Sort 30_security-misc_disable.conf

etc/modprobe.d/30_security-misc_disable.conf

@@ -24,6 +24,17 @@
 #
 #install msr /usr/bin/disabled-msr-by-security-misc
 
+## File Systems:
+## Disable uncommon file systems to reduce attack surface.
+## HFS and HFS+ are legacy Apple filesystems that may be required depending on the EFI partition format.
+#
+install cramfs /usr/bin/disabled-filesys-by-security-misc
+install freevxfs /usr/bin/disabled-filesys-by-security-misc
+install hfs /usr/bin/disabled-filesys-by-security-misc
+install hfsplus /usr/bin/disabled-filesys-by-security-misc
+install jffs2 /usr/bin/disabled-filesys-by-security-misc
+install udf /usr/bin/disabled-filesys-by-security-misc
+
 ## FireWire (IEEE 1394):
 ## Disable IEEE 1394 (FireWire/i.LINK/Lynx) modules to prevent some DMA attacks.
 ## https://en.wikipedia.org/wiki/IEEE_1394#Security_issues
@@ -38,18 +49,7 @@ install raw1394 /usr/bin/disabled-firewire-by-security-misc
 install sbp2 /usr/bin/disabled-firewire-by-security-misc
 install video1394 /usr/bin/disabled-firewire-by-security-misc
 
-## File Systems:
-## Disable uncommon file systems to reduce attack surface.
-## HFS and HFS+ are legacy Apple filesystems that may be required depending on the EFI partition format.
-#
-install cramfs /usr/bin/disabled-filesys-by-security-misc
-install freevxfs /usr/bin/disabled-filesys-by-security-misc
-install hfs /usr/bin/disabled-filesys-by-security-misc
-install hfsplus /usr/bin/disabled-filesys-by-security-misc
-install jffs2 /usr/bin/disabled-filesys-by-security-misc
-install udf /usr/bin/disabled-filesys-by-security-misc
-
-## Global Positioning Systems:
+## Global Positioning Systems (GPS):
 ## Disable GPS-related modules like GNSS (Global Navigation Satellite System).
 #
 install gnss /usr/bin/disabled-gps-by-security-misc