→
Steps to reproduce
- Download latest OC Version, upload to Server via ssh, rename old installation, unzip new, check file owner
- copy config.php and theme from old installation to new
- Start upgrade via Login page, works fine without problems
- Enter Admin Area, receive message about file integrity, rescan, same result
Expected behaviour
There should not be an file integrity waring as I copied untouched zip.
Actual behaviour
Results
- core
- FILE_MISSING
- l10n/l10n.pl
- FILE_MISSING
Raw output
Array
(
[core] => Array
(
[FILE_MISSING] => Array
(
[l10n/l10n.pl] => Array
(
[expected] => 6d6584429183544426267afe850411a87c48b6a6636d0373c1020267fc13e901c71d8ce0df7d7a971d9dbff948701283f6e97083a0d9c0b15a76722187c1b0ef
[current] =>
)
)
)
)
Server configuration
Operating system:
latest Debian
Web server:
Apache
Database:
MySQL
PHP version:
7.0.21
ownCloud version: (see ownCloud admin page)
installed true
maintenance false
needsDbUpgrade false
version 10.0.2.1
versionstring 10.0.2
edition Community
Updated from an older ownCloud or fresh install:
updated from 9.1.6
Where did you install ownCloud from:
Signing status (ownCloud 9.0 and above):
??
Login as admin user into your ownCloud and access
http://example.com/index.php/settings/integrity/failed
paste the results into https://gist.github.com/ and puth the link here.
Log in to the web-UI with an administrator account and click on
‘admin’ → ‘Generate Config Report’ → ‘Download ownCloud config report’
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.
or
Using username “root”.
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have mail.
Last login: Thu Jul 13 11:38:16 2017 from p548fb356.dip0.t-ipconnect.de
This server is powered by Plesk. Log in by browsing
https://176.9.38.236:8443/ or https://cloud3.karle-cms.de:8443/
You can log in as user ‘root’ or ‘admin’. To log in as ‘admin’, use the 'plesk l torage php occ config:list system
{
“system”: {
“instanceid”: “och42otxgpi6”,
“passwordsalt”: “REMOVED SENSITIVE VALUE”,
“secret”: “REMOVED SENSITIVE VALUE”,
“trusted_domains”: [
“myfilestorage.de”
],
“datadirectory”: “/var/www/vhosts//httpdocs/data",
“overwrite.cli.url”: "https://.de”,
“dbtype”: “mysql”,
“version”: “10.0.2.1”,
“dbname”: “cloud”,
“dbhost”: “localhost:3306”,
“dbtableprefix”: “oc_”,
“dbuser”: “REMOVED SENSITIVE VALUE”,
“dbpassword”: “REMOVED SENSITIVE VALUE”,
“logtimezone”: “UTC”,
“installed”: true,
“theme”: “eurel”,
“mail_from_address”: “no-reply”,
“mail_smtpmode”: “smtp”,
“mail_domain”: “*****.de”,
“mail_smtpauth”: 1,
“mail_smtphost”: “ssl2.mails.mx”,
“mail_smtpport”: “587”,
“mail_smtpname”: “REMOVED SENSITIVE VALUE”,
“mail_smtppassword”: “REMOVED SENSITIVE VALUE”,
“mail_smtpsecure”: “ssl”,
“loglevel”: 2,
“maintenance”: false,
“updater.secret”: “REMOVED SENSITIVE VALUE”,
“integrity_check_disabled”: false
}
}
ATTENTION: Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove all host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.
**List of activated apps:**
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.
**Are you using external storage, if yes which one:** local/smb/sftp/...
no
**Are you using encryption:** yes/no
no
**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...
no