[FILE-6398] test disabled

2024-10-15 17:26:19 +00:00 · 2024-10-15 17:26:19 +00:00 · f6275f6397
parent b1e1f61975
commit f6275f6397
2 changed files with 44 additions and 43 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -8,7 +8,7 @@
 ### Changed
 - BOOT-5264 - Changed output of systemd-analyze test and added link
- FILE-6398 - Only perform test if we know if Linux kernel is monolithic/modular
+- FILE-6398 - Test temporarily disabled as on modern kernels JDB support is built-in
 - FIRE-4508 - Several changes to expand the test, make it more generic, resolve minor issues
 - KRNL-5622 - Test if systemctl binary is set
 - Update of translations: Italian, Russian
--- a/include/tests_filesystems
+++ b/include/tests_filesystems
@ -734,48 +734,49 @@
 #
    # Test        : FILE-6398
    # Description : Check if JBD (Journal Block Device) driver is loaded
-    Register --test-no FILE-6398 --os Linux --weight L --network NO --category security --description "Checking if JBD (Journal Block Device) driver is loaded"
+    # Notes       : Test is temporarily disabled, as JBD might be in a kernel (built-in) - https://github.com/CISOfy/lynis/issues/1508
-    if [ ${SKIPTEST} -eq 0 ]; then
+#    Register --test-no FILE-6398 --os Linux --weight L --network NO --category security --description "Checking if JBD (Journal Block Device) driver is loaded"
-        LogText "Test: Checking if JBD (Journal Block Device) driver is loaded"
+#    if [ ${SKIPTEST} -eq 0 ]; then
-        NOTINUSE=0
+#        LogText "Test: Checking if JBD (Journal Block Device) driver is loaded"
-        # Only perform testing if we know that KRNL-5723 performed tests
+#        NOTINUSE=0
-        if [ ${MONOLITHIC_KERNEL_TESTED} -eq 1 ]; then
+#        # Only perform testing if we know that KRNL-5723 performed tests
-            # Cannot check if driver is loaded/present if kernel is monolithic
+#        if [ ${MONOLITHIC_KERNEL_TESTED} -eq 1 ]; then
-            if [ ${MONOLITHIC_KERNEL} -eq 0 ]; then
+#            # Cannot check if driver is loaded/present if kernel is monolithic
-                JBD=$(${LSMODBINARY} | ${GREPBINARY} ^jbd)
+#            if [ ${MONOLITHIC_KERNEL} -eq 0 ]; then
-                if [ -n "${JBD}" ]; then
+#                JBD=$(${LSMODBINARY} | ${GREPBINARY} ^jbd)
-                    LogText "Result: JBD driver is loaded"
+#                if [ -n "${JBD}" ]; then
-                    INUSE=$(echo ${JBD} | ${AWKBINARY} '{if ($3 -ne 0) {print $4}}')
+#                    LogText "Result: JBD driver is loaded"
-                    if [ -n "${INUSE}" ]; then
+#                    INUSE=$(echo ${JBD} | ${AWKBINARY} '{if ($3 -ne 0) {print $4}}')
-                        LogText "Result: JBD driver is in use by drivers: ${INUSE}"
+#                    if [ -n "${INUSE}" ]; then
-                        Report "JBD driver is in use by drivers: ${INUSE}"
+#                        LogText "Result: JBD driver is in use by drivers: ${INUSE}"
-                        Display --indent 2 --text "- JBD driver loaded and in use" --result "${STATUS_OK}" --color GREEN
+#                        Report "JBD driver is in use by drivers: ${INUSE}"
-                    else
+#                        Display --indent 2 --text "- JBD driver loaded and in use" --result "${STATUS_OK}" --color GREEN
-                        NOTINUSE=1
+#                    else
-                        LogText "Result: JBD driver loaded, but not in use"
+#                        NOTINUSE=1
-                        Report "JBD driver is loaded, but not in use."
+#                        LogText "Result: JBD driver loaded, but not in use"
-                        Display --indent 2 --text "- JBD driver loaded, but not in use" --result "${STATUS_SUGGESTION}" --color YELLOW
+#                        Report "JBD driver is loaded, but not in use."
-                    fi
+#                        Display --indent 2 --text "- JBD driver loaded, but not in use" --result "${STATUS_SUGGESTION}" --color YELLOW
-                else
+#                    fi
-                    NOTINUSE=2
+#                else
-                    LogText "Result: JBD driver not loaded"
+#                    NOTINUSE=2
-                    Report "JBD driver not loaded."
+#                    LogText "Result: JBD driver not loaded"
-                    Display --indent 2 --text "- JBD driver is not loaded" --result "${STATUS_CHECK_NEEDED}" --color YELLOW
+#                    Report "JBD driver not loaded."
-                fi
+#                    Display --indent 2 --text "- JBD driver is not loaded" --result "${STATUS_CHECK_NEEDED}" --color YELLOW
-                if [ ${NOTINUSE} -eq 1 ]; then
+#                fi
-                    ReportSuggestion "${TEST_NO}" "The JBD (Journal Block Device) driver is loaded but not in use." "You are currently not using any filesystems with journaling, i.e. you have greater risk of data corruption in case of system crash."
+#                if [ ${NOTINUSE} -eq 1 ]; then
-                elif [ ${NOTINUSE} -eq 2 ]; then
+#                    ReportSuggestion "${TEST_NO}" "The JBD (Journal Block Device) driver is loaded but not in use." "You are currently not using any filesystems with journaling, i.e. you have greater risk of data corruption in case of system crash."
-                    ReportSuggestion "${TEST_NO}" "The JBD (Journal Block Device) driver is not loaded." "Since boot-time, you have not been using any filesystems with journaling. Alternatively, reason could be driver is blacklisted."
+#                elif [ ${NOTINUSE} -eq 2 ]; then
-                fi
+#                    ReportSuggestion "${TEST_NO}" "The JBD (Journal Block Device) driver is not loaded." "Since boot-time, you have not been using any filesystems with journaling. Alternatively, reason could be driver is blacklisted."
-            else
+#                fi
-                Display --indent 2 --text "- JBD driver: unable to check" --result "${STATUS_UNKNOWN}" --color YELLOW
+#            else
-                LogText "Kernel is monolithic - cannot check if JBD driver is part of compiled kernel."
+#                Display --indent 2 --text "- JBD driver: unable to check" --result "${STATUS_UNKNOWN}" --color YELLOW
-            fi
+#                LogText "Kernel is monolithic - cannot check if JBD driver is part of compiled kernel."
-        else
+#            fi
-            Display --indent 2 --text "- JBD driver: test skipped" --result "${STATUS_UNKNOWN}" --color YELLOW
+#        else
-            LogText "Test skipped as the kernel type (monolithic/modular) is unknown"
+#            Display --indent 2 --text "- JBD driver: test skipped" --result "${STATUS_UNKNOWN}" --color YELLOW
-        fi
+#            LogText "Test skipped as the kernel type (monolithic/modular) is unknown"
-    fi
+#        fi
 #    fi
 #
 #################################################################################
 #