[SSH-7402] Lynis does not detect OpenSSH server running on Alpine Linux

[jhe2]

Describe the bug

The SSH-7402 check does not properly detect an OpenSSH server running on Alpine Linux.

Version

• Distribution Alpine Linux (Edge)
• Lynis version 3.0.4

Expected behavior
Lynis should detect the running OpenSSH daemon.

Output

2021-06-23 12:22:21 Performing test ID SSH-7402 (Check for running SSH daemon)
2021-06-23 12:22:21 Test: Searching for a SSH daemon
2021-06-23 12:22:21 Performing pgrep scan without uid
2021-06-23 12:22:21 IsRunning: process 'sshd' not found
2021-06-23 12:22:21 Test: find service listening on TCP:22
2021-06-23 12:22:21 Result: found service listening on port 22 (TCP)
2021-06-23 12:22:21 ====

Additional context

Adding the --full argument to the IsRunning sshd call in include/tests_ssh makes it detect it.

[mboelen]

Thanks for reporting! Using the --full shouldn't be needed typically. Can you show your output of ps?

[jhe2]

Sure thing:

PID   USER     TIME  COMMAND
    1 root      0:00 /sbin/init
  235 root      0:02 /sbin/syslogd -t
  291 root      0:17 /usr/sbin/crond -c /etc/crontabs
  682 root      0:00 /sbin/getty 38400 console
  683 root      0:00 /sbin/getty 38400 tty1
  684 root      0:00 /sbin/getty 38400 tty2
  685 root      0:00 /sbin/getty 38400 tty3
  686 root      0:00 /sbin/getty 38400 tty4
 1525 root      0:00 sshd: root@pts/4
 1527 root      0:00 -ash
12719 root      0:00 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
13507 root      0:00 sshd: root@pts/5
13509 root      0:00 -ash
14906 root      0:00 ps

[jhe2]

Perhaps worth mentioning, running pgrep -x sshd on that system does not output anything.