Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AUTH-9284 doesn't exist anymore #1563

Open
thiagomarafeli opened this issue Oct 18, 2024 · 3 comments
Open

AUTH-9284 doesn't exist anymore #1563

thiagomarafeli opened this issue Oct 18, 2024 · 3 comments
Assignees
@mboelen
Labels
information-needed

Comments

@thiagomarafeli
Copy link

Describe the bug
When I ran the lynis script, one of the warnings was about Locked Accounts, but, when clicking the suggested link, leads to a page that doesn't exist

Version

  • Ubuntu 22.04.5
  • Lynis 3.1.3 (downloaded from GitHub)

Expected behavior
A page showing the description of AUTH-9284

Output
Shows a page saying that it looks like a new discovery

Additional context
The access to the webpage was made 15min ago
@mboelen
Copy link
Member

mboelen commented Oct 18, 2024
edited
Loading

Thanks for reporting. Can you show me the details of the output (lynis show details AUTH-9284) that you are seeing? Based on that (but redacted), we can create a new article to add as one of the links.

@mboelen mboelen self-assigned this Oct 18, 2024
@thiagomarafeli
Copy link
Author

thiagomarafeli commented Oct 20, 2024
edited
Loading

Thanks for reporting. Can you show me the details of the output (lynis show details AUTH-9284) that you are seeing? Based on that (but redacted), we can create a new article to add as one of the links.

This is the output of lynis show details AUTH-9284:

2024-10-16 20:54:06 Performing test ID AUTH-9284 (Check locked user accounts in /etc/passwd)
2024-10-16 20:54:06 Test: Checking locked accounts
2024-10-16 20:54:06 Result: found one or more locked accounts
2024-10-16 20:54:06 Locked account: ssm-user
2024-10-16 20:54:06 Locked account: ubuntu
2024-10-16 20:54:06 Suggestion: Look at the locked accounts and consider removing them [test:AUTH-9284] [details:-] [solution:-]
2024-10-16 20:54:06 ====

Also, when I ran the ./lynis audit system command, one of the things it returned was this:

  * Look at the locked accounts and consider removing them [AUTH-9284] 
    - Related resources
      * Website: https://cisofy.com/lynis/controls/AUTH-9284/

@lkirkwood
Copy link

Hey, first of all thanks for a great tool! It is super useful.
I happened to hit this issue too, although with a strange twist.

  * Look at the locked accounts and consider removing them [AUTH-9284]
    - Related resources
      * Website: https://cisofy.com/lynis/controls/AUTH-9284/

So I arrived at this issue. However, running lynis show details AUTH-9284:

2025-02-04 15:05:43 Performing test ID AUTH-9284 (Check locked user accounts in /etc/passwd)
2025-02-04 15:05:43 Test: Checking locked accounts
2025-02-04 15:05:43 Result: all accounts seem to be unlocked
2025-02-04 15:05:43 ====

Checking the source, it looks like the check depends on passwd -S <user> which for a few users on my machine shows <user> LK <some date> 0 99999 7 -1 (Alternate authentication scheme in use.). I can't quite figure out how the results are displayed from the show details command but hopefully this is enough to be useful. Let me know if I should open a new issue or if I can provide more info.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mboelen mboelen

Labels
information-needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mboelen @lkirkwood @thiagomarafeli