From 3f4996c8ffa58a2a450fd48fe6cefebffdcaf8fd Mon Sep 17 00:00:00 2001
From: packetzero <20775507+packetzero@users.noreply.github.com>
Date: Thu, 5 Jan 2023 12:14:50 -0600
Subject: [PATCH] T1082 list linux kernel modules - remove sudo (#2234)

* T1082 list linux kernel modules - remove sudo

Fix for #2233.  Remove unnecessary  `sudo` from T1082 "Linux list kernel modules" commands.  Add another mechanism to `cat /proc/modules`.

* change to grep proc modules

A little more interesting to grep the /proc/modules file rather than cat.

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
---
 atomics/T1082/T1082.yaml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/atomics/T1082/T1082.yaml b/atomics/T1082/T1082.yaml
index 16e8fed5..96225768 100644
--- a/atomics/T1082/T1082.yaml
+++ b/atomics/T1082/T1082.yaml
@@ -337,11 +337,12 @@ atomic_tests:
 - name: Linux List Kernel Modules
   auto_generated_guid: 034fe21c-3186-49dd-8d5d-128b35f181c7
   description: |
-    Identify kernel modules installed. Upon successful execution stdout will display kernel modules installed on host.
+    Enumerate kernel modules installed 3 different ways. Upon successful execution stdout will display kernel modules installed on host 2 times, followed by list of modules matching 'vmw' if present.
   supported_platforms:
   - linux
   executor:
     command: |
-      sudo lsmod
-      sudo kmod list
+      lsmod
+      kmod list
+      grep vmw /proc/modules
     name: sh