lynis icon indicating copy to clipboard operation
lynis copied to clipboard

Published 20 hours ago verified publisher icon CISOfy

Kernel module checks fail when module not present

Open nroach44 opened this issue 8 months ago • 2 comments

Describe the bug Kernel module checks (e.g. STRG-1846 and NETW-3200) still fail despite the modules not being built / installed.

Version

  • Distribution: Any
  • Lynis version: 3.0.9

Expected behavior I did not expect to see warnings about firewire, sctp etc. when the kernel has been compiled without these options.

Additional context It might be worth checking an authoritative source if the module is even available on the host before alerting:

  • gzip -d /proc/config.gz -c
  • /boot/config-$(uname -a)
  • /lib/modules/<x>/modules.builtin
  • /lib/modules/<x>/modules.dep

nroach44 avatar Nov 02 '23 06:11 nroach44