Whenever cfagent opens a directory and scans through files and
directories (recursively) (files, tidy, copy), it is also on the
lookout for for suspicious filenames, i.e. files like ".. ."
containing only space and/or dots. Such files are seldom created by
sensible sources, but are often used by crackers to try to hide
dangerous programs. Cfagent warns about such files. Although not
necessarily a security issue, cfagent will also warn about filenames
which contain non-printable characters if desired, and directories
which are made to look like plain files by giving them filename
extensions.
control:
#
# Security checks
#
NonAlphaNumFiles = ( on )
FileExtensions = ( o a c gif jpg html ) # etc
SuspiciousNames = ( .mo lrk3 lkr3 )
The file extension list may be used to detect concealed directories during
these searches, if users create directories which look like common
files this will be warned about. Additional suspicious filenames
can be checked for automatically as a matter if course. This is commented
further below.
The mail spool directory is a common place for users to try to hide
dowloaded files. These options inform about files which do not have
the name of a user or are not owned by a valid user:
control:
WarnNonOwnerMail = ( true )
WarnNonUserMail = ( true ) # Warn about mail which is not owned by a user
Corresponding commands exist to delete these files without further ado.
This can be a useful way of cleaning up after users whose accounts
have been removed.
Please take a moment to fill out
this visitor survey You can help support this site by
visiting the advertisers that sponsor it! (only once each, though)
