New version of lynis demands strict permissions on %%DATADIR%%/include/tests_* files, no more than 0600, but the port installs the files with mode 0444. When the lynis is called with the files with bad permissions, all of them are skipped: root# lynis -c -Q .. [+] General ------------------------------------ - Running test category storage... [ SKIPPED ] [+] General ------------------------------------ - Running test category storage_nfs... [ SKIPPED ] .. - [15:37:27] Warning: Invalid permissions on tests file tests_storage [test:NONE] [impact:H] - [15:37:27] Warning: Invalid permissions on tests file tests_storage_nfs [test:NONE] [impact:H] .. Fix: Correct the pkg-plist so the package files will be installed with the correct modes Patch attached with submission follows: How-To-Repeat: Install the lynis-1.3.5, call root# lynis -c -Q
Maintainer of security/lynis, Please note that PR ports/184143 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/184143 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Responsible Changed From-To: freebsd-ports-bugs->antoine Take
Author: antoine Date: Sat Dec 14 20:10:52 2013 New Revision: 336483 URL: http://svnweb.freebsd.org/changeset/ports/336483 Log: Set proper permissions on tests, or lynis will skip them PR: ports/184143 Submitted by: Kozlov Sergey Approved by: maintainer timeout (3 weeks) Modified: head/security/lynis/Makefile head/security/lynis/pkg-plist Modified: head/security/lynis/Makefile ============================================================================== --- head/security/lynis/Makefile Sat Dec 14 19:52:00 2013 (r336482) +++ head/security/lynis/Makefile Sat Dec 14 20:10:52 2013 (r336483) @@ -3,6 +3,7 @@ PORTNAME= lynis PORTVERSION= 1.3.5 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://cisofy.com/files/ Modified: head/security/lynis/pkg-plist ============================================================================== --- head/security/lynis/pkg-plist Sat Dec 14 19:52:00 2013 (r336482) +++ head/security/lynis/pkg-plist Sat Dec 14 20:10:52 2013 (r336483) @@ -22,6 +22,7 @@ man/man8/lynis.8.gz %%DATADIR%%/include/parameters %%DATADIR%%/include/profiles %%DATADIR%%/include/report +@mode 0400 %%DATADIR%%/include/tests_accounting %%DATADIR%%/include/tests_authentication %%DATADIR%%/include/tests_banners @@ -63,6 +64,7 @@ man/man8/lynis.8.gz %%DATADIR%%/include/tests_tooling %%DATADIR%%/include/tests_virtualization %%DATADIR%%/include/tests_webservers +@mode @dirrm %%DATADIR%%/include @dirrm %%DATADIR%%/dev/openbsd @dirrm %%DATADIR%%/dev _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->closed Patch committed, thanks for the submission!