[Bug 903989] New: lynis permissions needs small changes.
http://bugzilla.opensuse.org/show_bug.cgi?id=903989
Bug ID: 903989
Summary: lynis permissions needs small changes.
Classification: openSUSE
Product: openSUSE Distribution
Version: 13.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@suse.de
Reporter: roeland@linux-it.nl
QA Contact: qa-bugs@suse.de
Found By: ---
Blocker: ---
I just installed lynis-1.6.2-1.2.noarch to assess the syate of my 13.2 setup.
It appears that the rpm content does not have correct permissions on some
files.
if I exec the first time:
taplop:~ # lynis -h
[!] Change file permissions of /usr/share/lynis/include/consts to 640.
Command: chmod 640 /usr/share/lynis/include/consts
[!] Change file permissions of /usr/share/lynis/include/functions to 640.
Command: chmod 640 /usr/share/lynis/include/functions
[X] Security check failed: See action above to correct this issue.
Please change ownership and permissions of the related files and start
Lynis again.
taplop:~ # chmod 640 /usr/share/lynis/include/consts
taplop:~ # chmod 640 /usr/share/lynis/include/functions
taplop:~ # lynis -h
Fatal error: permissions of file /usr/share/lynis/include/parameters are not
strict enough. Access to 'other' should be denied or read-only.
taplop:~ # ls -l /usr/share/lynis/include/parameters
-rwxr-xr-x 1 root root 5187 Oct 6 17:43 /usr/share/lynis/include/parameters
taplop:~ # chmod o-x /usr/share/lynis/include/parameters
taplop:~ # ls -l /usr/share/lynis/include/parameters
-rwxr-xr-- 1 root root 5187 Oct 6 17:43 /usr/share/lynis/include/parameters
after this correction it works:
taplop:~ # lynis -h
[ Lynis 1.6.2 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
Copyright 2007-2014 - Michael Boelen, http://cisofy.com
Enterprise support and plugins available via CISOfy - http://cisofy.com
################################################################################
[+] Initializing program
------------------------------------
Scan options:
--auditor "<name>" : Auditor name
--check-all (-c) : Check system
--no-log : Don't create a log file
--pentest : Non-privileged scan (useful for pentest)
--profile <profile> : Scan the system with the given profile file
--quick (-Q) : Quick mode, don't wait for user input
--tests "<tests>" : Run only tests defined by <tests>
--tests-category "<category>" : Run only tests defined by <category>
Layout options:
--no-colors : Don't use colors in output
--quiet (-q) : No output, except warnings
--reverse-colors : Optimize color display for light
backgrounds
Misc options:
--check-update : Check for updates
--debug : Debug logging to screen
--view-manpage (--man) : View man page
--version (-V) : Display version number and quit
Enterprise options:
--plugin-dir "
http://bugzilla.opensuse.org/show_bug.cgi?id=903989
roeland jansen
http://bugzilla.opensuse.org/show_bug.cgi?id=903989
--- Comment #1 from roeland jansen
http://bugzilla.opensuse.org/show_bug.cgi?id=903989
Marcus Meissner
http://bugzilla.opensuse.org/show_bug.cgi?id=903989
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=903989
http://bugzilla.opensuse.org/show_bug.cgi?id=903989#c2
Sascha Manns
http://bugzilla.opensuse.org/show_bug.cgi?id=903989
http://bugzilla.opensuse.org/show_bug.cgi?id=903989#c3
Roeland Jansen
http://bugzilla.opensuse.org/show_bug.cgi?id=903989
http://bugzilla.opensuse.org/show_bug.cgi?id=903989#c4
Sascha Manns
participants (1)
-
bugzilla_noreply@novell.com