Update Lynis baseline for Tumbleweed aarch64

Some kernel modules are now blacklisted as on x86_64

data/lynis/baseline-lynis-audit-system-nocolors-Tumbleweed-aarch64-gnome

@@ -1,5 +1,5 @@
 
-[ Lynis 3.0.5 ]
+[ Lynis 3.0.6 ]
 
 ################################################################################
   Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
@@ -17,11 +17,11 @@
 - Checking profiles... [ DONE ]
 
   ---------------------------------------------------
-  Program version:           3.0.5
+  Program version:           3.0.6
   Operating system:          Linux
   Operating system name:     openSUSE
-  Operating system version:  20210929
-  Kernel version:            5.14.6
+  Operating system version:  20211127
+  Kernel version:            5.15.3
   Hardware platform:         aarch64
   Hostname:                  susetest
   ---------------------------------------------------
@@ -36,25 +36,7 @@
   Test category:             all
   Test group:                all
   ---------------------------------------------------
-- Program update status...  [ UPDATE AVAILABLE ]
-
-      ===============================================================================
-        Lynis update available
-      ===============================================================================
-
-        Current version : 305   Latest version : 306
-
-        Please update to the latest version.
-        New releases include additional features, bug fixes, tests, and baselines.
-
-        Download the latest version:
-
-        Packages (DEB/RPM) -  https://packages.cisofy.com
-        Website (TAR)      -  https://cisofy.com/downloads/
-        GitHub (source)    -  https://github.com/CISOfy/lynis
-
-      ===============================================================================
-
+- Program update status...  [ NO UPDATE ]
 
 [+] System tools
 ------------------------------------
@@ -67,56 +49,15 @@
  
 - Plugins enabled [ NONE ]
 
-=================================================================
-
-  Exception found!
-
-  Function/test:  [GetHostID]
-  Message:        Can't create hostid (no MAC addresses found)
-
-  Help improving the Lynis community with your feedback!
-
-  Steps:
-  - Ensure you are running the latest version (/usr/bin/lynis update check)
-  - If so, create a GitHub issue at https://github.com/CISOfy/lynis
-  - Include relevant parts of the log file or configuration file
-
-  Thanks!
-
-=================================================================
-
-
-=================================================================
-
-  Exception found!
-
-  Function/test:  [GetHostID]
-  Message:        Can't create HOSTID, command ip not found
-
-  Help improving the Lynis community with your feedback!
-
-  Steps:
-  - Ensure you are running the latest version (/usr/bin/lynis update check)
-  - If so, create a GitHub issue at https://github.com/CISOfy/lynis
-  - Include relevant parts of the log file or configuration file
-
-  Thanks!
-
-=================================================================
-
-
 [+] Boot and services
 ------------------------------------
-
-  [WARNING]: Test CORE-1000 had a long execution: 25.669889 seconds
-
 - Service Manager [ systemd ]
 - Checking UEFI boot [ ENABLED ]
 - Checking Secure Boot [ DISABLED ]
 - Checking presence GRUB2 [ FOUND ]
 - Checking for password protection [ NONE ]
 - Check running services (systemctl) [ DONE ]
-Result: found 34 running services
+Result: found 33 running services
 - Check enabled services at boot (systemctl) [ DONE ]
 Result: found 25 enabled services
 - Check startup files (permissions) [ OK ]
@@ -126,8 +67,8 @@
 - accounts-daemon.service: [ EXPOSED ]
 - after-local.service: [ UNSAFE ]
 - alsa-state.service: [ UNSAFE ]
-- appstream-sync-cache.service: [ UNSAFE ]
-- auditd.service: [ MEDIUM ]
+- appstream-sync-cache.service: [ MEDIUM ]
+- auditd.service: [ EXPOSED ]
 - avahi-daemon.service: [ UNSAFE ]
 - chronyd.service: [ EXPOSED ]
 - colord.service: [ EXPOSED ]
@@ -140,17 +81,18 @@
 - firewalld.service: [ UNSAFE ]
 - fwupd.service: [ MEDIUM ]
 - [email protected]: [ UNSAFE ]
-- [email protected]: [ UNSAFE ]
 - [email protected]: [ UNSAFE ]
 - [email protected]: [ UNSAFE ]
-- gpm.service: [ UNSAFE ]
+- gpm.service: [ EXPOSED ]
 - haveged.service: [ MEDIUM ]
 - irqbalance.service: [ MEDIUM ]
+- lvm2-lvmpolld.service: [ UNSAFE ]
 - nscd.service: [ UNSAFE ]
-- pcscd.service: [ UNSAFE ]
+- pcscd.service: [ EXPOSED ]
 - plymouth-start.service: [ UNSAFE ]
 - polkit.service: [ UNSAFE ]
 - postfix.service: [ UNSAFE ]
+- power-profiles-daemon.service: [ EXPOSED ]
 - rc-local.service: [ UNSAFE ]
 - rescue.service: [ UNSAFE ]
 - rng-tools.service: [ MEDIUM ]
@@ -170,6 +112,7 @@
 - systemd-rfkill.service: [ UNSAFE ]
 - systemd-timesyncd.service: [ PROTECTED ]
 - systemd-udevd.service: [ MEDIUM ]
+- tuned.service: [ UNSAFE ]
 - udisks2.service: [ UNSAFE ]
 - upower.service: [ PROTECTED ]
 - [email protected]: [ UNSAFE ]
@@ -182,7 +125,7 @@
 - Checking kernel version and release [ DONE ]
 - Checking kernel type [ DONE ]
 - Checking loaded kernel modules [ DONE ]
-Found 105 active modules
+Found 90 active modules
 - Checking Linux kernel configuration file [ FOUND ]
 - Checking default I/O kernel scheduler [ NOT FOUND ]
 - Checking core dumps configuration
@@ -281,6 +224,9 @@
 - Mount options of /var [ NON DEFAULT ]
 - Total without nodev:14 noexec:20 nosuid:12 ro or noexec (W^X): 19 of total 34
 - Disable kernel support of some filesystems
+- Module cramfs is blacklisted [ OK ]
+- Module freevxfs is blacklisted [ OK ]
+- Module hfs is blacklisted [ OK ]
 
 [+] USB Devices
 ------------------------------------
@@ -315,10 +261,10 @@
 - Searching RPM package manager [ FOUND ]
 - Querying RPM package manager
 
-  [WARNING]: Test PKGS-7308 had a long execution: 54.469523 seconds
+  [WARNING]: Test PKGS-7308 had a long execution: 41.652936 seconds
 
 
-  [WARNING]: Test PKGS-7328 had a long execution: 23.975757 seconds
+  [WARNING]: Test PKGS-7328 had a long execution: 18.736488 seconds
 
 - Using Zypper to find vulnerable packages [ NONE ]
 - Checking package audit tool [ INSTALLED ]
@@ -486,7 +432,7 @@
 - Checking accounting information [ NOT FOUND ]
 - Checking sysstat accounting data [ NOT FOUND ]
 - Checking auditd [ ENABLED ]
-- Checking audit rules [ OK ]
+- Checking audit rules [ SUGGESTION ]
 - Checking audit configuration file [ OK ]
 - Checking auditd log file [ FOUND ]
 
@@ -501,7 +447,7 @@
 - Found 0 encrypted and 1 unencrypted swap devices in use. [ OK ]
 - Kernel entropy is sufficient [ YES ]
 - HW RNG & rngd [ YES ]
-- SW prng [ YES ]
+- SW prng [ NO ]
 - MOR variable not found [ WEAK ]
 
 [+] Virtualization
@@ -514,7 +460,7 @@
 ------------------------------------
 - Checking presence AppArmor [ FOUND ]
 - Checking AppArmor status [ ENABLED ]
-Found 98 unconfined processes
+Found 96 unconfined processes
 - Checking presence SELinux [ NOT FOUND ]
 - Checking presence TOMOYO Linux [ NOT FOUND ]
 - Checking presence grsecurity [ NOT FOUND ]
@@ -606,9 +552,6 @@
 
 [+] Hardening
 ------------------------------------
-
-  [WARNING]: Test KRNL-6000 had a long execution: 10.596062 seconds
-
 - Installed compiler(s) [ NOT FOUND ]
 - Installed malware scanner [ NOT FOUND ]
 - Non-native binary formats [ NOT FOUND ]
@@ -622,13 +565,15 @@
 
   [WARNING]: Deprecated function used (logtext)
 
-Warning: Package iio-sensor-proxy-3.1-1.1.aarch64 installs an unknown D-BUS autostart/system service: net.hadess.SensorProxy.conf [ WARNING ]
-Warning: Package bluez-5.61-1.3.aarch64 installs an unknown D-BUS autostart/system service: org.bluez.service [ WARNING ]
-Warning: Package flatpak-1.11.3-1.1.aarch64 installs an unknown D-BUS autostart/system service: org.freedesktop.Flatpak.SystemHelper.service [ WARNING ]
-Warning: Package bolt-0.9.1-1.1.aarch64 installs an unknown D-BUS autostart/system service: org.freedesktop.bolt.service [ WARNING ]
-Warning: Package fwupd-1.5.8-1.4.aarch64 installs an unknown D-BUS autostart/system service: org.freedesktop.fwupd.service [ WARNING ]
-Warning: Package systemd-249.4-2.2.aarch64 installs an unknown D-BUS autostart/system service: org.freedesktop.timesync1.service [ WARNING ]
-Warning: Package snapper-0.9.0-6.3.aarch64 installs an unknown D-BUS autostart/system service: org.opensuse.Snapper.service [ WARNING ]
+Warning: Package power-profiles-daemon-0.10.1-2.1.aarch64 installs an unknown D-BUS autostart/system service: net.hadess.PowerProfiles.conf [ WARNING ]
+Warning: Package iio-sensor-proxy-3.3-1.1.aarch64 installs an unknown D-BUS autostart/system service: net.hadess.SensorProxy.conf [ WARNING ]
+Warning: Package power-profiles-daemon-0.10.1-2.1.aarch64 installs an unknown D-BUS autostart/system service: net.hadess.PowerProfiles.service [ WARNING ]
+Warning: Package bluez-5.62-1.3.aarch64 installs an unknown D-BUS autostart/system service: org.bluez.service [ WARNING ]
+Warning: Package flatpak-1.12.2-1.1.aarch64 installs an unknown D-BUS autostart/system service: org.freedesktop.Flatpak.SystemHelper.service [ WARNING ]
+Warning: Package bolt-0.9.1-2.1.aarch64 installs an unknown D-BUS autostart/system service: org.freedesktop.bolt.service [ WARNING ]
+Warning: Package fwupd-1.6.4-1.1.aarch64 installs an unknown D-BUS autostart/system service: org.freedesktop.fwupd.service [ WARNING ]
+Warning: Package systemd-249.7-1.1.aarch64 installs an unknown D-BUS autostart/system service: org.freedesktop.timesync1.service [ WARNING ]
+Warning: Package snapper-0.9.0-7.1.aarch64 installs an unknown D-BUS autostart/system service: org.opensuse.Snapper.service [ WARNING ]
 
   [WARNING]: Deprecated function used (wait_for_keypress)
 
@@ -655,15 +600,15 @@
 
   [WARNING]: Deprecated function used (logtext)
 
-No bad RPATH usage found in 8117 executables [ OK ]
+No bad RPATH usage found in 8132 executables [ OK ]
 
   [WARNING]: Deprecated function used (wait_for_keypress)
 
 
 [+] File systems
 ------------------------------------
 
-  [WARNING]: Test BINARY-1000 had a long execution: 168.754672 seconds
+  [WARNING]: Test BINARY-1000 had a long execution: 116.596012 seconds
 
 - Starting look-up of symlinks in /tmp...
 
@@ -717,7 +662,7 @@
 
 ================================================================================
 
-  -[ Lynis 3.0.5 Results ]-
+  -[ Lynis 3.0.6 Results ]-
 
   Warnings (2):
   ----------------------------
@@ -727,9 +672,9 @@
   ! iptables module(s) loaded, but no rules active [FIRE-4512] 
       https://cisofy.com/lynis/controls/FIRE-4512/
 
-  Suggestions (41):
+  Suggestions (42):
   ----------------------------
-  * Version of Lynis outdated, consider upgrading to the latest version [LYNIS] 
+  * This release is more than 4 months old. Check the website or GitHub to see if there is an update available. [LYNIS] 
       https://cisofy.com/lynis/controls/LYNIS/
 
   * Set a password on GRUB boot loader to prevent altering boot configuration (e.g. boot in single user mode without password) [BOOT-5122] 
@@ -846,6 +791,9 @@
   * Enable sysstat to collect accounting (no results) [ACCT-9626] 
       https://cisofy.com/lynis/controls/ACCT-9626/
 
+  * Audit daemon is enabled with an empty ruleset. Disable the daemon or define rules [ACCT-9630] 
+      https://cisofy.com/lynis/controls/ACCT-9630/
+
   * Install a file integrity tool to monitor changes to critical and sensitive files [FINT-4350] 
       https://cisofy.com/lynis/controls/FINT-4350/
 
@@ -879,8 +827,8 @@
 
   Lynis security scan details:
 
-  Hardening index : 82 [################    ]
-  Tests performed : 263
+  Hardening index : 81 [################    ]
+  Tests performed : 264
   Plugins enabled : 0
 
   Components:
@@ -900,11 +848,17 @@
   - Report data                     : /var/log/lynis-report.dat
 
 ================================================================================
-  Notice: Lynis update available
-  Current version : 305    Latest version : 306
+
+  Exceptions found
+  Some exceptional events or information was found!
+
+  What to do:
+  You can help by providing your log file (/var/log/lynis.log).
+  Go to https://cisofy.com/contact/ and send your file to the e-mail address listed
+
 ================================================================================
 
-  Lynis 3.0.5
+  Lynis 3.0.6
 
   Auditing, system hardening, and compliance for UNIX-based systems
   (Linux, macOS, BSD, and others)