Disable more network protocols/drivers

This commit is contained in:
Raja Grewal 2024-07-15 20:56:12 +10:00
parent 9e40ff0551
commit 51f7776bc8
No known key found for this signature in database
GPG Key ID: 92CA473C156B64C4
2 changed files with 51 additions and 8 deletions

View File

@ -63,8 +63,6 @@ blacklist ath_pci
blacklist amd76x_edac
blacklist asus_acpi
blacklist bcm43xx
blacklist eepro100
blacklist eth1394
blacklist evbug
blacklist de4x5
blacklist pcspkr

View File

@ -115,28 +115,73 @@ install nfsv4 /usr/bin/disabled-netfilesys-by-security-misc
## Disables rare and unneeded network protocols that are a common source of unknown vulnerabilities.
##
## https://tails.boum.org/blueprint/blacklist_modules/
## https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols)
## https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-rare-network.conf?h=ubuntu/disco
##
install af_802154 /usr/bin/disabled-network-by-security-misc
install appletalk /usr/bin/disabled-network-by-security-misc
install atm /usr/bin/disabled-network-by-security-misc
install ax25 /usr/bin/disabled-network-by-security-misc
install can /usr/bin/disabled-network-by-security-misc
install brcm80211 /bin/true /usr/bin/disabled-network-by-security-misc
install decnet /usr/bin/disabled-network-by-security-misc
install dccp /usr/bin/disabled-network-by-security-misc
install econet /usr/bin/disabled-network-by-security-misc
install eepro100 /usr/bin/disabled-network-by-security-misc
install eth1394 /usr/bin/disabled-network-by-security-misc
install ipx /usr/bin/disabled-network-by-security-misc
install n-hdlc /usr/bin/disabled-network-by-security-misc
install netrom /usr/bin/disabled-network-by-security-misc
install p8022 /usr/bin/disabled-network-by-security-misc
install p8023 /usr/bin/disabled-network-by-security-misc
install psnap /usr/bin/disabled-network-by-security-misc
install rds /usr/bin/disabled-network-by-security-misc
install rose /usr/bin/disabled-network-by-security-misc
install sctp /usr/bin/disabled-network-by-security-misc
install tipc /usr/bin/disabled-network-by-security-misc
install x25 /usr/bin/disabled-network-by-security-misc
##
## Asynchronous Transfer Mode (ATM):
##
install atm /usr/bin/disabled-network-by-security-misc
install ueagle-atm /usr/bin/disabled-network-by-security-misc
install usbatm /usr/bin/disabled-network-by-security-misc
install xusbatm /usr/bin/disabled-network-by-security-misc
##
## Controller Area Network (CAN) Protocol:
##
install c_can /usr/bin/disabled-network-by-security-misc
install c_can_pci /usr/bin/disabled-network-by-security-misc
install c_can_platform /usr/bin/disabled-network-by-security-misc
install can /usr/bin/disabled-network-by-security-misc
install can-bcm /usr/bin/disabled-network-by-security-misc
install can-dev /usr/bin/disabled-network-by-security-misc
install can-gw /usr/bin/disabled-network-by-security-misc
install can-isotp /usr/bin/disabled-network-by-security-misc
install can-raw /usr/bin/disabled-network-by-security-misc
install can-j1939 /usr/bin/disabled-network-by-security-misc
install can327 /usr/bin/disabled-network-by-security-misc
install ifi_canfd /usr/bin/disabled-network-by-security-misc
install janz-ican3 /usr/bin/disabled-network-by-security-misc
install m_can /usr/bin/disabled-network-by-security-misc
install m_can_pci /usr/bin/disabled-network-by-security-misc
install m_can_platform /usr/bin/disabled-network-by-security-misc
install phy-can-transceiver /usr/bin/disabled-network-by-security-misc
install slcan /usr/bin/disabled-network-by-security-misc
install ucan /usr/bin/disabled-network-by-security-misc
install vxcan /usr/bin/disabled-network-by-security-misc
install vcan /usr/bin/disabled-network-by-security-misc
##
## Transparent Inter Process Communication (TIPC):
##
install tipc /usr/bin/disabled-network-by-security-misc
install tipc_diag /usr/bin/disabled-network-by-security-misc
##
## Reliable Datagram Sockets (RDS):
##
install rds /usr/bin/disabled-network-by-security-misc
install rds_rdma /usr/bin/disabled-network-by-security-misc
install rds_tcp /usr/bin/disabled-network-by-security-misc
##
## Stream Control Transmission Protocol (SCTP):
##
install sctp /usr/bin/disabled-network-by-security-misc
install sctp_diag /usr/bin/disabled-network-by-security-misc
## Miscellaneous:
##