Package: lynis Version: 3.0.0-1 Severity: critical Tags: security Justification: breaks unrelated software X-Debbugs-Cc: witold.bary...@gmail.com, Debian Security Team <t...@security.debian.org>
root@debian:/var/log# grep lynis daemon.log | wc -l 21311825 root@debian:/var/log# grep lynis daemon.log.1 | wc -l 1986915 root@debian:/var/log# grep lynis syslog | wc -l 19082244 root@debian:/var/log# grep lynis syslog.1 | wc -l 2229585 root@debian:/var/log# ls -al | egrep 'syslog|daemon|lynis' -rw-r----- 1 root adm 22056719829 Jul 20 09:01 daemon.log -rw-r----- 1 root adm 2139363076 Jul 19 00:00 daemon.log.1 -rw-r----- 1 root root 1406036 Jul 20 08:57 lynis.log -rw-r----- 1 root root 189897 Jul 20 08:57 lynis-report.dat -rw-r----- 1 root adm 19752025179 Jul 20 09:01 syslog -rw-r----- 1 root adm 2308186335 Jul 20 00:00 syslog.1 -rw-r----- 1 root adm 12446588 Jul 19 00:00 syslog.2.gz -rw-r----- 1 root adm 3843198 Jul 18 00:00 syslog.3.gz -rw-r----- 1 root adm 3957595 Jul 17 00:00 syslog.4.gz -rw-r----- 1 root adm 651678 Jul 16 00:00 syslog.5.gz root@debian:/var/log# A sample: Jul 19 00:12:00 localhost lynis[2755422]: find: File system loop detected; '/lib/live/mount/overlay/rw/home/user/bar/bin/X11' is part of the same file system loop as '/lib/live/mount/overlay/rw/home/user/bar/bin'. Jul 19 00:12:00 localhost lynis[2755422]: find: File system loop detected; '/lib/live/mount/overlay/rw/home/user/bar/dev/fd/3' is part of the same file system loop as '/lib/live/mount/overlay/rw/home/user/bar'. Jul 19 00:12:00 localhost lynis[2755422]: find: '/lib/live/mount/overlay/rw/home/user/bar/dev/fd/4': No such file or directory Jul 19 00:12:00 localhost lynis[2755422]: find: File system loop detected; '/lib/live/mount/overlay/rw/home/user/bar/home/user/bar' is part of the same file system loop as '/lib/live/mount/overlay/rw/home/user/bar'. Jul 19 00:12:00 localhost lynis[2755422]: find: File system loop detected; '/lib/live/mount/overlay/rw/home/user/bar/home/user/Games/apex-legends/dosdevices/f:/debian' is part of the same file system loop as '/lib/live/mount/overlay/rw/home/user/bar/home/user/Games/apex-legends/dosdevices/f:'. Jul 19 00:12:00 localhost lynis[2755422]: find: File system loop detected; '/lib/live/mount/overlay/rw/home/user/bar/home/user/Games/apex-legends/dosdevices/z:' is part of the same file system loop as '/lib/live/mount/overlay/rw/home/user/bar'. Jul 19 00:12:00 localhost lynis[2755422]: find: File system loop detected; '/lib/live/mount/overlay/rw/home/user/bar/home/user/.local/share/webkitgtk/databases/indexeddb/v0' is part of the same file system loop as '/lib/live/mount/overlay/rw/home/user/bar/home/user/.local/share/webkitgtk/databases/indexeddb'. Jul 19 00:12:00 localhost lynis[2755422]: find: File system loop detected; '/lib/live/mount/overlay/rw/home/user/bar/lib' is part of the same file system loop as '/lib'. Jul 19 00:12:00 localhost lynis[2755422]: find: File system loop detected; '/lib/live/mount/overlay/rw/home/user/bar/proc/self/task/2755422/fd/3' is part of the same file system loop as '/lib/live/mount/overlay/rw/home/user/bar'. Jul 19 00:12:00 localhost lynis[2755422]: find: '/lib/live/mount/overlay/rw/home/user/bar/proc/self/task/2755422/fd/4': No such file or directory Jul 19 00:12:00 localhost lynis[2755422]: find: '/lib/live/mount/overlay/rw/home/user/bar/proc/self/task/2755422/fdinfo/4': No such file or directory Jul 19 00:12:00 localhost lynis[2755422]: find: File system loop detected; '/lib/live/mount/overlay/rw/home/user/bar/proc/6/cwd' is part of the same file system loop as '/lib/live/mount/overlay/rw/home/user/bar'. It consumed all 160GB of my disk space easily. All because `/home/user/bar -> /` symlink. Lynis should not emit 'File system loop detected' to logs. It is not a bug or error, similarly 'No such file or directory' should not be logged, it is not a bug or error, but normal occurance. Symlinks that do point back up, are normal, and shouldn't be logged, it is normal occurance. Multiple unrelated services got disrupted (including crashs), due to disk space exhaustion, missing logs from other software, and other software crashing with unsaved state (i.e. text editor, web browser, etc). Regards, Witold -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.6.0-1-amd64 (SMP w/32 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages lynis depends on: ii e2fsprogs 1.45.6-1 Versions of packages lynis recommends: ii menu 2.1.47+b1 Versions of packages lynis suggests: pn aide <none> pn apt-listbugs <none> ii bind9-dnsutils [dnsutils] 1:9.16.4-1 pn debsecan <none> ii debsums 3.0.0 ii dnsutils 1:9.16.4-1 ii fail2ban 0.11.1-2 pn samhain <none> pn tripwire <none> -- no debconf information
