From 283e198c231df3b6535414197ba1e592dba0a8e8 Mon Sep 17 00:00:00 2001 From: mboelen Date: Sun, 17 May 2015 23:00:28 +0200 Subject: [PATCH] Improved detection of blacklisted/disabled modules --- include/tests_storage | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/include/tests_storage b/include/tests_storage index a3b59eae..1ee95589 100644 --- a/include/tests_storage +++ b/include/tests_storage @@ -33,7 +33,7 @@ if [ -d /etc/modprobe.d ]; then FIND=`ls /etc/modprobe.d/* 2> /dev/null` if [ ! "${FIND}" = "" ]; then - FIND=`grep -r "install usb-storage /bin/true" /etc/modprobe.d/* | grep "usb-storage" | grep -v "#"` + FIND=`grep -r "install usb-storage /bin/(false|true)" /etc/modprobe.d/* | grep "usb-storage" | grep -v "#"` FIND2=`egrep -r "^blacklist (usb_storage|usb-storage)" /etc/modprobe.d/*` if [ ! "${FIND}" = "" -o ! "${FIND2}" = "" ]; then FOUND=1 @@ -44,7 +44,7 @@ fi fi if [ -f /etc/modprobe.conf ]; then - FIND=`grep "install usb-storage /bin/true" /etc/modprobe.conf | grep "usb-storage" | grep -v "#"` + FIND=`grep "install usb-storage /bin/(false|true)" /etc/modprobe.conf | grep "usb-storage" | grep -v "#"` if [ ! "${FIND}" = "" ]; then FOUND=1 logtext "Result: found usb-storage driver in disabled state" @@ -66,6 +66,7 @@ # # Test : STRG-1846 # Description : Check for disabled firewire storage + # Explanation : Best option is to use the install function, or else drivers can still be loaded manually Register --test-no STRG-1846 --os Linux --weight L --network NO --description "Check if firewire storage is disabled" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 @@ -73,8 +74,8 @@ if [ -d /etc/modprobe.d ]; then FIND=`ls /etc/modprobe.d/* 2> /dev/null` if [ ! "${FIND}" = "" ]; then - FIND1=`egrep "blacklist (ohci1394|firewire-ohci)" /etc/modprobe.d/* | grep "ohci" | grep -v "#"` - FIND2=`egrep "install (ohci1394|firewire-ohci) /bin/true" /etc/modprobe.d/* | grep "ohci" | grep -v "#"` + FIND1=`egrep "blacklist (ohci1394|firewire-ohci|firewire_ohci)" /etc/modprobe.d/* | grep "ohci" | grep -v "#"` + FIND2=`egrep "install (ohci1394|firewire-ohci|firewire_ohci) /bin/(false|true)" /etc/modprobe.d/* | grep "ohci" | grep -v "#"` if [ ! "${FIND1}" = "" -o ! "${FIND2}" = "" ]; then FOUND=1 logtext "Result: found firewire ohci driver in disabled state" @@ -84,8 +85,8 @@ fi fi if [ -f /etc/modprobe.conf ]; then - FIND1=`egrep -r "blacklist (ohci1394|firewire-ohci)" /etc/modprobe.conf | grep "ohci" | grep -v "#"` - FIND2=`egrep -r "install (ohci1394|firewire-ohci) /bin/true" /etc/modprobe.conf | grep "ohci" | grep -v "#"` + FIND1=`egrep -r "blacklist (ohci1394|firewire-ohci|firewire_ohci)" /etc/modprobe.conf | grep "ohci" | grep -v "#"` + FIND2=`egrep -r "install (ohci1394|firewire-ohci|firewire_ohci) /bin/(false|true)" /etc/modprobe.conf | grep "ohci" | grep -v "#"` if [ ! "${FIND1}" = "" -o ! "${FIND2}" = "" ]; then FOUND=1 logtext "Result: found firewire ohci driver in disabled state" @@ -107,6 +108,7 @@ # ################################################################################# # +# Use modprobe --showconfig to test for options # NetBSD: amd (auto mount daemon) @@ -119,4 +121,4 @@ wait_for_keypress # #================================================================================ -# Lynis - Copyright 2007-2015, Michael Boelen - www.rootkit.nl - The Netherlands +# Lynis - Copyright 2007-2015, CISOfy, Michael Boelen - https://cisofy.com