Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-22 21:21:01 -05:00
Code Issues Packages Projects Releases Wiki Activity

Revert "allow loading unsigned modules due to issues"

Browse Source 
This reverts commit 661bcd8603.
This commit is contained in:
Patrick Schleizer 2023-11-03 12:17:00 -04:00
parent 04b210ee88
commit b6d53f698d
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
debian/security-misc.maintscript vendored
View File

@ -3,9 +3,6 @@
rm_conffile /etc/sudoers.d/umask-security-misc
## https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23
rm_conffile /etc/default/grub.d/40_only_allow_signed_modules.cfg
## https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079
rm_conffile /etc/sysctl.d/sysrq.conf

4
etc/default/grub.d/40_only_allow_signed_modules.cfg Normal file
View File

@ -0,0 +1,4 @@
## Requires every module to be signed before being loaded.
## Any module that is unsigned or signed with an invalid key cannot be loaded.
## This makes it harder to load a malicious module.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX module.sig_enforce=1"