mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-24 00:49:26 -05:00
allow loading unsigned modules due to issues
https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23
This commit is contained in:
parent
9ee9309f54
commit
661bcd8603
5
debian/control
vendored
5
debian/control
vendored
@ -80,11 +80,6 @@ Description: enhances misc security settings
|
||||
* Bluetooth is blacklisted to reduce attack surface. Bluetooth also has
|
||||
a history of security concerns.
|
||||
https://en.wikipedia.org/wiki/Bluetooth#History_of_security_concerns
|
||||
.
|
||||
* Requires every module to be signed before being loaded. Any module that is
|
||||
unsigned or signed with an invalid key cannot be loaded. This makes it harder
|
||||
to load a malicious module.
|
||||
/etc/default/grub.d/40_only_allow_signed_modules.cfg
|
||||
.
|
||||
Uncommon network protocols are blacklisted:
|
||||
These are rarely used and may have unknown vulnerabilities.
|
||||
|
3
debian/security-misc.maintscript
vendored
3
debian/security-misc.maintscript
vendored
@ -2,3 +2,6 @@
|
||||
## See the file COPYING for copying conditions.
|
||||
|
||||
rm_conffile /etc/sudoers.d/umask-security-misc
|
||||
|
||||
## https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23
|
||||
rm_conffile /etc/default/grub.d/40_only_allow_signed_modules.cfg
|
||||
|
@ -1,4 +0,0 @@
|
||||
## Requires every module to be signed before being loaded.
|
||||
## Any module that is unsigned or signed with an invalid key cannot be loaded.
|
||||
## This makes it harder to load a malicious module.
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX module.sig_enforce=1"
|
Loading…
Reference in New Issue
Block a user