Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-06-07 08:22:40 -04:00
Code Issues Projects Releases Packages Wiki Activity

Alphabetically sort existing modprobe

Browse source
This commit is contained in:
Raja Grewal 2024-07-12 02:29:36 +10:00
parent fe20f3240e
commit fc792ff232
No known key found for this signature in database
GPG key ID: 92CA473C156B64C4
1 changed files with 38 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

76
etc/modprobe.d/30_security-misc.conf
View file

@ -31,7 +31,6 @@ options nf_conntrack nf_conntrack_helper=0
# #
blacklist aty128fb blacklist aty128fb
blacklist atyfb blacklist atyfb
blacklist radeonfb
blacklist cirrusfb blacklist cirrusfb
blacklist cyber2000fb blacklist cyber2000fb
blacklist cyblafb blacklist cyblafb
@ -45,6 +44,7 @@ blacklist matroxfb_bases
blacklist neofb blacklist neofb
blacklist nvidiafb blacklist nvidiafb
blacklist pm2fb blacklist pm2fb
blacklist radeonfb
blacklist rivafb blacklist rivafb
blacklist s1d13xxxfb blacklist s1d13xxxfb
blacklist savagefb blacklist savagefb
@ -63,21 +63,21 @@ blacklist udlfb
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-ath_pci.conf?h=ubuntu/disco ## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-ath_pci.conf?h=ubuntu/disco
# #
blacklist ath_pci blacklist ath_pci
blacklist evbug
blacklist usbmouse
blacklist usbkbd
blacklist eepro100
blacklist de4x5
blacklist eth1394
blacklist snd_intel8x0m
blacklist snd_aw2
blacklist prism54
blacklist bcm43xx
blacklist garmin_gps
blacklist asus_acpi
blacklist snd_pcsp
blacklist pcspkr
blacklist amd76x_edac blacklist amd76x_edac
blacklist asus_acpi
blacklist bcm43xx
blacklist eepro100
blacklist eth1394
blacklist evbug
blacklist de4x5
blacklist garmin_gps
blacklist pcspkr
blacklist prism54
blacklist snd_aw2
blacklist snd_intel8x0m
blacklist snd_pcsp
blacklist usbkbd
blacklist usbmouse
## Bluetooth: ## Bluetooth:
## Disable Bluetooth to reduce attack surface due to extended history of security vulnerabilities. ## Disable Bluetooth to reduce attack surface due to extended history of security vulnerabilities.
@ -99,14 +99,14 @@ blacklist amd76x_edac
## Disable IEEE 1394 (FireWire/i.LINK/Lynx) modules to prevent some DMA attacks. ## Disable IEEE 1394 (FireWire/i.LINK/Lynx) modules to prevent some DMA attacks.
## https://en.wikipedia.org/wiki/IEEE_1394#Security_issues ## https://en.wikipedia.org/wiki/IEEE_1394#Security_issues
# #
install dv1394 /usr/bin/disabled-firewire-by-security-misc
install firewire-core /usr/bin/disabled-firewire-by-security-misc install firewire-core /usr/bin/disabled-firewire-by-security-misc
install firewire-net /usr/bin/disabled-firewire-by-security-misc
install firewire-ohci /usr/bin/disabled-firewire-by-security-misc install firewire-ohci /usr/bin/disabled-firewire-by-security-misc
install firewire-net /usr/bin/disabled-firewire-by-security-misc
install firewire-sbp2 /usr/bin/disabled-firewire-by-security-misc install firewire-sbp2 /usr/bin/disabled-firewire-by-security-misc
install ohci1394 /usr/bin/disabled-firewire-by-security-misc install ohci1394 /usr/bin/disabled-firewire-by-security-misc
install sbp2 /usr/bin/disabled-firewire-by-security-misc
install dv1394 /usr/bin/disabled-firewire-by-security-misc
install raw1394 /usr/bin/disabled-firewire-by-security-misc install raw1394 /usr/bin/disabled-firewire-by-security-misc
install sbp2 /usr/bin/disabled-firewire-by-security-misc
install video1394 /usr/bin/disabled-firewire-by-security-misc install video1394 /usr/bin/disabled-firewire-by-security-misc
## File Systems: ## File Systems:
@ -115,9 +115,9 @@ install video1394 /usr/bin/disabled-firewire-by-security-misc
# #
install cramfs /usr/bin/disabled-filesys-by-security-misc install cramfs /usr/bin/disabled-filesys-by-security-misc
install freevxfs /usr/bin/disabled-filesys-by-security-misc install freevxfs /usr/bin/disabled-filesys-by-security-misc
install jffs2 /usr/bin/disabled-filesys-by-security-misc
install hfs /usr/bin/disabled-filesys-by-security-misc install hfs /usr/bin/disabled-filesys-by-security-misc
install hfsplus /usr/bin/disabled-filesys-by-security-misc install hfsplus /usr/bin/disabled-filesys-by-security-misc
install jffs2 /usr/bin/disabled-filesys-by-security-misc
install udf /usr/bin/disabled-filesys-by-security-misc install udf /usr/bin/disabled-filesys-by-security-misc
## Global Positioning Systems: ## Global Positioning Systems:
@ -127,8 +127,8 @@ install gnss /usr/bin/disabled-gps-by-security-misc
install gnss-mtk /usr/bin/disabled-gps-by-security-misc install gnss-mtk /usr/bin/disabled-gps-by-security-misc
install gnss-serial /usr/bin/disabled-gps-by-security-misc install gnss-serial /usr/bin/disabled-gps-by-security-misc
install gnss-sirf /usr/bin/disabled-gps-by-security-misc install gnss-sirf /usr/bin/disabled-gps-by-security-misc
install gnss-usb /usr/bin/disabled-gps-by-security-misc
install gnss-ubx /usr/bin/disabled-gps-by-security-misc install gnss-ubx /usr/bin/disabled-gps-by-security-misc
install gnss-usb /usr/bin/disabled-gps-by-security-misc
## Intel Management Engine (ME): ## Intel Management Engine (ME):
## Partially disable the Intel ME interface with the OS. ## Partially disable the Intel ME interface with the OS.
@ -141,11 +141,11 @@ install mei-me /usr/bin/disabled-intelme-by-security-misc
## Disable uncommon network file systems to reduce attack surface. ## Disable uncommon network file systems to reduce attack surface.
# #
install cifs /usr/bin/disabled-netfilesys-by-security-misc install cifs /usr/bin/disabled-netfilesys-by-security-misc
install gfs2 /usr/bin/disabled-netfilesys-by-security-misc
install ksmbd /usr/bin/disabled-netfilesys-by-security-misc
install nfs /usr/bin/disabled-netfilesys-by-security-misc install nfs /usr/bin/disabled-netfilesys-by-security-misc
install nfsv3 /usr/bin/disabled-netfilesys-by-security-misc install nfsv3 /usr/bin/disabled-netfilesys-by-security-misc
install nfsv4 /usr/bin/disabled-netfilesys-by-security-misc install nfsv4 /usr/bin/disabled-netfilesys-by-security-misc
install ksmbd /usr/bin/disabled-netfilesys-by-security-misc
install gfs2 /usr/bin/disabled-netfilesys-by-security-misc
## Network Protocols: ## Network Protocols:
## Disables rare and unneeded network protocols that are a common source of unknown vulnerabilities. ## Disables rare and unneeded network protocols that are a common source of unknown vulnerabilities.
@ -153,25 +153,25 @@ install gfs2 /usr/bin/disabled-netfilesys-by-security-misc
## https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols) ## https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols)
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-rare-network.conf?h=ubuntu/disco ## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-rare-network.conf?h=ubuntu/disco
# #
install dccp /usr/bin/disabled-network-by-security-misc
install sctp /usr/bin/disabled-network-by-security-misc
install rds /usr/bin/disabled-network-by-security-misc
install tipc /usr/bin/disabled-network-by-security-misc
install n-hdlc /usr/bin/disabled-network-by-security-misc
install ax25 /usr/bin/disabled-network-by-security-misc
install netrom /usr/bin/disabled-network-by-security-misc
install x25 /usr/bin/disabled-network-by-security-misc
install rose /usr/bin/disabled-network-by-security-misc
install decnet /usr/bin/disabled-network-by-security-misc
install econet /usr/bin/disabled-network-by-security-misc
install af_802154 /usr/bin/disabled-network-by-security-misc install af_802154 /usr/bin/disabled-network-by-security-misc
install ipx /usr/bin/disabled-network-by-security-misc
install appletalk /usr/bin/disabled-network-by-security-misc install appletalk /usr/bin/disabled-network-by-security-misc
install psnap /usr/bin/disabled-network-by-security-misc
install p8023 /usr/bin/disabled-network-by-security-misc
install p8022 /usr/bin/disabled-network-by-security-misc
install can /usr/bin/disabled-network-by-security-misc
install atm /usr/bin/disabled-network-by-security-misc install atm /usr/bin/disabled-network-by-security-misc
install ax25 /usr/bin/disabled-network-by-security-misc
install can /usr/bin/disabled-network-by-security-misc
install decnet /usr/bin/disabled-network-by-security-misc
install dccp /usr/bin/disabled-network-by-security-misc
install econet /usr/bin/disabled-network-by-security-misc
install ipx /usr/bin/disabled-network-by-security-misc
install n-hdlc /usr/bin/disabled-network-by-security-misc
install netrom /usr/bin/disabled-network-by-security-misc
install p8022 /usr/bin/disabled-network-by-security-misc
install p8023 /usr/bin/disabled-network-by-security-misc
install psnap /usr/bin/disabled-network-by-security-misc
install rds /usr/bin/disabled-network-by-security-misc
install rose /usr/bin/disabled-network-by-security-misc
install sctp /usr/bin/disabled-network-by-security-misc
install tipc /usr/bin/disabled-network-by-security-misc
install x25 /usr/bin/disabled-network-by-security-misc
## Miscellaneous: ## Miscellaneous:
# #