## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

## See the following links for a community discussion and overview regarding the selections.
## https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989
## https://madaidans-insecurities.github.io/guides/linux-hardening.html#kasr-kernel-modules

## Blacklisting prevents kernel modules from automatically starting.
## Disabling prohibits kernel modules from starting.

## CD-ROM/DVD:
## Blacklist CD-ROM and DVD modules.
## Do not disable by default for potential future ISO plans.
##
## https://nvd.nist.gov/vuln/detail/CVE-2018-11506
## https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
##
blacklist cdrom
blacklist sr_mod
##
#install cdrom /usr/bin/disabled-cdrom-by-security-misc
#install sr_mod /usr/bin/disabled-cdrom-by-security-misc

## Miscellaneous:
##
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist.conf?h=ubuntu/disco
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-ath_pci.conf?h=ubuntu/disco
##
blacklist ath_pci
blacklist amd76x_edac
blacklist asus_acpi
blacklist bcm43xx
blacklist evbug
blacklist de4x5
blacklist pcspkr
blacklist prism54
blacklist snd_aw2
blacklist snd_intel8x0m
blacklist snd_pcsp
blacklist usbkbd
blacklist usbmouse