From be2a186775e46d1655ff4e46680b360c917a3d19 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Mon, 27 Jan 2020 14:36:16 +0100
Subject: [PATCH 1/2] ocp4/moderate: enable usb-storage kernel module checking

---
 .../mounting/kernel_module_usb-storage_disabled/rule.yml       | 2 +-
 ocp4/profiles/moderate.profile                                 | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
index c174eba317a5..dba4a2a28ec2 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: wrlinux1019,rhel6,rhel7,rhel8,fedora,ol7,ol8,rhv4
+prodtype: wrlinux1019,rhel6,rhel7,rhel8,fedora,ol7,ol8,rhv4,ocp4
 
 title: 'Disable Modprobe Loading of USB Storage Driver'
 
diff --git a/ocp4/profiles/moderate.profile b/ocp4/profiles/moderate.profile
index e7f9a492e8dd..b18376e386db 100644
--- a/ocp4/profiles/moderate.profile
+++ b/ocp4/profiles/moderate.profile
@@ -607,3 +607,6 @@ selections:
     - audit_rules_etc_shadow_openat
     - audit_rules_etc_shadow_open_by_handle_at
     - directory_access_var_log_audit
+
+    # CM-7
+    - kernel_module_usb-storage_disabled

From 622dff07904fdd9995c357a787f0c522972c7933 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Mon, 27 Jan 2020 14:59:00 +0100
Subject: [PATCH 2/2] ocp4/moderate: Add check for squashfs disabled.

---
 .../mounting/kernel_module_squashfs_disabled/rule.yml           | 2 +-
 ocp4/profiles/moderate.profile                                  | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
index 5d0c13500902..b314dbdc3d95 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel6,rhel7,rhel8,fedora
+prodtype: rhel6,rhel7,rhel8,fedora,ocp4
 
 title: 'Disable Mounting of squashfs'
 
diff --git a/ocp4/profiles/moderate.profile b/ocp4/profiles/moderate.profile
index b18376e386db..ad3312a9e211 100644
--- a/ocp4/profiles/moderate.profile
+++ b/ocp4/profiles/moderate.profile
@@ -610,3 +610,4 @@ selections:
 
     # CM-7
     - kernel_module_usb-storage_disabled
+    - kernel_module_squashfs_disabled