lynis icon indicating copy to clipboard operation
lynis copied to clipboard

Published 20 hours ago verified publisher icon CISOfy

Systemd hang/stuck whatever

Open Webdrian opened this issue 10 months ago • 2 comments

Describe the bug I just installed Lynis via Git and run sudo ./lynis audit system they always stuck on systemd (PLGN-3814) CleanShot 2023-08-12 at 03 48 23@2x CleanShot 2023-08-12 at 03 48 14@2x

If i install via package sudo apt-get install lynis -y and run sudo lynis audit system they run pretty good! But the Version is 3.0.7 and its outdated?

What i have to do now?

Version

  • Distribution [e.g. Ubuntu 22.04]
  • Lynis version [e.g. 3.0.9]

Expected behavior A clear and concise description of what you expected to happen.

Output If applicable, add output that you get from the tool or the related section of lynis.log

Additional context Add any other context about the problem here.

Webdrian avatar Aug 12 '23 01:08 Webdrian

I've just had the same issue and I fixed it this way: copy default.prf to custom.prf add the following line in custom.prf under # Skip a test (one per line) skip-test=PLGN-3814

Reference: https://adamtheautomator.com/lynis/

halfluke avatar Sep 12 '23 14:09 halfluke

We scan about 40 servers with Lynis over a Gitlab Pipeline. One server had the same issue, all others run perfect.

What i've found:

  • only the output hang in "plugin: systemd"
  • if i track lynis.log with a tail -f it hangs on Performing test ID PLGN-3814 (Verify journal integrity) - if I wait a long time, nothing happens - if I then press CTRL-C and finish the tail -f, it scrolls to the end of the log and shows that it is finished.
  • the scan finishes without problems in the background (see it in lynis.log with Lynis ended successfully. as last entry

Lynis version 3.0.9 OS: Ubuntu 22.04

Huaba avatar Nov 07 '23 13:11 Huaba

I've just had the same issue and I fixed it this way: copy default.prf to custom.prf add the following line in custom.prf under # Skip a test (one per line) skip-test=PLGN-3814

Reference: https://adamtheautomator.com/lynis/

Please don't copy the default.prf to custom.prf, but only add the differences to the latter one.

mboelen avatar Mar 18 '24 09:03 mboelen

The issue shared by @Webdrian is often caused by huge journal files or even errors in its internal database structure. Something that we can't pick up from Lynis, as we simply query some commands and check their output. If a command hangs or takes a long while to complete, Lynis will simply wait for the command execution.

My suggestions:

  • Run the command from this test manually and see what happens. Try to see if you can get a more verbose output
  • Disable this particular plugin if it keeps failing (add it to your custom.prf, see default.prf for the structure on disabling a test)

So with no change that can be made (yet) to Lynis, I will close this issue.

mboelen avatar Mar 18 '24 09:03 mboelen

Thanks for investigation and information!

Huaba avatar Mar 18 '24 09:03 Huaba