Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Describe the bug
A clear and concise description of what the bug is.
Steps followed to install lynis as root
mkdir -p /usr/local/lynis
cd /usr/local
wget https://downloads.cisofy.com/lynis/lynis-3.1.1.tar.gz
tar xfvz lynis-3.1.1.tar.gz
cd lynis
created following files
echo "install dccp /bin/true" | tee -a /etc/modprobe.d/nodccp >/dev/null
echo "install sctp /bin/true" | tee -a /etc/modprobe.d/nosctp >/dev/null
echo "install rds /bin/true" | tee -a /etc/modprobe.d/nords >/dev/null
echo "install tipc /bin/true" | tee -a /etc/modprobe.d/notipc >/dev/null
Tested it
cd /etc/modprobe.d
omar@Blaze:/etc/modprobe.d$ ls | grep -l -s "^install dccp /bin/true" /etc/modprobe.d/*
/etc/modprobe.d/nodccp
omar@Blaze:/etc/modprobe.d$ ls | grep -l -s "^install rds /bin/true" /etc/modprobe.d/*
/etc/modprobe.d/nords
omar@Blaze:/etc/modprobe.d$ ls | grep -l -s "^install sctp /bin/true" /etc/modprobe.d/*
/etc/modprobe.d/nosctp
omar@Blaze:/etc/modprobe.d$ ls | grep -l -s "^install tipc /bin/true" /etc/modprobe.d/*
/etc/modprobe.d/notipc
executed command
cd /usr/local/lynis
./lynis audit system --pentest
# Then additional modprobe configuration files
if [ -d ${ROOTDIR}etc/modprobe.d ]; then
# Return file names (-l) and suppress errors (-s)
DATA=$(${GREPBINARY} -l -s "^install \+${P} \+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/*)
if [ -n "${DATA}" ]; then
UNCOMMON_PROTOCOL_DISABLED=1
for F in ${DATA}; do
LogText "Result: found ${P} module disabled via ${F}"
done
fi
fi
This is the command supposed to be executed per each protocol
omar@Blaze:/etc/modprobe.d$ ls | grep -l -s "^install\s*tipc\s*\/bin\/$(true|false)" /etc/modprobe.d/*
/etc/modprobe.d/notipc
Version
Distribution [e.g. Ubuntu 24.04]
Lynis version [e.g. 3.1.2]
Expected behavior
A clear and concise description of what you expected to happen.
Those warnings should not happen.
If the files I generated are wrong. Please instruct on how to correctly type them so the test does not fail.
Output
If applicable, add output that you get from the tool or the related section of lynis.log
omar@Blaze:~$ sudo cat /var/log/lynis.log | grep NETW-3200
2024-08-22 17:52:02 Performing test ID NETW-3200 (Determine available network protocols)
2024-08-22 17:52:02 Suggestion: Determine if protocol 'dccp' is really needed on this system [test:NETW-3200] [details:-] [solution:-]
2024-08-22 17:52:02 Suggestion: Determine if protocol 'sctp' is really needed on this system [test:NETW-3200] [details:-] [solution:-]
2024-08-22 17:52:02 Suggestion: Determine if protocol 'rds' is really needed on this system [test:NETW-3200] [details:-] [solution:-]
2024-08-22 17:52:02 Suggestion: Determine if protocol 'tipc' is really needed on this system [test:NETW-3200] [details:-] [solution:-]
Additional context
Add any other context about the problem here.
Describe the bug A clear and concise description of what the bug is.
Steps followed to install lynis as root
created following files
Tested it
executed command
Got the following results
Determine if protocol 'dccp' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/
Determine if protocol 'sctp' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/
Determine if protocol 'rds' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/
Determine if protocol 'tipc' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/
If you look at the code https://github.com/CISOfy/lynis/blob/master/include/tests_networking
This is the command supposed to be executed per each protocol
Version
Expected behavior A clear and concise description of what you expected to happen.
Those warnings should not happen. If the files I generated are wrong. Please instruct on how to correctly type them so the test does not fail.
Output If applicable, add output that you get from the tool or the related section of lynis.log
Additional context Add any other context about the problem here.