Open sbaumgartner75 opened 1 month ago
That's due to an error in include/consts, GREPBINARY="grep". It should read GREPBINARY="grep -E" because in NETW-3200 and other tests I assume extended regular expressions are used. And the test should be written as:
grep -E "^install[[:space:]]+dccp[[:space:]]+/bin/(true|false)$" /etc/modprobe.d/*
to actually work (openSUSE Tumbleweed). Please be aware that tabulators and/or blanks might be used.
I have amended my PR to include your very valid remark.
to achieve the expected behaviour in https://github.com/CISOfy/lynis/commit/9819ac4023f2499231f07e93b40ed1cef49f0b19:
/usr/bin/grep -E -l -s '^install\s+dccp\s+/bin/(true|false)$' /etc/modprobe.d/*
Describe the bug Both tests NETW-3200 and FILE-6430 do no longer detect blacklisted modules
Version
Expected behavior Both tests NETW-3200 and FILE-6430 detect blacklisted modules
Output
Additional context Since commit "9819ac4" the REGEX for detecting the blacklist entries is broken.
DATA=$(${GREPBINARY} "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.conf)
andDATA=$(${GREPBINARY} -l -s "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/*)
respectively, because the "\" escapes the "+" and thus the "+" is expected in the output.I fixed this to read
DATA=$(${GREPBINARY} "^install +${P} +/bin/true$" ${ROOTDIR}etc/modprobe.conf)
andDATA=$(${GREPBINARY} -l -s "^install +${P} +/bin/true$" ${ROOTDIR}etc/modprobe.d/*)
which fulfills the original intention of allowing any number of blanks.