tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[KRNL-5788] Fix false positive warning on missing /vmlinuz (#650) 

Not all architectures use a /vmlinuz symlink in Debian. For instance,
armhf systems may only provide a symlink in /boot/vmlinuz. Fall back to
testing /boot/vmlinuz if /vmlinuz is not found.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
This commit is contained in:
silentcreek 2019-03-07 10:05:12 +01:00 committed by Michael Boelen
parent 17f2e34660
commit fb567465c9
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
include/tests_kernel
View File

@ -374,10 +374,17 @@
LogText "Test: Searching apt-cache, to determine if a newer kernel is available" LogText "Test: Searching apt-cache, to determine if a newer kernel is available"
if [ -x ${ROOTDIR}usr/bin/apt-cache ]; then if [ -x ${ROOTDIR}usr/bin/apt-cache ]; then
LogText "Result: found ${ROOTDIR}usr/bin/apt-cache" LogText "Result: found ${ROOTDIR}usr/bin/apt-cache"
LogText "Test: checking readlink location of ${ROOTDIR}vmlinuz" LogText "Test: checking presence of ${ROOTDIR}vmlinuz or ${ROOTDIR}boot/vmlinuz"
if [ -f ${ROOTDIR}vmlinuz ]; then if [ -f ${ROOTDIR}vmlinuz -o -f ${ROOTDIR}boot/vmlinuz ]; then
HAS_VMLINUZ=1 HAS_VMLINUZ=1
FINDKERNFILE=$(readlink -f ${ROOTDIR}vmlinuz) if [ -f ${ROOTDIR}vmlinuz ]; then
FINDVMLINUZ=${ROOTDIR}vmlinuz
else
FINDVMLINUZ=${ROOTDIR}boot/vmlinuz
fi
LogText "Result: found ${FINDVMLINUZ}"
LogText "Test: checking readlink location of ${FINDVMLINUZ}"
FINDKERNFILE=$(readlink -f ${FINDVMLINUZ})
LogText "Output: readlink reported file ${FINDKERNFILE}" LogText "Output: readlink reported file ${FINDKERNFILE}"
LogText "Test: checking package from dpkg -S" LogText "Test: checking package from dpkg -S"
FINDKERNEL=$(dpkg -S ${FINDKERNFILE} 2> /dev/null | ${AWKBINARY} -F : '{print $1}') FINDKERNEL=$(dpkg -S ${FINDKERNFILE} 2> /dev/null | ${AWKBINARY} -F : '{print $1}')
@ -386,8 +393,8 @@
FINDKERNEL=linux-image-$(uname -r) FINDKERNEL=linux-image-$(uname -r)
LogText "Result: ${ROOTDIR}vmlinuz missing due to grsecurity; assuming ${FINDKERNEL}" LogText "Result: ${ROOTDIR}vmlinuz missing due to grsecurity; assuming ${FINDKERNEL}"
else else
LogText "This system is missing ${ROOTDIR}vmlinuz. Unable to check whether kernel is up-to-date." LogText "This system is missing ${ROOTDIR}vmlinuz or ${ROOTDIR}boot/vmlinuz. Unable to check whether kernel is up-to-date."
ReportSuggestion ${TEST_NO} "Determine why ${ROOTDIR}vmlinuz is missing on this Debian/Ubuntu system." "/vmlinuz" ReportSuggestion ${TEST_NO} "Determine why ${ROOTDIR}vmlinuz or ${ROOTDIR}boot/vmlinuz is missing on this Debian/Ubuntu system." "/vmlinuz or /boot/vmlinuz"
fi fi
LogText "Test: Using apt-cache policy to determine if there is an update available" LogText "Test: Using apt-cache policy to determine if there is an update available"
FINDINST=$(apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Installed' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' ') FINDINST=$(apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Installed' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' ')