mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-02 04:15:01 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #238 from raja-grewal/uvcvideo_2

Browse Source 
Minor additions to `30_security-misc_disable.conf`
This commit is contained in:
Patrick Schleizer 2024-07-17 08:41:43 -04:00 committed by GitHub
commit 9a75135633
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
etc/modprobe.d/30_security-misc_disable.conf
View File

@ -113,10 +113,12 @@ install nfsv4 /usr/bin/disabled-netfilesys-by-security-misc
## Network Protocols: ## Network Protocols:
## Disables rare and unneeded network protocols that are a common source of unknown vulnerabilities. ## Disables rare and unneeded network protocols that are a common source of unknown vulnerabilities.
## Previously had blacklisted eepro100 and eth1394.
## ##
## https://tails.boum.org/blueprint/blacklist_modules/ ## https://tails.boum.org/blueprint/blacklist_modules/
## https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols ## https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-rare-network.conf?h=ubuntu/disco ## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-rare-network.conf?h=ubuntu/disco
## https://github.com/Kicksecure/security-misc/pull/234#issuecomment-2230732015
## ##
install af_802154 /usr/bin/disabled-network-by-security-misc install af_802154 /usr/bin/disabled-network-by-security-misc
install appletalk /usr/bin/disabled-network-by-security-misc install appletalk /usr/bin/disabled-network-by-security-misc
@ -125,8 +127,8 @@ install ax25 /usr/bin/disabled-network-by-security-misc
install decnet /usr/bin/disabled-network-by-security-misc install decnet /usr/bin/disabled-network-by-security-misc
install dccp /usr/bin/disabled-network-by-security-misc install dccp /usr/bin/disabled-network-by-security-misc
install econet /usr/bin/disabled-network-by-security-misc install econet /usr/bin/disabled-network-by-security-misc
#install eepro100 /usr/bin/disabled-network-by-security-misc install eepro100 /usr/bin/disabled-network-by-security-misc
#install eth1394 /usr/bin/disabled-network-by-security-misc install eth1394 /usr/bin/disabled-network-by-security-misc
install ipx /usr/bin/disabled-network-by-security-misc install ipx /usr/bin/disabled-network-by-security-misc
install n-hdlc /usr/bin/disabled-network-by-security-misc install n-hdlc /usr/bin/disabled-network-by-security-misc
install netrom /usr/bin/disabled-network-by-security-misc install netrom /usr/bin/disabled-network-by-security-misc
@ -139,9 +141,9 @@ install x25 /usr/bin/disabled-network-by-security-misc
## Asynchronous Transfer Mode (ATM): ## Asynchronous Transfer Mode (ATM):
## ##
install atm /usr/bin/disabled-network-by-security-misc install atm /usr/bin/disabled-network-by-security-misc
#install ueagle-atm /usr/bin/disabled-network-by-security-misc install ueagle-atm /usr/bin/disabled-network-by-security-misc
#install usbatm /usr/bin/disabled-network-by-security-misc install usbatm /usr/bin/disabled-network-by-security-misc
#install xusbatm /usr/bin/disabled-network-by-security-misc install xusbatm /usr/bin/disabled-network-by-security-misc
## ##
## Controller Area Network (CAN) Protocol: ## Controller Area Network (CAN) Protocol:
## ##
@ -193,6 +195,11 @@ install hamradio /usr/bin/disabled-miscellaneous-by-security-misc
## ##
install floppy /usr/bin/disabled-miscellaneous-by-security-misc install floppy /usr/bin/disabled-miscellaneous-by-security-misc
## ##
## USB Video Device Class:
## Disables USB-based video streaming driver for devices like webcams and digital camcorders.
##
#install uvcvideo /usr/bin/disabled-miscellaneous-by-security-misc
##
## Vivid: ## Vivid:
## Disables the vivid kernel module since it has been the cause of multiple vulnerabilities. ## Disables the vivid kernel module since it has been the cause of multiple vulnerabilities.
## ##