Description
Describe the bug
The HOME-9310 test in Lynis, which checks for suspicious .bash_history files, uses -maxdepth 1 when scanning ${HOMEDIRS}. This limits the test to only the immediate contents of /home and does not include .bash_history files stored in subdirectories such as /home/Neo/.bash_history. As a result, the test cannot detect non-standard .bash_history files (e.g., named pipes or character devices) located within user home directories.
Version
- Distribution: Ubuntu 22.04 LTS (running in Docker)
- Lynis version: 3.1.3
Expected behavior
The HOME-9310 test should scan user home directories recursively (e.g., /home/Neo/.bash_history) and detect suspicious .bash_history files of non-standard types.
Output
The test only evaluates the immediate contents of /home, so .bash_history files stored in subdirectories are not scanned or flagged.
Neo@347f7d526c8a:/usr/bin/lynis$ sudo find /home -maxdepth 1 /home /home/Cypher /home/Neo /home/Dozer /home/Morpheus /home/Apoc /home/Trinity /home/Smith
Neo@347f7d526c8a:/usr/bin/lynis$ sudo find /home -maxdepth 2 /home /home/Cypher /home/Cypher/.bash_logout /home/Cypher/.bashrc /home/Cypher/.profile /home/Cypher/.bash_history /home/Neo /home/Neo/.bash_logout /home/Neo/.bashrc /home/Neo/.profile /home/Dozer /home/Dozer/.bash_logout /home/Dozer/.bashrc /home/Dozer/.profile /home/Dozer/.bash_history /home/Morpheus /home/Morpheus/.bash_logout /home/Morpheus/.bashrc /home/Morpheus/.profile /home/Morpheus/.bash_history /home/Apoc /home/Apoc/.bash_logout /home/Apoc/.bashrc /home/Apoc/.profile /home/Trinity /home/Trinity/.bash_logout /home/Trinity/.bashrc /home/Trinity/.profile /home/Smith /home/Smith/.bash_logout /home/Smith/.bashrc /home/Smith/.profile
Additional context
Consider modifying the HOME-9310 test to use -maxdepth 2 instead of -maxdepth 1 to include files in user home directories.