Hello The CheckUpdates() function is executed every time an audit is done. It makes a DNS query and uses the TXT field of the DNS record for this. You can check if you have latest version by running "dig -t TXT lynis-latest-version.cisofy.com" but you would be "phoning home" yourself :-).
The package will be removed soon if the bug isn't fixed, so i cc the pkg-security team asking for sponsorship in case the maintainer is not available. Greetings, Marcos
Description: The CheckUpdates() function is executed every time an audit is done. It makes a DNS query and uses the TXT field of the DNS record for this. This patch cancels this function. You can check if you have latest version by running "dig -t TXT lynis-latest-version.cisofy.com" but you would be "phoning home" yourself :-). Author: Marcos Fouces <marcos.fou...@gmail.com> Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935042 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/include/functions +++ b/include/functions @@ -254,29 +254,7 @@ ################################################################################ CheckUpdates() { - PROGRAM_LV="0000000000"; DB_MALWARE_LV="0000000000"; DB_FILEPERMS_LV="0000000000" - if [ ${RUN_UPDATE_CHECK} -eq 1 ]; then - LYNIS_LV_RECORD="lynis-latest-version.cisofy.com." - FIND=$(which dig 2> /dev/null | grep -v "no [^ ]* in") - if [ ! -z "${FIND}" ]; then - PROGRAM_LV=$(dig +short +time=3 -t txt lynis-latest-version.cisofy.com 2> /dev/null | grep -v "connection timed out" | sed 's/[".]//g' | grep "^[1-9][0-9][0-9]$") - else - FIND=$(which host 2> /dev/null | grep -v "no [^ ]* in ") - if [ ! -z "${FIND}" ]; then - PROGRAM_LV=$(host -t txt -W 3 lynis-latest-version.cisofy.com 2> /dev/null | grep -v "connection timed out" | awk '{ if ($1=="lynis-latest-version.cisofy.com" && $3=="text") { print $4 }}' | sed 's/"//g' | grep "^[1-9][0-9][0-9]$") - if [ "${PROGRAM_LV}" = "" ]; then PROGRAM_LV=0; fi - else - FIND=$(which drill 2> /dev/null | grep -v "no [^ ]* in ") - if [ ! -z "${FIND}" ]; then - PROGRAM_LV=$(drill txt ${LYNIS_LV_RECORD} | awk '{ if ($1=="lynis-latest-version.cisofy.com." && $4=="TXT") { print $5 }}' | tr -d '"' | grep "^[1-9][0-9][0-9]$") - if [ -z "${PROGRAM_LV}" ]; then PROGRAM_LV=0; fi - else - LogText "Result: dig, drill or host not installed, update check skipped" - UPDATE_CHECK_SKIPPED=1 - fi - fi - fi - fi + echo "In Debian distro package, check for updates are disabled." }
