From f626201fddbc3014be02b4d14a8b9298c5fdcdff Mon Sep 17 00:00:00 2001
From: Thibault Ayanides <thibault.ayanides@ovhcloud.com>
Date: Wed, 23 Dec 2020 10:57:02 +0100
Subject: [PATCH] ADD(1.1.23): disable usb storage

---
 bin/hardening/1.1.23_disable_usb_storage.sh | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/bin/hardening/1.1.23_disable_usb_storage.sh b/bin/hardening/1.1.23_disable_usb_storage.sh
index 3a4882a..af7a3f9 100755
--- a/bin/hardening/1.1.23_disable_usb_storage.sh
+++ b/bin/hardening/1.1.23_disable_usb_storage.sh
@@ -19,14 +19,27 @@ DESCRIPTION="Disable USB storage."
 
 # Note: we check /proc/config.gz to be compliant with both monolithic and modular kernels
 
+KERNEL_OPTION="CONFIG_USB_STORAGE"
+MODULE_FILE="usb-storage"
+
 # This function will be called if the script status is on enabled / audit mode
 audit() {
-    :
+    is_kernel_option_enabled "$KERNEL_OPTION" "$MODULE_FILE"
+    if [ "$FNRET" = 0 ]; then # 0 means true in bash, so it IS activated
+        crit "$KERNEL_OPTION is enabled!"
+    else
+        ok "$KERNEL_OPTION is disabled"
+    fi
 }
 
 # This function will be called if the script status is on enabled mode
 apply() {
-    :
+    is_kernel_option_enabled "$KERNEL_OPTION"
+    if [ "$FNRET" = 0 ]; then # 0 means true in bash, so it IS activated
+        warn "I cannot fix $KERNEL_OPTION enabled, recompile your kernel please"
+    else
+        ok "$KERNEL_OPTION is disabled, nothing to do"
+    fi
 }
 
 # This function will check config parameters required