search

CISOfy / lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
https://cisofy.com/lynis/
GNU General Public License v3.0
13.5k stars 1.49k forks source link

profile contains unexpected characters - unknown option RUNDIR #747

Closed danie-dejager closed 5 years ago

danie-dejager commented 5 years ago

Describe the bug I use RUNDIR in all my prfs and since version 3 it causes an error. I'm not sure if RUNDIR is no longer required starting version 3 or it has a new name. My collegue added it (who is now on leave), I'm not sure if it was a way to force lynis to run from a specific directory. I believe lynis stops right before it would've created a new log file.

If it is not known by yourself I can remove it from all my prfs

Output

[+] Initializing program
------------------------------------
- Detecting OS...  [ DONE ]
...
[DEBUG] Compliance scanning for CIS Benchmarks is enabled
[DEBUG] Compliance scanning for HIPAA is enabled
[DEBUG] Compliance scanning for ISO27001 is enabled
[DEBUG] Compliance scanning for PCI DSS is enabled
[DEBUG] Profile option set: upload (with value no)
[DEBUG] Upload set to no
[DEBUG] Profile option set: upload-server (with value )
[DEBUG] Profile option set: upload-options (with value )
  [WARNING]: Your profile '/opt/lynis/server-centos.prf' contains unexpected characters. See the log file for more information.

Contents of one of my prf files. I hashed out RUNDIR and after doing so ver 3 starting working correctly.

# cat /opt/lynis/server-centos.prf

# This profile is useful when creating your own tests, or debugging tests
# lynis audit system --profile striata.prf
plugin=striata-os
plugin=striata-platform
plugin=striata-platform-addons
#RUNDIR="/opt/lynis"
#skip-test=AUTH-9218
skip-test=AUTH-9286
skip-test=SSH-7408:port
skip-test=SSH-7408:maxauthtries
skip-test=SSH-7408:maxsessions
skip-test=KRNL-6000:fs.suid_dumpable
skip-test=NETW-3032
skip-test=FILE-6310
skip-test=ACCT-9622

Version Distribution [CentOS Linux release 7.6.1810] Lynis version [3.0.0]

mboelen commented 5 years ago

That option most likely never did something, as entries with capitals would not have matched the related grep. A filter that will be part of the new 3.x release, caught the " and therefore stopped the execution of Lynis.

So you can purge this particular line from your profile.