From daa30d4e7830ba38ed52f83e6ac93c3a4e03ee33 Mon Sep 17 00:00:00 2001 From: Raja Grewal Date: Wed, 9 Nov 2022 20:43:59 +1100 Subject: [PATCH 1/3] Include several framebuffer drivers into blacklist These were previously commented out to test for compatibility issues. --- etc/modprobe.d/30_security-misc.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/etc/modprobe.d/30_security-misc.conf b/etc/modprobe.d/30_security-misc.conf index 48d5b25..7acdb74 100644 --- a/etc/modprobe.d/30_security-misc.conf +++ b/etc/modprobe.d/30_security-misc.conf @@ -109,19 +109,19 @@ blacklist amd76x_edac ## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-framebuffer.conf?h=ubuntu/disco blacklist aty128fb blacklist atyfb -#blacklist radeonfb +blacklist radeonfb blacklist cirrusfb blacklist cyber2000fb blacklist cyblafb blacklist gx1fb blacklist hgafb blacklist i810fb -#blacklist intelfb +blacklist intelfb blacklist kyrofb blacklist lxfb blacklist matroxfb_bases blacklist neofb -#blacklist nvidiafb +blacklist nvidiafb blacklist pm2fb blacklist rivafb blacklist s1d13xxxfb @@ -130,7 +130,7 @@ blacklist sisfb blacklist sstfb blacklist tdfxfb blacklist tridentfb -#blacklist vesafb +blacklist vesafb blacklist vfb blacklist viafb blacklist vt8623fb From 6f695902fb70cbbc95b71f827216ab84edcfeb83 Mon Sep 17 00:00:00 2001 From: Raja Grewal Date: Wed, 23 Nov 2022 23:53:40 +1100 Subject: [PATCH 2/3] Add comment about legacy Apple fiesystems --- etc/modprobe.d/30_security-misc.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/modprobe.d/30_security-misc.conf b/etc/modprobe.d/30_security-misc.conf index 7acdb74..cda71ad 100644 --- a/etc/modprobe.d/30_security-misc.conf +++ b/etc/modprobe.d/30_security-misc.conf @@ -57,6 +57,7 @@ install can /bin/disabled-network-by-security-misc install atm /bin/disabled-network-by-security-misc ## Disable uncommon file systems to reduce attack surface +## HFS and HFS+ are legacy Apple filesystems that may be required depending of the EFI parition format install cramfs /bin/disabled-filesys-by-security-misc install freevxfs /bin/disabled-filesys-by-security-misc install jffs2 /bin/disabled-filesys-by-security-misc From d67845fea89f4a74ed4b0a6eefbf2bf228b13a1b Mon Sep 17 00:00:00 2001 From: Raja Grewal Date: Tue, 13 Dec 2022 16:11:24 +1100 Subject: [PATCH 3/3] Typo --- etc/modprobe.d/30_security-misc.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/modprobe.d/30_security-misc.conf b/etc/modprobe.d/30_security-misc.conf index cda71ad..0b3a84a 100644 --- a/etc/modprobe.d/30_security-misc.conf +++ b/etc/modprobe.d/30_security-misc.conf @@ -57,7 +57,7 @@ install can /bin/disabled-network-by-security-misc install atm /bin/disabled-network-by-security-misc ## Disable uncommon file systems to reduce attack surface -## HFS and HFS+ are legacy Apple filesystems that may be required depending of the EFI parition format +## HFS and HFS+ are legacy Apple filesystems that may be required depending on the EFI parition format install cramfs /bin/disabled-filesys-by-security-misc install freevxfs /bin/disabled-filesys-by-security-misc install jffs2 /bin/disabled-filesys-by-security-misc