mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-25 06:39:26 -05:00
Disable more network protocols/drivers
This commit is contained in:
parent
9e40ff0551
commit
51f7776bc8
@ -63,8 +63,6 @@ blacklist ath_pci
|
||||
blacklist amd76x_edac
|
||||
blacklist asus_acpi
|
||||
blacklist bcm43xx
|
||||
blacklist eepro100
|
||||
blacklist eth1394
|
||||
blacklist evbug
|
||||
blacklist de4x5
|
||||
blacklist pcspkr
|
||||
|
@ -115,28 +115,73 @@ install nfsv4 /usr/bin/disabled-netfilesys-by-security-misc
|
||||
## Disables rare and unneeded network protocols that are a common source of unknown vulnerabilities.
|
||||
##
|
||||
## https://tails.boum.org/blueprint/blacklist_modules/
|
||||
## https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols)
|
||||
## https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols
|
||||
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-rare-network.conf?h=ubuntu/disco
|
||||
##
|
||||
install af_802154 /usr/bin/disabled-network-by-security-misc
|
||||
install appletalk /usr/bin/disabled-network-by-security-misc
|
||||
install atm /usr/bin/disabled-network-by-security-misc
|
||||
install ax25 /usr/bin/disabled-network-by-security-misc
|
||||
install can /usr/bin/disabled-network-by-security-misc
|
||||
install brcm80211 /bin/true /usr/bin/disabled-network-by-security-misc
|
||||
install decnet /usr/bin/disabled-network-by-security-misc
|
||||
install dccp /usr/bin/disabled-network-by-security-misc
|
||||
install econet /usr/bin/disabled-network-by-security-misc
|
||||
install eepro100 /usr/bin/disabled-network-by-security-misc
|
||||
install eth1394 /usr/bin/disabled-network-by-security-misc
|
||||
install ipx /usr/bin/disabled-network-by-security-misc
|
||||
install n-hdlc /usr/bin/disabled-network-by-security-misc
|
||||
install netrom /usr/bin/disabled-network-by-security-misc
|
||||
install p8022 /usr/bin/disabled-network-by-security-misc
|
||||
install p8023 /usr/bin/disabled-network-by-security-misc
|
||||
install psnap /usr/bin/disabled-network-by-security-misc
|
||||
install rds /usr/bin/disabled-network-by-security-misc
|
||||
install rose /usr/bin/disabled-network-by-security-misc
|
||||
install sctp /usr/bin/disabled-network-by-security-misc
|
||||
install tipc /usr/bin/disabled-network-by-security-misc
|
||||
install x25 /usr/bin/disabled-network-by-security-misc
|
||||
##
|
||||
## Asynchronous Transfer Mode (ATM):
|
||||
##
|
||||
install atm /usr/bin/disabled-network-by-security-misc
|
||||
install ueagle-atm /usr/bin/disabled-network-by-security-misc
|
||||
install usbatm /usr/bin/disabled-network-by-security-misc
|
||||
install xusbatm /usr/bin/disabled-network-by-security-misc
|
||||
##
|
||||
## Controller Area Network (CAN) Protocol:
|
||||
##
|
||||
install c_can /usr/bin/disabled-network-by-security-misc
|
||||
install c_can_pci /usr/bin/disabled-network-by-security-misc
|
||||
install c_can_platform /usr/bin/disabled-network-by-security-misc
|
||||
install can /usr/bin/disabled-network-by-security-misc
|
||||
install can-bcm /usr/bin/disabled-network-by-security-misc
|
||||
install can-dev /usr/bin/disabled-network-by-security-misc
|
||||
install can-gw /usr/bin/disabled-network-by-security-misc
|
||||
install can-isotp /usr/bin/disabled-network-by-security-misc
|
||||
install can-raw /usr/bin/disabled-network-by-security-misc
|
||||
install can-j1939 /usr/bin/disabled-network-by-security-misc
|
||||
install can327 /usr/bin/disabled-network-by-security-misc
|
||||
install ifi_canfd /usr/bin/disabled-network-by-security-misc
|
||||
install janz-ican3 /usr/bin/disabled-network-by-security-misc
|
||||
install m_can /usr/bin/disabled-network-by-security-misc
|
||||
install m_can_pci /usr/bin/disabled-network-by-security-misc
|
||||
install m_can_platform /usr/bin/disabled-network-by-security-misc
|
||||
install phy-can-transceiver /usr/bin/disabled-network-by-security-misc
|
||||
install slcan /usr/bin/disabled-network-by-security-misc
|
||||
install ucan /usr/bin/disabled-network-by-security-misc
|
||||
install vxcan /usr/bin/disabled-network-by-security-misc
|
||||
install vcan /usr/bin/disabled-network-by-security-misc
|
||||
##
|
||||
## Transparent Inter Process Communication (TIPC):
|
||||
##
|
||||
install tipc /usr/bin/disabled-network-by-security-misc
|
||||
install tipc_diag /usr/bin/disabled-network-by-security-misc
|
||||
##
|
||||
## Reliable Datagram Sockets (RDS):
|
||||
##
|
||||
install rds /usr/bin/disabled-network-by-security-misc
|
||||
install rds_rdma /usr/bin/disabled-network-by-security-misc
|
||||
install rds_tcp /usr/bin/disabled-network-by-security-misc
|
||||
##
|
||||
## Stream Control Transmission Protocol (SCTP):
|
||||
##
|
||||
install sctp /usr/bin/disabled-network-by-security-misc
|
||||
install sctp_diag /usr/bin/disabled-network-by-security-misc
|
||||
|
||||
## Miscellaneous:
|
||||
##
|
||||
|
Loading…
Reference in New Issue
Block a user