From 52e1231433eca258d868c6989cf02f26f3870146 Mon Sep 17 00:00:00 2001
From: Michael Boelen <michael.boelen@cisofy.com>
Date: Tue, 8 Oct 2019 16:43:09 +0200
Subject: [PATCH] Additional check to ensure pacman package manager is used
 instead of pacman game

---
 CHANGELOG.md                 | 1 +
 include/tests_ports_packages | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 49e08904..b80c0816 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -103,6 +103,7 @@ Using the relevant options, the scan will change base on the intended goal.
 - STRG-1842 - added default authorized devices and renamed to USB-2000
 - TOOL-5002 - differentiate between a discovered binary and running process
 - TOOL-5160 - added support for OSSEC agent daemon
+- Perform additional check to ensure pacman package manager is used
 - Use 'pre-release/release' (was: 'dev/final') with 'lynis show release'
 - Use only locations from PATH environment variable, unless it is not defined
 - Show tip to use 'lynis generate hostids' when host IDs are missing
diff --git a/include/tests_ports_packages b/include/tests_ports_packages
index 55276ca5..eef56596 100644
--- a/include/tests_ports_packages
+++ b/include/tests_ports_packages
@@ -26,6 +26,7 @@
     PACKAGE_MGR_PKG=0
     PACKAGE_AUDIT_TOOL=""
     PACKAGE_AUDIT_TOOL_FOUND=0
+    PACMANCONF="${ROOTDIR}etc/pacman.conf"
     INSTALLED_PACKAGES=""
 #
 #################################################################################
@@ -191,7 +192,7 @@
 #
     # Test        : PKGS-7310
     # Description : pacman package based systems
-    if [ -n "${PACMANBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    if [ -n "${PACMANBINARY}" -a -f "${PACMANCONF}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
     Register --test-no PKGS-7310 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking package list with pacman"
     if [ ${SKIPTEST} -eq 0 ]; then
         COUNT=0
@@ -222,7 +223,7 @@
 #
     # Test        : PKGS-7312
     # Description : Check for available package updates when pacman package is used
-    if [ -n "${PACMANBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    if [ -n "${PACMANBINARY}" -a -f "${PACMANCONF}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
     Register --test-no PKGS-7312 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking available updates for pacman based system"
     if [ ${SKIPTEST} -eq 0 ]; then
         FOUND=0
@@ -251,8 +252,7 @@
 #
     # Test        : PKGS-7314
     # Description : Check pacman.conf options
-    PACMANCONF="/etc/pacman.conf"
-    if [ -n "${PACMANBINARY}" -a -f ${PACMANCONF} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    if [ -n "${PACMANBINARY}" -a -f "${PACMANCONF}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
     Register --test-no PKGS-7314 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking pacman configuration options"
     if [ ${SKIPTEST} -eq 0 ]; then
         COUNT=0