Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DBS-1882] Exception #1511

Open
suprovsky opened this issue Jun 12, 2024 · 1 comment
Open

[DBS-1882] Exception #1511

suprovsky opened this issue Jun 12, 2024 · 1 comment

Comments

@suprovsky
Copy link

suprovsky commented Jun 12, 2024
edited
Loading

Describe the bug
Lynis does not detect a configuration file of Redis as it's not default one because all instances of Redis are run as Docker containers.

Version

  • Ubuntu 24.04 LTS amd64
  • Lynis 3.1.2

Expected behavior
A clear and concise description of what you expected to happen.

Output
If applicable, add output that you get from the tool or the related section of lynis.log

  Exception found!

  Function/test:  [DBS-1882]
  Message:        Found Redis, but no configuration file. Report this if you know where it is located on your system.

lynis.log

2024-06-12 10:21:48 Performing test ID DBS-1880 (Check for active Redis server)
2024-06-12 10:21:48 Performing pgrep scan without uid
2024-06-12 10:21:48 IsRunning: process 'redis-server' found (4204 4227 4228 5173 5194 5715 7445 8185 8432 8489 8560 12173 12302 12383 )
2024-06-12 10:21:48 Result: Redis is running
2024-06-12 10:21:48 ====
2024-06-12 10:21:48 Performing test ID DBS-1882 (Redis configuration file)
2024-06-12 10:21:48 Action: scanning directory (/etc/redis) for Redis configuration files
2024-06-12 10:21:49 Result: no configuration files found in this directory
2024-06-12 10:21:49 Action: scanning directory (/usr/local/etc) for Redis configuration files
2024-06-12 10:21:49 Result: no configuration files found in this directory
2024-06-12 10:21:49 Action: scanning directory (/usr/local/etc/redis) for Redis configuration files
2024-06-12 10:21:49 Result: no configuration files found in this directory
2024-06-12 10:21:49 Action: scanning directory (/usr/local/redis/etc) for Redis configuration files
2024-06-12 10:21:49 Result: no configuration files found in this directory
2024-06-12 10:21:49 Exception: test has an exceptional event (DBS-1882) with text Found Redis, but no configuration file. Report this if you know where it is located on your system.

Additional context
You can reproduce this with the following setup on Docker:
docker-compose.yml:

services:
  redis:
    image: rapidfort/redis:7.2
    healthcheck:
      test: redis-cli PING | grep PONG
      interval: 10s
      timeout: 2s
      retries: 10
    restart: always
    env_file:
      - ./.env
    environment:
      - REDIS_PASSWORD=${REDIS_PASSWORD}
      - REDISCLI_AUTH=${REDIS_PASSWORD}
    volumes:
      - redis-data:/bitnami/redis/data:rw
volumes:
  redis-data:

.env

REDIS_PASSWORD=testpw

The volume must have 1001:1001 permissions set in the volume, otherwise it won't start.
I do it in a way where I add command: sleep infinity to a service and then after upping services I do docker exec -i -u 0 containername chown -R 1001:1001 /bitnami/redis/data
@konstruktoid
Copy link
Contributor

That means there needs to be some kind of container test as well, similar to

$ for p in $(pgrep redis); do if grep -q docker "/proc/${p}/cgroup"; then echo "${p} is in a container"; fi; done
46716 is in a container

And then this can scale of course (ignore or find config in container etc etc)

@konstruktoid konstruktoid mentioned this issue Jun 12, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@konstruktoid @suprovsky