diff options
| author | mboelen <michael@cisofy.com> | 2015-05-18 00:00:28 +0300 |
|---|---|---|
| committer | mboelen <michael@cisofy.com> | 2015-05-18 00:00:28 +0300 |
| commit | 283e198c231df3b6535414197ba1e592dba0a8e8 (patch) | |
| tree | f5d6d63f589c222645100b6cfbd76469086eb1d8 /include/tests_storage | |
| parent | e0f9536761fbfa282ad089554c6f313f32b06a3a (diff) | |
Improved detection of blacklisted/disabled modules
Diffstat (limited to 'include/tests_storage')
| -rw-r--r-- | include/tests_storage | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/include/tests_storage b/include/tests_storage index a3b59eae..1ee95589 100644 --- a/include/tests_storage +++ b/include/tests_storage @@ -33,7 +33,7 @@ if [ -d /etc/modprobe.d ]; then FIND=`ls /etc/modprobe.d/* 2> /dev/null` if [ ! "${FIND}" = "" ]; then - FIND=`grep -r "install usb-storage /bin/true" /etc/modprobe.d/* | grep "usb-storage" | grep -v "#"` + FIND=`grep -r "install usb-storage /bin/(false|true)" /etc/modprobe.d/* | grep "usb-storage" | grep -v "#"` FIND2=`egrep -r "^blacklist (usb_storage|usb-storage)" /etc/modprobe.d/*` if [ ! "${FIND}" = "" -o ! "${FIND2}" = "" ]; then FOUND=1 @@ -44,7 +44,7 @@ fi fi if [ -f /etc/modprobe.conf ]; then - FIND=`grep "install usb-storage /bin/true" /etc/modprobe.conf | grep "usb-storage" | grep -v "#"` + FIND=`grep "install usb-storage /bin/(false|true)" /etc/modprobe.conf | grep "usb-storage" | grep -v "#"` if [ ! "${FIND}" = "" ]; then FOUND=1 logtext "Result: found usb-storage driver in disabled state" @@ -66,6 +66,7 @@ # # Test : STRG-1846 # Description : Check for disabled firewire storage + # Explanation : Best option is to use the install function, or else drivers can still be loaded manually Register --test-no STRG-1846 --os Linux --weight L --network NO --description "Check if firewire storage is disabled" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 @@ -73,8 +74,8 @@ if [ -d /etc/modprobe.d ]; then FIND=`ls /etc/modprobe.d/* 2> /dev/null` if [ ! "${FIND}" = "" ]; then - FIND1=`egrep "blacklist (ohci1394|firewire-ohci)" /etc/modprobe.d/* | grep "ohci" | grep -v "#"` - FIND2=`egrep "install (ohci1394|firewire-ohci) /bin/true" /etc/modprobe.d/* | grep "ohci" | grep -v "#"` + FIND1=`egrep "blacklist (ohci1394|firewire-ohci|firewire_ohci)" /etc/modprobe.d/* | grep "ohci" | grep -v "#"` + FIND2=`egrep "install (ohci1394|firewire-ohci|firewire_ohci) /bin/(false|true)" /etc/modprobe.d/* | grep "ohci" | grep -v "#"` if [ ! "${FIND1}" = "" -o ! "${FIND2}" = "" ]; then FOUND=1 logtext "Result: found firewire ohci driver in disabled state" @@ -84,8 +85,8 @@ fi fi if [ -f /etc/modprobe.conf ]; then - FIND1=`egrep -r "blacklist (ohci1394|firewire-ohci)" /etc/modprobe.conf | grep "ohci" | grep -v "#"` - FIND2=`egrep -r "install (ohci1394|firewire-ohci) /bin/true" /etc/modprobe.conf | grep "ohci" | grep -v "#"` + FIND1=`egrep -r "blacklist (ohci1394|firewire-ohci|firewire_ohci)" /etc/modprobe.conf | grep "ohci" | grep -v "#"` + FIND2=`egrep -r "install (ohci1394|firewire-ohci|firewire_ohci) /bin/(false|true)" /etc/modprobe.conf | grep "ohci" | grep -v "#"` if [ ! "${FIND1}" = "" -o ! "${FIND2}" = "" ]; then FOUND=1 logtext "Result: found firewire ohci driver in disabled state" @@ -107,6 +108,7 @@ # ################################################################################# # +# Use modprobe --showconfig to test for options # NetBSD: amd (auto mount daemon) @@ -119,4 +121,4 @@ wait_for_keypress # #================================================================================ -# Lynis - Copyright 2007-2015, Michael Boelen - www.rootkit.nl - The Netherlands +# Lynis - Copyright 2007-2015, CISOfy, Michael Boelen - https://cisofy.com |