Test MACF-6234 has dependency on semanage, but this is not checked as a pre-requisite

[jimbobmcgee]

Describe the bug The test, MACF-6234 (Check SELINUX status) has dependencies on more binaries than are checked by the pre-requisites check. Specifically, the variable ${SEMANAGEBINARY} is used to build a command-line at https://github.com/CISOfy/lynis/blob/master/include/tests_mac_frameworks#L161, but it is not checked that this binary exists first. The only variable tested is ${SESTATUSBINARY} (which is also used in the test).

Version

• Distribution [e.g. Ubuntu 18.04]: CentOS 7
• Lynis version [e.g. 2.7.0]: 3.0.8 / 1.el7

Expected behavior Tests requiring ${SEMANAGEBINARY} should be skipped. Either the guard/pre-reqs code for this test should be updated to something like...

PREQS_MET="YES"
HasData "${SESTATUSBINARY}" || PREQS_MET="NO"
HasData "${SEMANAGEBINARY}" || PREQS_MET="NO"

...or the test performed by ${SEMANAGEBINARY} should be split out from MACF-6234 and should have its own pre-req around HasData "${SEMANAGEBINARY}".

Output

/usr/share/lynis/include/tests_mac_frameworks: line 161: permissive: command not found
/usr/share/lynis/include/tests_mac_frameworks: line 162: permissive: command not found

Additional context Technically, this test also relies on ${GREPBINARY}, ${AWKBINARY}, ${TRBINARY}, ${WCBINARY} and ${PSBINARY}, but I assume these will be POSIX-compliant, so more widely available, and less-likely to be a concern.