I cannot seem to resolve these Lynis warnings, should I ignore them?

Posted December 18, 2018 2.3k views

I’m using this tutorial:

But I cannot resolve these warnings:

! No password set for single mode [AUTH-9308]

(I ran passwd as root and set a root password, so it should prevent single user mode login without that password. So do I configure Lynis to ignore this?)

! Couldn’t find 2 responsive nameservers [NETW-2705]

(/etc/resolv.conf on all Ubuntu systems I have ever used only have nameserver I can see two nameservers when I run systemd-resolve –status, and both are responsive. So do I configure Lynis to ignore this?)

! No MySQL root password set [DBS-1816]

(Can’t figure this one out. I cannot seem to prevent the root user from logging in as root to the database. The password has indeed been set and I flushed privileges. The /root/.digitaloceanpassword file contains rootmysql_pass. So that’s why Lynis is flagging on this, right? Wrong. If I rename that file and even restart the daemon, flush privileges, etc., it still allows login. At least it is only accessible by root. So do I configure Lynis to ignore this?)

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers

Thought it might be good for others to know that these issues were resolved by simply upgrading Lynis to the latest :-)

Lynis author here.

Sure, if you can’t resolve a particular item and you feel you can accept the risk or took other measures, then it is totally fine to skip a particular test.

To skip a test: add ‘skip-test=AAAA-1234’ (without quotes) to custom.prf (lynis show profiles). Replace the ID with the one you see between the brackets.

  • Great software! Way better than some other packages I’ve used.

    Should I submit a bug report for AUTH-9308? I believe I am currently meeting this condition but it is flagging. I see the NETW-2705 nameserver issue already has a bug report, but not sure if it was ever implemented or if I just have a stale database.

    Also, I would like to know from you or anyone if you know why MySQL allows login as root from the root Linux account without a password – even though a password is set, and it’s not getting it from /root/.digitalocean_password.