Patch for avoid phoning home
Hello
The CheckUpdates() function is executed every time an audit is done. It
makes a DNS query and uses the TXT field of the DNS record for this.
You can check if you have latest version by running "dig -t TXT
lynis-latest-version.cisofy.com" but you would be "phoning home"
yourself :-).
The package will be removed soon if the bug isn't fixed, so i cc the
pkg-security team asking for sponsorship in case the maintainer is not
available.
Greetings,
Marcos
Description: The CheckUpdates() function is executed every time an audit is done. It makes a DNS query and uses the TXT field of the DNS record for this. This patch cancels this function. You can check if you have latest version by running "dig -t TXT lynis-latest-version.cisofy.com" but you would be "phoning home" yourself :-).
Author: Marcos Fouces <marcos.fouces@gmail.com>
Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935042
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/include/functions
+++ b/include/functions
@@ -254,29 +254,7 @@
################################################################################
CheckUpdates() {
- PROGRAM_LV="0000000000"; DB_MALWARE_LV="0000000000"; DB_FILEPERMS_LV="0000000000"
- if [ ${RUN_UPDATE_CHECK} -eq 1 ]; then
- LYNIS_LV_RECORD="lynis-latest-version.cisofy.com."
- FIND=$(which dig 2> /dev/null | grep -v "no [^ ]* in")
- if [ ! -z "${FIND}" ]; then
- PROGRAM_LV=$(dig +short +time=3 -t txt lynis-latest-version.cisofy.com 2> /dev/null | grep -v "connection timed out" | sed 's/[".]//g' | grep "^[1-9][0-9][0-9]$")
- else
- FIND=$(which host 2> /dev/null | grep -v "no [^ ]* in ")
- if [ ! -z "${FIND}" ]; then
- PROGRAM_LV=$(host -t txt -W 3 lynis-latest-version.cisofy.com 2> /dev/null | grep -v "connection timed out" | awk '{ if ($1=="lynis-latest-version.cisofy.com" && $3=="text") { print $4 }}' | sed 's/"//g' | grep "^[1-9][0-9][0-9]$")
- if [ "${PROGRAM_LV}" = "" ]; then PROGRAM_LV=0; fi
- else
- FIND=$(which drill 2> /dev/null | grep -v "no [^ ]* in ")
- if [ ! -z "${FIND}" ]; then
- PROGRAM_LV=$(drill txt ${LYNIS_LV_RECORD} | awk '{ if ($1=="lynis-latest-version.cisofy.com." && $4=="TXT") { print $5 }}' | tr -d '"' | grep "^[1-9][0-9][0-9]$")
- if [ -z "${PROGRAM_LV}" ]; then PROGRAM_LV=0; fi
- else
- LogText "Result: dig, drill or host not installed, update check skipped"
- UPDATE_CHECK_SKIPPED=1
- fi
- fi
- fi
- fi
+ echo "In Debian distro package, check for updates are disabled."
}
Reply to: