Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-23 15:59:50 -05:00
Code Issues Packages Projects Releases Wiki Activity
security-misc/etc/modprobe.d/30_security-misc_blacklist.conf
Patrick Schleizer 33114f771a
copyright
2024-12-31 13:26:21 -05:00

64 lines
2.1 KiB
Plaintext
Raw Blame History

## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
## See the following links for a community discussion and overview regarding the selections.
## https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989
## https://madaidans-insecurities.github.io/guides/linux-hardening.html#kasr-kernel-modules
## Blacklisting prevents kernel modules from automatically starting.
## Disabling prohibits kernel modules from starting.
## CD-ROM/DVD:
## Blacklist CD-ROM and DVD modules.
## Do not disable by default for potential future ISO plans.
##
## https://nvd.nist.gov/vuln/detail/CVE-2018-11506
## https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
##
blacklist cdrom
blacklist sr_mod
##
#install cdrom /usr/bin/disabled-cdrom-by-security-misc
#install sr_mod /usr/bin/disabled-cdrom-by-security-misc
## Miscellaneous:
## GrapheneOS:
## Partial selection of their infrastructure blacklist.
## Duplicate and already disabled modules have been omitted.
##
## https://github.com/GrapheneOS/infrastructure/blob/main/modprobe.d/local.conf
##
#blacklist cfg80211
#blacklist intel_agp
#blacklist ip_tables
blacklist joydev
#blacklist mousedev
#blacklist psmouse
## TODO: Re-check in Debian trixie
## In GrapheneOS list, yes, "should" be out-commented here.
## But not actually out-commented.
## Breaks VirtualBox audio device ICH AC97, which is unfortunately still required by some users.
## https://www.kicksecure.com/wiki/Dev/audio
## https://github.com/Kicksecure/security-misc/issues/271
#blacklist snd_intel8x0
#blacklist tls
#blacklist virtio_balloon
#blacklist virtio_console
## Ubuntu:
## Already disabled modules have been omitted.
##
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist.conf?h=ubuntu/disco
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-ath_pci.conf?h=ubuntu/disco
##
blacklist amd76x_edac
blacklist ath_pci
blacklist evbug
blacklist pcspkr
blacklist snd_aw2
blacklist snd_intel8x0m
blacklist snd_pcsp
blacklist usbkbd
blacklist usbmouse
Reference in New Issue View Git Blame Copy Permalink