security-misc/lib/systemd/system/harden-module-loading.service

15 lines
519 B
SYSTEMD
Raw Normal View History

2023-11-02 06:24:35 -04:00
[Unit]
Description=Disable the loading of modules to the kernel after startup. This could be malicious.
After=systemd-modules-load.service
2023-11-04 16:56:08 -04:00
Before=sysinit.target
2023-11-02 06:24:35 -04:00
# This functionality is implemented with this and not directly in the sysctl config is
# to allow systemd-modules-load.service to load the modules with no problem but
# to disallow anyone else do the same after the system boots up.
[Service]
Type=oneshot
ExecStart=/usr/libexec/security-misc/disable-kernel-module-loading
[Install]
WantedBy=sysinit.target