Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-25 01:33:21 -05:00
Code Issues Projects Releases Packages Wiki Activity

Disable more file systems

Browse source
This commit is contained in:
raja-grewal 2025-11-21 12:43:05 +00:00 committed by GitHub
parent 1865cafe44
commit 1a7b0a9122
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 21 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

21
etc/modprobe.d/30_security-misc_disable.conf#security-misc-shared
View file

@ -117,18 +117,39 @@ install thunderbolt_net /usr/bin/disabled-thunderbolt-by-security-misc
## Disable uncommon file systems to reduce attack surface.
## HFS/HFS+ are legacy Apple file systems that may be required depending on the EFI partition format.
##
## https://docs.kernel.org/filesystems/index.html
## https://github.com/secureblue/secureblue/tree/live/files/system/usr/lib/modprobe.d
##
install adfs /usr/bin/disabled-filesys-by-security-misc
install affs /usr/bin/disabled-filesys-by-security-misc
install afs /usr/bin/disabled-filesys-by-security-misc
install befs /usr/bin/disabled-filesys-by-security-misc
install ceph /usr/bin/disabled-filesys-by-security-misc
install coda /usr/bin/disabled-filesys-by-security-misc
install cramfs /usr/bin/disabled-filesys-by-security-misc
install ecryptfs /usr/bin/disabled-filesys-by-security-misc
install freevxfs /usr/bin/disabled-filesys-by-security-misc
install hfs /usr/bin/disabled-filesys-by-security-misc
install hfsplus /usr/bin/disabled-filesys-by-security-misc
install jffs2 /usr/bin/disabled-filesys-by-security-misc
install jfs /usr/bin/disabled-filesys-by-security-misc
install kafs /usr/bin/disabled-filesys-by-security-misc
install minix /usr/bin/disabled-filesys-by-security-misc
install nilfs2 /usr/bin/disabled-filesys-by-security-misc
install ocfs2 /usr/bin/disabled-filesys-by-security-misc
install orangefs /usr/bin/disabled-filesys-by-security-misc
install reiserfs /usr/bin/disabled-filesys-by-security-misc
install romfs /usr/bin/disabled-filesys-by-security-misc
install sysv /usr/bin/disabled-filesys-by-security-misc
install ubifs /usr/bin/disabled-filesys-by-security-misc
install udf /usr/bin/disabled-filesys-by-security-misc
install ufs /usr/bin/disabled-filesys-by-security-misc
install zonefs /usr/bin/disabled-filesys-by-security-misc
## Network File Systems:
## Disable uncommon network file systems to reduce attack surface.
##
install 9p /usr/bin/disabled-netfilesys-by-security-misc
install gfs2 /usr/bin/disabled-netfilesys-by-security-misc
install ksmbd /usr/bin/disabled-netfilesys-by-security-misc
##