1.1.23_disable_usb_storage
joachimvenaas opened this issue · 1 comments
joachimvenaas commented
OS: Debian 11
I'm having issues with this test. It seems like there is a misspelling of usb-storage/usb_storage.
It always passed the check, even if the module is loaded.
lsmod | grep usb output:
usb_storage 81920 1 uas
usbhid 65536 0
hid 151552 2 usbhid,hid_generic
scsi_mod 270336 7 virtio_scsi,sd_mod,usb_storage,uas,libata,sg,sr_mod
usbcore 331776 8 xhci_hcd,ehci_pci,usbhid,usb_storage,ehci_hcd,xhci_pci,uas,uhci_hcd
usb_common 16384 4 xhci_hcd,usbcore,ehci_hcd,uhci_hcd
when altering 1.1.23_disable_usb_storage.sh to check for usb_storage instead of usb-storage, it works as expected on my systems
ThibaultDewailly commented
Issue verified and reproduced on a fresh debian 11 install on a Baremetal.
Note : CIS Benchmark (p.56) stipulates a verification on 'usb-storage' specifically.
Need to open an issue on the guide as well