Description

If a Kernel module isn't installed on a machine, the check to confirm it is disabled fails due to the way that the kernel_module resource operates. If the module isn't found on the machine, be_disabled, be_loaded and be_blacklisted will all return false (as in, they technically don't meet the criteria because they don't exist).

Reproduction steps

inspec> describe kernel_module('cramfs') do
inspec>   it {should be_disabled}
inspec> end

Profile:   inspec-shell
Version:   (not specified)
Target ID:

  Kernel Module cramfs
     ×  is expected to be disabled
     expected `Kernel Module cramfs.disabled?` to be truthy, got false

Test Summary: 0 successful, 1 failure, 0 skipped
inspec> describe file('/proc/modules') do
inspec>   its('content') { should_not match (/^cramfs\s/) }
inspec> end

Profile:   inspec-shell
Version:   (not specified)
Target ID:

  File /proc/modules
     ✔  content is expected not to match /^cramfs\s/

Test Summary: 1 successful, 0 failures, 0 skipped
inspec>

Current Behavior

...
False positives for kernel modules that are expected to be disabled but don't exist on the target system.

Expected Behavior

...
If a module isn't installed on the target system, these checks should pass.

OS / Environment

...
Linux (Tested on Ubuntu 22.04 LTS)

Inspec Version

...
5.21.29

Baseline Version

...
0.4.12

Additional information

...