mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-29 05:06:12 -05:00
a8b6281119
Removing llc from blacklisted network protocols as it is needed by KVM for networking. See https://hub.packtpub.com/kvm-networking-libvirt/ and https://forums.whonix.org/t/whonix-desktop-installer-with-calamares-field-report/7350/107
26 lines
1015 B
Plaintext
26 lines
1015 B
Plaintext
# Disables unneeded network protocols that will likely not be used as these may have unknown vulnerabilties.
|
|
#
|
|
# Credit to Tails (https://tails.boum.org/blueprint/blacklist_modules/) for some of these.
|
|
#
|
|
# > Debian ships a long list of modules for wide support of devices, filesystems, protocols. Some of these modules have a pretty bad security track record, and some of those are simply not used by most of our users.
|
|
#
|
|
# > Other distributions like Ubuntu[1] and Fedora[2] already ship a blacklist for various network protocols which aren't much in use by users and have a poor security track record.
|
|
#
|
|
install dccp /bin/true
|
|
install sctp /bin/true
|
|
install rds /bin/true
|
|
install tipc /bin/true
|
|
install n-hdlc /bin/true
|
|
install ax25 /bin/true
|
|
install netrom /bin/true
|
|
install x25 /bin/true
|
|
install rose /bin/true
|
|
install decnet /bin/true
|
|
install econet /bin/true
|
|
install af_802154 /bin/true
|
|
install ipx /bin/true
|
|
install appletalk /bin/true
|
|
install psnap /bin/true
|
|
install p8023 /bin/true
|
|
install p8022 /bin/true
|