mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-29 07:36:13 -05:00
Merge remote-tracking branch 'github-kicksecure/master'
This commit is contained in:
commit
c336b266f6
@ -210,6 +210,9 @@ disabling should first be blacklisted for a suitable amount of time.
|
||||
- Not yet enabled: Intel Management Engine (ME): Provides some disabling of the interface between the
|
||||
Intel ME and the OS. See discussion: https://github.com/Kicksecure/security-misc/issues/239
|
||||
|
||||
- Intel Platform Monitoring Technology Telemetry (PMT): Disable some functionality
|
||||
of the Intel PMT components.
|
||||
|
||||
- Network File Systems: Disable uncommon and legacy network file systems.
|
||||
|
||||
- Network Protocols: Wide array of uncommon and legacy network protocols are disabled.
|
||||
|
@ -103,6 +103,15 @@ install gnss-usb /usr/bin/disabled-gps-by-security-misc
|
||||
#install mei_wdt /usr/bin/disabled-intelme-by-security-misc
|
||||
#install microread_mei /usr/bin/disabled-intelme-by-security-misc
|
||||
|
||||
## Intel Platform Monitoring Technology Telemetry (PMT):
|
||||
## Disable some functionality of the Intel PMT components.
|
||||
##
|
||||
## https://github.com/intel/Intel-PMT
|
||||
##
|
||||
install pmt_class /usr/bin/disabled-intelpmt-by-security-misc
|
||||
install pmt_crashlog /usr/bin/disabled-intelpmt-by-security-misc
|
||||
install pmt_telemetry /usr/bin/disabled-intelpmt-by-security-misc
|
||||
|
||||
## Network File Systems:
|
||||
## Disable uncommon network file systems to reduce attack surface.
|
||||
##
|
||||
|
10
usr/bin/disabled-intelpmt-by-security-misc
Executable file
10
usr/bin/disabled-intelpmt-by-security-misc
Executable file
@ -0,0 +1,10 @@
|
||||
#!/bin/bash
|
||||
|
||||
## Copyright (C) 2024 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
||||
## See the file COPYING for copying conditions.
|
||||
|
||||
## Alerts the user that a kernel module failed to load due to it being blacklisted by default.
|
||||
|
||||
echo "$0: ERROR: This Intel Platform Monitoring Technology Telemetry (PMT) kernel module is disabled by package security-misc by default. See the configuration file /etc/modprobe.d/30_security-misc_disable.conf | args: $@" >&2
|
||||
|
||||
exit 1
|
Loading…
Reference in New Issue
Block a user