Blacklist more modules

etc/modprobe.d/30_security-misc.conf

@@ -12,8 +12,17 @@ install bluetooth /bin/false
 install btusb /bin/false
 
 # Blacklist thunderbolt and firewire to prevent some DMA attacks.
-install firewire-core /bin/false
 install thunderbolt /bin/false
+install firewire-core /bin/false
+install firewire_core /bin/false
+install firewire-ohci /bin/false
+install firewire_ohci /bin/false
+install ohci1394 /bin/false
+install sbp2 /bin/false
+install dv1394 /bin/false
+install raw1394 /bin/false
+install video1394 /bin/false
+install firewire-sbp2 /bin/false
 
 # Blacklist CPU MSRs as they can be abused to write to
 # arbitrary memory.
@@ -47,10 +56,22 @@ install p8022 /bin/false
 install can /bin/false
 install atm /bin/false
 
-# Disable uncommon filesystems to reduce attack surface
+# Disable uncommon file systems to reduce attack surface
 install cramfs /bin/false
+install freevxfs /bin/false
+install jffs2 /bin/false
+install hfs /bin/false
+install hfsplus /bin/false
 install udf /bin/false
 
+# Disable uncommon network filesystems to reduce attack surface
+install cifs /bin/false
+install nfs /bin/false
+install nfsv3 /bin/false
+install nfsv4 /bin/false
+install ksmbd /bin/false
+install gfs2 /bin/false
+
 ## Blacklists the vivid kernel module as it's only required for
 ## testing and has been the cause of multiple vulnerabilities.
 ##
@@ -58,3 +79,11 @@ install udf /bin/false
 ## https://www.openwall.com/lists/oss-security/2019/11/02/1
 ## https://github.com/a13xp0p0v/kconfig-hardened-check/commit/981bd163fa19fccbc5ce5d4182e639d67e484475
 install vivid /bin/false
+
+# Disable CD-ROM
+install cdrom /bin/false
+install sr_mod /bin/false
+
+# Disable Intel Management Engine (ME) interface with OS
+install mei /bin/false
+install mei-me /bin/false