Page MenuHomeVyOS Platform
Create Task
Maniphest T5549

Result of system audit by Lynis
Open, NormalPublicBUG
Actions

Description

Result of scanning VyOS 1.4-rolling-202309040919 using Lynis 3.0.8 (package from debian bookworm).

For more information see:

https://cisofy.com/lynis/

Note that the testresult below was obtained by adding this to /etc/apt/sources.list:

deb http://ftp.se.debian.org/debian bookworm main

Followed by:

sudo apt-get update
sudo apt-get install lynis
sudo lynis audit system

Also note that not all recommendations are valid (for example that some apt sources are missing which they are supposed to be missing (all of them) in VyOS iso).

See attached file for testresult:

T5549_Lynis_audit_system_230904.txt.gz

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-202309040919
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Improvement (missing useful functionality)

Related Objects

Event Timeline

Apachez created this task.Sep 4 2023, 6:22 PM
Apachez added a comment.Sep 4 2023, 6:26 PM

T5549_Lynis_audit_system_230904.txt.gz3 KBDownload

Apachez attached a referenced file: F3846129: T5549_Lynis_audit_system_230904.txt.gz. (Show Details)Sep 4 2023, 6:26 PM
Apachez updated the task description. (Show Details)
Apachez mentioned this in T4712: Collaborative Protection Profile cPP for Network Devices root task.
Apachez added a comment.Oct 10 2023, 5:39 AM

Updated scan performed on VyOS 1.5-rolling-202310090023 (see attached file).

T5549_Lynis_audit_system_231010.txt.gz2 KBDownload

Apachez attached a referenced file: F3877170: T5549_Lynis_audit_system_231010.txt.gz. (Show Details)Oct 10 2023, 5:40 AM
pasik added a subscriber: pasik.Oct 10 2023, 9:14 AM
Viacheslav triaged this task as Normal priority.Jan 20 2024, 1:15 PM
Viacheslav added a subscriber: Viacheslav.

Needs to add some subtasks to fixing
Create please subtasks or close the task

Viacheslav added a comment.Feb 14 2024, 3:03 PM

@Apachez, what exactly do you want to fix here?

Apachez added a comment.Feb 19 2024, 8:25 AM

Its mainly a headsup for maintainers to go through the report and fix whats possible.

Viacheslav added a comment.Thu, Apr 18, 12:11 PM

Without subtasks, it is going to be dead.
@Apachez It is not clear what you want to fix exactly. Fix all and do all working well could be related to any task.