Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid permissions despite running as root. #32

Closed
absorber opened this issue Mar 13, 2015 · 1 comment
Closed

Invalid permissions despite running as root. #32

absorber opened this issue Mar 13, 2015 · 1 comment
Assignees
@mboelen
Labels
no-change

Comments

@absorber
Copy link

As a standard user all I did was git clone https://github.com/CISOfy/Lynis.git, afterwards I went into the git dir and did this:

~/scripts/Lynis [0] (master=) 
$ sudo ./lynis -c
[sudo] password for me:
[!] Change file permissions of ./include/consts to 640.
    Command: chmod 640 ./include/consts
[!] Change file permissions of ./include/functions to 640.
    Command: chmod 640 ./include/functions
[!] Change ownership of ./include/consts to 'root' or similar (found: me with UID 1000).
    Command: chown root:root ./include/consts
[!] Change ownership of ./include/functions to 'root' or similar (found: me with UID 1000).
    Command: chown root:root ./include/functions


[X] Security check failed: See action above to correct this issue.
    Please change ownership and permissions of the related files and start Lynis again.

After setting the appropriate permissions for the files, it still asked me to change permission of certain files:

~/scripts/Lynis [0] (master *=) 
$ sudo ./lynis -c

[ Lynis 2.0.0 ]

################################################################################
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See the LICENSE file for details about using this software.

 Copyright 2007-2015 - CISOfy, https://cisofy.com
 Enterprise support and plugins available via CISOfy
################################################################################

[+] Initializing program
------------------------------------
Fatal error: file ./include/osdetection should be owned by user 'root' or similar (found: me).

Afterwards, I simply did sudo chown -R root:root Lynis/, went into the Lynis git dir again but now as root and did ./lynis -c. This resulted in Invalid permissions on tests file tests_boot_services and similar permission errors. Full lynis.log can be seen here.
@mboelen mboelen self-assigned this Mar 16, 2015
@mboelen
Copy link
Member

mboelen commented Mar 16, 2015

Thanks for sharing. Lynis checks the permissions, to ensure a normal user can't alter the files and then force the root user to perform those commands. So this behavior is expected and not a bug..

Option 1
What you can do is is fetch the files as a normal user, use sudo to change ownership and then run Lynis with sudo permissions.

Option 2
Do the git clone as root.

Option 3
Do the git clone as a normal user and run Lynis as a normal user.

@mboelen mboelen closed this as completed Mar 16, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mboelen mboelen

Labels
no-change
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@absorber @mboelen