tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-27 15:54:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1223 from konstruktoid/ISSUE1219

Browse Source 
allow unknown number of spaces in modprobe blacklists
This commit is contained in:
Michael Boelen 2021-11-18 11:04:52 +01:00 committed by GitHub
commit 5f113f5699
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
include/tests_filesystems
View File

@ -619,7 +619,6 @@
Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_PARTIALLY_HARDENED}" --color YELLOW Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_PARTIALLY_HARDENED}" --color YELLOW
AddHP 4 5 AddHP 4 5
else else
# if
if ContainsString "defaults" "${FOUND_FLAGS}"; then if ContainsString "defaults" "${FOUND_FLAGS}"; then
LogText "Result: marked ${FILESYSTEM} options as default (not hardened)" LogText "Result: marked ${FILESYSTEM} options as default (not hardened)"
Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_DEFAULT}" --color YELLOW Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_DEFAULT}" --color YELLOW
@ -838,13 +837,13 @@
fi fi
FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null) FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null)
if [ -n "${FIND}" ]; then if [ -n "${FIND}" ]; then
FIND1=$(${EGREPBINARY} "blacklist ${FS}" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") FIND1=$(${EGREPBINARY} "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
FIND2=$(${EGREPBINARY} "install ${FS} /bin/true" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") FIND2=$(${EGREPBINARY} "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then
Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN
LogText "Result: module ${FS} is blacklisted" LogText "Result: module ${FS} is blacklisted"
fi fi
fi fi
done done
if [ ${FOUND} -eq 1 ]; then if [ ${FOUND} -eq 1 ]; then
Display --indent 4 --text "- Discovered kernel modules: ${AVAILABLE_MODPROBE_FS}" Display --indent 4 --text "- Discovered kernel modules: ${AVAILABLE_MODPROBE_FS}"

4
include/tests_networking
View File

@ -750,7 +750,7 @@
UNCOMMON_PROTOCOL_DISABLED=0 UNCOMMON_PROTOCOL_DISABLED=0
# First check modprobe.conf # First check modprobe.conf
if [ -f ${ROOTDIR}etc/modprobe.conf ]; then if [ -f ${ROOTDIR}etc/modprobe.conf ]; then
DATA=$(${GREPBINARY} "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.conf) DATA=$(${GREPBINARY} "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.conf)
if [ -n "${DATA}" ]; then if [ -n "${DATA}" ]; then
LogText "Result: found ${P} module disabled via modprobe.conf" LogText "Result: found ${P} module disabled via modprobe.conf"
UNCOMMON_PROTOCOL_DISABLED=1 UNCOMMON_PROTOCOL_DISABLED=1
@ -759,7 +759,7 @@
# Then additional modprobe configuration files # Then additional modprobe configuration files
if [ -d ${ROOTDIR}etc/modprobe.d ]; then if [ -d ${ROOTDIR}etc/modprobe.d ]; then
# Return file names (-l) and suppress errors (-s) # Return file names (-l) and suppress errors (-s)
DATA=$(${GREPBINARY} -l -s "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*) DATA=$(${GREPBINARY} -l -s "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/*)
if [ -n "${DATA}" ]; then if [ -n "${DATA}" ]; then
UNCOMMON_PROTOCOL_DISABLED=1 UNCOMMON_PROTOCOL_DISABLED=1
for F in ${DATA}; do for F in ${DATA}; do