From a62a09d9e48bb26649128eb9df24135f8a247827 Mon Sep 17 00:00:00 2001
From: Yann ILAS <yann.ilas@gmail.com>
Date: Mon, 11 Jul 2016 10:24:38 +0200
Subject: Remove the support of some filesystems (#205)

For now keeping the test as-is and merge.
---
 include/tests_filesystems | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/include/tests_filesystems b/include/tests_filesystems
index 5dcb8b86..14eb21b1 100644
--- a/include/tests_filesystems
+++ b/include/tests_filesystems
@@ -641,6 +641,43 @@
 
     # Want to contribute to Lynis? Create this test
 
+#
+#################################################################################
+#
+    # Test        : FILE-6430
+    # Description : Disable Mounting of some Filesystems : cramfs hfs hfsplus squashfs udf freevxfs jffs2
+
+    Register --test-no FILE-6430 --weight L --network NO --description "Disable Mounting of some filesystems"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ ! "${LSMODBINARY}" = "" -a -f /proc/modules ]; then
+            Display --indent 2 --text "- Disable Mounting of some filesystems"
+            LIST_FS_NOT_SUPPORTED="cramfs hfs hfsplus squashfs udf freevxfs jffs2"
+            for FS in ${LIST_FS_NOT_SUPPORTED}; do
+                Display --indent 4 --text "- Disable Mounting of $FS Filesystems"
+                LogText "Test: Checking if $FS is not present in loaded modules"
+                # Check if FS is present in lsmod output
+                FIND=`${LSMODBINARY} | grep $FS | wc -l`
+                if [ "${FIND}" = "0" ]; then
+                    LogText "Module $FS not loaded in the kernel"
+                    Display --indent 6 --text "- Module $FS not loaded in the kernel" --result OK --color GREEN
+                else
+                    LogText "Module $FS loaded in the kernel"
+                    Display --indent 6 --text "- Module $FS loaded in the kernel" --result "REMOVE NEEDED" --color YELLOW
+                fi
+                # Check if FS is present in modprobe output
+                FIND=`${MODPROBEBINARY} -v -n $FS 2>/dev/null | tail -1`
+                if echo $FIND | ${EGREPBINARY} -q "insmod .*${FS}.ko"; then
+                    Display --indent 6 --text "- Module $FS present in the kernel" --result "REMOVE NEEDED" --color YELLOW
+                else
+                    Display --indent 6 --text "- Module $FS not present in the kernel" --result OK --color GREEN
+                    ReportSuggestion ${TEST_NO} "The modprobe.d should contains a file with the entry 'install $FS /bin/true'"
+                fi
+            done
+        else
+            LogText "Test skipped lsmod binary not found or /proc/modules can not be opened"
+        fi
+    fi
+
 #
 #################################################################################
 #
-- 
cgit v1.2.3