Commit Graph

50 Commits

Author SHA1 Message Date
Raja Grewal
41a3bf92fb
Sort 30_security-misc_disable.conf 2024-07-12 16:21:41 +10:00
Raja Grewal
b02230a783
Split modprobe into blacklisted and disabled configurations 2024-07-12 02:42:37 +10:00
Raja Grewal
fc792ff232
Alphabetically sort existing modprobe 2024-07-12 02:29:36 +10:00
Raja Grewal
fe20f3240e
Refactor existing modprobe for clarity 2024-07-12 02:28:48 +10:00
Raja Grewal
275a4ffc11
Remove redundant disabled modules 2024-07-12 02:27:56 +10:00
Raja Grewal
1bb843ec38
Update Copyright (C) to 2024 2024-05-11 13:18:36 +10:00
Patrick Schleizer
0f1119f326
Merge pull request #221 from raja-grewal/firewire
Disable Firewire Module
2024-05-10 06:45:57 -04:00
raja-grewal
677f75ae8e
Disable firewire-net module 2024-05-09 02:34:02 +00:00
raja-grewal
06f13bb766
Disable GPS modules like GNSS 2024-05-09 02:28:53 +00:00
Patrick Schleizer
7dba3fb7be
no longer disable MSR by default
fixes https://github.com/Kicksecure/security-misc/issues/215
2024-04-01 02:56:27 -04:00
Patrick Schleizer
0efee2f50f
usrmerge
fixes https://github.com/Kicksecure/security-misc/issues/190
2024-01-17 13:39:56 -05:00
monsieuremre
13b4ddbb62
30_security-misc.conf 2023-10-27 14:34:21 +00:00
Raja Grewal
7a4212dd76
Update copyright 2023-03-30 17:08:47 +11:00
Raja Grewal
d67845fea8
Typo 2022-12-13 16:11:24 +11:00
Raja Grewal
6f695902fb
Add comment about legacy Apple fiesystems 2022-11-23 23:53:40 +11:00
Raja Grewal
daa30d4e78
Include several framebuffer drivers into blacklist
These were previously commented out to test for compatibility issues.
2022-11-09 20:43:59 +11:00
Raja Grewal
a72bbb1883
Corrected kerenl module disabling 2022-07-13 23:42:13 +10:00
Raja Grewal
48089e5ba4
More verbose kernel module blocking error logs 2022-07-12 17:02:12 +10:00
Raja Grewal
40ec791774
Updated comments 2022-07-12 16:58:16 +10:00
Raja Grewal
ef1ef9917d
Blacklist automatic loading of CD-ROM modules 2022-07-10 04:53:25 +10:00
Raja Grewal
61ef9bd59f
Incorporated Ubuntu’s kernel module blacklists 2022-07-10 04:52:00 +10:00
Patrick Schleizer
26b2c9727f
not blacklist CD-ROM / DVD yet
https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
2022-07-07 15:39:40 -04:00
Patrick Schleizer
ca19d78d48
shuffle 2022-07-07 15:27:15 -04:00
Raja Grewal
780dc8eec9
replace /bin/false -> /bin/disabled-by-security-misc 2022-07-08 04:11:25 +10:00
Raja Grewal
fa2e30f512
Updated descriptions of disabled modules 2022-07-08 03:04:37 +10:00
Raja Grewal
da389d6682
Revert "replace /bin/false -> /bin/true"
This reverts commit f0511635a9.
2022-07-08 02:12:04 +10:00
raja-grewal
f0511635a9
replace /bin/false -> /bin/true 2022-07-07 09:27:53 +00:00
raja-grewal
18d67dbc53
Blacklist more modules 2022-07-07 09:26:55 +00:00
Patrick Schleizer
2d37e3a1af
copyright 2022-05-20 14:46:38 -04:00
Patrick Schleizer
a67007f4b7
copyright 2021-03-17 09:45:21 -04:00
Patrick Schleizer
da1ac48cde
unblacklist squashfs as this would likely break Whonix-Host ISO
https://github.com/Whonix/security-misc/pull/75#issuecomment-700044182
2020-09-28 10:29:50 -04:00
Patrick Schleizer
4070133ed6
unblacklist vfat
https://github.com/Whonix/security-misc/pull/75#issuecomment-695201068
2020-09-28 10:25:57 -04:00
flawedworld
a813e7da07 Blacklist more modules 2020-09-19 20:46:19 +01:00
Patrick Schleizer
2ceea8d1fe
update copyright year 2020-04-01 08:49:59 -04:00
Patrick Schleizer
e0aa67677d
merge the many modprobe.d config files into 1
and use a name starting with double digits

to make it easier to disable settings using a lexically higher config file
2020-01-24 04:30:36 -05:00
madaidan
a662a76a52
Blacklist vivid 2020-01-11 18:37:00 +00:00
madaidan
dd93b11321
Blacklist CPU MSRs 2019-12-22 13:52:43 +00:00
madaidan
a14a2854c6
Elaborate 2019-10-16 18:52:14 +00:00
Patrick Schleizer
7affddb3bb
blacklist modules with /bin/false rather than /bin/true to fail with error
message rather than failing without notification
2019-09-07 05:47:34 +00:00
onions-knight
a8b6281119
Update uncommon-network-protocols.conf
Removing llc from blacklisted network protocols as it is needed by KVM for networking.
See https://hub.packtpub.com/kvm-networking-libvirt/ and https://forums.whonix.org/t/whonix-desktop-installer-with-calamares-field-report/7350/107
2019-08-19 11:30:57 +00:00
madaidan
5a4ea39566
Create blacklist-bluetooth.conf 2019-07-31 18:30:57 +00:00
madaidan
b63d4ccb41
Update uncommon-network-protocols.conf 2019-07-11 15:28:56 +00:00
madaidan
4058e283a5
Blacklist more uncommon network protocols 2019-07-10 14:27:19 +00:00
madaidan
d70440aaed
Remove duplicate 2019-07-09 21:57:37 +00:00
madaidan
2d27bdd808
Blacklist more uncommon network protocols 2019-07-09 21:55:37 +00:00
madaidan
46409be8b6
Use install instead of blacklist 2019-07-04 14:25:28 +00:00
madaidan
eb7eaffba1
Blacklist n-hdlc 2019-07-04 14:24:44 +00:00
madaidan
07c6362f1a
Blacklist thunderbolt and firewire 2019-06-23 18:34:45 +00:00
madaidan
7177c6041a
Create uncommon-network-protocols.conf 2019-05-16 20:30:49 +00:00
Patrick Schleizer
6cda8b1496
disable conntrack helper for better security
https://phabricator.whonix.org/T486
2016-10-10 16:10:30 +00:00