* [PATCH] lynis: Update to version 3.0.6
@ 2022-01-01 16:59 Adolf Belka
2022-01-01 17:45 ` Michael Tremer
2022-01-04 17:25 ` Peter Müller
0 siblings, 2 replies; 3+ messages in thread
From: Adolf Belka @ 2022-01-01 16:59 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 5715 bytes --]
- Update from 3.0.3 to 3.0.6
- Communication had with cisofy about the website and github versions of lynis and the
lack of a signature file on github. Following response received from Michael Boelen
of cisofy.
"GitHub releases are different as they (the tarballs) are created by GitHub itself. So
yes, the hashes will differ. In fact, the contents of the files will be different as
well. These files are not signed by GitHub or us. We consider GitHub the work version.
When we release a new version, we tag them on GitHub with a version as well. For the
stable releases, use the version on the website."
- Based on the above the version used in this build is from the website. The signature
file for version 3.0.6 on the website is now available.
- The lynis-3.0.6.tar.gz in the IPFire Source location will probably need to be removed
as it is from the Github location and running ./make.sh uploadsrc will probably not
upload the correct version because the filenames are the same. The tarball used in this
patch was from https://cisofy.com/downloads/lynis/
- The lfs file modified to take account of the tarball expanding to just lynis without
any version number. Also the rm -rf line has been modified due to the file differences
with the previous Github versions.
- Update rootfile to take account of the plugin_pam_phase1 and plugin_systemd_phase1
plugins not being included in the cisofy website version of the tarball. If these two
plugins that are available for community users are needed then they have to be
downloaded separately from cisofy via an email subscription to the notification test.
All other plugins are only available for paying customers.
- Changelog
Version 3.0.6 (2021-07-22)
### Added
- OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS
- Check for outdated translation files
### Changed
- DBS-1826 - Check if PostgreSQL is being used
- DBS-1828 - Test multiple PostgreSQL configuration file(s)
- KRNL-5830 - Sort kernels by version instead of modification date
- PKGS-7410 - Don't show exception for systems using LXC
- GetHostID function: fallback options added for Linux systems
- Fix: macOS Big Sur detection
- Fix: show correct text when egrep is missing
- Fix: variable name for PostgreSQL
- German and Spanish translations extended
Version 3.0.5 (2021-07-02)
### Added
- OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux
- CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux)
### Changed
- ACCT-9622 - Corrected typo
- HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility)
- PKGS-7320 - extended to Arch Linux 32
- Generation of host identifiers (hostid/hostid2) extended
- Linux host identifiers are now using ip as preferred input source
- Improved logging in several areas
Version 3.0.4 (2021-05-11)
### Added
- ACCT-9670 - Detection of cmd tooling
- ACCT-9672 - Test cmd configuration file
- BOOT-5140 - Check for ELILO boot loader presence
- OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others
### Changed
- BOOT-5104 - Add service manager detection support for runit
- FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist
- FIRE-4540 - Corrected nftables empy ruleset test
- LOGG-2138 - Do not check for klogd when metalog is being used
- TIME-3185 - Improved support for Debian stretch
- Corrected issue when Lynis is not executed directly from lynis directory
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
config/rootfiles/packages/lynis | 2 --
lfs/lynis | 14 +++++++-------
2 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/config/rootfiles/packages/lynis b/config/rootfiles/packages/lynis
index 357f9cb3a..922efe5f1 100644
--- a/config/rootfiles/packages/lynis
+++ b/config/rootfiles/packages/lynis
@@ -117,5 +117,3 @@ var/ipfire/lynis/lynis
#var/ipfire/lynis/plugins
#var/ipfire/lynis/plugins/README
var/ipfire/lynis/plugins/custom_plugin.template
-var/ipfire/lynis/plugins/plugin_pam_phase1
-var/ipfire/lynis/plugins/plugin_systemd_phase1
diff --git a/lfs/lynis b/lfs/lynis
index 1ae501603..e6f2007b0 100644
--- a/lfs/lynis
+++ b/lfs/lynis
@@ -24,7 +24,7 @@
include Config
-VER = 3.0.3
+VER = 3.0.6
THISAPP = lynis-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = lynis
-PAK_VER = 9
+PAK_VER = 10
DEPS =
###############################################################################
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d5c7cdbab15029449fe5ef4b59ee941d
+$(DL_FILE)_MD5 = 23cc369984d564e4a8232473b1ace137
install : $(TARGET)
@@ -76,8 +76,8 @@ dist:
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && rm -rf .git* .travis.yml *.md FAQ INSTALL LICENCE lynis.8 README
- cp -vrf $(DIR_APP) /var/ipfire/lynis
- @rm -rf $(DIR_APP)
+ @rm -rf $(DIR_SRC)/$(PROG) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_SRC)/$(PROG) && rm -rf *.md FAQ INSTALL LICENCE lynis.8 README
+ cp -vrf $(DIR_SRC)/$(PROG) /var/ipfire/lynis
+ @rm -rf $(DIR_SRC)/$(PROG)
@$(POSTBUILD)
--
2.34.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] lynis: Update to version 3.0.6
2022-01-01 16:59 [PATCH] lynis: Update to version 3.0.6 Adolf Belka
@ 2022-01-01 17:45 ` Michael Tremer
2022-01-04 17:25 ` Peter Müller
1 sibling, 0 replies; 3+ messages in thread
From: Michael Tremer @ 2022-01-01 17:45 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 6075 bytes --]
Happy New Year! The first patch of the year...
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
> On 1 Jan 2022, at 16:59, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>
> - Update from 3.0.3 to 3.0.6
> - Communication had with cisofy about the website and github versions of lynis and the
> lack of a signature file on github. Following response received from Michael Boelen
> of cisofy.
> "GitHub releases are different as they (the tarballs) are created by GitHub itself. So
> yes, the hashes will differ. In fact, the contents of the files will be different as
> well. These files are not signed by GitHub or us. We consider GitHub the work version.
> When we release a new version, we tag them on GitHub with a version as well. For the
> stable releases, use the version on the website."
> - Based on the above the version used in this build is from the website. The signature
> file for version 3.0.6 on the website is now available.
> - The lynis-3.0.6.tar.gz in the IPFire Source location will probably need to be removed
> as it is from the Github location and running ./make.sh uploadsrc will probably not
> upload the correct version because the filenames are the same. The tarball used in this
> patch was from https://cisofy.com/downloads/lynis/
> - The lfs file modified to take account of the tarball expanding to just lynis without
> any version number. Also the rm -rf line has been modified due to the file differences
> with the previous Github versions.
> - Update rootfile to take account of the plugin_pam_phase1 and plugin_systemd_phase1
> plugins not being included in the cisofy website version of the tarball. If these two
> plugins that are available for community users are needed then they have to be
> downloaded separately from cisofy via an email subscription to the notification test.
> All other plugins are only available for paying customers.
> - Changelog
> Version 3.0.6 (2021-07-22)
> ### Added
> - OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS
> - Check for outdated translation files
> ### Changed
> - DBS-1826 - Check if PostgreSQL is being used
> - DBS-1828 - Test multiple PostgreSQL configuration file(s)
> - KRNL-5830 - Sort kernels by version instead of modification date
> - PKGS-7410 - Don't show exception for systems using LXC
> - GetHostID function: fallback options added for Linux systems
> - Fix: macOS Big Sur detection
> - Fix: show correct text when egrep is missing
> - Fix: variable name for PostgreSQL
> - German and Spanish translations extended
> Version 3.0.5 (2021-07-02)
> ### Added
> - OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux
> - CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux)
> ### Changed
> - ACCT-9622 - Corrected typo
> - HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility)
> - PKGS-7320 - extended to Arch Linux 32
> - Generation of host identifiers (hostid/hostid2) extended
> - Linux host identifiers are now using ip as preferred input source
> - Improved logging in several areas
> Version 3.0.4 (2021-05-11)
> ### Added
> - ACCT-9670 - Detection of cmd tooling
> - ACCT-9672 - Test cmd configuration file
> - BOOT-5140 - Check for ELILO boot loader presence
> - OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others
> ### Changed
> - BOOT-5104 - Add service manager detection support for runit
> - FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist
> - FIRE-4540 - Corrected nftables empy ruleset test
> - LOGG-2138 - Do not check for klogd when metalog is being used
> - TIME-3185 - Improved support for Debian stretch
> - Corrected issue when Lynis is not executed directly from lynis directory
>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> config/rootfiles/packages/lynis | 2 --
> lfs/lynis | 14 +++++++-------
> 2 files changed, 7 insertions(+), 9 deletions(-)
>
> diff --git a/config/rootfiles/packages/lynis b/config/rootfiles/packages/lynis
> index 357f9cb3a..922efe5f1 100644
> --- a/config/rootfiles/packages/lynis
> +++ b/config/rootfiles/packages/lynis
> @@ -117,5 +117,3 @@ var/ipfire/lynis/lynis
> #var/ipfire/lynis/plugins
> #var/ipfire/lynis/plugins/README
> var/ipfire/lynis/plugins/custom_plugin.template
> -var/ipfire/lynis/plugins/plugin_pam_phase1
> -var/ipfire/lynis/plugins/plugin_systemd_phase1
> diff --git a/lfs/lynis b/lfs/lynis
> index 1ae501603..e6f2007b0 100644
> --- a/lfs/lynis
> +++ b/lfs/lynis
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 3.0.3
> +VER = 3.0.6
>
> THISAPP = lynis-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
>
> PROG = lynis
> -PAK_VER = 9
> +PAK_VER = 10
> DEPS =
>
> ###############################################################################
> @@ -44,7 +44,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_MD5 = d5c7cdbab15029449fe5ef4b59ee941d
> +$(DL_FILE)_MD5 = 23cc369984d564e4a8232473b1ace137
>
> install : $(TARGET)
>
> @@ -76,8 +76,8 @@ dist:
>
> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> - cd $(DIR_APP) && rm -rf .git* .travis.yml *.md FAQ INSTALL LICENCE lynis.8 README
> - cp -vrf $(DIR_APP) /var/ipfire/lynis
> - @rm -rf $(DIR_APP)
> + @rm -rf $(DIR_SRC)/$(PROG) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> + cd $(DIR_SRC)/$(PROG) && rm -rf *.md FAQ INSTALL LICENCE lynis.8 README
> + cp -vrf $(DIR_SRC)/$(PROG) /var/ipfire/lynis
> + @rm -rf $(DIR_SRC)/$(PROG)
> @$(POSTBUILD)
> --
> 2.34.1
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] lynis: Update to version 3.0.6
2022-01-01 16:59 [PATCH] lynis: Update to version 3.0.6 Adolf Belka
2022-01-01 17:45 ` Michael Tremer
@ 2022-01-04 17:25 ` Peter Müller
1 sibling, 0 replies; 3+ messages in thread
From: Peter Müller @ 2022-01-04 17:25 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 6303 bytes --]
Hello Adolf,
thank you for working on this and getting in touch with the Lynis developers.
I have verified their GPG signature now matches the .tar.gz available on their website,
and replaced the file on source.ipfire.org with the correct one.
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
Thanks, and best regards,
Peter Müller
> - Update from 3.0.3 to 3.0.6
> - Communication had with cisofy about the website and github versions of lynis and the
> lack of a signature file on github. Following response received from Michael Boelen
> of cisofy.
> "GitHub releases are different as they (the tarballs) are created by GitHub itself. So
> yes, the hashes will differ. In fact, the contents of the files will be different as
> well. These files are not signed by GitHub or us. We consider GitHub the work version.
> When we release a new version, we tag them on GitHub with a version as well. For the
> stable releases, use the version on the website."
> - Based on the above the version used in this build is from the website. The signature
> file for version 3.0.6 on the website is now available.
> - The lynis-3.0.6.tar.gz in the IPFire Source location will probably need to be removed
> as it is from the Github location and running ./make.sh uploadsrc will probably not
> upload the correct version because the filenames are the same. The tarball used in this
> patch was from https://cisofy.com/downloads/lynis/
> - The lfs file modified to take account of the tarball expanding to just lynis without
> any version number. Also the rm -rf line has been modified due to the file differences
> with the previous Github versions.
> - Update rootfile to take account of the plugin_pam_phase1 and plugin_systemd_phase1
> plugins not being included in the cisofy website version of the tarball. If these two
> plugins that are available for community users are needed then they have to be
> downloaded separately from cisofy via an email subscription to the notification test.
> All other plugins are only available for paying customers.
> - Changelog
> Version 3.0.6 (2021-07-22)
> ### Added
> - OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS
> - Check for outdated translation files
> ### Changed
> - DBS-1826 - Check if PostgreSQL is being used
> - DBS-1828 - Test multiple PostgreSQL configuration file(s)
> - KRNL-5830 - Sort kernels by version instead of modification date
> - PKGS-7410 - Don't show exception for systems using LXC
> - GetHostID function: fallback options added for Linux systems
> - Fix: macOS Big Sur detection
> - Fix: show correct text when egrep is missing
> - Fix: variable name for PostgreSQL
> - German and Spanish translations extended
> Version 3.0.5 (2021-07-02)
> ### Added
> - OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux
> - CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux)
> ### Changed
> - ACCT-9622 - Corrected typo
> - HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility)
> - PKGS-7320 - extended to Arch Linux 32
> - Generation of host identifiers (hostid/hostid2) extended
> - Linux host identifiers are now using ip as preferred input source
> - Improved logging in several areas
> Version 3.0.4 (2021-05-11)
> ### Added
> - ACCT-9670 - Detection of cmd tooling
> - ACCT-9672 - Test cmd configuration file
> - BOOT-5140 - Check for ELILO boot loader presence
> - OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others
> ### Changed
> - BOOT-5104 - Add service manager detection support for runit
> - FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist
> - FIRE-4540 - Corrected nftables empy ruleset test
> - LOGG-2138 - Do not check for klogd when metalog is being used
> - TIME-3185 - Improved support for Debian stretch
> - Corrected issue when Lynis is not executed directly from lynis directory
>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> config/rootfiles/packages/lynis | 2 --
> lfs/lynis | 14 +++++++-------
> 2 files changed, 7 insertions(+), 9 deletions(-)
>
> diff --git a/config/rootfiles/packages/lynis b/config/rootfiles/packages/lynis
> index 357f9cb3a..922efe5f1 100644
> --- a/config/rootfiles/packages/lynis
> +++ b/config/rootfiles/packages/lynis
> @@ -117,5 +117,3 @@ var/ipfire/lynis/lynis
> #var/ipfire/lynis/plugins
> #var/ipfire/lynis/plugins/README
> var/ipfire/lynis/plugins/custom_plugin.template
> -var/ipfire/lynis/plugins/plugin_pam_phase1
> -var/ipfire/lynis/plugins/plugin_systemd_phase1
> diff --git a/lfs/lynis b/lfs/lynis
> index 1ae501603..e6f2007b0 100644
> --- a/lfs/lynis
> +++ b/lfs/lynis
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 3.0.3
> +VER = 3.0.6
>
> THISAPP = lynis-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
>
> PROG = lynis
> -PAK_VER = 9
> +PAK_VER = 10
> DEPS =
>
> ###############################################################################
> @@ -44,7 +44,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_MD5 = d5c7cdbab15029449fe5ef4b59ee941d
> +$(DL_FILE)_MD5 = 23cc369984d564e4a8232473b1ace137
>
> install : $(TARGET)
>
> @@ -76,8 +76,8 @@ dist:
>
> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> - cd $(DIR_APP) && rm -rf .git* .travis.yml *.md FAQ INSTALL LICENCE lynis.8 README
> - cp -vrf $(DIR_APP) /var/ipfire/lynis
> - @rm -rf $(DIR_APP)
> + @rm -rf $(DIR_SRC)/$(PROG) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> + cd $(DIR_SRC)/$(PROG) && rm -rf *.md FAQ INSTALL LICENCE lynis.8 README
> + cp -vrf $(DIR_SRC)/$(PROG) /var/ipfire/lynis
> + @rm -rf $(DIR_SRC)/$(PROG)
> @$(POSTBUILD)
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-01-04 17:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-01 16:59 [PATCH] lynis: Update to version 3.0.6 Adolf Belka
2022-01-01 17:45 ` Michael Tremer
2022-01-04 17:25 ` Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox