The was an error with code integrity check and x-xss protection issue

Operating system: TwisterOS

Web server: nginx/1.14.2

Database: 10.3.27-MariaDB-0+deb10u1 Raspbian 10

PHP version: PHP 7.3.27-1~deb10u1

ownCloud version: 10.7.0.4

https://gist.github.com/JohnTa15/eaf80a45e507cf28f8d9d9abdd9c6f72

The content of config/config.php:

{"reqId":"TNiiP4xquLBRD5NoixGo","level":2,"time":"2021-05-26T17:49:25+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'user_publisher' (Remote IP: '')"}
{"reqId":"rLEhRleQMefocwPgor2v","level":2,"time":"2021-05-26T17:49:25+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'user' (Remote IP: ')"}
{"reqId":"PPdwGB8KhyvZDkevO7D3","level":2,"time":"2021-05-26T17:49:25+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'User' (Remote IP: '')"}
{"reqId":"NiCSbJUlKkXyC8JALm1f","level":2,"time":"2021-05-26T17:49:25+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'webadmin' (Remote IP: '')"}
{"reqId":"b3ZncGQzRCtQX4OPlfYA","level":2,"time":"2021-05-26T17:49:25+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'webadmin' (Remote IP: '')"}
{"reqId":"pdCa0EjuDIHc0ckvE9my","level":2,"time":"2021-05-26T17:49:25+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'websecadm' (Remote IP: '')"}
{"reqId":"2iGOPejJ4GkYdUTOFk8K","level":2,"time":"2021-05-26T17:49:25+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'manager' (Remote IP: '')"}
{"reqId":"xyiQuCJ1j9JhQPWSI4kn","level":2,"time":"2021-05-26T17:49:25+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'tomcat' (Remote IP: '')"}
{"reqId":"jrarKcRQCAYqQYz2ry7V","level":2,"time":"2021-05-26T17:49:25+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'j2deployer' (Remote IP: '')"}
{"reqId":"BCG1eCzFe0jkPkzQwuLD","level":2,"time":"2021-05-26T17:49:25+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'ovwebusr' (Remote IP: '')"}
{"reqId":"zArpFGOreUxNzgEBR5V2","level":2,"time":"2021-05-26T17:49:25+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'cxsdk' (Remote IP: '')"}
{"reqId":"QkpKDpTqmSGCzuAHjcHd","level":2,"time":"2021-05-26T17:49:25+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'root' (Remote IP: '')"}
{"reqId":"RsG5L5Mu2Jerdvg4NQI4","level":2,"time":"2021-05-26T17:49:25+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'ADMIN' (Remote IP: '')"}
{"reqId":"ET0E5VPaX1vj5MZKePCY","level":2,"time":"2021-05-26T17:49:25+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'xampp' (Remote IP: '')"}
{"reqId":"z8EErUuc2ndS5YCT4ZxU","level":2,"time":"2021-05-26T17:49:26+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'QCC' (Remote IP: '')"}
{"reqId":"IRy4h1cjx1SRkxSrYsVo","level":2,"time":"2021-05-26T17:49:26+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'both' (Remote IP: '')"}
{"reqId":"quJoNzox8RKM2bemfPgk","level":2,"time":"2021-05-26T17:49:26+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'role1' (Remote IP: '')"}
{"reqId":"hjBQW3cE7lQBMecFFF0Y","level":2,"time":"2021-05-26T17:49:26+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'admin' (Remote IP: '')"}
{"reqId":"NFfaqQccqeMBATnN0qAI","level":2,"time":"2021-05-26T17:49:26+00:00","remoteAddr":"","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav","message":"Login failed: 'username' (Remote IP: '')"}
{"reqId":"Knj3EPWrowQsELr0yvQv","level":3,"time":"2021-05-27T12:18:11+00:00","remoteAddr":"","user":"--","app":"PHP","method":"--","url":"--","message":"hash_file(\/var\/www\/owncloud\/core\/contacts.key): failed to open stream: Permission denied at \/var\/www\/owncloud\/lib\/private\/IntegrityCheck\/Checker.php#217"}**strong text**



**List of activated apps:**

  • comments:
    • Version: 0.3.0
    • Path: /var/www/owncloud/apps/comments
  • configreport:
    • Version: 0.2.0
    • Path: /var/www/owncloud/apps/configreport
  • dav:
    • Version: 0.6.0
    • Path: /var/www/owncloud/apps/dav
  • federatedfilesharing:
    • Version: 0.5.0
    • Path: /var/www/owncloud/apps/federatedfilesharing
  • federation:
    • Version: 0.1.0
    • Path: /var/www/owncloud/apps/federation
  • files:
    • Version: 1.5.2
    • Path: /var/www/owncloud/apps/files
  • files_external:
    • Version: 0.7.1
    • Path: /var/www/owncloud/apps/files_external
  • files_mediaviewer:
    • Version: 1.0.4
    • Path: /var/www/owncloud/apps/files_mediaviewer
  • files_sharing:
    • Version: 0.14.0
    • Path: /var/www/owncloud/apps/files_sharing
  • files_trashbin:
    • Version: 0.9.1
    • Path: /var/www/owncloud/apps/files_trashbin
  • files_versions:
    • Version: 1.3.0
    • Path: /var/www/owncloud/apps/files_versions
  • firstrunwizard:
    • Version: 1.2.0
    • Path: /var/www/owncloud/apps/firstrunwizard
  • market:
    • Version: 0.6.0
    • Path: /var/www/owncloud/apps/market
  • notifications:
    • Version: 0.5.2
    • Path: /var/www/owncloud/apps/notifications
  • provisioning_api:
    • Version: 0.5.0
    • Path: /var/www/owncloud/apps/provisioning_api
  • systemtags:
    • Version: 0.3.0
    • Path: /var/www/owncloud/apps/systemtags
  • updatenotification:
    • Version: 0.2.1
    • Path: /var/www/owncloud/apps/updatenotification
      Disabled:
  • encryption:
    • Path: /var/www/owncloud/apps/encryption
  • external:
    • Path: /var/www/owncloud/apps/external
  • user_external:
    • Path: /var/www/owncloud/apps/user_external

**Are you using external storage, if yes which one:** /media/ownclouddrive/

**Are you using encryption:**
no

### Client configuration
**Browser:**
Chrome 

**Operating system:**
TwisterOS

### Logs

#### ownCloud log (data/owncloud.log)

{“reqId”:“FTKmUtBEwMgT41ZIFlEL”,“level”:3,“time”:“2021-05-12T23:14:13+00:00”,“remoteAddr”:“192.168.1.10”,“user”:"–",“app”:“PHP”,“method”:“POST”,“url”:"/owncloud/index.php",“message”:“Undefined index: dbconnectionstring at /var/www/owncloud/lib/private/Setup/AbstractDatabase.php#82”}
{“reqId”:“FTKmUtBEwMgT41ZIFlEL”,“level”:3,“time”:“2021-05-12T23:14:13+00:00”,“remoteAddr”:“192.168.1.10”,“user”:"–",“app”:“mysql.setup”,“method”:“POST”,“url”:"/owncloud/index.php",“message”:“Specific user creation failed: An exception occurred while executing ‘SELECT user FROM mysql.user WHERE user=?’ with params [“oc_owncloudpi”]:\n\nSQLSTATE[42000]: Syntax error or access violation: 1142 SELECT command denied to user ‘owncloudpi’@‘localhost’ for table ‘user’”}


Hello, 
So recently I installed on my raspberrypi owncloud files but I have some errors in main page like integrity errors or x-xss protection and sometimes it pops that the server has no internet connection.
About integrity errors I saw from the owncloud FAQ to run : sudo -u www-data ./occ integrity:check-core  and  I saw this error INVALID_HASH that means that I have modified this file. What should I do about this issue? Also I make some changes to nginx server to make it more secure like to enable x-xss protection and other stuff but nothing changed about x-xss error. Can anyone help about those errors? The tutorials I followed:
https://pimylifeup.com/raspberry-pi-owncloud/ 
https://nbeguier.medium.com/nginx-security-configuration-tips-557c35e0d75b

Thanks

Hi JohnTa15,

To me it looks that you did not copy the hidden files from the original zip/tarball.
Those steps should fix your issues:

  • Double check that .htaccess and .user.ini are in your ownCloud root (there is the X-XSS-Protection directive)
  • The other integrity check issue: remove the files contacts.csr and contacts.key from your ownCloud directory. Then run the integrity test again.

Hello,
.htaccess and .user.ini are in this folder with those permissions

and second I moved contacts in another folder but the command: sudo -u www-data ./occ integrity:check-core showed this:

 - core:
    - INVALID_HASH:
      - .htaccess:
        - expected: a59e561f70cd7e5af9a9215ffff731bb4ce913d7f8f17cbdcdd9df3280557a395694ac91cad8875271d9f7c9150347f62ba719522edef5ff5480458c25ec1005
        - current: 28e639ec3e3f37e9d9ed34d3e3d985f70ca4549d9b6262a3d252c7436682f9c9d0409923a698b241b1c89485fe713a4b1c1a4471678c5ae8b7b54e2686f2ca34
      - .user.ini:
        - expected: 0a557e3cdca4c2e3675deed761d79d109011dcdebbd9c7f6429f1d3476938ec95729543d7384651d1d0c48e26c5024cc5f517445920915a704ea748bdb903c5f
        - current: 5a55758697a48c356ae38508b9184f692e514c7dcb25e157543f3f772e0470587200204f5d79eea575855c2a118cb4dc07b4f7e523f7e6405959d3d284c550ff

then they are not the correct version. extract them from the original tarball and replace the existing files

Hmm where should I find these ?

On the ownCloud download page of course :wink:

Ok I fixed it thank you very much :smiley:

But the error for X-XSS protection is still here… don’t know why