- Running lynis from /etc/cron.daily some programs delete in-use files (#186)

- grep for whole words to ignore - logging what exactly keeps a file open can be very helpful
2025-09-23 18:07:53 +02:00 · 2016-05-02 19:08:11 +02:00 · 2016-05-02 19:08:11 +02:00 · 2b52276110
commit 2b52276110
parent 3a19887972
1 changed files with 10 additions and 6 deletions
--- a/include/tests_logging
+++ b/include/tests_logging
@ -476,12 +476,16 @@
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking deleted files that are still in use"
-        if [ -e /dev/grsec ]; then
+	LSOF_GREP="WARNING|Output information"
        if [ "${GRSECFOUND}" -ne 0 ]; then
            # grsecurity causes Fail2Ban to hold onto deleted in-use files in /var/tmp
-            FIND=`${LSOFBINARY} -n +L 1 2>&1 | egrep -v "WARNING|Output information|fail2ban" | awk '{ if ($5=="REG") { print $10 } }' | grep -v "^$" | sort -u`
+	    LSOF_GREP="${LSOF_GREP}|fail2ban"
        else
            FIND=`${LSOFBINARY} -n +L 1 2>&1 | egrep -v "WARNING|Output information" | awk '{ if ($5=="REG") { print $10 } }' | grep -v "^$" | sort -u`
        fi
        if [ "${OS_NAME}" = "CentOS" -o "${OS_NAME}" = "Red Hat Enterprise Linux"  ]; then
            # If lynis is run from /etc/cron.daily some deleted in-use files are kept in /tmp
 	    LSOF_GREP="${LSOF_GREP}|anacron|awk|run-parts"
        fi
 	FIND=`${LSOFBINARY} -n +L 1 2>&1 | egrep -vw "${LSOF_GREP}" | awk '{ if ($5=="REG") { printf "%s(%s)\n", $10, $1 } }' | grep -v "^$" | sort -u`
        if [ ! "${FIND}" = "" ]; then
            LogText "Result: found one or more files which are deleted, but still in use"
@ -503,7 +507,7 @@
 Report "log_rotation_config_found=${LOGROTATE_CONFIG_FOUND}"
 Report "log_rotation_tool=${LOGROTATE_TOOL}"
-WaitForKeyPress
+WaitForKeypress
 #
 #================================================================================