View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008955 | Kali Linux | General Bug | public | 2024-10-13 18:37 | 2024-10-15 18:31 |
| Reporter | Martindgfasfs | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| Summary | 0008955: ACPI ERROR | ||||
| Description | Hi, I'm new to using Kali Linux Purple, and I'm having multiple issues that I can't seem to resolve on my own. I’ve tried everything I know, but nothing seems to work. Some of the problems I’m facing include ACPI BIOS ERROR/ HSI runtime Issues. I’ve followed tutorials, checked online forums, and tried commands like updating, reinstalling packages, adjusting settings, but I'm still having no luck. I’m not sure what else to try, and I'm feeling a bit stuck. Any guidance or suggestions would be greatly appreciated! If needed, I can provide more details or logs to help debug the issue. Thanks in advance! | ||||
| Attached Files | fwupdmgr_security_verbose.txt (38,730 bytes)
┌──(martin㉿sagemcom)-[~]
└─$ sudo fwupdmgr security --verbose
[sudo] password for martin:
(pkttyagent:19898): GLib-GIO-DEBUG: 20:21:54.945: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
(fwupdmgr:19883): GLib-GIO-DEBUG: 20:21:54.954: _g_io_module_get_default: Found default implementation dconf (DConfSettingsBackend) for ‘gsettings-backend’
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.954: watch_fast: "/system/proxy/" (establishing: 0, active: 0)
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: watch_fast: "/system/proxy/http/" (establishing: 0, active: 0)
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: watch_fast: "/system/proxy/https/" (establishing: 0, active: 0)
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: watch_fast: "/system/proxy/ftp/" (establishing: 0, active: 0)
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: watch_fast: "/system/proxy/socks/" (establishing: 0, active: 0)
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: unwatch_fast: "/system/proxy/" (active: 0, establishing: 1)
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: unwatch_fast: "/system/proxy/http/" (active: 0, establishing: 1)
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: unwatch_fast: "/system/proxy/https/" (active: 0, establishing: 1)
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: unwatch_fast: "/system/proxy/ftp/" (active: 0, establishing: 1)
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.955: unwatch_fast: "/system/proxy/socks/" (active: 0, establishing: 1)
(fwupdmgr:19883): GLib-GIO-DEBUG: 20:21:54.958: _g_io_module_get_default: Found default implementation local (GLocalVfs) for ‘gio-vfs’
(fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.958: px_config_sysconfig_set_config_file: Could not read file /etc/sysconfig/proxy
(fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.958: Active config plugins:
(fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.959: - config-env
(fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.959: - config-xdp
(fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.959: - config-kde
(fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.959: - config-gnome
(fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.959: - config-sysconfig
(fwupdmgr:19883): GLib-GIO-DEBUG: 20:21:54.961: Failed to initialize portal (GNetworkMonitorPortal) for gio-network-monitor: Not using portals
(fwupdmgr:19883): GLib-GIO-DEBUG: 20:21:54.972: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
(fwupdmgr:19883): GLib-GIO-DEBUG: 20:21:54.972: Using cross-namespace EXTERNAL authentication (this will deadlock if server is GDBus < 2.73.3)
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.974: watch_established: "/system/proxy/" (establishing: 0)
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.974: watch_established: "/system/proxy/http/" (establishing: 0)
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.974: watch_established: "/system/proxy/https/" (establishing: 0)
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.974: watch_established: "/system/proxy/ftp/" (establishing: 0)
(fwupdmgr:19883): dconf-DEBUG: 20:21:54.975: watch_established: "/system/proxy/socks/" (establishing: 0)
(fwupdmgr:19883): GLib-GIO-DEBUG: 20:21:54.976: _g_io_module_get_default: Found default implementation networkmanager (GNetworkMonitorNM) for ‘gio-network-monitor’
(fwupdmgr:19883): pxbackend-DEBUG: 20:21:54.976: px_manager_constructed: Up and running
(fwupdmgr:19883): GLib-GIO-DEBUG: 20:21:54.976: _g_io_module_get_default: Found default implementation libproxy (GLibproxyResolver) for ‘gio-proxy-resolver’
(fwupdmgr:19883): Fwupd-DEBUG: 20:21:55.823: Emitting ::status-changed() [idle]
Host Security ID: HSI:1! (v1.9.25)
HSI-1
✔ BIOS firmware updates: Enabled
✔ Fused platform: Locked
✔ Supported CPU: Valid
✔ TPM empty PCRs: Valid
✔ TPM v2.0: Found
✔ UEFI bootservice variables: Locked
✔ UEFI platform key: Valid
HSI-2
✔ IOMMU: Enabled
✔ Platform debugging: Locked
✔ TPM PCR0 reconstruction: Valid
✘ SPI write protection: Disabled
HSI-3
✔ Pre-boot DMA protection: Enabled
✘ SPI replay protection: Not supported
✘ CET Platform: Not supported
✘ Suspend-to-idle: Disabled
✘ Suspend-to-ram: Enabled
HSI-4
✔ SMAP: Enabled
✘ Processor rollback protection: Disabled
✘ Encrypted RAM: Not supported
Runtime Suffix -!
✔ fwupd plugins: Untainted
✔ Linux kernel lockdown: Enabled
✔ Linux kernel: Untainted
✘ Linux swap: Unencrypted
✘ UEFI secure boot: Disabled
This system has HSI runtime issues.
» https://fwupd.github.io/hsi.html#hsi-runtime-suffix
FuMain-INFO: 20:21:55.843: AppstreamId: org.fwupd.hsi.Kernel.Lockdown
Created: 2024-10-13
HsiResult: enabled
HsiResultFallback: not-enabled
Flags: success|runtime-issue
Name: Linux kernel lockdown
Summary: Linux Kernel Lockdown
Description: Linux Kernel Lockdown mode prevents administrator (root) accounts from accessing and changing critical parts of system software.
Plugin: linux_lockdown
Uri: https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Lockdown
FuMain-INFO: 20:21:55.843: AppstreamId: org.fwupd.hsi.Kernel.Tainted
Created: 2024-10-13
HsiResult: not-tainted
HsiResultFallback: tainted
Flags: success|runtime-issue
Name: Linux kernel
Summary: Linux Kernel Verification
Description: Linux Kernel Verification makes sure that critical system software has not been tampered with. Using device drivers which are not provided with the system can prevent this security feature from working correctly.
Plugin: linux_tainted
Uri: https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Tainted
FuMain-INFO: 20:21:55.843: AppstreamId: org.fwupd.hsi.Kernel.Lockdown
Created: 2024-09-12
HsiResult: not-enabled
HsiResultFallback: enabled
Flags: runtime-issue|action-config-os
Name: Linux kernel lockdown
Summary: Linux Kernel Lockdown
Description: Linux Kernel Lockdown mode prevents administrator (root) accounts from accessing and changing critical parts of system software.
Plugin: linux_lockdown
Uri: https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Lockdown
FuMain-INFO: 20:21:55.844: AppstreamId: org.fwupd.hsi.Kernel.Tainted
Created: 2024-09-12
HsiResult: tainted
HsiResultFallback: not-tainted
Flags: runtime-issue|action-config-os
Name: Linux kernel
Summary: Linux Kernel Verification
Description: Linux Kernel Verification makes sure that critical system software has not been tampered with. Using device drivers which are not provided with the system can prevent this security feature from working correctly.
Plugin: linux_tainted
Uri: https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Tainted
FuMain-INFO: 20:21:55.844: AppstreamId: org.fwupd.hsi.Kernel.Lockdown
Created: 2024-09-11
HsiResult: enabled
HsiResultFallback: not-enabled
Flags: success|runtime-issue
Name: Linux kernel lockdown
Summary: Linux Kernel Lockdown
Description: Linux Kernel Lockdown mode prevents administrator (root) accounts from accessing and changing critical parts of system software.
Plugin: linux_lockdown
Uri: https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Lockdown
FuMain-INFO: 20:21:55.844: AppstreamId: org.fwupd.hsi.Uefi.Pk
Created: 2024-09-11
HsiLevel: 1
HsiResult: valid
Flags: success
Name: UEFI platform key
Summary: UEFI Platform Key
Description: The UEFI Platform Key is used to determine if device software comes from a trusted source.
Plugin: uefi_pk
Uri: https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Uefi.Pk
Guid: 77c6cc94-a10e-5208-916d-2a805c661547
Host Security Events
2024-10-13 10:31:57: ✔ Kernel lockdown enabled
2024-10-13 10:31:57: ✔ Kernel is no longer tainted
2024-09-12 07:28:13: ✘ Kernel lockdown disabled
2024-09-12 07:28:13: ✘ Kernel is tainted
2024-09-11 15:27:14: ✔ Kernel lockdown enabled
Upload these anonymous results to the Linux Vendor Firmware Service to help other users? [y|N]: y
Target: https://fwupd.org/lvfs/hsireports/upload
Payload: {
"ReportVersion" : 2,
"MachineId" : "534dbf6550f7d2b6d710f423b5df04179a90a1a53555dc92e6063492e76cad8c",
"Metadata" : {
"HostBiosMinorRelease" : "27",
"HostFirmwareMinorRelease" : "17",
"DisplayState" : "connected",
"DistroId" : "kali",
"KernelCmdline" : "lockdown=confidentiality",
"CompileVersion(com.hughsie.libxmlb)" : "0.3.19",
"HostBaseboardProduct" : "890E",
"CompileVersion(com.hughsie.libjcat)" : "0.2.0",
"HostBiosVendor" : "Insyde",
"HostBiosMajorRelease" : "0f",
"CompileVersion(org.freedesktop.fwupd)" : "1.9.25",
"HostBaseboardManufacturer" : "HP",
"RuntimeVersion(org.freedesktop.fwupd-efi)" : "1.7",
"HostFirmwareMajorRelease" : "53",
"BootTime" : "1728843517",
"HostProduct" : "HP 255 G8 Notebook PC",
"BatteryThreshold" : "50",
"CpuModel" : "Advanced Micro Devices, Inc. AMD Ryzen 5 5500U with Radeon Graphics",
"CompileVersion(org.freedesktop.gusb)" : "0.4.9",
"KernelVersion" : "6.10.11-amd64",
"RuntimeVersion(com.hughsie.libxmlb)" : "0.3.19",
"LidState" : "open",
"RuntimeVersion(com.hughsie.libjcat)" : "0.2.0",
"DistroName" : "Kali GNU/Linux",
"FwupdSupported" : "True",
"DistroPrettyName" : "Kali GNU/Linux Rolling",
"KernelName" : "Linux",
"RuntimeVersion(org.freedesktop.gusb)" : "0.4.9",
"PowerState" : "battery-discharging",
"HostVendor" : "HP",
"HostBiosVersion" : "F.39",
"HostFamily" : "103C_5336AN HP 200",
"BatteryLevel" : "72",
"CpuArchitecture" : "x86_64",
"RuntimeVersion(org.kernel)" : "6.10.11-amd64",
"RuntimeVersion(org.freedesktop.fwupd)" : "1.9.25",
"HostSku" : "7J059AA#BCM",
"DistroVersion" : "2024.3",
"HostEnclosureKind" : "a",
"HostSecurityId" : "HSI:1! (v1.9.25)"
},
"SecurityAttributes" : [
{
"AppstreamId" : "org.fwupd.hsi.Fwupd.Plugins",
"Created" : 1728843715,
"HsiLevel" : 0,
"HsiResult" : "not-tainted",
"HsiResultSuccess" : "not-tainted",
"Name" : "fwupd plugins",
"Summary" : "Firmware Updater Verification",
"Description" : "Firmware Updater Verification checks that software used for updating has not been tampered with.",
"Plugin" : "core",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Fwupd.Plugins",
"Flags" : [
"success",
"runtime-issue"
]
},
{
"AppstreamId" : "org.fwupd.hsi.Kernel.Lockdown",
"Created" : 1728843715,
"HsiLevel" : 0,
"HsiResult" : "enabled",
"HsiResultSuccess" : "enabled",
"Name" : "Linux kernel lockdown",
"Summary" : "Linux Kernel Lockdown",
"Description" : "Linux Kernel Lockdown mode prevents administrator (root) accounts from accessing and changing critical parts of system software.",
"Plugin" : "linux_lockdown",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Lockdown",
"Flags" : [
"success",
"runtime-issue"
]
},
{
"AppstreamId" : "org.fwupd.hsi.Kernel.Tainted",
"Created" : 1728843715,
"HsiLevel" : 0,
"HsiResult" : "not-tainted",
"HsiResultSuccess" : "not-tainted",
"Name" : "Linux kernel",
"Summary" : "Linux Kernel Verification",
"Description" : "Linux Kernel Verification makes sure that critical system software has not been tampered with. Using device drivers which are not provided with the system can prevent this security feature from working correctly.",
"Plugin" : "linux_tainted",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Tainted",
"Flags" : [
"success",
"runtime-issue"
]
},
{
"AppstreamId" : "org.fwupd.hsi.Kernel.Swap",
"Created" : 1728843715,
"HsiLevel" : 0,
"HsiResult" : "not-encrypted",
"HsiResultSuccess" : "encrypted",
"Name" : "Linux swap",
"Summary" : "Linux Swap",
"Description" : "Linux Kernel Swap temporarily saves information to disk as you work. If the information is not protected, it could be accessed by someone if they obtained the disk.",
"Plugin" : "linux_swap",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Kernel.Swap",
"Flags" : [
"runtime-issue",
"action-config-os"
]
},
{
"AppstreamId" : "org.fwupd.hsi.Uefi.SecureBoot",
"Created" : 1728843715,
"HsiLevel" : 0,
"HsiResult" : "not-enabled",
"HsiResultSuccess" : "enabled",
"Name" : "UEFI secure boot",
"Summary" : "UEFI Secure Boot",
"Description" : "UEFI Secure Boot prevents malicious software from being loaded when the device starts.",
"Plugin" : "uefi_capsule",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Uefi.SecureBoot",
"Flags" : [
"runtime-issue",
"action-config-fw"
]
},
{
"AppstreamId" : "org.fwupd.hsi.Bios.CapsuleUpdates",
"Created" : 1728843715,
"HsiLevel" : 1,
"HsiResult" : "enabled",
"HsiResultSuccess" : "enabled",
"Name" : "BIOS firmware updates",
"Summary" : "BIOS Firmware Updates",
"Description" : "Enabling firmware updates for the BIOS allows fixing security issues.",
"Plugin" : "uefi_esrt",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Bios.CapsuleUpdates",
"Flags" : [
"success"
]
},
{
"AppstreamId" : "org.fwupd.hsi.PlatformFused",
"Created" : 1728843715,
"HsiLevel" : 1,
"HsiResult" : "locked",
"HsiResultSuccess" : "locked",
"Name" : "Fused platform",
"Summary" : "Fused Platform",
"Description" : "Manufacturing Mode is used when the device is manufactured and security features are not yet enabled.",
"Plugin" : "pci_psp",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.PlatformFused",
"Flags" : [
"success"
],
"Guid" : [
"0e8dc554-a0a2-51fb-b439-1eb72b14ec38",
"e31eca57-868f-5c87-9dba-16214680c5d2"
]
},
{
"AppstreamId" : "org.fwupd.hsi.SupportedCpu",
"Created" : 1728843715,
"HsiLevel" : 1,
"HsiResult" : "valid",
"HsiResultSuccess" : "valid",
"Name" : "Supported CPU",
"Summary" : "Processor Security Checks",
"Description" : "Each system should have tests to ensure firmware security.",
"Plugin" : "core",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.SupportedCpu",
"Flags" : [
"success",
"action-contact-oem"
]
},
{
"AppstreamId" : "org.fwupd.hsi.Tpm.EmptyPcr",
"Created" : 1728843715,
"HsiLevel" : 1,
"HsiResult" : "valid",
"HsiResultSuccess" : "valid",
"Name" : "TPM empty PCRs",
"Summary" : "TPM Platform Configuration",
"Description" : "The TPM (Trusted Platform Module) Platform Configuration is used to check whether the device start process has been modified.",
"Plugin" : "tpm",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Tpm.EmptyPcr",
"Flags" : [
"success"
],
"Guid" : [
"9305de1c-1e12-5665-81c4-37f8e51219b8",
"78a291ae-b499-5b0f-8f1d-74e1fefd0b1c",
"65a3fced-b423-563f-8098-bf5c329fc063",
"5e704f0d-83cb-5364-8384-f46d725a23b8"
]
},
{
"AppstreamId" : "org.fwupd.hsi.Tpm.Version20",
"Created" : 1728843715,
"HsiLevel" : 1,
"HsiResult" : "found",
"HsiResultSuccess" : "found",
"Name" : "TPM v2.0",
"Summary" : "TPM v2.0",
"Description" : "TPM (Trusted Platform Module) is a computer chip that detects when hardware components have been tampered with.",
"Plugin" : "tpm",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Tpm.Version20",
"Flags" : [
"success"
],
"Guid" : [
"9305de1c-1e12-5665-81c4-37f8e51219b8",
"78a291ae-b499-5b0f-8f1d-74e1fefd0b1c",
"65a3fced-b423-563f-8098-bf5c329fc063",
"5e704f0d-83cb-5364-8384-f46d725a23b8"
]
},
{
"AppstreamId" : "org.fwupd.hsi.Uefi.BootserviceVars",
"Created" : 1728843715,
"HsiLevel" : 1,
"HsiResult" : "locked",
"HsiResultSuccess" : "locked",
"Name" : "UEFI bootservice variables",
"Summary" : "UEFI Bootservice Variables",
"Description" : "UEFI boot service variables should not be readable from runtime mode.",
"Plugin" : "uefi_capsule",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Uefi.BootserviceVars",
"Flags" : [
"success"
]
},
{
"AppstreamId" : "org.fwupd.hsi.Uefi.Pk",
"Created" : 1728843715,
"HsiLevel" : 1,
"HsiResult" : "valid",
"HsiResultSuccess" : "valid",
"Name" : "UEFI platform key",
"Summary" : "UEFI Platform Key",
"Description" : "The UEFI Platform Key is used to determine if device software comes from a trusted source.",
"Plugin" : "uefi_pk",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Uefi.Pk",
"Flags" : [
"success"
],
"Guid" : [
"77c6cc94-a10e-5208-916d-2a805c661547"
]
},
{
"AppstreamId" : "org.fwupd.hsi.Iommu",
"Created" : 1728843715,
"HsiLevel" : 2,
"HsiResult" : "enabled",
"HsiResultSuccess" : "enabled",
"Name" : "IOMMU",
"Summary" : "IOMMU Protection",
"Description" : "IOMMU Protection prevents connected devices from accessing unauthorized parts of system memory.",
"Plugin" : "iommu",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Iommu",
"Flags" : [
"success"
]
},
{
"AppstreamId" : "org.fwupd.hsi.PlatformDebugLocked",
"Created" : 1728843715,
"HsiLevel" : 2,
"HsiResult" : "locked",
"HsiResultSuccess" : "locked",
"Name" : "Platform debugging",
"Summary" : "Platform Debugging",
"Description" : "Platform Debugging allows device security features to be disabled. This should only be used by hardware manufacturers.",
"Plugin" : "pci_psp",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.PlatformDebugLocked",
"Flags" : [
"success"
],
"Guid" : [
"0e8dc554-a0a2-51fb-b439-1eb72b14ec38",
"e31eca57-868f-5c87-9dba-16214680c5d2"
]
},
{
"AppstreamId" : "org.fwupd.hsi.Tpm.ReconstructionPcr0",
"Created" : 1728843715,
"HsiLevel" : 2,
"HsiResult" : "valid",
"HsiResultSuccess" : "valid",
"Name" : "TPM PCR0 reconstruction",
"Summary" : "TPM Reconstruction",
"Description" : "The TPM (Trusted Platform Module) Reconstruction is used to check whether the device start process has been modified.",
"Plugin" : "tpm",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Tpm.ReconstructionPcr0",
"Flags" : [
"success"
],
"Guid" : [
"9305de1c-1e12-5665-81c4-37f8e51219b8",
"78a291ae-b499-5b0f-8f1d-74e1fefd0b1c",
"65a3fced-b423-563f-8098-bf5c329fc063",
"5e704f0d-83cb-5364-8384-f46d725a23b8"
]
},
{
"AppstreamId" : "org.fwupd.hsi.Amd.SpiWriteProtection",
"Created" : 1728843715,
"HsiLevel" : 2,
"HsiResult" : "not-enabled",
"HsiResultSuccess" : "enabled",
"Name" : "SPI write protection",
"Summary" : "AMD Firmware Write Protection",
"Description" : "Firmware Write Protection protects device firmware memory from being tampered with.",
"Plugin" : "pci_psp",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Amd.SpiWriteProtection",
"Flags" : [
"action-contact-oem"
],
"Guid" : [
"0e8dc554-a0a2-51fb-b439-1eb72b14ec38",
"e31eca57-868f-5c87-9dba-16214680c5d2"
]
},
{
"AppstreamId" : "org.fwupd.hsi.PrebootDma",
"Created" : 1728843715,
"HsiLevel" : 3,
"HsiResult" : "enabled",
"HsiResultSuccess" : "enabled",
"Name" : "Pre-boot DMA protection",
"Summary" : "Pre-boot DMA Protection",
"Description" : "Pre-boot DMA protection prevents devices from accessing system memory after being connected to the computer.",
"Plugin" : "acpi_ivrs",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.PrebootDma",
"Flags" : [
"success"
]
},
{
"AppstreamId" : "org.fwupd.hsi.Amd.SpiReplayProtection",
"Created" : 1728843715,
"HsiLevel" : 3,
"HsiResult" : "not-supported",
"HsiResultSuccess" : "enabled",
"Name" : "SPI replay protection",
"Summary" : "AMD Firmware Replay Protection",
"Description" : "Rollback Protection prevents device software from being downgraded to an older version that has security problems.",
"Plugin" : "pci_psp",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Amd.SpiReplayProtection",
"Guid" : [
"0e8dc554-a0a2-51fb-b439-1eb72b14ec38",
"e31eca57-868f-5c87-9dba-16214680c5d2"
]
},
{
"AppstreamId" : "org.fwupd.hsi.IntelCet.Enabled",
"Created" : 1728843715,
"HsiLevel" : 3,
"HsiResult" : "not-supported",
"HsiResultSuccess" : "supported",
"Name" : "CET Platform",
"Summary" : "Control-flow Enforcement Technology",
"Description" : "Control-Flow Enforcement Technology detects and prevents certain methods for running malicious software on the device.",
"Plugin" : "cpu",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.IntelCet.Enabled",
"Guid" : [
"aa488f1a-d73b-5d1b-ad35-42d603bac73b",
"faaa1b3c-207e-58ef-a0ca-4fe005eae0c8"
]
},
{
"AppstreamId" : "org.fwupd.hsi.SuspendToIdle",
"Created" : 1728843715,
"HsiLevel" : 3,
"HsiResult" : "not-enabled",
"HsiResultSuccess" : "enabled",
"Name" : "Suspend-to-idle",
"Summary" : "Suspend To Idle",
"Description" : "Suspend to Idle allows the device to quickly go to sleep in order to save power. While the device has been suspended, its memory could be physically removed and its information accessed.",
"Plugin" : "acpi_facp",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.SuspendToIdle",
"Flags" : [
"action-config-fw",
"action-config-os"
]
},
{
"AppstreamId" : "org.fwupd.hsi.SuspendToRam",
"Created" : 1728843715,
"HsiLevel" : 3,
"HsiResult" : "enabled",
"HsiResultSuccess" : "not-enabled",
"Name" : "Suspend-to-ram",
"Summary" : "Suspend To RAM",
"Description" : "Suspend to RAM allows the device to quickly go to sleep in order to save power. While the device has been suspended, its memory could be physically removed and its information accessed.",
"Plugin" : "linux_sleep",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.SuspendToRam",
"Flags" : [
"action-config-fw",
"action-config-os"
]
},
{
"AppstreamId" : "org.fwupd.hsi.IntelSmap",
"Created" : 1728843715,
"HsiLevel" : 4,
"HsiResult" : "enabled",
"HsiResultSuccess" : "enabled",
"Name" : "SMAP",
"Summary" : "Supervisor Mode Access Prevention",
"Description" : "Supervisor Mode Access Prevention ensures critical parts of device memory are not accessed by less secure programs.",
"Plugin" : "cpu",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.IntelSmap",
"Flags" : [
"success"
],
"Guid" : [
"aa488f1a-d73b-5d1b-ad35-42d603bac73b",
"faaa1b3c-207e-58ef-a0ca-4fe005eae0c8"
]
},
{
"AppstreamId" : "org.fwupd.hsi.Amd.RollbackProtection",
"Created" : 1728843715,
"HsiLevel" : 4,
"HsiResult" : "not-enabled",
"HsiResultSuccess" : "enabled",
"Name" : "Processor rollback protection",
"Summary" : "AMD Secure Processor Rollback Protection",
"Description" : "Rollback Protection prevents device software from being downgraded to an older version that has security problems.",
"Plugin" : "pci_psp",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.Amd.RollbackProtection",
"Flags" : [
"action-contact-oem",
"action-config-fw"
],
"Guid" : [
"0e8dc554-a0a2-51fb-b439-1eb72b14ec38",
"e31eca57-868f-5c87-9dba-16214680c5d2"
]
},
{
"AppstreamId" : "org.fwupd.hsi.EncryptedRam",
"Created" : 1728843715,
"HsiLevel" : 4,
"HsiResult" : "not-supported",
"HsiResultSuccess" : "encrypted",
"Name" : "Encrypted RAM",
"Summary" : "Encrypted RAM",
"Description" : "Encrypted RAM makes it impossible for information that is stored in device memory to be read if the memory chip is removed and accessed.",
"Plugin" : "pci_psp",
"Uri" : "https://fwupd.github.io/libfwupdplugin/hsi.html#org.fwupd.hsi.EncryptedRam",
"Flags" : [
"action-config-fw"
],
"Guid" : [
"0e8dc554-a0a2-51fb-b439-1eb72b14ec38",
"e31eca57-868f-5c87-9dba-16214680c5d2"
]
}
]
}
Proceed with upload? [Y|n]: y
Fwupd-INFO: 20:22:01.625: uploading to https://fwupd.org/lvfs/hsireports/upload
Fwupd-INFO: 20:22:02.227: upload progress: 100%
Host Security ID attributes uploaded successfully, thanks!
Automatically upload every time? [y|N]:
┌──(martin㉿sagemcom)-[~]
└─$
lynic.txt (23,099 bytes)
$ sudo lynis audit system
[sudo] password for martin:
[ Lynis 3.1.1 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
2007-2021, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
################################################################################
[+] Initializing program
------------------------------------
- Detecting OS... [ DONE ]
- Checking profiles... [ DONE ]
---------------------------------------------------
Program version: 3.1.1
Operating system: Linux
Operating system name: Kali Linux
Operating system version: Rolling release
Kernel version: 6.10.11
Hardware platform: x86_64
Hostname: sagemcom
---------------------------------------------------
Profiles: /etc/lynis/default.prf
Log file: /var/log/lynis.log
Report file: /var/log/lynis-report.dat
Report version: 1.0
Plugin directory: /etc/lynis/plugins
---------------------------------------------------
Auditor: [Not Specified]
Language: en
Test category: all
Test group: all
---------------------------------------------------
- Program update status... [ NO UPDATE ]
[+] System tools
------------------------------------
- Scanning available tools...
- Checking system binaries...
[+] Plugins (phase 1)
------------------------------------
Note: plugins have more extensive tests and may take several minutes to complete
- Plugin: debian
[
[+] Debian Tests
------------------------------------
- Checking for system binaries that are required by Debian Tests...
- Checking /bin... [ FOUND ]
- Checking /sbin... [ FOUND ]
- Checking /usr/bin... [ FOUND ]
- Checking /usr/sbin... [ FOUND ]
- Checking /usr/local/bin... [ FOUND ]
- Checking /usr/local/sbin... [ FOUND ]
- Authentication:
- PAM (Pluggable Authentication Modules):
[WARNING]: Test DEB-0001 had a long execution: 58.275641 seconds
- libpam-tmpdir [ Not Installed ]
- File System Checks:
- DM-Crypt, Cryptsetup & Cryptmount:
- Checking / on /dev/nvme0n1p3 [ NOT ENCRYPTED ]
- Checking /boot on /dev/nvme0n1p2 [ NOT ENCRYPTED ]
- Checking /boot/efi on /dev/nvme0n1p1 [ NOT ENCRYPTED ]
- Software:
- apt-listbugs [ Not Installed ]
- apt-listchanges [ Not Installed ]
- needrestart [ Installed ]
- fail2ban [ Not Installed ]
]
[+] Boot and services
------------------------------------
- Service Manager [ systemd ]
- Checking UEFI boot [ ENABLED ]
- Checking Secure Boot [ DISABLED ]
- Checking presence GRUB [ OK ]
- Checking presence GRUB2 [ FOUND ]
- Checking for password protection [ NONE ]
- Check running services (systemctl) [ DONE ]
Result: found 27 running services
- Check enabled services at boot (systemctl) [ DONE ]
Result: found 25 enabled services
- Check startup files (permissions) [ OK ]
- Running 'systemd-analyze security'
- ModemManager.service: [ MEDIUM ]
- NetworkManager.service: [ EXPOSED ]
- accounts-daemon.service: [ MEDIUM ]
- colord.service: [ PROTECTED ]
- containerd.service: [ UNSAFE ]
- cron.service: [ UNSAFE ]
- cups.service: [ UNSAFE ]
- dbus.service: [ UNSAFE ]
- dm-event.service: [ UNSAFE ]
- docker.service: [ UNSAFE ]
- emergency.service: [ UNSAFE ]
- fwupd.service: [ EXPOSED ]
- [email protected]: [ UNSAFE ]
- [email protected]: [ UNSAFE ]
- haveged.service: [ PROTECTED ]
- lvm2-lvmpolld.service: [ UNSAFE ]
- lynis.service: [ UNSAFE ]
- pcscd.service: [ UNSAFE ]
- plymouth-halt.service: [ UNSAFE ]
- plymouth-kexec.service: [ UNSAFE ]
- plymouth-poweroff.service: [ UNSAFE ]
- plymouth-reboot.service: [ UNSAFE ]
- plymouth-start.service: [ UNSAFE ]
- polkit.service: [ PROTECTED ]
- power-profiles-daemon.service: [ PROTECTED ]
- rc-local.service: [ UNSAFE ]
- rescue.service: [ UNSAFE ]
- rpc-gssd.service: [ UNSAFE ]
- rpc-statd-notify.service: [ UNSAFE ]
- rpc-svcgssd.service: [ UNSAFE ]
- rsyslog.service: [ PROTECTED ]
- rtkit-daemon.service: [ MEDIUM ]
- sddm.service: [ UNSAFE ]
- smartmontools.service: [ UNSAFE ]
- snapd.service: [ UNSAFE ]
- ssh.service: [ UNSAFE ]
- systemd-ask-password-console.service: [ UNSAFE ]
- systemd-ask-password-plymouth.service: [ UNSAFE ]
- systemd-ask-password-wall.service: [ UNSAFE ]
- systemd-bsod.service: [ UNSAFE ]
- systemd-hostnamed.service: [ PROTECTED ]
- systemd-initctl.service: [ UNSAFE ]
- systemd-journald.service: [ PROTECTED ]
- systemd-logind.service: [ PROTECTED ]
- systemd-networkd.service: [ PROTECTED ]
- systemd-rfkill.service: [ UNSAFE ]
- systemd-timesyncd.service: [ PROTECTED ]
- systemd-udevd.service: [ MEDIUM ]
- thin.service: [ UNSAFE ]
- udisks2.service: [ UNSAFE ]
- unattended-upgrades.service: [ UNSAFE ]
- upower.service: [ PROTECTED ]
- [email protected]: [ UNSAFE ]
- uuidd.service: [ MEDIUM ]
- virtualbox.service: [ UNSAFE ]
- wpa_supplicant.service: [ UNSAFE ]
[+] Kernel
------------------------------------
- Checking default run level [ RUNLEVEL 5 ]
- Checking CPU support (NX/PAE)
CPU support: PAE and/or NoeXecute supported [ FOUND ]
- Checking kernel version and release [ DONE ]
- Checking kernel type [ DONE ]
- Checking loaded kernel modules [ DONE ]
Found 185 active modules
- Checking Linux kernel configuration file [ FOUND ]
- Checking default I/O kernel scheduler [ NOT FOUND ]
- Checking for available kernel update [ OK ]
- Checking core dumps configuration
- configuration in systemd conf files [ DEFAULT ]
- configuration in /etc/profile [ DEFAULT ]
- 'hard' configuration in /etc/security/limits.conf [ ENABLED ]
- 'soft' configuration in /etc/security/limits.conf [ DISABLED ]
- Checking setuid core dumps configuration [ PROTECTED ]
- Check if reboot is needed [ NO ]
[+] Memory and Processes
------------------------------------
- Checking /proc/meminfo [ FOUND ]
- Searching for dead/zombie processes [ NOT FOUND ]
- Searching for IO waiting processes [ NOT FOUND ]
- Search prelink tooling [ NOT FOUND ]
[+] Users, Groups and Authentication
------------------------------------
- Administrator accounts [ OK ]
- Unique UIDs [ OK ]
- Consistency of group files (grpck) [ OK ]
- Unique group IDs [ OK ]
- Unique group names [ OK ]
- Password file consistency [ OK ]
- Password hashing methods [ OK ]
- Checking password hashing rounds [ DISABLED ]
- Query system users (non daemons) [ DONE ]
- NIS+ authentication support [ NOT ENABLED ]
- NIS authentication support [ NOT ENABLED ]
- Sudoers file(s) [ FOUND ]
- Permissions for directory: /etc/sudoers.d [ WARNING ]
- Permissions for: /etc/sudoers [ OK ]
- Permissions for: /etc/sudoers.d/kdesu-sudoers [ OK ]
- Permissions for: /etc/sudoers.d/ospd-openvas [ OK ]
- Permissions for: /etc/sudoers.d/kali-grant-root [ OK ]
- Permissions for: /etc/sudoers.d/README [ OK ]
- PAM password strength tools [ SUGGESTION ]
- PAM configuration files (pam.conf) [ FOUND ]
- PAM configuration files (pam.d) [ FOUND ]
- PAM modules [ FOUND ]
- LDAP module in PAM [ NOT FOUND ]
- Accounts without expire date [ SUGGESTION ]
- Accounts without password [ OK ]
- Locked accounts [ OK ]
- Checking user password aging (minimum) [ DISABLED ]
- User password aging (maximum) [ DISABLED ]
- Checking expired passwords [ OK ]
- Checking Linux single user mode authentication [ OK ]
- Determining default umask
- umask (/etc/profile) [ NOT FOUND ]
- umask (/etc/login.defs) [ SUGGESTION ]
- LDAP authentication support [ NOT ENABLED ]
- Logging failed login attempts [ DISABLED ]
[+] Shells
------------------------------------
- Checking shells from /etc/shells
Result: found 14 shells (valid shells: 14).
- Session timeout settings/tools [ NONE ]
- Checking default umask values
- Checking default umask in /etc/bash.bashrc [ NONE ]
- Checking default umask in /etc/profile [ NONE ]
[+] File systems
------------------------------------
- Checking mount points
- Checking /home mount point [ SUGGESTION ]
- Checking /tmp mount point [ OK ]
- Checking /var mount point [ SUGGESTION ]
- Checking LVM volume groups [ FOUND ]
- Checking LVM volumes [ FOUND ]
- Query swap partitions (fstab) [ OK ]
- Testing swap partitions [ OK ]
- Testing /proc mount (hidepid) [ SUGGESTION ]
- Checking for old files in /tmp [ OK ]
- Checking /tmp sticky bit [ OK ]
- Checking /var/tmp sticky bit [ OK ]
- ACL support root file system [ ENABLED ]
- Mount options of / [ NON DEFAULT ]
- Mount options of /boot [ DEFAULT ]
- Mount options of /dev [ PARTIALLY HARDENED ]
- Mount options of /dev/shm [ PARTIALLY HARDENED ]
- Mount options of /run [ HARDENED ]
- Mount options of /tmp [ PARTIALLY HARDENED ]
- Total without nodev:7 noexec:12 nosuid:5 ro or noexec (W^X): 12 of total 34
- Checking Locate database [ FOUND ]
- Disable kernel support of some filesystems
[+] USB Devices
------------------------------------
- Checking usb-storage driver (modprobe config) [ NOT DISABLED ]
- Checking USB devices authorization [ ENABLED ]
- Checking USBGuard [ NOT FOUND ]
[+] Storage
------------------------------------
- Checking firewire ohci driver (modprobe config) [ NOT DISABLED ]
[+] NFS
------------------------------------
- Query rpc registered programs [ DONE ]
- Query NFS versions [ DONE ]
- Query NFS protocols [ DONE ]
- Check running NFS daemon [ NOT FOUND ]
[+] Name services
------------------------------------
- Checking search domains [ FOUND ]
- Searching DNS domain name [ FOUND ]
Domain name: home
- Checking /etc/hosts
- Duplicate entries in hosts file [ NONE ]
- Presence of configured hostname in /etc/hosts [ FOUND ]
- Hostname mapped to localhost [ NOT FOUND ]
- Localhost mapping to IP address [ OK ]
[+] Ports and packages
------------------------------------
- Searching package managers
- Searching RPM package manager [ FOUND ]
- Querying RPM package manager
- Searching dpkg package manager [ FOUND ]
- Querying package manager
[WARNING]: Test PKGS-7345 had a long execution: 63.335013 seconds
- Query unpurged packages [ FOUND ]
- Checking APT package database [ OK ]
- Checking vulnerable packages (apt-get only) [ DONE ]
- Checking upgradeable packages [ SKIPPED ]
- Checking package audit tool [ INSTALLED ]
Found: apt-get
- Toolkit for automatic upgrades (unattended-upgrade) [ FOUND ]
[+] Networking
------------------------------------
- Checking IPv6 configuration [ ENABLED ]
Configuration method [ AUTO ]
IPv6 only [ NO ]
- Checking configured nameservers
- Testing nameservers
Nameserver: 192.168.1.1 [ OK ]
Nameserver: fe80::d26e:deff:fe3a:a6eb%wlan0 [ OK ]
- Minimal of 2 responsive nameservers [ OK ]
- Checking default gateway [ DONE ]
- Getting listening ports (TCP/UDP) [ DONE ]
- Checking promiscuous interfaces [ OK ]
- Checking waiting connections [ OK ]
- Checking status DHCP client [ NOT ACTIVE ]
- Checking for ARP monitoring software [ NOT FOUND ]
- Uncommon network protocols [ 0 ]
[+] Printers and Spools
------------------------------------
- Checking cups daemon [ NOT FOUND ]
- Checking lp daemon [ NOT RUNNING ]
[+] Software: e-mail and messaging
------------------------------------
[+] Software: firewalls
------------------------------------
- Checking iptables kernel module [ FOUND ]
- Checking iptables policies of chains [ FOUND ]
- Checking for empty ruleset [ OK ]
- Checking for unused rules [ FOUND ]
- Checking host based firewall [ ACTIVE ]
[+] Software: webserver
------------------------------------
- Checking Apache (binary /usr/sbin/apache2) [ FOUND ]
Info: Configuration file found (/etc/apache2/apache2.conf)
Info: No virtual hosts found
* Loadable modules [ FOUND (119) ]
- Found 119 loadable modules
mod_evasive: anti-DoS/brute force [ NOT FOUND ]
mod_reqtimeout/mod_qos [ FOUND ]
ModSecurity: web application firewall [ NOT FOUND ]
- Checking nginx [ NOT FOUND ]
[+] SSH Support
------------------------------------
- Checking running SSH daemon [ NOT FOUND ]
[+] SNMP Support
------------------------------------
- Checking running SNMP daemon [ NOT FOUND ]
[+] Databases
------------------------------------
- MySQL process status [ FOUND ]
[+] LDAP Services
------------------------------------
- Checking OpenLDAP instance [ NOT FOUND ]
[+] PHP
------------------------------------
- Checking PHP [ FOUND ]
- Checking PHP disabled functions [ FOUND ]
- Checking expose_php option [ OFF ]
- Checking enable_dl option [ OFF ]
- Checking allow_url_fopen option [ ON ]
- Checking allow_url_include option [ OFF ]
- Checking listen option [ OK ]
[+] Squid Support
------------------------------------
- Checking running Squid daemon [ NOT FOUND ]
[+] Logging and files
------------------------------------
- Checking for a running log daemon [ OK ]
- Checking Syslog-NG status [ NOT FOUND ]
- Checking systemd journal status [ FOUND ]
- Checking Metalog status [ NOT FOUND ]
- Checking RSyslog status [ FOUND ]
- Checking RFC 3195 daemon status [ NOT FOUND ]
- Checking minilogd instances [ NOT FOUND ]
- Checking logrotate presence [ OK ]
- Checking remote logging [ NOT ENABLED ]
- Checking log directories (static list) [ DONE ]
- Checking open log files [ DONE ]
- Checking deleted files in use [ FILES FOUND ]
[+] Insecure services
------------------------------------
- Installed inetd package [ NOT FOUND ]
- Installed xinetd package [ OK ]
- xinetd status [ NOT ACTIVE ]
- Installed rsh client package [ SUGGESTION ]
- Installed rsh server package [ OK ]
- Installed telnet client package [ OK ]
- Installed telnet server package [ NOT FOUND ]
- Checking NIS client installation [ OK ]
- Checking NIS server installation [ OK ]
- Checking TFTP client installation [ SUGGESTION ]
- Checking TFTP server installation [ SUGGESTION ]
[+] Banners and identification
------------------------------------
- /etc/issue [ FOUND ]
- /etc/issue contents [ WEAK ]
- /etc/issue.net [ FOUND ]
- /etc/issue.net contents [ WEAK ]
[+] Scheduled tasks
------------------------------------
- Checking crontab and cronjob files [ DONE ]
[+] Accounting
------------------------------------
- Checking accounting information [ NOT FOUND ]
- Checking sysstat accounting data [ DISABLED ]
- Checking auditd [ NOT FOUND ]
[+] Time and Synchronization
------------------------------------
- NTP daemon found: systemd (timesyncd) [ FOUND ]
- Checking for a running NTP daemon or client [ OK ]
- Last time synchronization [ 172s ]
[+] Cryptography
------------------------------------
etc ? idk
| ||||
 |
no |
 |
What? |
 |
Probably just a spambot |
|
|
Do you think I'm a spambot, or is that text AI-generated? |
|
|
0008955:0019906 is probably just a spambot posting/comment, not yours |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-10-13 18:37 | Martindgfasfs | New Issue | |
| 2024-10-13 18:37 | Martindgfasfs | File Added: fwupdmgr_security_verbose.txt | |
| 2024-10-13 18:37 | Martindgfasfs | File Added: lynic.txt | |
| 2024-10-13 18:37 | Martindgfasfs | File Added: issue2.jpg | |
| 2024-10-13 18:37 | Martindgfasfs | File Added: issue.jpg | |
| 2024-10-14 04:01 | hasenx | Note Added: 0019906 | |
| 2024-10-14 17:14 | Martindgfasfs | Note Added: 0019910 | |
| 2024-10-14 17:14 | Martindgfasfs | Note View State: 0019910: private | |
| 2024-10-14 17:14 | Martindgfasfs | Note View State: 0019910: public | |
| 2024-10-14 22:03 | kali-bugreport | Note Added: 0019911 | |
| 2024-10-15 08:51 | Martindgfasfs | Note Added: 0019913 | |
| 2024-10-15 18:31 | kali-bugreport | Note Added: 0019914 |
