Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

i use csf on my server and get email lfd on server2.xxxxxx.com: Suspicious File Alert

TV Clipz
TV Clipz August 14, 2018

i use csf on my server and get emails every hour or less saying lfd on server2.xxxxxx.com: Suspicious File Alert

Time:   Tue Aug 14 17:43:00 2018 -0500
File:   /tmp/snappy-1.1.0.1-54deb2c7-ea57-4e5b-907e-5e04b216997f-libsnappyjava.so
Reason: Linux Binary
Owner:  confluence:confluence (1003:1005)
Action: No action taken

 

also another one 

Time:   Tue Aug 14 17:42:59 2018 -0500
File:   /tmp/liblz4-java1107978496114223354.so
Reason: Linux Binary
Owner:  confluence:confluence (1003:1005)
Action: No action taken

 

why are they suspicious is this an issue can I delete those files in /tmp or even all the files in /tmp folder ?

this is a fresh install of confluence latest build from 2 days ago 8-11-2018

do these files need to exec: 

or can i add a command in csf .Ignore process to stop the emails ?

if these files need to be in /tmp folder how can I avoid this headache of all the emails please

 

thanks for your help

Answer
Watch
Like Be the first to like this
917 views

3 answers

0 votes
TV Clipz
TV Clipz August 15, 2018
Lol you.must be a Dr .I'm guessing. I should have my head examined .for CSF .
So your saying those files belong there ?
File: /tmp/snappy-1.1.0.1-54deb2c7-ea57-4e5b-907e-5e04b216997f-libsnappyjava.so
File: /tmp/liblz4-java1107978496114223354.so

In /var/tmp 
Maybe that should of been my question in the first place .
Thanks for your answer if I'm reading it correctly. 
( stop sending out these incorrect reports) .
Spiro
View More Comments
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 15, 2018

Heh, I just read a lot of scientific stuff, acronyms everywhere in that.

Two things about those files

  • Yes, if Confluence put them there, then they're there for a good reason.
  • But, I'd expect Confluence to use its own working space, not /tmp.  I've only ever seen Confluence put graph files in /tmp, after I told it to use it for generating stuff.  But that was Confluence 5.  I suspect it's more likely to be Synchrony doing it (the bundled, but independent service that handles collaborative editing in Confluence 6+), which I'm less sure what its normal behaviour would be.

I'd try disabling the collaborative editing for a while to confirm if it's Synchrony or not (you can do it in the ui)

Like
TV Clipz
TV Clipz August 15, 2018

I disabled collaborative editing and I'm not getting any messages any longer.. thanks .Not a 100% solution in the overall but did 100% solve my email issues. :) Thanks again .

Like
Reply
0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 15, 2018

This is a question for CSF, whatever that is (Cerebrospinal fluid is the first random acronym I recognised).

I am guessing it is some form of virus or security scan software that is throwing false positives about the confluence installation and you need to configure it to stop sending out these incorrect reports (I'd question why it's getting it wrong first, and look at something a bit more accurate)

View More Comments
TV Clipz
TV Clipz August 15, 2018

ConfigServer Security & Firewall (csf) the correct acronym .

Like
Reply
0 votes
TV Clipz
TV Clipz August 14, 2018

Ok so I went to /var/tmp

And removed both of those files from there. I stopped confluence and then removed files then restarted. 

The lib file came back right away. The other snappy file came back a few minutes later. Just so you are aware.  Also I can't remove them cause confluence keep regenerating them to /var/tmp .so at that point t I'm still getting emails .anyone know how to hide these emails is CSF lfd ?? 

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events