Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Still get "upgrade" suggestion when skip-upgrade-test=yes #1538

Open
jpasher-lazor opened this issue Aug 30, 2024 · 4 comments
Open

Still get "upgrade" suggestion when skip-upgrade-test=yes #1538

jpasher-lazor opened this issue Aug 30, 2024 · 4 comments
Assignees

Comments

@jpasher-lazor
Copy link
Contributor

Version

  • Distribution: Ubuntu 22.04
  • Lynis version: master

Describe the bug
When setting skip-upgrade-test=yes, it will skip the actual version test, but it will still report the suggestion due to this code:

Line 791 in lynis:

OLD_RELEASE=0
TIME_DIFFERENCE_CHECK=10368000 # 4 months
RELEASE_PLUS_TIMEDIFF=$((PROGRAM_RELEASE_TIMESTAMP + TIME_DIFFERENCE_CHECK))
NOW=$(date "+%s")
if [ ${NOW} -gt ${RELEASE_PLUS_TIMEDIFF} ]; then
    # Show if release is old, only if we didn't show it with normal update check
    if [ ${UPDATE_AVAILABLE} -eq 0 ]; then
        ReportSuggestion "LYNIS" "This release is more than 4 months old. Check the website or GitHub to see if there is an update available."
    fi
    OLD_RELEASE=1
fi

In my opinion, the if statement that wraps ReportSuggestion should take into consideration whether skip-upgrade-test=yes and not show that message if that is the case. I can create a PR if others agree this is desirable.

Expected behavior
I disabled upgrade test, so that means I don't need to see anything related to upgrades.

@mboelen
Copy link
Member

mboelen commented Sep 26, 2024

That is intended behavior. The first part of Lynis checks if there is actually an update available and as you saw you can disable that part. The second one is a simple "Lynis might be outdated" test. It is merely a suggestion for people to check if there is a newer version available. Up to the user to deal upon that suggestion or accept that a possibly outdated version is being used.

@mboelen mboelen self-assigned this Sep 26, 2024
@jpasher-lazor
Copy link
Contributor Author

If that's the intended behavior, then I can't really argue, but I disagree with that intention. It basically makes it where there's no way to truly ignore the version upgrade test. The fact that you might be running a lynis release that is over four months old is directly related to upgrading (otherwise, why would you care if it's old). If I don't care about upgrading (because I'm managing it in some other way), I wouldn't care about seeing recommendations related to upgrading either.

@mboelen
Copy link
Member

mboelen commented Sep 26, 2024

It's not a version upgrade test, but a pointer or a hint to the user. The reason for giving this is that there might not be a newer version in the first place available (e.g. if you use Ubuntu and got an older version from the repositories), or because the upgrade check itself failed (e.g. no connectivity). So it is not always because one does not care about upgrading, but typically being unaware about the possibility that there is a newer version. More importantly, to hint users to use a (fairly) recent version.

If we want to allow the user to also skip this "Lynis is possibly outdated" test, then we could consider adding a new option. This way both checks can be disabled.

@wileyhy
Copy link

wileyhy commented Sep 27, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants