<def-group>
  <definition class="compliance"
  id="kernel_module_{{{ KERNMODULE }}}_disabled" version="1">
    {{{ oval_metadata("The kernel module " + KERNMODULE + " should be disabled.") }}}
    <criteria operator="OR">
      <criterion test_ref="test_kernmod_{{{ KERNMODULE }}}_disabled" comment="kernel module {{{ KERNMODULE }}} disabled in /etc/modprobe.d" />

{{% if product != "ubuntu1804" %}}
      <criterion test_ref="test_kernmod_{{{ KERNMODULE }}}_modprobeconf" comment="kernel module {{{ KERNMODULE }}} disabled in /etc/modprobe.conf" />
{{% endif %}}

{{% if (product != "rhel6") and (product != "ubuntu1804") %}}

      <criterion test_ref="test_kernmod_{{{ KERNMODULE }}}_etcmodules-load" comment="kernel module {{{ KERNMODULE }}} disabled in /etc/modules-load.d" />
      <criterion test_ref="test_kernmod_{{{ KERNMODULE }}}_runmodules-load" comment="kernel module {{{ KERNMODULE }}} disabled in /run/modules-load.d" />
      <criterion test_ref="test_kernmod_{{{ KERNMODULE }}}_libmodules-load" comment="kernel module {{{ KERNMODULE }}} disabled in /usr/lib/modules-load.d" />
      <criterion test_ref="test_kernmod_{{{ KERNMODULE }}}_runmodprobed" comment="kernel module {{{ KERNMODULE }}} disabled in /run/modprobe.d" />
      <criterion test_ref="test_kernmod_{{{ KERNMODULE }}}_libmodprobed" comment="kernel module {{{ KERNMODULE }}} disabled in /usr/lib/modprobe.d" />

{{% endif %}}

    </criteria>
  </definition>

  <ind:textfilecontent54_test id="test_kernmod_{{{ KERNMODULE }}}_disabled" version="1" check="all"
  comment="kernel module {{{ KERNMODULE }}} disabled">
    <ind:object object_ref="obj_kernmod_{{{ KERNMODULE }}}_disabled" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_test id="test_kernmod_{{{ KERNMODULE }}}_modprobeconf" version="1" check="all"
  comment="kernel module {{{ KERNMODULE }}} disabled in /etc/modprobe.conf">
    <ind:object object_ref="obj_kernmod_{{{ KERNMODULE }}}_modprobeconf" />
  </ind:textfilecontent54_test>

{{% if product != "rhel6" %}}

  <ind:textfilecontent54_test id="test_kernmod_{{{ KERNMODULE }}}_etcmodules-load" version="1" check="all"
  comment="kernel module {{{ KERNMODULE }}} disabled in /etc/modules-load.d">
    <ind:object object_ref="obj_kernmod_{{{ KERNMODULE }}}_etcmodules-load" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_test id="test_kernmod_{{{ KERNMODULE }}}_runmodules-load" version="1" check="all"
  comment="kernel module {{{ KERNMODULE }}} disabled in /run/modules-load.d">
    <ind:object object_ref="obj_kernmod_{{{ KERNMODULE }}}_runmodules-load" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_test id="test_kernmod_{{{ KERNMODULE }}}_libmodules-load" version="1" check="all"
  comment="kernel module {{{ KERNMODULE }}} disabled in /usr/lib/modules-load.d">
    <ind:object object_ref="obj_kernmod_{{{ KERNMODULE }}}_libmodules-load" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_test id="test_kernmod_{{{ KERNMODULE }}}_runmodprobed" version="1" check="all"
  comment="kernel module {{{ KERNMODULE }}} disabled in /run/modprobe.d">
    <ind:object object_ref="obj_kernmod_{{{ KERNMODULE }}}_runmodprobed" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_test id="test_kernmod_{{{ KERNMODULE }}}_libmodprobed" version="1" check="all"
  comment="kernel module {{{ KERNMODULE }}} disabled in /usr/lib/modprobe.d">
    <ind:object object_ref="obj_kernmod_{{{ KERNMODULE }}}_libmodprobed" />
  </ind:textfilecontent54_test>

{{% endif %}}

  <ind:textfilecontent54_object id="obj_kernmod_{{{ KERNMODULE }}}_disabled"
  version="1" comment="kernel module {{{ KERNMODULE }}} disabled">
    <ind:path>/etc/modprobe.d</ind:path>
    <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
    <ind:pattern operation="pattern match">^\s*install\s+{{{ KERNMODULE }}}\s+(/bin/false|/bin/true)$</ind:pattern>
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_object id="obj_kernmod_{{{ KERNMODULE }}}_modprobeconf"
  version="1" comment="Check deprecated /etc/modprobe.conf for disablement of {{{ KERNMODULE }}}">
    <ind:filepath>/etc/modprobe.conf</ind:filepath>
    <ind:pattern operation="pattern match">^\s*install\s+{{{ KERNMODULE }}}\s+(/bin/false|/bin/true)$</ind:pattern>
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

{{% if product != "rhel6" %}}

  <ind:textfilecontent54_object id="obj_kernmod_{{{ KERNMODULE }}}_etcmodules-load"
  version="1" comment="kernel module {{{ KERNMODULE }}} disabled in /etc/modules-load.d">
    <ind:path>/etc/modules-load.d</ind:path>
    <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
    <ind:pattern operation="pattern match">^\s*install\s+{{{ KERNMODULE }}}\s+(/bin/false|/bin/true)$</ind:pattern>
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_object id="obj_kernmod_{{{ KERNMODULE }}}_runmodules-load"
  version="1" comment="kernel module {{{ KERNMODULE }}} disabled in /run/modules-load.d">
    <ind:path>/run/modules-load.d</ind:path>
    <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
    <ind:pattern operation="pattern match">^\s*install\s+{{{ KERNMODULE }}}\s+(/bin/false|/bin/true)$</ind:pattern>
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_object id="obj_kernmod_{{{ KERNMODULE }}}_libmodules-load"
  version="1" comment="kernel module {{{ KERNMODULE }}} disabled in /usr/lib/modules-load.d">
    <ind:path>/usr/lib/modules-load.d</ind:path>
    <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
    <ind:pattern operation="pattern match">^\s*install\s+{{{ KERNMODULE }}}\s+(/bin/false|/bin/true)$</ind:pattern>
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_object id="obj_kernmod_{{{ KERNMODULE }}}_runmodprobed"
  version="1" comment="kernel module {{{ KERNMODULE }}} disabled in /run/modprobe.d">
    <ind:path>/run/modprobe.d</ind:path>
    <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
    <ind:pattern operation="pattern match">^\s*install\s+{{{ KERNMODULE }}}\s+(/bin/false|/bin/true)$</ind:pattern>
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_object id="obj_kernmod_{{{ KERNMODULE }}}_libmodprobed"
  version="1" comment="kernel module {{{ KERNMODULE }}} disabled in /usr/lib/modprobe.d">
    <ind:path>/usr/lib/modprobe.d</ind:path>
    <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
    <ind:pattern operation="pattern match">^\s*install\s+{{{ KERNMODULE }}}\s+(/bin/false|/bin/true)$</ind:pattern>
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>

{{% endif %}}

</def-group>
