added checks to ensure some kernel modules are properly configured to be blacklisted

controls/SV-257804.rb

@@ -32,4 +32,17 @@
     it { should be_disabled }
     it { should be_blacklisted }
   end
+
+  config_files = command('find /etc/modprobe.conf /etc/modprobe.d/* -print0').stdout.split("\0")
+  blacklisted = config_files.any? do |c|
+    params = parse_config_file(c, comment_char: '#', multiple_values: true,
+                                  assignment_regex: /^(\S+)\s+(\S+)$/).params
+    params.include?('blacklist') and params['blacklist'].include?('atm')
+  end
+
+  describe 'atm' do
+    it 'is configured to be blacklisted' do
+      expect(blacklisted).to eq(true)
+    end
+  end
 end

controls/SV-257805.rb

@@ -32,4 +32,17 @@
     it { should be_disabled }
     it { should be_blacklisted }
   end
+
+  config_files = command('find /etc/modprobe.conf /etc/modprobe.d/* -print0').stdout.split("\0")
+  blacklisted = config_files.any? do |c|
+    params = parse_config_file(c, comment_char: '#', multiple_values: true,
+                                  assignment_regex: /^(\S+)\s+(\S+)$/).params
+    params.include?('blacklist') and params['blacklist'].include?('can')
+  end
+
+  describe 'can' do
+    it 'is configured to be blacklisted' do
+      expect(blacklisted).to eq(true)
+    end
+  end
 end

controls/SV-257806.rb

@@ -32,4 +32,17 @@
     it { should be_disabled }
     it { should be_blacklisted }
   end
+
+  config_files = command('find /etc/modprobe.conf /etc/modprobe.d/* -print0').stdout.split("\0")
+  blacklisted = config_files.any? do |c|
+    params = parse_config_file(c, comment_char: '#', multiple_values: true,
+                                  assignment_regex: /^(\S+)\s+(\S+)$/).params
+    params.include?('blacklist') and params['blacklist'].include?('firewire-core')
+  end
+
+  describe 'firewire_core' do
+    it 'is configured to be blacklisted' do
+      expect(blacklisted).to eq(true)
+    end
+  end
 end

controls/SV-257807.rb

@@ -42,4 +42,17 @@
     it { should be_disabled }
     it { should be_blacklisted }
   end
+
+  config_files = command('find /etc/modprobe.conf /etc/modprobe.d/* -print0').stdout.split("\0")
+  blacklisted = config_files.any? do |c|
+    params = parse_config_file(c, comment_char: '#', multiple_values: true,
+                                  assignment_regex: /^(\S+)\s+(\S+)$/).params
+    params.include?('blacklist') and params['blacklist'].include?('sctp')
+  end
+
+  describe 'sctp' do
+    it 'is configured to be blacklisted' do
+      expect(blacklisted).to eq(true)
+    end
+  end
 end

controls/SV-257808.rb

@@ -36,4 +36,17 @@
     it { should be_disabled }
     it { should be_blacklisted }
   end
+
+  config_files = command('find /etc/modprobe.conf /etc/modprobe.d/* -print0').stdout.split("\0")
+  blacklisted = config_files.any? do |c|
+    params = parse_config_file(c, comment_char: '#', multiple_values: true,
+                                  assignment_regex: /^(\S+)\s+(\S+)$/).params
+    params.include?('blacklist') and params['blacklist'].include?('tipc')
+  end
+
+  describe 'tipc' do
+    it 'is configured to be blacklisted' do
+      expect(blacklisted).to eq(true)
+    end
+  end
 end

controls/SV-257880.rb

@@ -42,4 +42,17 @@
     it { should be_disabled }
     it { should be_blacklisted }
   end
+
+  config_files = command('find /etc/modprobe.conf /etc/modprobe.d/* -print0').stdout.split("\0")
+  blacklisted = config_files.any? do |c|
+    params = parse_config_file(c, comment_char: '#', multiple_values: true,
+                                  assignment_regex: /^(\S+)\s+(\S+)$/).params
+    params.include?('blacklist') and params['blacklist'].include?('cramfs')
+  end
+
+  describe 'cramfs' do
+    it 'is configured to be blacklisted' do
+      expect(blacklisted).to eq(true)
+    end
+  end
 end

controls/SV-258034.rb

@@ -29,15 +29,35 @@
   only_if('This control is Not Applicable to containers', impact: 0.0) {
     !virtualization.system.eql?('docker')
   }
+
+  config_files = command('find /etc/modprobe.conf /etc/modprobe.d/* -print0').stdout.split("\0")
+  blacklisted = config_files.any? do |c|
+    params = parse_config_file(c, comment_char: '#', multiple_values: true,
+                                  assignment_regex: /^(\S+)\s+(\S+)$/).params
+    params.include?('blacklist') and params['blacklist'].include?('usb-storage')
+  end
+
   if input('usb_storage_required') == true
     describe kernel_module('usb_storage') do
       it { should_not be_disabled }
       it { should_not be_blacklisted }
     end
+
+    describe 'usb_storage' do
+      it 'is configured to be blacklisted' do
+        expect(blacklisted).to eq(false)
+      end
+    end
   else
     describe kernel_module('usb_storage') do
       it { should be_disabled }
       it { should be_blacklisted }
     end
+
+    describe 'usb_storage' do
+      it 'is configured to be blacklisted' do
+        expect(blacklisted).to eq(true)
+      end
+    end
   end
 end

controls/SV-258039.rb

@@ -37,6 +37,19 @@
       it { should be_disabled }
       it { should be_blacklisted }
     end
+
+    config_files = command('find /etc/modprobe.conf /etc/modprobe.d/* -print0').stdout.split("\0")
+    blacklisted = config_files.any? do |c|
+      params = parse_config_file(c, comment_char: '#', multiple_values: true,
+                                    assignment_regex: /^(\S+)\s+(\S+)$/).params
+      params.include?('blacklist') and params['blacklist'].include?('bluetooth')
+    end
+
+    describe 'bluetooth' do
+      it 'is configured to be blacklisted' do
+        expect(blacklisted).to eq(true)
+      end
+    end
   else
     impact 0.0
     describe 'Device or operating system does not have a Bluetooth adapter installed' do