lynis CRYP-7931: missing detection of swap volume inside encrypted volume group

CRYP-7931: missing detection of swap volume inside encrypted volume group

Open SjoerdV opened this issue 1 year ago • 2 comments

Describe the bug Concerning test CRYP-7931. When a swap volume is inside a LUKS encrypted volume group, the test outputs 'Found 0 encrypted and 1 unencrypted swap devices in use.'

Version

Debian 12 Bookworm
Lynis version 3.0.8

Expected behavior I would expect the test to output 'Found 1 encrypted and 0 unencrypted swap devices in use.'

Output

Additional context relevant source code: https://github.com/CISOfy/lynis/blob/59a3c4b5368cdbd96ba7cdddf0dce5410b30163c/include/tests_crypto#L188 disk setup:

lsblk /dev/sda -o NAME,KNAME,FSTYPE,TYPE,MOUNTPOINT

NAME                 KNAME FSTYPE      TYPE  MOUNTPOINT
sda                  sda               disk  
├─sda1               sda1  vfat        part  /boot/efi
└─sda2               sda2  crypto_LUKS part  
  └─sda2_crypt       dm-0  LVM2_member crypt 
    ├─vg--1-lv--swap dm-1  swap        lvm   [SWAP]
    ├─vg--1-lv--root dm-2  ext4        lvm   /
    └─vg--1-lv--home dm-3  ext4        lvm   /home

Jun 26 '23 01:06 SjoerdV

lynis lynis copied to clipboard

CRYP-7931: missing detection of swap volume inside encrypted volume group

lynis
lynis copied to clipboard