Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-08-02 15:46:10 -04:00
Code Issues Projects Releases Packages Wiki Activity

Split modprobe into blacklisted and disabled configurations

Browse source
This commit is contained in:
Raja Grewal 2024-07-12 02:42:37 +10:00
parent fc792ff232
commit b02230a783
No known key found for this signature in database
GPG key ID: 92CA473C156B64C4
14 changed files with 96 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -122,10 +122,11 @@ preventing new modules from being loaded. Since this isn't configured directly
within systemctl, it does not break the loading of legitimate and necessary
modules for the user, like drivers etc., given they are plugged in on startup.
#### Disables and blacklists kernel modules
#### Blacklist and disable kernel modules
Certain kernel modules are disabled and blacklisted by default to reduce attack
surface via the `/etc/modprobe.d/30_security-misc.conf` configuration file.
Certain kernel modules are blacklisted and disabled by default to reduce attack
surface via both the `/etc/modprobe.d/30_security-misc_blacklist.conf` and
`/etc/modprobe.d/30_security-misc_disable.conf` configuration files respectively.
- Deactivates Netfilter's connection tracking helper - this module increases
kernel attack surface by enabling superfluous functionality such as IRC