File additional_module_blacklist_locations.patch of Package lynis
Index: lynis/include/tests_filesystems
===================================================================
--- lynis.orig/include/tests_filesystems
+++ lynis/include/tests_filesystems
@@ -835,15 +835,17 @@
AddHP 3 3
if IsDebug; then Display --indent 6 --text "- Module ${FS} not present in the kernel" --result OK --color GREEN; fi
fi
- FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null)
- if [ -n "${FIND}" ]; then
- FIND1=$(${GREPBINARY} -E "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
- FIND2=$(${GREPBINARY} -E "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
- if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then
- Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN
- LogText "Result: module ${FS} is blacklisted"
- fi
- fi
+ for SUBDIR in "${ROOTDIR}etc" "/usr/lib"; do
+ FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null)
+ if [ -n "${FIND}" ]; then
+ FIND1=$(${GREPBINARY} -E "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
+ FIND2=$(${GREPBINARY} -E "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
+ if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then
+ Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN
+ LogText "Result: module ${FS} is blacklisted"
+ fi
+ fi
+ done
done
if [ ${FOUND} -eq 1 ]; then
Display --indent 4 --text "- Discovered kernel modules: ${AVAILABLE_MODPROBE_FS}"
