search

CISOfy / lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
https://cisofy.com/lynis/
GNU General Public License v3.0
13.06k stars 1.46k forks source link

Test NETW-3200 #1533

Open osorito opened 4 weeks ago

osorito commented 4 weeks ago

Describe the bug A clear and concise description of what the bug is.

Steps followed to install lynis as root

mkdir -p /usr/local/lynis
cd /usr/local
wget https://downloads.cisofy.com/lynis/lynis-3.1.1.tar.gz
tar xfvz lynis-3.1.1.tar.gz
cd lynis

created following files

echo "install dccp /bin/true" | tee -a /etc/modprobe.d/nodccp >/dev/null
echo "install sctp /bin/true" | tee -a /etc/modprobe.d/nosctp >/dev/null
echo "install rds /bin/true" | tee -a /etc/modprobe.d/nords >/dev/null
echo "install tipc /bin/true" | tee -a /etc/modprobe.d/notipc >/dev/null

Tested it

cd /etc/modprobe.d

omar@Blaze:/etc/modprobe.d$ ls | grep -l -s "^install dccp /bin/true" /etc/modprobe.d/*
/etc/modprobe.d/nodccp

omar@Blaze:/etc/modprobe.d$ ls | grep -l -s "^install rds /bin/true" /etc/modprobe.d/*
/etc/modprobe.d/nords

omar@Blaze:/etc/modprobe.d$ ls | grep -l -s "^install sctp /bin/true" /etc/modprobe.d/*
/etc/modprobe.d/nosctp

omar@Blaze:/etc/modprobe.d$ ls | grep -l -s "^install tipc /bin/true" /etc/modprobe.d/*
/etc/modprobe.d/notipc

executed command 

cd /usr/local/lynis
./lynis audit system --pentest

Got the following results

If you look at the code https://github.com/CISOfy/lynis/blob/master/include/tests_networking

                        # Then additional modprobe configuration files
                        if [ -d ${ROOTDIR}etc/modprobe.d ]; then
                            # Return file names (-l) and suppress errors (-s)
                            DATA=$(${GREPBINARY} -l -s "^install \+${P} \+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/*)
                            if [ -n "${DATA}" ]; then
                                UNCOMMON_PROTOCOL_DISABLED=1
                                for F in ${DATA}; do
                                    LogText "Result: found ${P} module disabled via ${F}"
                                done
                            fi
                        fi
DATA=$(${GREPBINARY} -l -s "^install\s*${P}\s*\/bin\/$(true|false)" /etc/modprobe.d/* ${ROOTDIR}etc/modprobe.d/*)

This is the command supposed to be executed per each protocol

omar@Blaze:/etc/modprobe.d$ ls | grep  -l -s "^install\s*tipc\s*\/bin\/$(true|false)" /etc/modprobe.d/*
/etc/modprobe.d/notipc

Version

Expected behavior A clear and concise description of what you expected to happen.

Those warnings should not happen. If the files I generated are wrong. Please instruct on how to correctly type them so the test does not fail.

Output If applicable, add output that you get from the tool or the related section of lynis.log

omar@Blaze:~$ sudo cat /var/log/lynis.log | grep NETW-3200
2024-08-22 17:52:02 Performing test ID NETW-3200 (Determine available network protocols)
2024-08-22 17:52:02 Suggestion: Determine if protocol 'dccp' is really needed on this system [test:NETW-3200] [details:-] [solution:-]
2024-08-22 17:52:02 Suggestion: Determine if protocol 'sctp' is really needed on this system [test:NETW-3200] [details:-] [solution:-]
2024-08-22 17:52:02 Suggestion: Determine if protocol 'rds' is really needed on this system [test:NETW-3200] [details:-] [solution:-]
2024-08-22 17:52:02 Suggestion: Determine if protocol 'tipc' is really needed on this system [test:NETW-3200] [details:-] [solution:-]

Additional context Add any other context about the problem here.

jpasher-lazor commented 3 weeks ago

This is a dupe of #1502 . It has a PR that is still awaiting merge.