def run( fs ):
mountingTestResult = TestResult()
mountingTestResult.set_total_points(1)
passedTest = True
print("Validating that {} support is disabled...".format(fs))
#In order to run the tests, a try catch block is set up to ensure the needed commands
#are available on the system.
try:
#Input:
#>>> modprobe -n -v `fs`
#Expected output:
#>>> install /bin/true
fsTest1 = subprocess.check_output(('modprobe', '-n', '-v', fs))
if "install /bin/true" not in fsTest1:
report.report("(X)...Support for mounting {} is not disabled.".format(fs))
passedTest = False
#Input:
#>>> lsmod | grep `fs`
#Expected output:
#<NONE>
fsTest2 = subprocess.Popen(('lsmod'), stdout=subprocess.PIPE)
#With grep piping, a try catch block is needed to guarantee that if the grep
#returns no results, the process will not fail.
try:
fsTest2Output = subprocess.check_output(('grep', fs), stdin=fsTest2.stdout)
passedTest = False
print("(X) ... A module exists in /proc/modules for {}.")
except subprocess.CalledProcessError as e:
if str(e) != "Command '('grep', '{}')' returned non-zero exit status 1".format(fs):
passedTest = False
except OSError as e: #Catch if any of our commands fail
report.error("(!)...Tools do not support running a scan for {}\n".format(fs))
mountingTestResult.set_error(True)
mountingTestResult.set_error_status(" {}".format(e))
return mountingTestResult
#If passedTest has been set by any of the checks, the test fails
if passedTest == True:
report.report("......Passed!")
mountingTestResult.set_points(1)
else:
report.mitigation(" Mitigation: run install {} /bin/true".format(fs))
report.report("......Failed!")
#Send up the result
return mountingTestResult
