tests_usb updates (#514)

* Added kernel.dmesg_restrict to sysctl checks. * Moved usb-storage and autthorization tests tests_usb * Limit Suggestions when USBGuard installed * Changed usb_devices to usb
author: Dave Vehrs <dvehrs@users.noreply.github.com> 2018-01-26 14:24:33 +0300
committer: Michael Boelen <michael.boelen@cisofy.com> 2018-01-26 14:24:33 +0300
commit: a30d429315fcdbf2c6e2a2bad2ec837d5b9d5580 (patch)
tree: 96db01d0c45f746bbdefa9aaabdc449209c12dbc /include/tests_storage
parent: 7b664a7560401494f33c52069c53b61a8de167f4 (diff)
1 files changed, 0 insertions, 76 deletions
diff --git a/include/tests_storage b/include/tests_storage
index f67d70e5..de8984c4 100644
--- a/include/tests_storage
+++ b/include/tests_storage
@@ -28,82 +28,6 @@
 #
 #################################################################################
 #
-    # Test        : STRG-1840
-    # Description : Check for disabled USB storage
-    Register --test-no STRG-1840 --os Linux --weight L --network NO --category security --description "Check if USB storage is disabled"
-    if [ ${SKIPTEST} -eq 0 ]; then
-        FOUND=0
-        LogText "Test: Checking USB storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf"
-        if [ -d /etc/modprobe.d ]; then
-            FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null)
-            if [ ! -z "${FIND}" ]; then
-                FIND=$(${EGREPBINARY} -r "install usb[-_]storage /bin/(false|true)" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
-                FIND2=$(${EGREPBINARY} -r "^blacklist usb[-_]storage" ${ROOTDIR}etc/modprobe.d/*)
-                if [ ! -z "${FIND}" -o ! -z "${FIND2}" ]; then
-                    FOUND=1
-                    LogText "Result: found usb-storage driver in disabled state (blacklisted)"
-                fi
-            else
-                LogText "Result: uncommon situation. Found /etc/modprobe.d directory, but no files in it."
-            fi
-        fi
-        if [ -f ${ROOTDIR}etc/modprobe.conf ]; then
-            FIND=$(${EGREPBINARY} "install usb[-_]storage /bin/(false|true)" ${ROOTDIR}etc/modprobe.conf | ${GREPBINARY} "usb-storage" | ${GREPBINARY} -v "#")
-            if [ ! -z "${FIND}" ]; then
-                FOUND=1
-                LogText "Result: found usb-storage driver in disabled state"
-            fi
-        fi
-        if [ ${FOUND} -eq 0 ]; then
-            LogText "Result: usb-storage driver is not explicitly disabled"
-            Display --indent 2 --text "- Checking usb-storage driver (modprobe config)" --result "NOT DISABLED" --color WHITE
-            ReportSuggestion ${TEST_NO} "Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft"
-            AddHP 2 3
-        else
-            LogText "Result: usb-storage driver is disabled"
-            Display --indent 2 --text "- Checking usb-storage driver (modprobe config)" --result "${STATUS_DISABLED}" --color GREEN
-            AddHP 3 3
-        fi
-    fi
-#
-#################################################################################
-#
-    # Test        : STRG-1842
-    # Description : Check USB authorizations
-    Register --test-no STRG-1842 --os Linux --weight L --network NO --category security --description "Check USB authorizations"
-    if [ ${SKIPTEST} -eq 0 ]; then
-        LogText "Test: Checking USB devices authorization to connect to the system"
-        FOUND=0
-        USBDEVICESPATH="/sys/bus/usb/devices/usb"
-        for device in "${USBDEVICESPATH}"*; do
-            if [ -e "${device}/authorized" ] || [ -e "${device}/authorized_default" ]; then
-                if [ $(cat "${device}/authorized_default") -eq 1 ]; then
-                    FOUND=1
-                    LogText "Test: ${device} is authorized by default"
-                    Report "usb_authorized_default_device[]=${device}"
-                elif [ $(cat "${device}/authorized") -eq 1 ]; then
-                    FOUND=1
-                    LogText "Test: ${device} is authorized currently"
-                    Report "usb_authorized_device[]=${device}"
-                fi
-            fi
-        done
-
-        if [ ${FOUND} -eq 1 ]; then
-            LogText "Result: Some USB devices are authorized by default (or temporary) to connect to the system"
-            Display --indent 2 --text "- Checking USB devices authorization" --result "${STATUS_ENABLED}" --color YELLOW
-            # To-Be-Added: create documentation and enable the suggestion
-            #ReportSuggestion ${TEST_NO} "Disable USB devices authorization, to prevent unauthorized storage or data theft"
-            AddHP 0 3
-        else
-            LogText "Result: None USB devices are authorized by default (or temporary) to connect to the system"
-            Display --indent 2 --text "- Checking USB devices authorization" --result "${STATUS_DISABLED}" --color GREEN
-            AddHP 3 3
-        fi
-    fi
-#
-#################################################################################
-#
     # Test        : STRG-1846
     # Description : Check for disabled firewire storage
     # Explanation : Best option is to use the install function, or else drivers can still be loaded manually
author	Dave Vehrs <dvehrs@users.noreply.github.com>	2018-01-26 14:24:33 +0300
committer	Michael Boelen <michael.boelen@cisofy.com>	2018-01-26 14:24:33 +0300
commit	a30d429315fcdbf2c6e2a2bad2ec837d5b9d5580 (patch)
tree	96db01d0c45f746bbdefa9aaabdc449209c12dbc /include/tests_storage
parent	7b664a7560401494f33c52069c53b61a8de167f4 (diff)