Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lynis for openSUSE:Factory checked in at 2021-10-13 18:06:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lynis (Old) and /work/SRC/openSUSE:Factory/.lynis.new.2443 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lynis" Wed Oct 13 18:06:35 2021 rev:48 rq:925115 version:3.0.6 Changes: -------- --- /work/SRC/openSUSE:Factory/lynis/lynis.changes 2021-10-11 15:32:58.962976316 +0200 +++ /work/SRC/openSUSE:Factory/.lynis.new.2443/lynis.changes 2021-10-13 18:11:25.287776339 +0200 @@ -1,0 +2,6 @@ +Wed Oct 13 14:35:34 UTC 2021 - Johannes Segitz <[email protected]> + +- Add additional_module_blacklist_locations.patch to check fo blacklisted + modules under /usr/lib/modules.d + +------------------------------------------------------------------- New: ---- additional_module_blacklist_locations.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lynis.spec ++++++ --- /var/tmp/diff_new_pack.5TY4M8/_old 2021-10-13 18:11:25.847777218 +0200 +++ /var/tmp/diff_new_pack.5TY4M8/_new 2021-10-13 18:11:25.851777223 +0200 @@ -50,6 +50,8 @@ # PATCH-OPENSUSE-FIX -- [email protected] - modifying for openSUSE Patch2: %{name}_1.3.1_include_consts.diff Patch5: %{name}_1.3.6_include-osdetection.diff +# https://github.com/CISOfy/lynis/pull/1215 +Patch6: additional_module_blacklist_locations.patch BuildRequires: gcc-c++ BuildRequires: libxml2-devel Requires: bash @@ -76,6 +78,7 @@ %patch0 %patch2 %patch5 +%patch6 -p1 %build ++++++ additional_module_blacklist_locations.patch ++++++ Index: lynis/include/tests_filesystems =================================================================== --- lynis.orig/include/tests_filesystems +++ lynis/include/tests_filesystems @@ -836,15 +836,18 @@ AddHP 3 3 if IsDebug; then Display --indent 6 --text "- Module ${FS} not present in the kernel" --result OK --color GREEN; fi fi - FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null) - if [ -n "${FIND}" ]; then - FIND1=$(${EGREPBINARY} "blacklist ${FS}" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") - FIND2=$(${EGREPBINARY} "install ${FS} /bin/true" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") - if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then - Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN - LogText "Result: module ${FS} is blacklisted" + for SUBDIR in "${ROOTDIR}etc" "/usr/lib"; do + FIND=$(${LSBINARY} ${SUBDIR}/modprobe.d/* 2> /dev/null) + if [ -n "${FIND}" ]; then + FIND1=$(${EGREPBINARY} "blacklist ${FS}" ${SUBDIR}/modprobe.d/* | ${GREPBINARY} -v "#") + FIND2=$(${EGREPBINARY} "install ${FS} /bin/true" ${SUBDIR}/modprobe.d/* | ${GREPBINARY} -v "#") + if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then + Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN + LogText "Result: module ${FS} is blacklisted" + break + fi fi - fi + done done if [ ${FOUND} -eq 1 ]; then Display --indent 4 --text "- Discovered kernel modules: ${AVAILABLE_MODPROBE_FS}"
