Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong results with OpenNTPD #518

Closed
Varbin opened this issue Feb 5, 2018 · 10 comments · Fixed by #824
Closed

Wrong results with OpenNTPD #518

Varbin opened this issue Feb 5, 2018 · 10 comments · Fixed by #824
Assignees
@mboelen
Labels
enhancement

Comments

@Varbin
Copy link
Contributor

Varbin commented Feb 5, 2018
edited
Loading

I'm using OpenNTPD instead of the default ntp on my FreeBSD server - when lynis analyses the ntp settings it tries to query information with ntpq which is (to my knowledge) is not possible with OpenNTPD.

Lynis will slow down as ntpq takes a while fail.

OS: FreeBSD 10.4
Lynis: 2.6.1 (768446e)

[ Lynis 2.6.1 ]

################################################################################
  Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
  welcome to redistribute it under the terms of the GNU General Public License.
  See the LICENSE file for details about using this software.

  2007-2018, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)
################################################################################


[+] Initializing program
------------------------------------
  - Detecting OS...                                           [ DONE ]
  - Checking profiles...                                      [ DONE ]
  - Detecting language and localization                       [ de ]

  ---------------------------------------------------
  Program version:           2.6.1
  Operating system:          FreeBSD
  Operating system name:     FreeBSD
  Operating system version:  10.4-RELEASE-p3
  Kernel version:            GENERIC
  Hardware platform:         amd64
  Hostname:                  v16439
  ---------------------------------------------------
  Profiles:                  /root/lynis-master/default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  Plugin directory:          ./plugins
  ---------------------------------------------------
  Auditor:                   [Not Specified]
  Language:                  de
  Test category:             all
  Test group:                all
  ---------------------------------------------------
  - Program update status...                                  [ NO UPDATE ]

(snip)

[+] Time and Synchronization
------------------------------------
  - NTP daemon found: ntpd                                    [ GEFUNDEN ]
  - Checking for a running NTP daemon or client               [ OK ]
localhost: timed out, nothing received
***Request timed out
  - Checking valid association ID's                           [ GEFUNDEN ]
localhost: timed out, nothing received
***Request timed out
  - Checking high stratum ntp peers                           [ OK ]
localhost: timed out, nothing received
***Request timed out
  - Checking unreliable ntp peers                             [ NICHTS ]
localhost: timed out, nothing received
***Request timed out
localhost: timed out, nothing received
***Request timed out
  - Checking selected time source                             [ WARNUNG ]
localhost: timed out, nothing received
***Request timed out
  - Checking time source candidates                           [ NICHTS ]
localhost: timed out, nothing received
***Request timed out
  - Checking falsetickers                                     [ OK ]

(snip)

  -[ Lynis 2.6.1 Results ]-

(snip)

  Suggestions (8):
  ----------------------------

(snip)

  * Check ntpq peers output for selected time source [TIME-3124] 
      https://cisofy.com/controls/TIME-3124/

  * Check ntpq peers output for time source candidates [TIME-3128] 
      https://cisofy.com/controls/TIME-3128/
@mboelen
Copy link
Member

mboelen commented Feb 5, 2018

Do you have a particular suggestion for the detection? Or possibly a pull request to improve detection and what it runs?

@mboelen mboelen self-assigned this Feb 5, 2018
@mboelen mboelen added help-wanted Help for this issue is welcome. Great for those who like to chime in and contribute! good-first-issue This may be a great opportunity to get started with contributing to an open source project! labels Feb 5, 2018
@Varbin
Copy link
Contributor Author

Varbin commented Feb 6, 2018
edited
Loading

My idea would be to query the Openntpd servIce status (service openntpd (one)status. Also it should be detected that ntpq does time out.

@Varbin
Copy link
Contributor Author

Varbin commented Feb 21, 2018
edited
Loading

Another idea to distinguish OpenNTPD and ntpd: OpenNTPD is compiled with libre/openssl so the string "openssl" should be in the executable.

@abbapat
Copy link

abbapat commented Mar 12, 2019
edited
Loading

Hi,
I am a budding cyber-security enthusiast. I am very new to open source and I want to take this up if nobody else is. Can I take this up?
Thanks.

@mboelen
Copy link
Member

mboelen commented Mar 12, 2019

Hi @abbapat - Sure, you can definitely become part of this and make a contribution. If you decide to pick it up, please ensure it is POSIX compatible shell script (not bash). Detection of the service should be OS independent as much as possible. Typically searching in strings is not preferred, but possibly it can be done by looking at something that both NTP daemons share (e.g. -V for version information, or --help that might give a good indication)

@abbapat
Copy link

abbapat commented Mar 13, 2019

Hey, thanks for the tips! Let me have a look.

@mboelen mboelen reopened this Dec 26, 2019
@CISOfy CISOfy deleted a comment from github-actions bot Dec 26, 2019
@mboelen
Copy link
Member

mboelen commented Dec 26, 2019

Hi @abbapat - Do you have time to pick this up?

@Varbin
Copy link
Contributor Author

Varbin commented Jan 8, 2020

OpenNTPD always has the sub processes named ntpd: ntp engine and ntpd: dns engine (both on FreeBSD and Debian).

"Classic" ntpd does only have a subprocess ntpd -p $path_to_pid -g -u $uid:$gid

Additionally any installation comes with ntpctl which is comparable to ntpq.

I'll prepare a pull request today.

@Varbin Varbin mentioned this issue Jan 8, 2020
Merged
@Varbin
Copy link
Contributor Author

Varbin commented Jan 20, 2020

@mboelen Do you have some time to lookup at the pull request?

@CISOfy CISOfy deleted a comment from github-actions bot Mar 24, 2020
@mboelen
Copy link
Member

mboelen commented Mar 24, 2020

Thanks @Varbin for your work on this. It has been merged.

@mboelen mboelen added enhancement and removed good-first-issue This may be a great opportunity to get started with contributing to an open source project! help-wanted Help for this issue is welcome. Great for those who like to chime in and contribute! no-issue-activity labels Mar 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mboelen mboelen

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add detection of OpenNTPD Varbin/lynis
3 participants
@Varbin @mboelen @abbapat