Bug#822240: lynis: Test KRNL-5820 is not correctly implemented.

Fri, 22 Apr 2016 05:15:59 -0700 

Package: lynis
Version: 1.3.0-1
Severity: important
Tags: patch

Dear Maintainer,

Test KRNL-5820 is not correctly implemented. This test will fail if
/etc/security/limits.conf contains several lines or commented lines which
is mainly the case. A typo error also makes fs.suid_dumpable test to fail.
Here is a proposed patch

--- tests_kernel.orig    2016-04-22 13:52:14.351669214 +0200
+++ tests_kernel    2016-04-22 13:53:40.139668307 +0200
@@ -264,8 +264,8 @@
     if [ -f /etc/security/limits.conf ]; then
         logtext "Result: file /etc/security/limits.conf exists"
         logtext "Test: Checking if core dumps are disabled in
/etc/security/limits.conf"
-        FIND1=`cat /etc/security/limits.conf | awk '{ if ($1=="*" &&
$2=="soft" && $3=="core" && $4=="0") { print "soft core disabled" } else {
print "soft core enabled" } }'`
-        FIND2=`cat /etc/security/limits.conf | awk '{ if ($1=="*" &&
$2=="hard" && $3=="core" && $4=="0") { print "hard core disabled" } else {
print "hard core enabled" } }'`
+        FIND1=`cat /etc/security/limits.conf | grep core | grep -v '^#' |
awk '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="0") { print "soft
core disabled" }  }'`
+        FIND2=`cat /etc/security/limits.conf | grep core | grep -v '^#'
|awk '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="0") { print "hard
core disabled" }  }'`
         if [ "${FIND1}" = "soft core disabled" -a "${FIND2}" = "hard core
disabled" ]; then
             logtext "Result: core dumps (soft and hard) are both disabled"
             Display --indent 2 --text "- Checking core dumps
configuration... " --result DISABLED --color GREEN
@@ -280,7 +280,7 @@

         # Sysctl option
         logtext "Test: Checking sysctl value of fs.suid_dumpable"
-        FIND=`sysctl fs.suid_dumpable | awk '{ if
($1=="fs.suid_dumplable") { print $3 } }'`
+        FIND=`sysctl fs.suid_dumpable | awk '{ if ($1=="fs.suid_dumpable")
{ print $3 } }'`
         logtext "Result: value ${FIND} found"
         if [ "${FIND}" = "1" ]; then
             logtext "Result: setuid programs can perform core dumps"



-- System Information:
Debian Release: 7.10
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500,
'oldstable-proposed-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

lynis depends on no packages.

Versions of packages lynis recommends:
ii  menu  2.1.46

Versions of packages lynis suggests:
ii  dnsutils  1:9.8.4.dfsg.P1-6+nmu2+deb7u10

-- no debconf information

Reply via email to