Re: [PATCH] lynis: Update to version 3.0.6

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 6075 bytes --]

Happy New Year! The first patch of the year...

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 1 Jan 2022, at 16:59, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> - Update from 3.0.3 to 3.0.6
> - Communication had with cisofy about the website and github versions of lynis and the
>   lack of a signature file on github. Following response received from Michael Boelen
>   of cisofy.
>   "GitHub releases are different as they (the tarballs) are created by GitHub itself. So
>    yes, the hashes will differ. In fact, the contents of the files will be different as
>    well. These files are not signed by GitHub or us. We consider GitHub the work version.
>    When we release a new version, we tag them on GitHub with a version as well. For the
>    stable releases, use the version on the website."
> - Based on the above the version used in this build is from the website. The signature
>   file for version 3.0.6 on the website is now available.
> - The lynis-3.0.6.tar.gz in the IPFire Source location will probably need to be removed
>   as it is from the Github location and running ./make.sh uploadsrc will probably not
>   upload the correct version because the filenames are the same. The tarball used in this
>   patch was from https://cisofy.com/downloads/lynis/
> - The lfs file modified to take account of the tarball expanding to just lynis without
>   any version number. Also the rm -rf line has been modified due to the file differences
>   with the previous Github versions.
> - Update rootfile to take account of the plugin_pam_phase1 and plugin_systemd_phase1
>   plugins not being included in the cisofy website version of the tarball. If these two
>   plugins that are available for community users are needed then they have to be
>   downloaded separately from cisofy via an email subscription to the notification test.
>   All other plugins are only available for paying customers.
> - Changelog
>   Version 3.0.6 (2021-07-22)
>    ### Added
>     - OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS
>     - Check for outdated translation files
>    ### Changed
>     - DBS-1826 - Check if PostgreSQL is being used
>     - DBS-1828 - Test multiple PostgreSQL configuration file(s)
>     - KRNL-5830 - Sort kernels by version instead of modification date
>     - PKGS-7410 - Don't show exception for systems using LXC
>     - GetHostID function: fallback options added for Linux systems
>     - Fix: macOS Big Sur detection
>     - Fix: show correct text when egrep is missing
>     - Fix: variable name for PostgreSQL
>     - German and Spanish translations extended
>   Version 3.0.5 (2021-07-02)
>    ### Added
>     - OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux
>     - CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux)
>    ### Changed
>     - ACCT-9622 - Corrected typo
>     - HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility)
>     - PKGS-7320 - extended to Arch Linux 32
>     - Generation of host identifiers (hostid/hostid2) extended
>     - Linux host identifiers are now using ip as preferred input source
>     - Improved logging in several areas
>   Version 3.0.4 (2021-05-11)
>    ### Added
>     - ACCT-9670 - Detection of cmd tooling
>     - ACCT-9672 - Test cmd configuration file
>     - BOOT-5140 - Check for ELILO boot loader presence
>     - OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others
>    ### Changed
>     - BOOT-5104 - Add service manager detection support for runit
>     - FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist
>     - FIRE-4540 - Corrected nftables empy ruleset test
>     - LOGG-2138 - Do not check for klogd when metalog is being used
>     - TIME-3185 - Improved support for Debian stretch
>     - Corrected issue when Lynis is not executed directly from lynis directory
> 
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> config/rootfiles/packages/lynis |  2 --
> lfs/lynis                       | 14 +++++++-------
> 2 files changed, 7 insertions(+), 9 deletions(-)
> 
> diff --git a/config/rootfiles/packages/lynis b/config/rootfiles/packages/lynis
> index 357f9cb3a..922efe5f1 100644
> --- a/config/rootfiles/packages/lynis
> +++ b/config/rootfiles/packages/lynis
> @@ -117,5 +117,3 @@ var/ipfire/lynis/lynis
> #var/ipfire/lynis/plugins
> #var/ipfire/lynis/plugins/README
> var/ipfire/lynis/plugins/custom_plugin.template
> -var/ipfire/lynis/plugins/plugin_pam_phase1
> -var/ipfire/lynis/plugins/plugin_systemd_phase1
> diff --git a/lfs/lynis b/lfs/lynis
> index 1ae501603..e6f2007b0 100644
> --- a/lfs/lynis
> +++ b/lfs/lynis
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 3.0.3
> +VER        = 3.0.6
> 
> THISAPP    = lynis-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -33,7 +33,7 @@ DIR_APP    = $(DIR_SRC)/$(THISAPP)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> 
> PROG       = lynis
> -PAK_VER    = 9
> +PAK_VER    = 10
> DEPS       =
> 
> ###############################################################################
> @@ -44,7 +44,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_MD5 = d5c7cdbab15029449fe5ef4b59ee941d
> +$(DL_FILE)_MD5 = 23cc369984d564e4a8232473b1ace137
> 
> install : $(TARGET)
> 
> @@ -76,8 +76,8 @@ dist:
> 
> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> 	@$(PREBUILD)
> -	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> -	cd $(DIR_APP) && rm -rf .git* .travis.yml *.md FAQ INSTALL LICENCE lynis.8 README
> -	cp -vrf $(DIR_APP) /var/ipfire/lynis
> -	@rm -rf $(DIR_APP)
> +	@rm -rf $(DIR_SRC)/$(PROG) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> +	cd $(DIR_SRC)/$(PROG) && rm -rf *.md FAQ INSTALL LICENCE lynis.8 README
> +	cp -vrf $(DIR_SRC)/$(PROG) /var/ipfire/lynis
> +	@rm -rf $(DIR_SRC)/$(PROG)
> 	@$(POSTBUILD)
> -- 
> 2.34.1
>