- Notifications
You must be signed in to change notification settings - Fork1.5k
Description
Describe the bug
I used AIDE as HIDS. Unfortunately, Lynis only partially honors the definitions from /etc/aide.conf.
As long as the AIDE database is stored locally in the file system, e.g.:/var/lib/aide/pml010074.aide-database
And at the same time in/etc/aide.conf the corresponding setting is:database_in=file:@@{DBDIR}/pml010074.aide-database
lynis audit system' runs smoothly without any problems. The results I get include:
[+] Software: file integrity------------------------------------- Checking file integrity tools- AIDE [ FOUND ]- AIDE config file [ FOUND ]- AIDE database [ FOUND ]- dm-integrity (status) [ DISABLED ]- dm-verity (status) [ DISABLED ]- AIDE config (Checksum) [ OK ]- Checking presence integrity tool [ FOUND ]BUT:
For security reasons, the AIDE database is not stored locally but is copied to a protected internal server after creation.
In the/etc/aide.conf is therefore defined:database_in = http://10.20.30.40/local/pml010074.aide-database
Aide then fetches the database via get_url at check runtime and everything is fine.
But if I now run a system check with Lynis, I get the following result:
[+] Software: file integrity------------------------------------ - Checking file integrity tools - AIDE [ FOUND ] - AIDE config file [ FOUND ] - AIDE database [ NOT FOUND ] - dm-integrity (status) [ DISABLED ] - dm-verity (status) [ DISABLED ] - AIDE config (Checksum) [ OK ] - Checking presence integrity tool [ FOUND ]Version
- Distribution Arch Linux
- Lynis version 3.1.4
Expected behavior
Lynis should honor the definition of aide if the configuration file is parsed.
Output
! No AIDE database was found, needed for AIDE functionality [FINT-4316] https://cisofy.com/lynis/controls/FINT-4316/See sectionDescribe the bug where's outputs are remaked.
Additional context
Ok, I know that this isn't really a problem on my system, but it would still be nice if lynis would interpret the definitions from the aide.conf correctly here.