http://bugzilla.opensuse.org/show_bug.cgi?id=903989 Bug ID: 903989 Summary: lynis permissions needs small changes. Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: roeland@linux-it.nl QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I just installed lynis-1.6.2-1.2.noarch to assess the syate of my 13.2 setup. It appears that the rpm content does not have correct permissions on some files. if I exec the first time: taplop:~ # lynis -h [!] Change file permissions of /usr/share/lynis/include/consts to 640. Command: chmod 640 /usr/share/lynis/include/consts [!] Change file permissions of /usr/share/lynis/include/functions to 640. Command: chmod 640 /usr/share/lynis/include/functions [X] Security check failed: See action above to correct this issue. Please change ownership and permissions of the related files and start Lynis again. taplop:~ # chmod 640 /usr/share/lynis/include/consts taplop:~ # chmod 640 /usr/share/lynis/include/functions taplop:~ # lynis -h Fatal error: permissions of file /usr/share/lynis/include/parameters are not strict enough. Access to 'other' should be denied or read-only. taplop:~ # ls -l /usr/share/lynis/include/parameters -rwxr-xr-x 1 root root 5187 Oct 6 17:43 /usr/share/lynis/include/parameters taplop:~ # chmod o-x /usr/share/lynis/include/parameters taplop:~ # ls -l /usr/share/lynis/include/parameters -rwxr-xr-- 1 root root 5187 Oct 6 17:43 /usr/share/lynis/include/parameters after this correction it works: taplop:~ # lynis -h [ Lynis 1.6.2 ] ################################################################################ Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See the LICENSE file for details about using this software. Copyright 2007-2014 - Michael Boelen, http://cisofy.com Enterprise support and plugins available via CISOfy - http://cisofy.com ################################################################################ [+] Initializing program ------------------------------------ Scan options: --auditor "<name>" : Auditor name --check-all (-c) : Check system --no-log : Don't create a log file --pentest : Non-privileged scan (useful for pentest) --profile <profile> : Scan the system with the given profile file --quick (-Q) : Quick mode, don't wait for user input --tests "<tests>" : Run only tests defined by <tests> --tests-category "<category>" : Run only tests defined by <category> Layout options: --no-colors : Don't use colors in output --quiet (-q) : No output, except warnings --reverse-colors : Optimize color display for light backgrounds Misc options: --check-update : Check for updates --debug : Debug logging to screen --view-manpage (--man) : View man page --version (-V) : Display version number and quit Enterprise options: --plugin-dir "<path"> : Define path of available plugins --upload : Upload data to central node See man page and documentation for all available options. Exiting.. -- You are receiving this mail because: You are on the CC list for the bug.