lynis icon indicating copy to clipboard operation
lynis copied to clipboard
verified publisher icon CISOfy

Unexpected input or invalid characters when running on OpenWRT

Open vatruica opened this issue 4 years ago • 4 comments

Version

  • Distribution : openwrt-19.07.2 ( Linux OpenWrt 4.14.171 #0 SMP Thu Feb 27 21:05:12 2020 x86_64 GNU/Linux)
  • Lynis version 3.0.5

Describe the bug

1st case - running the ./lynis --debug command

Exception found!

Function/test: [OS Detection] Message: Unknown OS found in /etc/os-release - Please create an issue on GitHub and share the the contents (cat /etc/os-release): https://github.com/CISOfy/lynis [...]

  • Detecting OS... [ DONE ]

[WARNING]: Your profile '/root/lynis-master-/lynis-master/default.prf' contains unexpected characters. See the log file for more information.

./lynis: /root/lynis-master-/lynis-master/include/profiles: line 63: od: not found

2nd case - running the ./lynis audit system

root@OpenWrt:~/lynis-master-/lynis-master# ./lynis audit system Execution of Lynis stopped as we found unexpected input or invalid characters in argument 1 Do you believe this is in error? Let us know: [email protected]

Fatal error: Program execution stopped due to security measure

Expected behavior

1st case - i expected this to initialize as it would on e.g. a non-embedded device OS like Ubuntu

Output

Logs root@OpenWrt:~/lynis-master-/lynis-master# cat /var/log/lynis.log 2021-05-26 12:50:45 Starting Lynis 3.0.5 with PID 9360, build date 2021-05-11 2021-05-26 12:50:45 ==== 2021-05-26 12:50:45 ### 2007-2021, CISOfy - https://cisofy.com/lynis/ ### 2021-05-26 12:50:45 Checking permissions of /root/lynis-master-/lynis-master/include/profiles 2021-05-26 12:50:45 File permissions are OK 2021-05-26 12:50:45 Reading profile/configuration /root/lynis-master-/lynis-master/default.prf 2021-05-26 12:50:45 Found unexpected or possibly harmful characters in profile '/root/lynis-master-/lynis-master/default.prf'. See which characters matched in the output below and compare them with your profile. 2021-05-26 12:50:45 Suggestion: comment incorrect lines with a '#' and try again. Open a GitHub issue if valid characters are blocked 2021-05-26 12:50:45 PID file removed (/var/run/lynis.pid) 2021-05-26 12:50:45 No temporary files to be deleted 2021-05-26 12:50:45 Lynis ended with exit code 1.

Additional context

  • the shell in openwrt is "ash"

vatruica avatar May 27 '21 15:05 vatruica

@victor1tnet Lynis afaik does not support OpenWrt. I tried to get it to run myself. I had to disable the checks that were causing your error (I didn't know what was causing it on preliminary inspection), but in the end I had the issue where it was trying to write to the read-only filesystem and failing (log file, if I remember). It would take a bit of work to get it to work under OpenWrt, but I am willing to help provide support for it. @mboelen

quantumpacket avatar May 28 '21 02:05 quantumpacket

Stale issue message

github-actions[bot] avatar Jun 12 '21 00:06 github-actions[bot]

There are a few of this type of issue open. #1282 for instance. OpenWRT is running busybox.

I've added a new os-detection for wrt, but have it show as a Linux. Then use the busybox flag to fix the checks.

Still working through all the checks but it's running much better. Currently at nameservers and working my way through the verbose logs to double check the conversion.

Will post code to my personal fork shortly for future PR

agonzalez-plume avatar Oct 21 '22 05:10 agonzalez-plume