Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Describe the bug
On Fedora 40 the new (312) version of lynis outputs the message,
kadmin.local: unable to get default realm
This occurs during the Kerberos section but is not affected by "2>&1" redirection,
so goes to the "terminal" or preceding/calling process output (eg. in my case cron).
I assume it's coming directly from the kadmin.local binary so there probably needs
to be a test of krb config before this is called & not called at all under conditions
where krb is not used.
However I'm sure there could be circumstances where a bad actor might hide a krb
config & potentially use it for secure channels/auth.
Version
Distribution Fedora 40 (fc40)
Lynis version 3.1.2-1.fc40
Expected behavior
The (error?) message should be appropriately directed, & able to be redirected, when
kadmin.local is being called from within lynis.
In my case where there is no krb config it should probably not occur.
ie. an attempt to get the "default realm" will fail & so probably should not even be
attempted.
Output
kadmin.local: unable to get default realm
Additional context
Followed the 312 version install on FC40 after the "grep usage" messages were fixed.
Describe the bug On Fedora 40 the new (312) version of lynis outputs the message,
This occurs during the Kerberos section but is not affected by "2>&1" redirection, so goes to the "terminal" or preceding/calling process output (eg. in my case cron). I assume it's coming directly from the kadmin.local binary so there probably needs to be a test of krb config before this is called & not called at all under conditions where krb is not used. However I'm sure there could be circumstances where a bad actor might hide a krb config & potentially use it for secure channels/auth.
Version
Expected behavior The (error?) message should be appropriately directed, & able to be redirected, when kadmin.local is being called from within lynis.
In my case where there is no krb config it should probably not occur. ie. an attempt to get the "default realm" will fail & so probably should not even be attempted.
Output kadmin.local: unable to get default realm
Additional context Followed the 312 version install on FC40 after the "grep usage" messages were fixed.