Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-26 07:29:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Disable more network protocols/drivers

Browse Source
This commit is contained in:
Raja Grewal 2024-07-15 20:56:12 +10:00
parent 9e40ff0551
commit 51f7776bc8
No known key found for this signature in database
GPG Key ID: 92CA473C156B64C4
2 changed files with 51 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etc/modprobe.d/30_security-misc_blacklist.conf
View File

@ -63,8 +63,6 @@ blacklist ath_pci
blacklist amd76x_edac blacklist amd76x_edac
blacklist asus_acpi blacklist asus_acpi
blacklist bcm43xx blacklist bcm43xx
blacklist eepro100
blacklist eth1394
blacklist evbug blacklist evbug
blacklist de4x5 blacklist de4x5
blacklist pcspkr blacklist pcspkr

57
etc/modprobe.d/30_security-misc_disable.conf
View File

@ -115,28 +115,73 @@ install nfsv4 /usr/bin/disabled-netfilesys-by-security-misc
## Disables rare and unneeded network protocols that are a common source of unknown vulnerabilities. ## Disables rare and unneeded network protocols that are a common source of unknown vulnerabilities.
## ##
## https://tails.boum.org/blueprint/blacklist_modules/ ## https://tails.boum.org/blueprint/blacklist_modules/
## https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols) ## https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-rare-network.conf?h=ubuntu/disco ## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-rare-network.conf?h=ubuntu/disco
## ##
install af_802154 /usr/bin/disabled-network-by-security-misc install af_802154 /usr/bin/disabled-network-by-security-misc
install appletalk /usr/bin/disabled-network-by-security-misc install appletalk /usr/bin/disabled-network-by-security-misc
install atm /usr/bin/disabled-network-by-security-misc
install ax25 /usr/bin/disabled-network-by-security-misc install ax25 /usr/bin/disabled-network-by-security-misc
install can /usr/bin/disabled-network-by-security-misc install brcm80211 /bin/true /usr/bin/disabled-network-by-security-misc
install decnet /usr/bin/disabled-network-by-security-misc install decnet /usr/bin/disabled-network-by-security-misc
install dccp /usr/bin/disabled-network-by-security-misc install dccp /usr/bin/disabled-network-by-security-misc
install econet /usr/bin/disabled-network-by-security-misc install econet /usr/bin/disabled-network-by-security-misc
install eepro100 /usr/bin/disabled-network-by-security-misc
install eth1394 /usr/bin/disabled-network-by-security-misc
install ipx /usr/bin/disabled-network-by-security-misc install ipx /usr/bin/disabled-network-by-security-misc
install n-hdlc /usr/bin/disabled-network-by-security-misc install n-hdlc /usr/bin/disabled-network-by-security-misc
install netrom /usr/bin/disabled-network-by-security-misc install netrom /usr/bin/disabled-network-by-security-misc
install p8022 /usr/bin/disabled-network-by-security-misc install p8022 /usr/bin/disabled-network-by-security-misc
install p8023 /usr/bin/disabled-network-by-security-misc install p8023 /usr/bin/disabled-network-by-security-misc
install psnap /usr/bin/disabled-network-by-security-misc install psnap /usr/bin/disabled-network-by-security-misc
install rds /usr/bin/disabled-network-by-security-misc
install rose /usr/bin/disabled-network-by-security-misc install rose /usr/bin/disabled-network-by-security-misc
install sctp /usr/bin/disabled-network-by-security-misc
install tipc /usr/bin/disabled-network-by-security-misc
install x25 /usr/bin/disabled-network-by-security-misc install x25 /usr/bin/disabled-network-by-security-misc
##
## Asynchronous Transfer Mode (ATM):
##
install atm /usr/bin/disabled-network-by-security-misc
install ueagle-atm /usr/bin/disabled-network-by-security-misc
install usbatm /usr/bin/disabled-network-by-security-misc
install xusbatm /usr/bin/disabled-network-by-security-misc
##
## Controller Area Network (CAN) Protocol:
##
install c_can /usr/bin/disabled-network-by-security-misc
install c_can_pci /usr/bin/disabled-network-by-security-misc
install c_can_platform /usr/bin/disabled-network-by-security-misc
install can /usr/bin/disabled-network-by-security-misc
install can-bcm /usr/bin/disabled-network-by-security-misc
install can-dev /usr/bin/disabled-network-by-security-misc
install can-gw /usr/bin/disabled-network-by-security-misc
install can-isotp /usr/bin/disabled-network-by-security-misc
install can-raw /usr/bin/disabled-network-by-security-misc
install can-j1939 /usr/bin/disabled-network-by-security-misc
install can327 /usr/bin/disabled-network-by-security-misc
install ifi_canfd /usr/bin/disabled-network-by-security-misc
install janz-ican3 /usr/bin/disabled-network-by-security-misc
install m_can /usr/bin/disabled-network-by-security-misc
install m_can_pci /usr/bin/disabled-network-by-security-misc
install m_can_platform /usr/bin/disabled-network-by-security-misc
install phy-can-transceiver /usr/bin/disabled-network-by-security-misc
install slcan /usr/bin/disabled-network-by-security-misc
install ucan /usr/bin/disabled-network-by-security-misc
install vxcan /usr/bin/disabled-network-by-security-misc
install vcan /usr/bin/disabled-network-by-security-misc
##
## Transparent Inter Process Communication (TIPC):
##
install tipc /usr/bin/disabled-network-by-security-misc
install tipc_diag /usr/bin/disabled-network-by-security-misc
##
## Reliable Datagram Sockets (RDS):
##
install rds /usr/bin/disabled-network-by-security-misc
install rds_rdma /usr/bin/disabled-network-by-security-misc
install rds_tcp /usr/bin/disabled-network-by-security-misc
##
## Stream Control Transmission Protocol (SCTP):
##
install sctp /usr/bin/disabled-network-by-security-misc
install sctp_diag /usr/bin/disabled-network-by-security-misc
## Miscellaneous: ## Miscellaneous:
## ##