add blacklist test

Signed-off-by: Mark Bolwell <[email protected]>

section_1/cis_1.1/cis_1.1.10.yml

@@ -35,5 +35,19 @@ command:
       CISv8_IG1: true
       CISv8_IG2: true
       CISv8_IG3: true
+  usb-storage_blacklist:
+    title: 3.1.2 | Ensure USB Storage is disabled | blacklist
+    exit-status: 0
+    exec: 'grep usb-storage /etc/modprobe.d/blacklist.conf'
+    stdout: ['/^blacklist usb-storage/']
+    meta:
+      server: 1
+      workstation: 2
+      CIS_ID: 1.1.10
+      CISv8: 
+      - 10.3
+      CISv8_IG1: true
+      CISv8_IG2: true
+      CISv8_IG3: true
   {{ end }}
 {{ end }}

section_3/cis_3.1/cis_3.1.2.yml

@@ -15,5 +15,19 @@ command:
       CISv8_IG1: false
       CISv8_IG2: true
       CISv8_IG3: true
+  blacklist_sctp:
+    title: 3.1.2 | Ensure SCTP is disabled | blacklist
+    exit-status: 0
+    exec: 'grep sctp /etc/modprobe.d/blacklist.conf'
+    stdout: ['/^blacklist sctp/']
+    meta:
+      server: 2
+      workstation: 2
+      CIS_ID:
+      - 3.1.2
+      CISv8: 4.8
+      CISv8_IG1: false
+      CISv8_IG2: true
+      CISv8_IG3: true
   {{ end }}
 {{ end }}

section_3/cis_3.1/cis_3.1.3.yml

@@ -15,5 +15,19 @@ command:
       CISv8_IG1: false
       CISv8_IG2: true
       CISv8_IG3: true
+  blacklist_dccp:
+    title: 3.1.2 | Ensure SCTP is disabled | blacklist
+    exit-status: 0
+    exec: 'grep dccp /etc/modprobe.d/blacklist.conf'
+    stdout: ['/^blacklist dccp/']
+    meta:
+      server: 2
+      workstation: 2
+      CIS_ID:
+      - 3.1.3
+      CISv8: 4.8
+      CISv8_IG1: false
+      CISv8_IG2: true
+      CISv8_IG3: true
   {{ end }}
 {{ end }}