Revert "replace /bin/false -> /bin/true"

This reverts commit f0511635a9.

etc/modprobe.d/30_security-misc.conf

@@ -8,25 +8,25 @@ options nf_conntrack nf_conntrack_helper=0
 # Bluetooth also has a history of security vulnerabilities:
 #
 # https://en.wikipedia.org/wiki/Bluetooth#History_of_security_concerns
-install bluetooth /bin/true
+install bluetooth /bin/false
-install btusb /bin/true
+install btusb /bin/false
 
 # Blacklist thunderbolt and firewire to prevent some DMA attacks.
-install thunderbolt /bin/true
+install thunderbolt /bin/false
-install firewire-core /bin/true
+install firewire-core /bin/false
-install firewire_core /bin/true
+install firewire_core /bin/false
-install firewire-ohci /bin/true
+install firewire-ohci /bin/false
-install firewire_ohci /bin/true
+install firewire_ohci /bin/false
-install ohci1394 /bin/true
+install ohci1394 /bin/false
-install sbp2 /bin/true
+install sbp2 /bin/false
-install dv1394 /bin/true
+install dv1394 /bin/false
-install raw1394 /bin/true
+install raw1394 /bin/false
-install video1394 /bin/true
+install video1394 /bin/false
-install firewire-sbp2 /bin/true
+install firewire-sbp2 /bin/false
 
 # Blacklist CPU MSRs as they can be abused to write to
 # arbitrary memory.
-install msr /bin/true
+install msr /bin/false
 
 # Disables unneeded network protocols that will likely not be used as these may have unknown vulnerabilties.
 #
@@ -36,41 +36,41 @@ install msr /bin/true
 #
 # > Other distributions like Ubuntu[1] and Fedora[2] already ship a blacklist for various network protocols which aren't much in use by users and have a poor security track record.
 #
-install dccp /bin/true
+install dccp /bin/false
-install sctp /bin/true
+install sctp /bin/false
-install rds /bin/true
+install rds /bin/false
-install tipc /bin/true
+install tipc /bin/false
-install n-hdlc /bin/true
+install n-hdlc /bin/false
-install ax25 /bin/true
+install ax25 /bin/false
-install netrom /bin/true
+install netrom /bin/false
-install x25 /bin/true
+install x25 /bin/false
-install rose /bin/true
+install rose /bin/false
-install decnet /bin/true
+install decnet /bin/false
-install econet /bin/true
+install econet /bin/false
-install af_802154 /bin/true
+install af_802154 /bin/false
-install ipx /bin/true
+install ipx /bin/false
-install appletalk /bin/true
+install appletalk /bin/false
-install psnap /bin/true
+install psnap /bin/false
-install p8023 /bin/true
+install p8023 /bin/false
-install p8022 /bin/true
+install p8022 /bin/false
-install can /bin/true
+install can /bin/false
-install atm /bin/true
+install atm /bin/false
 
 # Disable uncommon file systems to reduce attack surface
-install cramfs /bin/true
+install cramfs /bin/false
-install freevxfs /bin/true
+install freevxfs /bin/false
-install jffs2 /bin/true
+install jffs2 /bin/false
-install hfs /bin/true
+install hfs /bin/false
-install hfsplus /bin/true
+install hfsplus /bin/false
-install udf /bin/true
+install udf /bin/false
 
 # Disable uncommon network filesystems to reduce attack surface
-install cifs /bin/true
+install cifs /bin/false
-install nfs /bin/true
+install nfs /bin/false
-install nfsv3 /bin/true
+install nfsv3 /bin/false
-install nfsv4 /bin/true
+install nfsv4 /bin/false
-install ksmbd /bin/true
+install ksmbd /bin/false
-install gfs2 /bin/true
+install gfs2 /bin/false
 
 ## Blacklists the vivid kernel module as it's only required for
 ## testing and has been the cause of multiple vulnerabilities.
@@ -78,12 +78,12 @@ install gfs2 /bin/true
 ## https://forums.whonix.org/t/kernel-recompilation-for-better-hardening/7598/233
 ## https://www.openwall.com/lists/oss-security/2019/11/02/1
 ## https://github.com/a13xp0p0v/kconfig-hardened-check/commit/981bd163fa19fccbc5ce5d4182e639d67e484475
-install vivid /bin/true
+install vivid /bin/false
 
 # Disable CD-ROM
-install cdrom /bin/true
+install cdrom /bin/false
-install sr_mod /bin/true
+install sr_mod /bin/false
 
 # Disable Intel Management Engine (ME) interface with OS
-install mei /bin/true
+install mei /bin/false
-install mei-me /bin/true
+install mei-me /bin/false