grep all files in modprobe.d directory?
Closed this issue · 3 comments
toomanyonhere commented
CIS-1.1.1.x are to disable a filesystem modules from getting loaded. These could be put in any file... my employer's baseline is to put them in a file called /etc/modprobe.d/crisp.conf, the CIS says to put them in a file called /etc/modprobe.d/CIS.conf.
Instead of trying to guess that they are all in CIS.conf, when there really isn't a Linux standard, can we grep all the files in the directory?
basepi commented
Does this work if you just use the existing grep module, but with -r
in the grep_args
?
toomanyonhere commented
Thanks, yes that did it!
whitelist:
disble_mount_cramfs:
data:
Red Hat Enterprise Linux Server-7:
- /etc/modprobe.d:
match_output: /bin/true
pattern: cramfs
grep_args:
- '-r'
tag: CIS-1.1.1.1
description: Disable mounting cramfs filesystems (Scored).
Thanks!
basepi commented
Perfect! Glad I could help.