From fc792ff23234399ed299c3fdc086d47c87d9b4a3 Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Fri, 12 Jul 2024 02:29:36 +1000
Subject: [PATCH] Alphabetically sort existing modprobe

---
 etc/modprobe.d/30_security-misc.conf | 76 ++++++++++++++--------------
 1 file changed, 38 insertions(+), 38 deletions(-)

diff --git a/etc/modprobe.d/30_security-misc.conf b/etc/modprobe.d/30_security-misc.conf
index af5fd10..a4e8baa 100644
--- a/etc/modprobe.d/30_security-misc.conf
+++ b/etc/modprobe.d/30_security-misc.conf
@@ -31,7 +31,6 @@ options nf_conntrack nf_conntrack_helper=0
 #
 blacklist aty128fb
 blacklist atyfb
-blacklist radeonfb
 blacklist cirrusfb
 blacklist cyber2000fb
 blacklist cyblafb
@@ -45,6 +44,7 @@ blacklist matroxfb_bases
 blacklist neofb
 blacklist nvidiafb
 blacklist pm2fb
+blacklist radeonfb
 blacklist rivafb
 blacklist s1d13xxxfb
 blacklist savagefb
@@ -63,21 +63,21 @@ blacklist udlfb
 ## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-ath_pci.conf?h=ubuntu/disco
 #
 blacklist ath_pci
-blacklist evbug
-blacklist usbmouse
-blacklist usbkbd
-blacklist eepro100
-blacklist de4x5
-blacklist eth1394
-blacklist snd_intel8x0m
-blacklist snd_aw2
-blacklist prism54
-blacklist bcm43xx
-blacklist garmin_gps
-blacklist asus_acpi
-blacklist snd_pcsp
-blacklist pcspkr
 blacklist amd76x_edac
+blacklist asus_acpi
+blacklist bcm43xx
+blacklist eepro100
+blacklist eth1394
+blacklist evbug
+blacklist de4x5
+blacklist garmin_gps
+blacklist pcspkr
+blacklist prism54
+blacklist snd_aw2
+blacklist snd_intel8x0m
+blacklist snd_pcsp
+blacklist usbkbd
+blacklist usbmouse
 
 ## Bluetooth:
 ## Disable Bluetooth to reduce attack surface due to extended history of security vulnerabilities.
@@ -99,14 +99,14 @@ blacklist amd76x_edac
 ## Disable IEEE 1394 (FireWire/i.LINK/Lynx) modules to prevent some DMA attacks.
 ## https://en.wikipedia.org/wiki/IEEE_1394#Security_issues
 #
+install dv1394 /usr/bin/disabled-firewire-by-security-misc
 install firewire-core /usr/bin/disabled-firewire-by-security-misc
-install firewire-net /usr/bin/disabled-firewire-by-security-misc
 install firewire-ohci /usr/bin/disabled-firewire-by-security-misc
+install firewire-net /usr/bin/disabled-firewire-by-security-misc
 install firewire-sbp2 /usr/bin/disabled-firewire-by-security-misc
 install ohci1394 /usr/bin/disabled-firewire-by-security-misc
-install sbp2 /usr/bin/disabled-firewire-by-security-misc
-install dv1394 /usr/bin/disabled-firewire-by-security-misc
 install raw1394 /usr/bin/disabled-firewire-by-security-misc
+install sbp2 /usr/bin/disabled-firewire-by-security-misc
 install video1394 /usr/bin/disabled-firewire-by-security-misc
 
 ## File Systems:
@@ -115,9 +115,9 @@ install video1394 /usr/bin/disabled-firewire-by-security-misc
 #
 install cramfs /usr/bin/disabled-filesys-by-security-misc
 install freevxfs /usr/bin/disabled-filesys-by-security-misc
-install jffs2 /usr/bin/disabled-filesys-by-security-misc
 install hfs /usr/bin/disabled-filesys-by-security-misc
 install hfsplus /usr/bin/disabled-filesys-by-security-misc
+install jffs2 /usr/bin/disabled-filesys-by-security-misc
 install udf /usr/bin/disabled-filesys-by-security-misc
 
 ## Global Positioning Systems:
@@ -127,8 +127,8 @@ install gnss /usr/bin/disabled-gps-by-security-misc
 install gnss-mtk /usr/bin/disabled-gps-by-security-misc
 install gnss-serial /usr/bin/disabled-gps-by-security-misc
 install gnss-sirf /usr/bin/disabled-gps-by-security-misc
-install gnss-usb /usr/bin/disabled-gps-by-security-misc
 install gnss-ubx /usr/bin/disabled-gps-by-security-misc
+install gnss-usb /usr/bin/disabled-gps-by-security-misc
 
 ## Intel Management Engine (ME):
 ## Partially disable the Intel ME interface with the OS.
@@ -141,11 +141,11 @@ install mei-me /usr/bin/disabled-intelme-by-security-misc
 ## Disable uncommon network file systems to reduce attack surface.
 #
 install cifs /usr/bin/disabled-netfilesys-by-security-misc
+install gfs2 /usr/bin/disabled-netfilesys-by-security-misc
+install ksmbd /usr/bin/disabled-netfilesys-by-security-misc
 install nfs /usr/bin/disabled-netfilesys-by-security-misc
 install nfsv3 /usr/bin/disabled-netfilesys-by-security-misc
 install nfsv4 /usr/bin/disabled-netfilesys-by-security-misc
-install ksmbd /usr/bin/disabled-netfilesys-by-security-misc
-install gfs2 /usr/bin/disabled-netfilesys-by-security-misc
 
 ## Network Protocols:
 ## Disables rare and unneeded network protocols that are a common source of unknown vulnerabilities.
@@ -153,25 +153,25 @@ install gfs2 /usr/bin/disabled-netfilesys-by-security-misc
 ## https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols)
 ## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-rare-network.conf?h=ubuntu/disco
 #
-install dccp /usr/bin/disabled-network-by-security-misc
-install sctp /usr/bin/disabled-network-by-security-misc
-install rds /usr/bin/disabled-network-by-security-misc
-install tipc /usr/bin/disabled-network-by-security-misc
-install n-hdlc /usr/bin/disabled-network-by-security-misc
-install ax25 /usr/bin/disabled-network-by-security-misc
-install netrom /usr/bin/disabled-network-by-security-misc
-install x25 /usr/bin/disabled-network-by-security-misc
-install rose /usr/bin/disabled-network-by-security-misc
-install decnet /usr/bin/disabled-network-by-security-misc
-install econet /usr/bin/disabled-network-by-security-misc
 install af_802154 /usr/bin/disabled-network-by-security-misc
-install ipx /usr/bin/disabled-network-by-security-misc
 install appletalk /usr/bin/disabled-network-by-security-misc
-install psnap /usr/bin/disabled-network-by-security-misc
-install p8023 /usr/bin/disabled-network-by-security-misc
-install p8022 /usr/bin/disabled-network-by-security-misc
-install can /usr/bin/disabled-network-by-security-misc
 install atm /usr/bin/disabled-network-by-security-misc
+install ax25 /usr/bin/disabled-network-by-security-misc
+install can /usr/bin/disabled-network-by-security-misc
+install decnet /usr/bin/disabled-network-by-security-misc
+install dccp /usr/bin/disabled-network-by-security-misc
+install econet /usr/bin/disabled-network-by-security-misc
+install ipx /usr/bin/disabled-network-by-security-misc
+install n-hdlc /usr/bin/disabled-network-by-security-misc
+install netrom /usr/bin/disabled-network-by-security-misc
+install p8022 /usr/bin/disabled-network-by-security-misc
+install p8023 /usr/bin/disabled-network-by-security-misc
+install psnap /usr/bin/disabled-network-by-security-misc
+install rds /usr/bin/disabled-network-by-security-misc
+install rose /usr/bin/disabled-network-by-security-misc
+install sctp /usr/bin/disabled-network-by-security-misc
+install tipc /usr/bin/disabled-network-by-security-misc
+install x25 /usr/bin/disabled-network-by-security-misc
 
 ## Miscellaneous:
 #