CISOfy / lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
https://cisofy.com/lynis/
GNU General Public License v3.0
13.51k stars 1.49k forks source link

Test KRNL-5622 what about SO without systemd (systemctl) - for example Slackware? #1544

Closed teoberi closed 1 month ago

teoberi commented 2 months ago

Describe the bug https://github.com/CISOfy/lynis/blob/fb5b808944819a2e0571d3aff3a02ec1c760f0eb/include/tests_kernel#L44

Version

Expected behavior If it does not exist, the command should not be run: systemctl get-default

Output

[+] Kernel

/root/lynis/include/tests_kernel: line 44: get-default: command not found

teoberi commented 2 months ago

A possible solution: if [ $([ ! -z ${SYSTEMCTLBINARY} ] && ${SYSTEMCTLBINARY} get-default) ]; then

teoberi commented 2 months ago

Can it be accepted?

mboelen commented 2 months ago

Added a slightly different if-statement to allow also for proper logging. See commit https://github.com/CISOfy/lynis/commit/03168113ca7d022785ce5dd6daa4f9af895edd4f

Can you test if it works for you?

teoberi commented 2 months ago

With my modification, the runlevel is also displayed in the case without systemd. With your modification, the runlevel display is missing if systemd is missing! I tested in my version with -n instead of ! -z and it doesn't work!

The if block for inittab is out of place!

2024-09-30 15:23:28 Performing test ID KRNL-5622 (Determine Linux default run level) 2024-09-30 15:23:28 Result: test skipped, as systemctl binary could not be found

mboelen commented 2 months ago

You are right, your solution might be better suited for a wider range of Linux distributions. Want to create a pull request for it?

teoberi commented 2 months ago

I can create a pull request, but I would like to study a little more the two code variants.

teoberi commented 2 months ago

After a bit of study, I finally stuck with my solution. I also studied the documentation and the examples from here, after which I tested the versions with -n and -z both in Slackware64-current and in Ubuntu 24.04.01.

Option\Value non-empty empty not declared/not set
-v true true false
-z false true true
-n true false false

The only option that worked for both OSes is ! -z I will test everything again tomorrow after which I will add a pull request.