From 7affddb3bbfaa8183bad5986dbbb6ea728df1fe4 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat, 7 Sep 2019 05:47:34 +0000
Subject: [PATCH] blacklist modules with /bin/false rather than /bin/true to
 fail with error

message rather than failing without notification
---
 etc/modprobe.d/blacklist-bluetooth.conf       |  4 +--
 etc/modprobe.d/blacklist-dma.conf             |  4 +--
 .../uncommon-network-protocols.conf           | 36 +++++++++----------
 3 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/etc/modprobe.d/blacklist-bluetooth.conf b/etc/modprobe.d/blacklist-bluetooth.conf
index ca8c419..a98d5b1 100644
--- a/etc/modprobe.d/blacklist-bluetooth.conf
+++ b/etc/modprobe.d/blacklist-bluetooth.conf
@@ -1,3 +1,3 @@
 # Blacklists bluetooth.
-install bluetooth /bin/true
-install btusb /bin/true
+install bluetooth /bin/false
+install btusb /bin/false
diff --git a/etc/modprobe.d/blacklist-dma.conf b/etc/modprobe.d/blacklist-dma.conf
index 3a1485b..e06eaa1 100644
--- a/etc/modprobe.d/blacklist-dma.conf
+++ b/etc/modprobe.d/blacklist-dma.conf
@@ -1,3 +1,3 @@
 # Blacklist thunderbolt and firewire to prevent some DMA attacks.
-install firewire-core /bin/true
-install thunderbolt /bin/true
+install firewire-core /bin/false
+install thunderbolt /bin/false
diff --git a/etc/modprobe.d/uncommon-network-protocols.conf b/etc/modprobe.d/uncommon-network-protocols.conf
index 2401951..500ee10 100644
--- a/etc/modprobe.d/uncommon-network-protocols.conf
+++ b/etc/modprobe.d/uncommon-network-protocols.conf
@@ -1,25 +1,25 @@
 # Disables unneeded network protocols that will likely not be used as these may have unknown vulnerabilties.
 #
 # Credit to Tails (https://tails.boum.org/blueprint/blacklist_modules/) for some of these.
-# 
+#
 # > Debian ships a long list of modules for wide support of devices, filesystems, protocols. Some of these modules have a pretty bad security track record, and some of those are simply not used by most of our users.
 #
 # > Other distributions like Ubuntu[1] and Fedora[2] already ship a blacklist for various network protocols which aren't much in use by users and have a poor security track record.
 #
-install dccp /bin/true
-install sctp /bin/true
-install rds /bin/true
-install tipc /bin/true
-install n-hdlc /bin/true
-install ax25 /bin/true
-install netrom /bin/true
-install x25 /bin/true
-install rose /bin/true
-install decnet /bin/true
-install econet /bin/true
-install af_802154 /bin/true
-install ipx /bin/true
-install appletalk /bin/true
-install psnap /bin/true
-install p8023 /bin/true
-install p8022 /bin/true
+install dccp /bin/false
+install sctp /bin/false
+install rds /bin/false
+install tipc /bin/false
+install n-hdlc /bin/false
+install ax25 /bin/false
+install netrom /bin/false
+install x25 /bin/false
+install rose /bin/false
+install decnet /bin/false
+install econet /bin/false
+install af_802154 /bin/false
+install ipx /bin/false
+install appletalk /bin/false
+install psnap /bin/false
+install p8023 /bin/false
+install p8022 /bin/false