mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-22 02:17:04 +07:00
Code Issues Packages Projects Releases Wiki Activity

not blacklist CD-ROM / DVD yet

Browse Source 
https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
This commit is contained in:
Patrick Schleizer 2022-07-07 15:39:40 -04:00
parent d5c1650341
commit 26b2c9727f
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -153,7 +153,7 @@ abused to write to arbitrary memory.
* Provides some blocking of the interface between the [Intel Management Engine (ME)](https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html) and the OS.
* Disables the use of CD-ROM devices by default.
* Not enabled by default yet, comment only: Disables the use of CD-ROM devices by default.
### Other

5
etc/modprobe.d/30_security-misc.conf
View File

@ -87,5 +87,6 @@ install mei-me /bin/disabled-by-security-misc
# Blacklist CD-ROM devices
# https://nvd.nist.gov/vuln/detail/CVE-2018-11506
install cdrom /bin/disabled-by-security-misc
install sr_mod /bin/disabled-by-security-misc
# https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
#install cdrom /bin/disabled-by-security-misc
#install sr_mod /bin/disabled-by-security-misc