tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

improve non-interactive use of zypper (#208) 

* PKGS-7328: only list installed items of type package

Otherwise the package list may contain duplicate items of type application or patch

Signed-off-by: Andreas Stieger <astieger@suse.com>

* PKGS-7328, PKGS-7330: run zypper with non-interactive flag

Otherwise the test will hang if zypper issues an interactive query or warning,
such as for new/changed keys, network issues or other errors.

Signed-off-by: Andreas Stieger <astieger@suse.com>
This commit is contained in:
Andreas Stieger 2016-05-30 19:20:37 +02:00 committed by Michael Boelen
parent 000077d379
commit ece464b1da
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/tests_ports_packages
View File

@ -285,7 +285,7 @@
N=0
PACKAGE_AUDIT_TOOL_FOUND=1
PACKAGE_AUDIT_TOOL="zypper"
FIND=`${ZYPPERBINARY} se -i | awk '{ if ($1=="i") { print $3 } }'`
FIND=`${ZYPPERBINARY} se -n -t package -i | awk '{ if ($1=="i") { print $3 } }'`
if [ ! "${FIND}" = "" ]; then
for I in ${FIND}; do
N=$((N + 1))
@ -306,7 +306,7 @@
if [ ! "${ZYPPERBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no PKGS-7330 --preqs-met ${PREQS_MET} --weight L --network NO --description "Querying Zypper for vulnerable packages"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=`${ZYPPERBINARY} pchk | grep "(0 security patches)"`
FIND=`${ZYPPERBINARY} -n pchk | grep "(0 security patches)"`
if [ ! "${FIND}" = "" ]; then
LogText "Result: No security updates found with Zypper"
Display --indent 2 --text "- Using Zypper to find vulnerable packages" --result NONE --color GREEN
@ -315,7 +315,7 @@
LogText "Result: Zypper found one or more installed packages which are vulnerable."
ReportWarning ${TEST_NO} "H" "Found one or more vulnerable packages installed"
# Unfortunately zypper does not properly give back which package it is. Usually best guess is last word on the line
FIND=`${ZYPPERBINARY} lp | ${AWKBINARY} '{ if ($5=="security" || $7=="security") { print $NF }}' | sed 's/:$//' | grep -v "^$" | sort -u`
FIND=`${ZYPPERBINARY} -n lp | ${AWKBINARY} '{ if ($5=="security" || $7=="security") { print $NF }}' | sed 's/:$//' | grep -v "^$" | sort -u`
LogText "List of vulnerable packages/version:"
for I in ${FIND}; do
VULNERABLE_PACKAGES_FOUND=1