Open suprovsky opened 3 months ago
Verified.
++ '[' -f /etc/modprobe.conf ']'
++ '[' -d /etc/modprobe.d ']'
+++ /usr/bin/grep -l -s '^install \+dccp \+/bin/(true|false)$' /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/dkms.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
++ DATA=
$ /usr/bin/grep -E -l -s '^install dccp /bin/(true|false)$'
and similar works:
$ /usr/bin/grep -E -s '^install dccp /bin/(true|false)$' /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/dkms.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf
/etc/modprobe.d/blacklist-rare-network.conf:install dccp /bin/false
For modprobe /etc/modprobe.conf
and /etc/modprobe.d/*.conf
are read so lynis should read the same, not specific filenames in /etc/modprobe.d/
.
yeah, but I(!) added \+
in https://github.com/CISOfy/lynis/commit/9819ac4023f2499231f07e93b40ed1cef49f0b19 and that doesn't seem to work anymore.
$ /usr/bin/grep -E -l -s '^install \+dccp\s/bin/(true|false)$' /etc/modprobe.d/* | wc -l
0
$ /usr/bin/grep -E -l -s '^install dccp /bin/(true|false)$' /etc/modprobe.d/* | wc -l
1
Will be fixed in https://github.com/CISOfy/lynis/pull/1503
Describe the bug For some reason lynis does not detect modules responsible for protocols being blacklisted.
Version
Expected behavior Detections marked as OK.
Output
Additional context Add any other context about the problem here.
Attempting to load
dccp
module results in this:my
/etc/modprobe.d/unsafe-modules.conf
(tried with/bin/true
as aninstall
argument, same result):I've blacklisted these 4 modules in GRUB - same result, here is my
GRUB_CMDLINE_LINUX_DEFAULT
: