From a813e7da07a39e96e0cd7937aee7568307a00287 Mon Sep 17 00:00:00 2001 From: flawedworld <38294951+flawedworld@users.noreply.github.com> Date: Sat, 19 Sep 2020 20:46:19 +0100 Subject: [PATCH] Blacklist more modules --- etc/modprobe.d/30_security-misc.conf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/etc/modprobe.d/30_security-misc.conf b/etc/modprobe.d/30_security-misc.conf index 9cba41c..9bb0c18 100644 --- a/etc/modprobe.d/30_security-misc.conf +++ b/etc/modprobe.d/30_security-misc.conf @@ -44,6 +44,14 @@ install appletalk /bin/false install psnap /bin/false install p8023 /bin/false install p8022 /bin/false +install can /bin/false +install atm /bin/false + +# Disable uncommon filesystems to reduce attack surface +install cramfs /bin/false +install vfat /bin/false +install squashfs /bin/false +install udf /bin/false ## Blacklists the vivid kernel module as it's only required for ## testing and has been the cause of multiple vulnerabilities.