lynis

lynis copied to clipboard

Describe the bug When multiple kernels are installed on a system, KRNL-5830 seems to fail with a restart needed message, even if the kernel that is loaded is the same as on the disk. Naturally, if one kernel is installed, it's not really an issue.

Version

• Distribution: Artix Linux Rolling
• Lynis version: 3.0.8

Expected behavior Ideally, Lynis should detect the kernels installed, detect the currently running kernel, and use that as the basis for comparison.

Output

2023-06-10 11:23:33 Performing test ID KRNL-5830 (Checking if system is running on the latest installed kernel)
2023-06-10 11:23:33 Test: Checking presence /var/run/reboot-required.pkgs
2023-06-10 11:23:33 Result: file /var/run/reboot-required.pkgs not found
2023-06-10 11:23:33 Test: Checking presence /var/run/needs_restarting
2023-06-10 11:23:33 Result: file /var/run/needs_restarting not found
2023-06-10 11:23:33 Result: /boot exists, performing more tests from here
2023-06-10 11:23:33 Result: found /boot/vmlinuz-linux
2023-06-10 11:23:33 Result: version derived from file name is ''
2023-06-10 11:23:33 Test: checking kernel version on disk
2023-06-10 11:23:33 Result: found version 6.3.4-artix1-1
2023-06-10 11:23:33 Result: active kernel version 6.1.31-hardened1-1-hardened
2023-06-10 11:23:33 Result: reboot needed, as there is a difference between active kernel and the one on disk
2023-06-10 11:23:33 Result: /var/cache/apt/archives/ does not exist
2023-06-10 11:23:33 Warning: Reboot of system is most likely needed [test:KRNL-5830] [details:] [solution:text:reboot]
2023-06-10 11:23:33 Hardening: assigned partial number of hardening points (0 of 5). Currently having 5 points (out of 15)
2023-06-10 11:23:33 Security check: file is normal
2023-06-10 11:23:33 Checking permissions of /usr/share/lynis/include/tests_memory_processes
2023-06-10 11:23:33 File permissions are OK

Additional context It is worth noting that Artix (and probably Arch) do not place versions in their filenames. I don't know if or how that's going to affect things. I am open to ideas, though.

Facing this issue as well on Arch Linux

2023-09-14 10:17:09 Performing test ID KRNL-5830 (Checking if system is running on the latest installed kernel)
2023-09-14 10:17:09 Test: Checking presence /var/run/reboot-required.pkgs                                                                                                                                                                    2023-09-14 10:17:09 Result: file /var/run/reboot-required.pkgs not found                                                                                                                                                                     2023-09-14 10:17:09 Test: Checking presence /var/run/needs_restarting
2023-09-14 10:17:09 Result: file /var/run/needs_restarting not found
2023-09-14 10:17:09 Result: /boot exists, performing more tests from here
2023-09-14 10:17:09 Result: found /boot/vmlinuz-linux
2023-09-14 10:17:09 Result: version derived from file name is ''
2023-09-14 10:17:09 Test: checking kernel version on disk
2023-09-14 10:17:09 Result: found version 6.5.3-arch1-1                                                                                                                                                                                      2023-09-14 10:17:09 Result: active kernel version 6.5.3-zen1-1-zen
2023-09-14 10:17:09 Result: reboot needed, as there is a difference between active kernel and the one on disk

Thanks for reporting. To resolve this, your help is welcome, as things need to continue to work on all Linux distributions.

Is there a way to easily get the version from the vmlinuz-linux file that matches the same naming convention?

And maybe a silly question: why install different types of kernels? Do you switch between them? Is it for testing purposes?