Added NETW-3200

CHANGELOG.md

@@ -49,6 +49,7 @@ Using the relevant options, the scan will change base on the intended goal.
 - New test: CRYP-7930 - test for LUKS encryption
 - New test: INSE-8314 - test for NIS client
 - New test: INSE-8316 - test for NIS server
+- New test: NETW-3200 - determine avilable network protocols
 - New test: PROC-3802 - check presence of prelink tooling
 - New report key: openssh_daemon_running
 - New command: lynis generate systemd-units

db/tests.db

@@ -288,6 +288,7 @@ NETW-3015:test:security:networking:Linux:Checking promiscuous interfaces (Linux)
 NETW-3028:test:security:networking::Checking connections in WAIT state:
 NETW-3030:test:security:networking::Checking DHCP client status:
 NETW-3032:test:security:networking:Linux:Checking for ARP monitoring software:
+NETW-3200:test:security:networking::Determine available network protocols:
 PHP-2211:test:security:php::Check php.ini presence:
 PHP-2320:test:security:php::Check PHP disabled functions:
 PHP-2368:test:security:php::Check PHP register_globals option:

include/tests_networking

@@ -639,6 +639,65 @@
 #
 #################################################################################
 #
+    # Test        : NETW-3200
+    # Description : Determine available network protocols
+    Register --test-no NETW-3200 --weight L --network YES --category security --description "Determine available network protocols"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        TESTED=0
+        case ${OS} in
+            Linux)
+                TESTED=1
+                LogText "Test: checking the status of some network protocols that typically are not used"
+                UNCOMMON_PROTOCOLS="dccp sctp rds tipc"
+                for P in ${UNCOMMON_PROTOCOLS}; do
+                    if ! SkipAtomicTest "${TEST_NO}:${P}"; then
+                        FOUND_UNCOMMON_PROTOCOL=0
+                        if [ -f ${ROOTDIR}etc/modprobe.conf ]; then
+                            DATA=$(${GREPBINARY} "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.conf)
+                            if [ -n "${DATA}" ]; then
+                                LogText "Result: found ${P} module loaded via modprobe.conf"
+                                FOUND_UNCOMMON_PROTOCOL=1
+                            fi
+                        fi
+                        if [ -d ${ROOTDIR}etc/modprobe.d ]; then
+                            DATA=$(${GREPBINARY} --files-with-matches --no-messages "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*)
+                            if [ -n "${DATA}" ]; then
+                                FOUND_UNCOMMON_PROTOCOL=1
+                                for F in ${DATA}; do
+                                    LogText "Result: found ${P} module loaded via ${F}"
+                                done
+                            fi
+                        fi
+
+                        # Although a protocol may not been enabled using install, it can be loaded. This may be revealed using /proc
+                        #/proc/sys/net/
+
+                        if [ ${FOUND_UNCOMMON_PROTOCOL} -eq 1 ]; then
+                            ReportSuggestion "${TEST_NO}" "Determine if network protocol ${P} needs to be used on this system"
+                            Report "uncommon_network_protocol_enabled=${P}"
+                        fi
+                    fi
+                done
+
+            ;;
+            *)
+                LogText "This test has no routine yet for this operating system."
+                Debug "No routine implemented yet for this operating system to check for available network protocols"
+            ;;
+        esac
+        if [ ${TESTED} -eq 1 ]; then
+            if [ ${FOUND_UNCOMMON_PROTOCOL} -eq 1 ]; then
+                Display --indent 2 --text "- Uncommon network protocols" --result "${FOUND}" --color YELLOW
+            else
+                Display --indent 2 --text "- Uncommon network protocols" --result "${STATUS_NOT_FOUND}" --color GREEN
+            fi
+        fi
+        unset DATA F FOUND TESTED UNCOMMON_PROTOCOLS
+    fi
+#
+#################################################################################
+#
+
 
 WaitForKeyPress