Merge pull request #27 from madaidan/patch-21

Blacklist bluetooth
2024-12-25 19:49:22 -05:00 · 2019-08-16 14:36:00 +00:00 · 2019-08-16 14:36:00 +00:00 · 9781598632
commit 9781598632
parent 34672b88a8 85502ad430
2 changed files with 7 additions and 1 deletions
--- a/debian/control
+++ b/debian/control
@ -72,7 +72,10 @@ Description: enhances misc security settings
  * The kernel now panics on oopses to prevent it from continuing running a
 flawed process.
 .
- Requires every module to be signed before being loaded. Any module that is
+  * Bluetooth is blacklisted to reduce attack surface. Bluetooth also has
+ a history of [security concerns](https://en.wikipedia.org/wiki/Bluetooth#History_of_security_concerns).
+ .
+  * Requires every module to be signed before being loaded. Any module that is
 unsigned or signed with an invalid key cannot be loaded. This makes it harder
 to load a malicious module.
 /etc/default/grub.d/40_only_allow_signed_modules.cfg
--- a/etc/modprobe.d/blacklist-bluetooth.conf
+++ b/etc/modprobe.d/blacklist-bluetooth.conf
@ -0,0 +1,3 @@
+# Blacklists bluetooth.
+install bluetooth /bin/true
+install btusb /bin/true