T1082 list linux kernel modules - remove sudo (#2234)

* T1082 list linux kernel modules - remove sudo Fix for #2233. Remove unnecessary `sudo` from T1082 "Linux list kernel modules" commands. Add another mechanism to `cat /proc/modules`. * change to grep proc modules A little more interesting to grep the /proc/modules file rather than cat. Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
2023-01-05 12:14:50 -06:00
parent 2b239f16b3
commit 3f4996c8ff
1 changed files with 4 additions and 3 deletions
@@ -337,11 +337,12 @@ atomic_tests:
 - name: Linux List Kernel Modules
  auto_generated_guid: 034fe21c-3186-49dd-8d5d-128b35f181c7
  description: |
-    Identify kernel modules installed. Upon successful execution stdout will display kernel modules installed on host.
+    Enumerate kernel modules installed 3 different ways. Upon successful execution stdout will display kernel modules installed on host 2 times, followed by list of modules matching 'vmw' if present.
  supported_platforms:
  - linux
  executor:
    command: |
-      sudo lsmod
-      sudo kmod list
+      lsmod
+      kmod list
+      grep vmw /proc/modules
    name: sh