tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-16 10:24:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1215 from jsegitz/master

Browse Source 
tests_filesystems: check for blacklisted modules also under /usr/lib/modules.d
This commit is contained in:
Michael Boelen 2025-02-10 15:09:42 +01:00 committed by GitHub
commit d4c63a7391
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
include/tests_filesystems
View File

@ -880,15 +880,22 @@
AddHP 3 3 AddHP 3 3
if IsDebug; then Display --indent 6 --text "- Module ${FS} not present in the kernel" --result OK --color GREEN; fi if IsDebug; then Display --indent 6 --text "- Module ${FS} not present in the kernel" --result OK --color GREEN; fi
fi fi
FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null)
if [ -n "${FIND}" ]; then for SUBDIR in "${ROOTDIR}etc" "${ROOTDIR}usr/lib"; do
FIND1=$(${GREPBINARY} -E "^blacklist[[:space:]]+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") if [ -d "${SUBDIR}/modprobe.d" ]; then
FIND2=$(${GREPBINARY} -E "^install[[:space:]]+${FS}[[:space:]]+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") LogText "Result: directory ${SUBDIR}/modprobe.d exists"
if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then FIND=$(${LSBINARY} "${SUBDIR}/modprobe.d/*" 2> /dev/null)
Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN if [ -n "${FIND}" ]; then
LogText "Result: module ${FS} is blacklisted" FIND1=$(${GREPBINARY} -E "^blacklist[[:space:]]+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
FIND2=$(${GREPBINARY} -E "^install[[:space:]]+${FS}[[:space:]]+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then
Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN
LogText "Result: module ${FS} is blacklisted"
break
fi
fi fi
fi fi
done
done done
if [ ${FOUND} -eq 1 ]; then if [ ${FOUND} -eq 1 ]; then
Display --indent 4 --text "- Discovered kernel modules: ${AVAILABLE_MODPROBE_FS}" Display --indent 4 --text "- Discovered kernel modules: ${AVAILABLE_MODPROBE_FS}"