed from sources.
As this had never happened before, like with /sh and /websh, I was obviously concerned, because if someone gets a new curl on your box you know you're most likely hosed.
I'd like to propose either a ping or netcat to files.aegir.cc or any other repo that skynet is hitting and a short email to the admin.
Granted, you could simply change the logic so that BOA did not attempt to reinstall/recompile when file.aegir.cc is down, but it would be nice to simply know what Skynet has done versus what you should be looking out for regarding System Integrity warnings.
A correlated email message at the same time would assuage any fears.
For example: "BOA Skynet Update Performed" is sent at the same time that lfd sends off an Integrity alert. Just a quick little email of what Skynet has done, would seem to prevent a lot of unnecessary concerns about failed hash checks. I'm sure there are enough self-hosted installs that this might help solve some unnecessary concern - hopefully. :)