tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-29 16:54:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add warning if DNF found vulnerable packages

Browse Source
This commit is contained in:
mboelen 2016-01-25 13:57:31 +01:00
parent 3999be2300
commit acafb316d3
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/tests_ports_packages
View File

@ -409,12 +409,14 @@
FIND=`${DNFBINARY} -q updateinfo list sec | awk '{ if ($2=="security") {print $3}}'` FIND=`${DNFBINARY} -q updateinfo list sec | awk '{ if ($2=="security") {print $3}}'`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
VULNERABLE_PACKAGES_FOUND=1 VULNERABLE_PACKAGES_FOUND=1
LogText "Result: found vulnerable packages, upgrade of system needed."
for PKG in ${FIND}; do for PKG in ${FIND}; do
Report "vulnerable_package[]=${I}" Report "vulnerable_package[]=${I}"
LogText "Vulnerable package: ${I}" LogText "Vulnerable package: ${I}"
# Decrease hardening points for every found vulnerable package # Decrease hardening points for every found vulnerable package
AddHP 1 2 AddHP 1 2
done done
ReportWarning ${TEST_NO} "H" "Found one or more vulnerable packages. Run: dnf upgrade"
else else
LogText "Result: no security updates found" LogText "Result: no security updates found"
AddHP 5 5 AddHP 5 5
@ -427,7 +429,7 @@
Register --test-no "PKGS-7354" --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking package database integrity" Register --test-no "PKGS-7354" --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking package database integrity"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
# Check for security updates # Check for security updates
LogText "Action: checking updateinfo for security updates" LogText "Action: checking integrity of package database"
FIND=`${DNFBINARY} -q repoquery --duplicated` FIND=`${DNFBINARY} -q repoquery --duplicated`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
Logtext "Result: found unexpected result on repoquery --duplicated" Logtext "Result: found unexpected result on repoquery --duplicated"