lynis
lynis copied to clipboard
CRYP-7931: missing detection of swap volume inside encrypted volume group
Describe the bug Concerning test CRYP-7931. When a swap volume is inside a LUKS encrypted volume group, the test outputs 'Found 0 encrypted and 1 unencrypted swap devices in use.'
Version
- Debian 12 Bookworm
- Lynis version 3.0.8
Expected behavior I would expect the test to output 'Found 1 encrypted and 0 unencrypted swap devices in use.'
Output
Additional context relevant source code: https://github.com/CISOfy/lynis/blob/59a3c4b5368cdbd96ba7cdddf0dce5410b30163c/include/tests_crypto#L188 disk setup:
lsblk /dev/sda -o NAME,KNAME,FSTYPE,TYPE,MOUNTPOINT
NAME KNAME FSTYPE TYPE MOUNTPOINT
sda sda disk
├─sda1 sda1 vfat part /boot/efi
└─sda2 sda2 crypto_LUKS part
└─sda2_crypt dm-0 LVM2_member crypt
├─vg--1-lv--swap dm-1 swap lvm [SWAP]
├─vg--1-lv--root dm-2 ext4 lvm /
└─vg--1-lv--home dm-3 ext4 lvm /home