KRNL-5830 fails when multiple kernels are installed.

[digitalcheetah]

Describe the bug When multiple kernels are installed on a system, KRNL-5830 seems to fail with a restart needed message, even if the kernel that is loaded is the same as on the disk. Naturally, if one kernel is installed, it's not really an issue.

Version

• Distribution: Artix Linux Rolling
• Lynis version: 3.0.8

Expected behavior Ideally, Lynis should detect the kernels installed, detect the currently running kernel, and use that as the basis for comparison.

Output

2023-06-10 11:23:33 Performing test ID KRNL-5830 (Checking if system is running on the latest installed kernel)
2023-06-10 11:23:33 Test: Checking presence /var/run/reboot-required.pkgs
2023-06-10 11:23:33 Result: file /var/run/reboot-required.pkgs not found
2023-06-10 11:23:33 Test: Checking presence /var/run/needs_restarting
2023-06-10 11:23:33 Result: file /var/run/needs_restarting not found
2023-06-10 11:23:33 Result: /boot exists, performing more tests from here
2023-06-10 11:23:33 Result: found /boot/vmlinuz-linux
2023-06-10 11:23:33 Result: version derived from file name is ''
2023-06-10 11:23:33 Test: checking kernel version on disk
2023-06-10 11:23:33 Result: found version 6.3.4-artix1-1
2023-06-10 11:23:33 Result: active kernel version 6.1.31-hardened1-1-hardened
2023-06-10 11:23:33 Result: reboot needed, as there is a difference between active kernel and the one on disk
2023-06-10 11:23:33 Result: /var/cache/apt/archives/ does not exist
2023-06-10 11:23:33 Warning: Reboot of system is most likely needed [test:KRNL-5830] [details:] [solution:text:reboot]
2023-06-10 11:23:33 Hardening: assigned partial number of hardening points (0 of 5). Currently having 5 points (out of 15)
2023-06-10 11:23:33 Security check: file is normal
2023-06-10 11:23:33 Checking permissions of /usr/share/lynis/include/tests_memory_processes
2023-06-10 11:23:33 File permissions are OK

Additional context It is worth noting that Artix (and probably Arch) do not place versions in their filenames. I don't know if or how that's going to affect things. I am open to ideas, though.

[EntityinArray]

Facing this issue as well on Arch Linux

2023-09-14 10:17:09 Performing test ID KRNL-5830 (Checking if system is running on the latest installed kernel)
2023-09-14 10:17:09 Test: Checking presence /var/run/reboot-required.pkgs                                                                                                                                                                    2023-09-14 10:17:09 Result: file /var/run/reboot-required.pkgs not found                                                                                                                                                                     2023-09-14 10:17:09 Test: Checking presence /var/run/needs_restarting
2023-09-14 10:17:09 Result: file /var/run/needs_restarting not found
2023-09-14 10:17:09 Result: /boot exists, performing more tests from here
2023-09-14 10:17:09 Result: found /boot/vmlinuz-linux
2023-09-14 10:17:09 Result: version derived from file name is ''
2023-09-14 10:17:09 Test: checking kernel version on disk
2023-09-14 10:17:09 Result: found version 6.5.3-arch1-1                                                                                                                                                                                      2023-09-14 10:17:09 Result: active kernel version 6.5.3-zen1-1-zen
2023-09-14 10:17:09 Result: reboot needed, as there is a difference between active kernel and the one on disk

[mboelen]

Thanks for reporting. To resolve this, your help is welcome, as things need to continue to work on all Linux distributions.

Is there a way to easily get the version from the vmlinuz-linux file that matches the same naming convention?

And maybe a silly question: why install different types of kernels? Do you switch between them? Is it for testing purposes?