From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [PATCH] lynis: Update to version 3.0.6 Date: Tue, 04 Jan 2022 18:25:29 +0100 Message-ID: In-Reply-To: <20220101165920.3480735-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0903240534548038868==" List-Id: --===============0903240534548038868== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Adolf, thank you for working on this and getting in touch with the Lynis developers. I have verified their GPG signature now matches the .tar.gz available on thei= r website, and replaced the file on source.ipfire.org with the correct one. Reviewed-by: Peter M=C3=BCller Thanks, and best regards, Peter M=C3=BCller > - Update from 3.0.3 to 3.0.6 > - Communication had with cisofy about the website and github versions of ly= nis and the > lack of a signature file on github. Following response received from Mic= hael Boelen > of cisofy. > "GitHub releases are different as they (the tarballs) are created by Git= Hub itself. So > yes, the hashes will differ. In fact, the contents of the files will be= different as > well. These files are not signed by GitHub or us. We consider GitHub th= e work version. > When we release a new version, we tag them on GitHub with a version as = well. For the > stable releases, use the version on the website." > - Based on the above the version used in this build is from the website. Th= e signature > file for version 3.0.6 on the website is now available. > - The lynis-3.0.6.tar.gz in the IPFire Source location will probably need t= o be removed > as it is from the Github location and running ./make.sh uploadsrc will p= robably not > upload the correct version because the filenames are the same. The tarba= ll used in this > patch was from https://cisofy.com/downloads/lynis/ > - The lfs file modified to take account of the tarball expanding to just ly= nis without > any version number. Also the rm -rf line has been modified due to the fi= le differences > with the previous Github versions. > - Update rootfile to take account of the plugin_pam_phase1 and plugin_syste= md_phase1 > plugins not being included in the cisofy website version of the tarball.= If these two > plugins that are available for community users are needed then they have= to be > downloaded separately from cisofy via an email subscription to the notif= ication test. > All other plugins are only available for paying customers. > - Changelog > Version 3.0.6 (2021-07-22) > ### Added > - OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE Micr= oOS > - Check for outdated translation files > ### Changed > - DBS-1826 - Check if PostgreSQL is being used > - DBS-1828 - Test multiple PostgreSQL configuration file(s) > - KRNL-5830 - Sort kernels by version instead of modification date > - PKGS-7410 - Don't show exception for systems using LXC > - GetHostID function: fallback options added for Linux systems > - Fix: macOS Big Sur detection > - Fix: show correct text when egrep is missing > - Fix: variable name for PostgreSQL > - German and Spanish translations extended > Version 3.0.5 (2021-07-02) > ### Added > - OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux > - CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold= -boot attacks (Linux) > ### Changed > - ACCT-9622 - Corrected typo > - HRDN-7231 - When calling wc, use the short -l flag instead of --line= s (Busybox compatibility) > - PKGS-7320 - extended to Arch Linux 32 > - Generation of host identifiers (hostid/hostid2) extended > - Linux host identifiers are now using ip as preferred input source > - Improved logging in several areas > Version 3.0.4 (2021-05-11) > ### Added > - ACCT-9670 - Detection of cmd tooling > - ACCT-9672 - Test cmd configuration file > - BOOT-5140 - Check for ELILO boot loader presence > - OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others > ### Changed > - BOOT-5104 - Add service manager detection support for runit > - FILE-6430 - Report suggestion only when at least one kernel module i= s not in the blacklist > - FIRE-4540 - Corrected nftables empy ruleset test > - LOGG-2138 - Do not check for klogd when metalog is being used > - TIME-3185 - Improved support for Debian stretch > - Corrected issue when Lynis is not executed directly from lynis direc= tory >=20 > Signed-off-by: Adolf Belka > --- > config/rootfiles/packages/lynis | 2 -- > lfs/lynis | 14 +++++++------- > 2 files changed, 7 insertions(+), 9 deletions(-) >=20 > diff --git a/config/rootfiles/packages/lynis b/config/rootfiles/packages/ly= nis > index 357f9cb3a..922efe5f1 100644 > --- a/config/rootfiles/packages/lynis > +++ b/config/rootfiles/packages/lynis > @@ -117,5 +117,3 @@ var/ipfire/lynis/lynis > #var/ipfire/lynis/plugins > #var/ipfire/lynis/plugins/README > var/ipfire/lynis/plugins/custom_plugin.template > -var/ipfire/lynis/plugins/plugin_pam_phase1 > -var/ipfire/lynis/plugins/plugin_systemd_phase1 > diff --git a/lfs/lynis b/lfs/lynis > index 1ae501603..e6f2007b0 100644 > --- a/lfs/lynis > +++ b/lfs/lynis > @@ -24,7 +24,7 @@ > =20 > include Config > =20 > -VER =3D 3.0.3 > +VER =3D 3.0.6 > =20 > THISAPP =3D lynis-$(VER) > DL_FILE =3D $(THISAPP).tar.gz > @@ -33,7 +33,7 @@ DIR_APP =3D $(DIR_SRC)/$(THISAPP) > TARGET =3D $(DIR_INFO)/$(THISAPP) > =20 > PROG =3D lynis > -PAK_VER =3D 9 > +PAK_VER =3D 10 > DEPS =3D > =20 > ##########################################################################= ##### > @@ -44,7 +44,7 @@ objects =3D $(DL_FILE) > =20 > $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) > =20 > -$(DL_FILE)_MD5 =3D d5c7cdbab15029449fe5ef4b59ee941d > +$(DL_FILE)_MD5 =3D 23cc369984d564e4a8232473b1ace137 > =20 > install : $(TARGET) > =20 > @@ -76,8 +76,8 @@ dist: > =20 > $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > @$(PREBUILD) > - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) > - cd $(DIR_APP) && rm -rf .git* .travis.yml *.md FAQ INSTALL LICENCE lynis.= 8 README > - cp -vrf $(DIR_APP) /var/ipfire/lynis > - @rm -rf $(DIR_APP) > + @rm -rf $(DIR_SRC)/$(PROG) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FIL= E) > + cd $(DIR_SRC)/$(PROG) && rm -rf *.md FAQ INSTALL LICENCE lynis.8 README > + cp -vrf $(DIR_SRC)/$(PROG) /var/ipfire/lynis > + @rm -rf $(DIR_SRC)/$(PROG) > @$(POSTBUILD) --===============0903240534548038868==--