search

CISOfy / lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
https://cisofy.com/lynis/
GNU General Public License v3.0
12.86k stars 1.44k forks source link

[PKGS-7410] Does not detect the package containing the kernel. #1497

Open ferorge opened 2 months ago

ferorge commented 2 months ago

Is your feature request related to a problem? Please describe. When lynis runs the test [PKGS-7410] it does not detect the package containing the kernel. hardware: odroid xu4 hardkernel OS: ubuntu 24.04 armhf lynis:3.1.2

2024-05-14 05:28:28 ==== 2024-05-14 05:28:28 Performing test ID PKGS-7410 (Count installed kernel packages) 2024-05-14 05:28:28 Test: Checking how many kernel packages are installed 2024-05-14 05:28:28 Result: found no kernels from dpkg -l output, which is unexpected 2024-05-14 05:28:28 Exception: test has an exceptional event (PKGS-7410) with text Could not find any kernel packages via package manager 2024-05-14 05:28:33 ====

# dpkg -S /boot/zImage
linux-odroid-5422: /boot/zImage

Describe the solution you'd like I would like lynis to detect the package so that it doesn't find an exception.

Thank you so much! Greetings!

mboelen commented 2 months ago

What is the package name of the kernel that you see when running dpkg -l?

Then it can be added in include/tests_ports_packages on line 1345 KERNEL_PKG_NAMES="linux-image-[0-9]|raspberrypi-kernel|pve-kernel-[0-9]"

Would be great if you can test it, as this is very specific. If it works, a pull request would be very welcome (to give you the credit for reporting and testing).

ferorge commented 6 days ago

Hi @mboelen

The solution you indicate is correct.

Line 1340 of the file /usr/share/lynis/include/tests_ports_packages looked like this:

KERNEL_PKG_NAMES="linux-image-[0-9]|raspberrypi-kernel|pve-kernel-[0-9]|linux-odroid-5422"

Output from lynis.log:

2024-07-23 06:02:15 Performing test ID PKGS-7410 (Count installed kernel packages) 2024-07-23 06:02:15 Test: Checking how many kernel packages are installed 2024-07-23 06:02:15 Result: found 1 kernel packages on the system, which is fine 2024-07-23 06:02:15 ====

The /boot/zImage file is the kernel. I attach the output of the command:

dpkg -L linux-odroid-5422

/. /boot /boot/exynos5422-odroidhc1.dtb /boot/exynos5422-odroidxu3-lite.dtb /boot/exynos5422-odroidxu3.dtb /boot/exynos5422-odroidxu4.dtb /boot/exynos5422-samsung-k3g.dtb /boot/overlays /boot/overlays/ads7846.dtbo /boot/overlays/hktft-cs-ogst.dtbo /boot/overlays/hktft32.dtbo /boot/overlays/hktft35.dtbo /boot/overlays/i2c0.dtbo /boot/overlays/i2c1.dtbo /boot/overlays/onewire.dtbo /boot/overlays/spi0.dtbo /boot/overlays/sx865x-i2c1.dtbo /boot/overlays/uart0.dtbo /boot/zImage /lib desviado por base-files a: /lib.usr-is-merged ...

The output still lists all modules in /lib/modules/6.6.13-9/kernel and the source in /usr/src/linux-6.6.13-9/