From deb96a624ed93eb25af151fafcb3ea730ee988ef Mon Sep 17 00:00:00 2001
From: Artem Sidorenko <artem@posteo.de>
Date: Mon, 22 May 2017 19:53:35 +0200
Subject: [PATCH] Allow verification if kernel modules loading is disabled

Signed-off-by: Artem Sidorenko <artem@posteo.de>
---
 controls/sysctl_spec.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/controls/sysctl_spec.rb b/controls/sysctl_spec.rb
index 7014aab..b79cca8 100644
--- a/controls/sysctl_spec.rb
+++ b/controls/sysctl_spec.rb
@@ -18,6 +18,7 @@
 # author: Patrick Muench
 
 sysctl_forwarding = attribute('sysctl_forwarding', default: false, description: 'Is network forwarding needed?')
+kernel_modules_disabled = attribute('kernel_modules_disabled', default: 0, description: 'Should loading of kernel modules be disabled?')
 
 control 'sysctl-01' do
   impact 1.0
@@ -304,7 +305,7 @@ control 'sysctl-29' do
   title 'Disable loading kernel modules'
   desc 'The sysctl key kernel.modules_disabled is very straightforward. If it contains a "1" it will disable loading new modules, where a "0" will still allow loading them. Using this option will be a great protection against loading malicious kernel modules.'
   describe kernel_parameter('kernel.modules_disabled') do
-    its(:value) { should eq 0 }
+    its(:value) { should eq kernel_modules_disabled }
   end
 end