diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2016-07-11 11:32:30 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2016-07-11 11:32:30 +0300 |
commit | d1c8cd3d05b63c588d653c417ed8509de63aaeb4 (patch) | |
tree | 837f777584b4f8c8a4036625324099949cb0c84c | |
parent | 1fc6ac4ea8d16058bc0f6ef6c936075b73825f6c (diff) | |
parent | a62a09d9e48bb26649128eb9df24135f8a247827 (diff) |
Merge branch 'master' of https://github.com/CISOfy/lynis
-rw-r--r-- | include/tests_filesystems | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/include/tests_filesystems b/include/tests_filesystems index 5dcb8b86..14eb21b1 100644 --- a/include/tests_filesystems +++ b/include/tests_filesystems @@ -644,6 +644,43 @@ # ################################################################################# # + # Test : FILE-6430 + # Description : Disable Mounting of some Filesystems : cramfs hfs hfsplus squashfs udf freevxfs jffs2 + + Register --test-no FILE-6430 --weight L --network NO --description "Disable Mounting of some filesystems" + if [ ${SKIPTEST} -eq 0 ]; then + if [ ! "${LSMODBINARY}" = "" -a -f /proc/modules ]; then + Display --indent 2 --text "- Disable Mounting of some filesystems" + LIST_FS_NOT_SUPPORTED="cramfs hfs hfsplus squashfs udf freevxfs jffs2" + for FS in ${LIST_FS_NOT_SUPPORTED}; do + Display --indent 4 --text "- Disable Mounting of $FS Filesystems" + LogText "Test: Checking if $FS is not present in loaded modules" + # Check if FS is present in lsmod output + FIND=`${LSMODBINARY} | grep $FS | wc -l` + if [ "${FIND}" = "0" ]; then + LogText "Module $FS not loaded in the kernel" + Display --indent 6 --text "- Module $FS not loaded in the kernel" --result OK --color GREEN + else + LogText "Module $FS loaded in the kernel" + Display --indent 6 --text "- Module $FS loaded in the kernel" --result "REMOVE NEEDED" --color YELLOW + fi + # Check if FS is present in modprobe output + FIND=`${MODPROBEBINARY} -v -n $FS 2>/dev/null | tail -1` + if echo $FIND | ${EGREPBINARY} -q "insmod .*${FS}.ko"; then + Display --indent 6 --text "- Module $FS present in the kernel" --result "REMOVE NEEDED" --color YELLOW + else + Display --indent 6 --text "- Module $FS not present in the kernel" --result OK --color GREEN + ReportSuggestion ${TEST_NO} "The modprobe.d should contains a file with the entry 'install $FS /bin/true'" + fi + done + else + LogText "Test skipped lsmod binary not found or /proc/modules can not be opened" + fi + fi + +# +################################################################################# +# WaitForKeyPress |