Hi Sébastien, Thank you for your report. I am reviewing your patch. Looks right. I'll upload new Lynis Debian version in next days.
Regards,
Francisco
El vie, 22-04-2016 a las 14:11 +0200, Sébastien Couret escribió:
> Package: lynis
> Version: 1.3.0-1
> Severity: important
> Tags: patch
>
> Dear Maintainer,
>
> Test KRNL-5820 is not correctly implemented. This test will fail if
> /etc/security/limits.conf contains several lines or commented lines
> which is mainly the case. A typo error also makes fs.suid_dumpable
> test to fail. Here is a proposed patch
>
> --- tests_kernel.orig 2016-04-22 13:52:14.351669214 +0200
> +++ tests_kernel 2016-04-22 13:53:40.139668307 +0200
> @@ -264,8 +264,8 @@
> if [ -f /etc/security/limits.conf ]; then
> logtext "Result: file /etc/security/limits.conf exists"
> logtext "Test: Checking if core dumps are disabled in
> /etc/security/limits.conf"
> - FIND1=`cat /etc/security/limits.conf | awk '{ if ($1=="*" &&
> $2=="soft" && $3=="core" && $4=="0") { print "soft core disabled" }
> else { print "soft core enabled" } }'`
> - FIND2=`cat /etc/security/limits.conf | awk '{ if ($1=="*" &&
> $2=="hard" && $3=="core" && $4=="0") { print "hard core disabled" }
> else { print "hard core enabled" } }'`
> + FIND1=`cat /etc/security/limits.conf | grep core | grep -v
> '^#' | awk '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="0") {
> print "soft core disabled" } }'`
> + FIND2=`cat /etc/security/limits.conf | grep core | grep -v
> '^#' |awk '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="0") {
> print "hard core disabled" } }'`
> if [ "${FIND1}" = "soft core disabled" -a "${FIND2}" = "hard
> core disabled" ]; then
> logtext "Result: core dumps (soft and hard) are both
> disabled"
> Display --indent 2 --text "- Checking core dumps
> configuration... " --result DISABLED --color GREEN
> @@ -280,7 +280,7 @@
>
> # Sysctl option
> logtext "Test: Checking sysctl value of fs.suid_dumpable"
> - FIND=`sysctl fs.suid_dumpable | awk '{ if
> ($1=="fs.suid_dumplable") { print $3 } }'`
> + FIND=`sysctl fs.suid_dumpable | awk '{ if
> ($1=="fs.suid_dumpable") { print $3 } }'`
> logtext "Result: value ${FIND} found"
> if [ "${FIND}" = "1" ]; then
> logtext "Result: setuid programs can perform core dumps"
>
>
>
> -- System Information:
> Debian Release: 7.10
> APT prefers oldstable-updates
> APT policy: (500, 'oldstable-updates'), (500, 'oldstable-proposed-
> updates'), (500, 'oldstable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
> Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> lynis depends on no packages.
>
> Versions of packages lynis recommends:
> ii menu 2.1.46
>
> Versions of packages lynis suggests:
> ii dnsutils 1:9.8.4.dfsg.P1-6+nmu2+deb7u10
>
> -- no debconf information
>
--
Francisco M. García Claramonte
Debian GNU/Linux Developer <franci...@debian.org>
GPG: public key ID 3219C4E7
http://people.debian.org/~francisco/
signature.asc
Description: This is a digitally signed message part
