You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I used AIDE as HIDS. Unfortunately, Lynis only partially honors the definitions from /etc/aide.conf.
As long as the AIDE database is stored locally in the file system, e.g.: /var/lib/aide/pml010074.aide-database
And at the same time in /etc/aide.conf the corresponding setting is: database_in=file:@@{DBDIR}/pml010074.aide-database
lynis audit system' runs smoothly without any problems. The results I get include:
For security reasons, the AIDE database is not stored locally but is copied to a protected internal server after creation.
In the /etc/aide.conf is therefore defined: database_in = http://10.20.30.40/local/pml010074.aide-database
Aide then fetches the database via get_url at check runtime and everything is fine.
But if I now run a system check with Lynis, I get the following result:
[+] Software: file integrity
------------------------------------
- Checking file integrity tools
- AIDE [ FOUND ]
- AIDE config file [ FOUND ]
- AIDE database [ NOT FOUND ]
- dm-integrity (status) [ DISABLED ]
- dm-verity (status) [ DISABLED ]
- AIDE config (Checksum) [ OK ]
- Checking presence integrity tool [ FOUND ]
Version
Distribution Arch Linux
Lynis version 3.1.4
Expected behavior
Lynis should honor the definition of aide if the configuration file is parsed.
Output
! No AIDE database was found, needed for AIDE functionality [FINT-4316]
https://cisofy.com/lynis/controls/FINT-4316/
See section Describe the bug where's outputs are remaked.
Additional context
Ok, I know that this isn't really a problem on my system, but it would still be nice if lynis would interpret the definitions from the aide.conf correctly here.
The text was updated successfully, but these errors were encountered:
Describe the bug
I used AIDE as HIDS. Unfortunately, Lynis only partially honors the definitions from /etc/aide.conf.
As long as the AIDE database is stored locally in the file system, e.g.:
/var/lib/aide/pml010074.aide-databaseAnd at the same time in
/etc/aide.confthe corresponding setting is:database_in=file:@@{DBDIR}/pml010074.aide-databaselynis audit system' runs smoothly without any problems. The results I get include:
BUT:
For security reasons, the AIDE database is not stored locally but is copied to a protected internal server after creation.
In the
/etc/aide.confis therefore defined:database_in = http://10.20.30.40/local/pml010074.aide-databaseAide then fetches the database via get_url at check runtime and everything is fine.
But if I now run a system check with Lynis, I get the following result:
Version
Expected behavior
Lynis should honor the definition of aide if the configuration file is parsed.
Output
See section
Describe the bugwhere's outputs are remaked.Additional context
Ok, I know that this isn't really a problem on my system, but it would still be nice if lynis would interpret the definitions from the aide.conf correctly here.
The text was updated successfully, but these errors were encountered: