Update Lynis baseline for x86_64

New issues:
* Audit missing rules: boo#1191614#c2, fix is submitted
* False positive in reboot detection:
  CISOfy/lynis#1241
* Insecure grub.cfg permissions: boo#1189644

data/lynis/baseline-lynis-audit-system-nocolors-Tumbleweed-x86_64-gnome

@@ -1,5 +1,5 @@
 
-[ Lynis 3.0.5 ]
+[ Lynis 3.0.6 ]
 
 ################################################################################
   Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
@@ -17,11 +17,11 @@
 - Checking profiles... [ DONE ]
 
   ---------------------------------------------------
-  Program version:           3.0.5
+  Program version:           3.0.6
   Operating system:          Linux
   Operating system name:     openSUSE
-  Operating system version:  20210703
-  Kernel version:            5.12.13
+  Operating system version:  20211129
+  Kernel version:            5.15.5
   Hardware platform:         x86_64
   Hostname:                  susetest
   ---------------------------------------------------
@@ -49,65 +49,24 @@
  
 - Plugins enabled [ NONE ]
 
-=================================================================
-
-  Exception found!
-
-  Function/test:  [GetHostID]
-  Message:        Can't create hostid (no MAC addresses found)
-
-  Help improving the Lynis community with your feedback!
-
-  Steps:
-  - Ensure you are running the latest version (/usr/bin/lynis update check)
-  - If so, create a GitHub issue at https://github.com/CISOfy/lynis
-  - Include relevant parts of the log file or configuration file
-
-  Thanks!
-
-=================================================================
-
-
-=================================================================
-
-  Exception found!
-
-  Function/test:  [GetHostID]
-  Message:        Can't create HOSTID, command ip not found
-
-  Help improving the Lynis community with your feedback!
-
-  Steps:
-  - Ensure you are running the latest version (/usr/bin/lynis update check)
-  - If so, create a GitHub issue at https://github.com/CISOfy/lynis
-  - Include relevant parts of the log file or configuration file
-
-  Thanks!
-
-=================================================================
-
-
 [+] Boot and services
 ------------------------------------
-
-  [WARNING]: Test CORE-1000 had a long execution: 19.703842 seconds
-
 - Service Manager [ systemd ]
 - Checking UEFI boot [ DISABLED ]
 - Checking presence GRUB2 [ FOUND ]
 - Checking for password protection [ NONE ]
 - Check running services (systemctl) [ DONE ]
-Result: found 32 running services
+Result: found 33 running services
 - Check enabled services at boot (systemctl) [ DONE ]
 Result: found 26 enabled services
 - Check startup files (permissions) [ OK ]
 - Running 'systemd-analyze security'
 - ModemManager.service: [ MEDIUM ]
 - NetworkManager.service: [ EXPOSED ]
-- accounts-daemon.service: [ UNSAFE ]
+- accounts-daemon.service: [ EXPOSED ]
 - after-local.service: [ UNSAFE ]
 - alsa-state.service: [ UNSAFE ]
-- appstream-sync-cache.service: [ UNSAFE ]
+- appstream-sync-cache.service: [ MEDIUM ]
 - auditd.service: [ EXPOSED ]
 - avahi-daemon.service: [ UNSAFE ]
 - chronyd.service: [ EXPOSED ]
@@ -123,15 +82,17 @@
 - [email protected]: [ UNSAFE ]
 - [email protected]: [ UNSAFE ]
 - [email protected]: [ UNSAFE ]
-- gpm.service: [ UNSAFE ]
+- gpm.service: [ EXPOSED ]
 - haveged.service: [ MEDIUM ]
 - irqbalance.service: [ MEDIUM ]
+- lvm2-lvmpolld.service: [ UNSAFE ]
 - mcelog.service: [ UNSAFE ]
 - nscd.service: [ UNSAFE ]
-- pcscd.service: [ UNSAFE ]
+- pcscd.service: [ EXPOSED ]
 - plymouth-start.service: [ UNSAFE ]
 - polkit.service: [ UNSAFE ]
 - postfix.service: [ UNSAFE ]
+- power-profiles-daemon.service: [ EXPOSED ]
 - rc-local.service: [ UNSAFE ]
 - rescue.service: [ UNSAFE ]
 - rtkit-daemon.service: [ MEDIUM ]
@@ -140,7 +101,7 @@
 - [email protected]: [ UNSAFE ]
 - [email protected]: [ UNSAFE ]
 - [email protected]: [ UNSAFE ]
-- smartd.service: [ UNSAFE ]
+- smartd.service: [ EXPOSED ]
 - snapperd.service: [ MEDIUM ]
 - sshd.service: [ UNSAFE ]
 - systemd-ask-password-console.service: [ UNSAFE ]
@@ -151,6 +112,7 @@
 - systemd-rfkill.service: [ UNSAFE ]
 - systemd-timesyncd.service: [ PROTECTED ]
 - systemd-udevd.service: [ MEDIUM ]
+- tuned.service: [ UNSAFE ]
 - udisks2.service: [ UNSAFE ]
 - upower.service: [ PROTECTED ]
 - [email protected]: [ UNSAFE ]
@@ -165,7 +127,7 @@
 - Checking kernel version and release [ DONE ]
 - Checking kernel type [ DONE ]
 - Checking loaded kernel modules [ DONE ]
-Found 102 active modules
+Found 86 active modules
 - Checking Linux kernel configuration file [ FOUND ]
 - Checking default I/O kernel scheduler [ NOT FOUND ]
 - Checking core dumps configuration
@@ -174,7 +136,7 @@
 - 'hard' configuration in security/limits.conf [ DEFAULT ]
 - 'soft' configuration in security/limits.conf [ DEFAULT ]
 - Checking setuid core dumps configuration [ DISABLED ]
-- Check if reboot is needed [ NO ]
+- Check if reboot is needed [ YES ]
 
 [+] Memory and Processes
 ------------------------------------
@@ -282,10 +244,10 @@
 - Searching RPM package manager [ FOUND ]
 - Querying RPM package manager
 
-  [WARNING]: Test PKGS-7308 had a long execution: 24.410926 seconds
+  [WARNING]: Test PKGS-7308 had a long execution: 23.399025 seconds
 
 
-  [WARNING]: Test PKGS-7328 had a long execution: 14.423750 seconds
+  [WARNING]: Test PKGS-7328 had a long execution: 12.376914 seconds
 
 - Using Zypper to find vulnerable packages [ NONE ]
 - Checking package audit tool [ INSTALLED ]
@@ -453,7 +415,7 @@
 - Checking accounting information [ NOT FOUND ]
 - Checking sysstat accounting data [ NOT FOUND ]
 - Checking auditd [ ENABLED ]
-- Checking audit rules [ OK ]
+- Checking audit rules [ SUGGESTION ]
 - Checking audit configuration file [ OK ]
 - Checking auditd log file [ FOUND ]
 
@@ -481,7 +443,7 @@
 ------------------------------------
 - Checking presence AppArmor [ FOUND ]
 - Checking AppArmor status [ ENABLED ]
-Found 96 unconfined processes
+Found 95 unconfined processes
 - Checking presence SELinux [ NOT FOUND ]
 - Checking presence TOMOYO Linux [ NOT FOUND ]
 - Checking presence grsecurity [ NOT FOUND ]
@@ -506,7 +468,7 @@
 [+] File Permissions
 ------------------------------------
 - Starting file permissions check
-File: /boot/grub2/grub.cfg [ OK ]
+File: /boot/grub2/grub.cfg [ SUGGESTION ]
 File: /etc/cron.deny [ OK ]
 File: /etc/crontab [ OK ]
 File: /etc/group [ OK ]
@@ -515,7 +477,6 @@
 File: /etc/hosts.deny [ OK ]
 File: /etc/issue [ SUGGESTION ]
 File: /etc/issue.net [ OK ]
-File: /etc/motd [ OK ]
 File: /etc/passwd [ OK ]
 File: /etc/passwd- [ OK ]
 File: /etc/hosts.equiv [ OK ]
@@ -548,7 +509,6 @@
 - kernel.modules_disabled (exp: 1) [ DIFFERENT ]
 - kernel.perf_event_paranoid (exp: 3) [ DIFFERENT ]
 - kernel.randomize_va_space (exp: 2) [ OK ]
-- kernel.suid_dumpable (exp: 0) [ OK ]
 - kernel.sysrq (exp: 0) [ DIFFERENT ]
 - kernel.unprivileged_bpf_disabled (exp: 1) [ DIFFERENT ]
 - net.core.bpf_jit_harden (exp: 2) [ DIFFERENT ]
@@ -588,13 +548,15 @@
 
   [WARNING]: Deprecated function used (logtext)
 
-Warning: Package iio-sensor-proxy-3.1-1.1.x86_64 installs an unknown D-BUS autostart/system service: net.hadess.SensorProxy.conf [ WARNING ]
-Warning: Package bluez-5.58-1.5.x86_64 installs an unknown D-BUS autostart/system service: org.bluez.service [ WARNING ]
-Warning: Package flatpak-1.11.2-1.1.x86_64 installs an unknown D-BUS autostart/system service: org.freedesktop.Flatpak.SystemHelper.service [ WARNING ]
-Warning: Package bolt-0.9.1-1.1.x86_64 installs an unknown D-BUS autostart/system service: org.freedesktop.bolt.service [ WARNING ]
-Warning: Package fwupd-1.5.8-1.3.x86_64 installs an unknown D-BUS autostart/system service: org.freedesktop.fwupd.service [ WARNING ]
-Warning: Package systemd-248.3-1.1.x86_64 installs an unknown D-BUS autostart/system service: org.freedesktop.timesync1.service [ WARNING ]
-Warning: Package snapper-0.9.0-6.1.x86_64 installs an unknown D-BUS autostart/system service: org.opensuse.Snapper.service [ WARNING ]
+Warning: Package power-profiles-daemon-0.10.1-2.1.x86_64 installs an unknown D-BUS autostart/system service: net.hadess.PowerProfiles.conf [ WARNING ]
+Warning: Package iio-sensor-proxy-3.3-1.1.x86_64 installs an unknown D-BUS autostart/system service: net.hadess.SensorProxy.conf [ WARNING ]
+Warning: Package power-profiles-daemon-0.10.1-2.1.x86_64 installs an unknown D-BUS autostart/system service: net.hadess.PowerProfiles.service [ WARNING ]
+Warning: Package bluez-5.62-1.3.x86_64 installs an unknown D-BUS autostart/system service: org.bluez.service [ WARNING ]
+Warning: Package flatpak-1.12.2-1.1.x86_64 installs an unknown D-BUS autostart/system service: org.freedesktop.Flatpak.SystemHelper.service [ WARNING ]
+Warning: Package bolt-0.9.1-2.1.x86_64 installs an unknown D-BUS autostart/system service: org.freedesktop.bolt.service [ WARNING ]
+Warning: Package fwupd-1.6.4-1.1.x86_64 installs an unknown D-BUS autostart/system service: org.freedesktop.fwupd.service [ WARNING ]
+Warning: Package systemd-249.7-1.1.x86_64 installs an unknown D-BUS autostart/system service: org.freedesktop.timesync1.service [ WARNING ]
+Warning: Package snapper-0.9.0-7.1.x86_64 installs an unknown D-BUS autostart/system service: org.opensuse.Snapper.service [ WARNING ]
 
   [WARNING]: Deprecated function used (wait_for_keypress)
 
@@ -621,15 +583,15 @@
 
   [WARNING]: Deprecated function used (logtext)
 
-No bad RPATH usage found in 7973 executables [ OK ]
+No bad RPATH usage found in 8179 executables [ OK ]
 
   [WARNING]: Deprecated function used (wait_for_keypress)
 
 
 [+] File systems
 ------------------------------------
 
-  [WARNING]: Test BINARY-1000 had a long execution: 63.736589 seconds
+  [WARNING]: Test BINARY-1000 had a long execution: 62.374736 seconds
 
 - Starting look-up of symlinks in /tmp...
 
@@ -683,18 +645,25 @@
 
 ================================================================================
 
-  -[ Lynis 3.0.5 Results ]-
+  -[ Lynis 3.0.6 Results ]-
 
-  Warnings (2):
+  Warnings (3):
   ----------------------------
+  ! Reboot of system is most likely needed [KRNL-5830] 
+    - Solution : reboot
+      https://cisofy.com/lynis/controls/KRNL-5830/
+
   ! Couldn't find 2 responsive nameservers [NETW-2705] 
       https://cisofy.com/lynis/controls/NETW-2705/
 
   ! iptables module(s) loaded, but no rules active [FIRE-4512] 
       https://cisofy.com/lynis/controls/FIRE-4512/
 
-  Suggestions (40):
+  Suggestions (42):
   ----------------------------
+  * This release is more than 4 months old. Check the website or GitHub to see if there is an update available. [LYNIS] 
+      https://cisofy.com/lynis/controls/LYNIS/
+
   * Set a password on GRUB boot loader to prevent altering boot configuration (e.g. boot in single user mode without password) [BOOT-5122] 
       https://cisofy.com/lynis/controls/BOOT-5122/
 
@@ -809,6 +778,9 @@
   * Enable sysstat to collect accounting (no results) [ACCT-9626] 
       https://cisofy.com/lynis/controls/ACCT-9626/
 
+  * Audit daemon is enabled with an empty ruleset. Disable the daemon or define rules [ACCT-9630] 
+      https://cisofy.com/lynis/controls/ACCT-9630/
+
   * Install a file integrity tool to monitor changes to critical and sensitive files [FINT-4350] 
       https://cisofy.com/lynis/controls/FINT-4350/
 
@@ -842,8 +814,8 @@
 
   Lynis security scan details:
 
-  Hardening index : 82 [################    ]
-  Tests performed : 263
+  Hardening index : 81 [################    ]
+  Tests performed : 264
   Plugins enabled : 0
 
   Components:
@@ -873,7 +845,7 @@
 
 ================================================================================
 
-  Lynis 3.0.5
+  Lynis 3.0.6
 
   Auditing, system hardening, and compliance for UNIX-based systems
   (Linux, macOS, BSD, and others)