mirror of https://github.com/CISOfy/lynis.git
Merge pull request #1215 from jsegitz/master
tests_filesystems: check for blacklisted modules also under /usr/lib/modules.d
This commit is contained in:
Michael Boelen
GitHub
commit
d4c63a7391
|
|
@ -880,15 +880,22 @@
|
|||
AddHP 3 3
|
||||
if IsDebug; then Display --indent 6 --text "- Module ${FS} not present in the kernel" --result OK --color GREEN; fi
|
||||
fi
|
||||
FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null)
|
||||
if [ -n "${FIND}" ]; then
|
||||
FIND1=$(${GREPBINARY} -E "^blacklist[[:space:]]+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
|
||||
FIND2=$(${GREPBINARY} -E "^install[[:space:]]+${FS}[[:space:]]+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
|
||||
if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then
|
||||
Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN
|
||||
LogText "Result: module ${FS} is blacklisted"
|
||||
|
||||
for SUBDIR in "${ROOTDIR}etc" "${ROOTDIR}usr/lib"; do
|
||||
if [ -d "${SUBDIR}/modprobe.d" ]; then
|
||||
LogText "Result: directory ${SUBDIR}/modprobe.d exists"
|
||||
FIND=$(${LSBINARY} "${SUBDIR}/modprobe.d/*" 2> /dev/null)
|
||||
if [ -n "${FIND}" ]; then
|
||||
FIND1=$(${GREPBINARY} -E "^blacklist[[:space:]]+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
|
||||
FIND2=$(${GREPBINARY} -E "^install[[:space:]]+${FS}[[:space:]]+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
|
||||
if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then
|
||||
Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN
|
||||
LogText "Result: module ${FS} is blacklisted"
|
||||
break
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
done
|
||||
done
|
||||
if [ ${FOUND} -eq 1 ]; then
|
||||
Display --indent 4 --text "- Discovered kernel modules: ${AVAILABLE_MODPROBE_FS}"
|
||||
|
|
|
|||
Loading…
Reference in New Issue