lynis
lynis copied to clipboard
Exceptions found in PKGS-7328
Describe the bug
There are a few issues that are prominent with this bug. The first part is that the --non-interactive
argument is being used. Because of this, lynis reports that it is searching ports and packages and immediately returns an error. However, the program does not panic.
Version
Info | Version |
---|---|
Program version | 3.0.4 |
Operating System | Linux |
Operating system name | Parrot GNU/Linux |
Operating system version | 4.11 |
Kernel Version | 5.10.0 |
Hardware platform | x86_64 |
Expected behavior
Typically from other tests that are performed in lynis, it will give a report of what is found along the lines of, for example: - Installed malware scanner [ FOUND]
Output
E: Command line option --non-interactive is not understood in combination with the other options
=================================================================
Exception found!
Function/test: [PKGS-7328]
Message: No installed packages found with Zypper
Help improving the Lynis community with your feedback!
Steps:
- Ensure you are running the latest version (/usr/sbin/lynis update check)
- If so, create a GitHub issue at https://github.com/CISOfy/lynis
- Include relevant parts of the log file or configuration file
Thanks!
=================================================================
E: Command line option --non-interactive is not understood in combination with the other options
- Using Zypper to find vulnerable packages [ WARNING ]
E: Command line option --non-interactive is not understood in combination with the other options
- Searching dpkg package manager [ FOUND ]
- Querying package manager
- Query unpurged packages [ FOUND ]
\ - debsums utility [ FOUND ]
- Cron job for debsums [ FOUND ]
- Checking package audit tool [ INSTALLED ]
Found: zypper
=================================================================
Exception found!
Function/test: [PKGS-7410]
Message: Could not find any kernel packages via package manager. Maybe using a different kernel package?
Help improving the Lynis community with your feedback!
Steps:
- Ensure you are running the latest version (/usr/sbin/lynis update check)
- If so, create a GitHub issue at https://github.com/CISOfy/lynis
- Include relevant parts of the log file or configuration file
Thanks!
=================================================================
Additional context Additionally to the initial issue, I can verify that the packages were purged and that there are no packages installed via zypper. Along with the kernel packages, there is only one installed so im not sure why this report is being returned.
Is in this case 'zypper' the package manager or is it something else?
Zypper is a package manager for the system, but it is not the one in use. The primary package manager is the DPKG system and APT. Zypper is not configured and is installed by default with the system.
Did you manually install Zypper or did it come preinstalled? If it is not in use, why not remove it?
Here is where it gets a bit weird; it did come preinstalled, but it's technically not necessarily installed by the system. Here is what I have found:
The apt and dpkg package manager does not detect an installation of zypper:
sudo apt purge zypper
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package 'zypper' is not installed, so not removed
dpkg --get-selections| grep -i zypper
<no output>
which zypper
/usr/bin/zypper
sh /usr/bin/zypper
apt 2.2.3 (amd64)
Usage: apt [options] command
...
This APT has Super Cow Powers.
To explain what I put, There is no installation of zypper. However, it may be a residual install from when parrot originally implemented it. This is possibly an issue with the specific OS, not lynis. I apologize if I have taken up your time.
Is it by any chance a symlink to apt?
I apologize for the delayed response. It is not a symlink. I did a fresh install on a different system to check. It is a built-in shell script by the developers of parrot itself.
-rwxr-xr-x 1 root root 705 Aug 14 2020 /usr/bin/zypper
The script is as follows:
#!/bin/bash
function upgrade {
echo -e "
apt upgrade is unsafe on rolling release distributions.
using apt full-upgrade instead
use apt upgrade --force to override
"
/usr/bin/apt update
/usr/bin/apt full-upgrade
}
case $1 in
upgrade)
upgrade
case $2 in --force)
/usr/bin/apt upgrade;;
esac
exit
;;
dup|up|u)
upgrade
exit
;;
refresh)
/usr/bin/apt update
exit
;;
in)
/usr/bin/apt install ${@:2}
exit
;;
rm)
/usr/bin/apt remove ${@:2}
exit
;;
list-updates|lu)
/usr/bin/apt list --upgradable
exit
;;
se)
/usr/bin/apt search ${@:2}
exit
;;
po)
/usr/bin/apt policy ${@:2}
exit
;;
sh)
/usr/bin/apt show ${@:2}
exit
;;
esac
/usr/bin/apt $@
Stale issue message