From f907c320a2b39a5553608141d2425cf540e0f3dc Mon Sep 17 00:00:00 2001 From: macie Date: Sat, 8 Feb 2025 17:16:37 +0100 Subject: [PATCH 1/3] refactor: Specify linux HOSTNAME detection This is the first step to fix error on OpenWrt without changing current behavior. --- lynis | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/lynis b/lynis index e2de13e13..78401f253 100755 --- a/lynis +++ b/lynis @@ -514,22 +514,27 @@ ${NORMAL} . ${INCLUDEDIR}/osdetection Display --indent 2 --text "- Detecting OS... " --result "${STATUS_DONE}" --color GREEN - # Check hostname and get timestamp + # Detect hostname and domain + FQDN=$(hostname 2> /dev/null) case ${OS} in HP-UX) - HOSTNAME=$(hostname) ;; + HOSTNAME=$(hostname) ;; + Linux) + HOSTNAME=$(hostname -s 2> /dev/null) + if [ -z "${HOSTNAME}" ]; then + HOSTNAME="${FQDN:-no-hostname}" + fi + if [ "${HOSTNAME}" = "${FQDN}" ]; then + FQDN=$(hostname -f 2> /dev/null) + fi + ;; Solaris) - HOSTNAME=$(uname -n) ;; + HOSTNAME=$(uname -n) ;; *) - HOSTNAME=$(hostname -s 2> /dev/null) ;; + HOSTNAME=$(hostname -s 2> /dev/null) ;; esac if [ -z "${HOSTNAME}" ]; then - HOSTNAME=$(hostname 2> /dev/null) - if [ -z "${HOSTNAME}" ]; then HOSTNAME="no-hostname"; fi - fi - FQDN=$(hostname 2> /dev/null) - if [ "${OS}" = "Linux" -a "${HOSTNAME}" = "${FQDN}" ]; then - FQDN=$(hostname -f 2> /dev/null) + HOSTNAME="${FQDN:-no-hostname}" fi # ################################################################################# From b8f5b41b98e17a6d124d04baf5e7e29c6b38fef1 Mon Sep 17 00:00:00 2001 From: macie Date: Sat, 8 Feb 2025 16:32:38 +0100 Subject: [PATCH 2/3] fix: Detect HOSTNAME on OpenWrt OpenWrt can be run on devices with little resource, so it can miss some BusyBox commands (eg. hostname). The standard way of gathering info about OpenWrt is by the `uci` command, see: . --- lynis | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/lynis b/lynis index 78401f253..0a9969df5 100755 --- a/lynis +++ b/lynis @@ -520,12 +520,17 @@ ${NORMAL} HP-UX) HOSTNAME=$(hostname) ;; Linux) - HOSTNAME=$(hostname -s 2> /dev/null) - if [ -z "${HOSTNAME}" ]; then - HOSTNAME="${FQDN:-no-hostname}" - fi - if [ "${HOSTNAME}" = "${FQDN}" ]; then - FQDN=$(hostname -f 2> /dev/null) + if [ "${LINUX_VERSION}" = "OpenWrt" ]; then + HOSTNAME=$(uname -n) + FQDN="${HOSTNAME:+$HOSTNAME.}$(uci -q get dhcp.@dnsmasq[0].domain)" + else + HOSTNAME=$(hostname -s 2> /dev/null) + if [ -z "${HOSTNAME}" ]; then + HOSTNAME="${FQDN:-no-hostname}" + fi + if [ "${HOSTNAME}" = "${FQDN}" ]; then + FQDN=$(hostname -f 2> /dev/null) + fi fi ;; Solaris) From 61061471fe2d595d4e6eba0b273af7b544aa5ed6 Mon Sep 17 00:00:00 2001 From: macie Date: Sat, 8 Feb 2025 16:38:52 +0100 Subject: [PATCH 3/3] fix: False positive NETW-2400 on OpenWrt To save resources, BusyBox for OpenWrt is compiled without support for character classes in `tr` command (FEATURE_TR_CLASSES). In that case `tr` treats `[:alnum:]` like a group of single characters, so it misses all numbers and most of letters. --- include/tests_networking | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/tests_networking b/include/tests_networking index fcf408025..c7c3a180e 100644 --- a/include/tests_networking +++ b/include/tests_networking @@ -69,7 +69,8 @@ LogText "Result: hostnamed is defined and not longer than 63 characters" fi # Test valid characters (normally a dot should not be in the name, but we can't be 100% sure we have short name) - FIND=$(echo "${HOSTNAME}" | ${TRBINARY} -d '[:alnum:]\.\-') + # (we are NOT using [:alnum:] to support BusyBox's tr on devices with limited resources) + FIND=$(echo "${HOSTNAME}" | ${TRBINARY} -d '[a-zA-Z0-9]\.\-') if [ -z "${FIND}" ]; then LogText "Result: good, no unexpected characters discovered in hostname" if IsVerbose; then Display --indent 2 --text "- Hostname (allowed characters)" --result "${STATUS_OK}" --color GREEN; fi