mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-02-24 13:47:52 +07:00
Code Issues Packages Projects Releases Wiki Activity

Alphabetically sort existing modprobe

Browse Source
This commit is contained in:
Raja Grewal 2024-07-12 02:29:36 +10:00
parent fe20f3240e
commit fc792ff232
No known key found for this signature in database
GPG Key ID: 92CA473C156B64C4
1 changed files with 38 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
etc/modprobe.d/30_security-misc.conf
View File

@ -31,7 +31,6 @@ options nf_conntrack nf_conntrack_helper=0
#
blacklist aty128fb
blacklist atyfb
blacklist radeonfb
blacklist cirrusfb
blacklist cyber2000fb
blacklist cyblafb
@ -45,6 +44,7 @@ blacklist matroxfb_bases
blacklist neofb
blacklist nvidiafb
blacklist pm2fb
blacklist radeonfb
blacklist rivafb
blacklist s1d13xxxfb
blacklist savagefb
@ -63,21 +63,21 @@ blacklist udlfb
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-ath_pci.conf?h=ubuntu/disco
#
blacklist ath_pci
blacklist evbug
blacklist usbmouse
blacklist usbkbd
blacklist eepro100
blacklist de4x5
blacklist eth1394
blacklist snd_intel8x0m
blacklist snd_aw2
blacklist prism54
blacklist bcm43xx
blacklist garmin_gps
blacklist asus_acpi
blacklist snd_pcsp
blacklist pcspkr
blacklist amd76x_edac
blacklist asus_acpi
blacklist bcm43xx
blacklist eepro100
blacklist eth1394
blacklist evbug
blacklist de4x5
blacklist garmin_gps
blacklist pcspkr
blacklist prism54
blacklist snd_aw2
blacklist snd_intel8x0m
blacklist snd_pcsp
blacklist usbkbd
blacklist usbmouse
## Bluetooth:
## Disable Bluetooth to reduce attack surface due to extended history of security vulnerabilities.
@ -99,14 +99,14 @@ blacklist amd76x_edac
## Disable IEEE 1394 (FireWire/i.LINK/Lynx) modules to prevent some DMA attacks.
## https://en.wikipedia.org/wiki/IEEE_1394#Security_issues
#
install dv1394 /usr/bin/disabled-firewire-by-security-misc
install firewire-core /usr/bin/disabled-firewire-by-security-misc
install firewire-net /usr/bin/disabled-firewire-by-security-misc
install firewire-ohci /usr/bin/disabled-firewire-by-security-misc
install firewire-net /usr/bin/disabled-firewire-by-security-misc
install firewire-sbp2 /usr/bin/disabled-firewire-by-security-misc
install ohci1394 /usr/bin/disabled-firewire-by-security-misc
install sbp2 /usr/bin/disabled-firewire-by-security-misc
install dv1394 /usr/bin/disabled-firewire-by-security-misc
install raw1394 /usr/bin/disabled-firewire-by-security-misc
install sbp2 /usr/bin/disabled-firewire-by-security-misc
install video1394 /usr/bin/disabled-firewire-by-security-misc
## File Systems:
@ -115,9 +115,9 @@ install video1394 /usr/bin/disabled-firewire-by-security-misc
#
install cramfs /usr/bin/disabled-filesys-by-security-misc
install freevxfs /usr/bin/disabled-filesys-by-security-misc
install jffs2 /usr/bin/disabled-filesys-by-security-misc
install hfs /usr/bin/disabled-filesys-by-security-misc
install hfsplus /usr/bin/disabled-filesys-by-security-misc
install jffs2 /usr/bin/disabled-filesys-by-security-misc
install udf /usr/bin/disabled-filesys-by-security-misc
## Global Positioning Systems:
@ -127,8 +127,8 @@ install gnss /usr/bin/disabled-gps-by-security-misc
install gnss-mtk /usr/bin/disabled-gps-by-security-misc
install gnss-serial /usr/bin/disabled-gps-by-security-misc
install gnss-sirf /usr/bin/disabled-gps-by-security-misc
install gnss-usb /usr/bin/disabled-gps-by-security-misc
install gnss-ubx /usr/bin/disabled-gps-by-security-misc
install gnss-usb /usr/bin/disabled-gps-by-security-misc
## Intel Management Engine (ME):
## Partially disable the Intel ME interface with the OS.
@ -141,11 +141,11 @@ install mei-me /usr/bin/disabled-intelme-by-security-misc
## Disable uncommon network file systems to reduce attack surface.
#
install cifs /usr/bin/disabled-netfilesys-by-security-misc
install gfs2 /usr/bin/disabled-netfilesys-by-security-misc
install ksmbd /usr/bin/disabled-netfilesys-by-security-misc
install nfs /usr/bin/disabled-netfilesys-by-security-misc
install nfsv3 /usr/bin/disabled-netfilesys-by-security-misc
install nfsv4 /usr/bin/disabled-netfilesys-by-security-misc
install ksmbd /usr/bin/disabled-netfilesys-by-security-misc
install gfs2 /usr/bin/disabled-netfilesys-by-security-misc
## Network Protocols:
## Disables rare and unneeded network protocols that are a common source of unknown vulnerabilities.
@ -153,25 +153,25 @@ install gfs2 /usr/bin/disabled-netfilesys-by-security-misc
## https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols)
## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-rare-network.conf?h=ubuntu/disco
#
install dccp /usr/bin/disabled-network-by-security-misc
install sctp /usr/bin/disabled-network-by-security-misc
install rds /usr/bin/disabled-network-by-security-misc
install tipc /usr/bin/disabled-network-by-security-misc
install n-hdlc /usr/bin/disabled-network-by-security-misc
install ax25 /usr/bin/disabled-network-by-security-misc
install netrom /usr/bin/disabled-network-by-security-misc
install x25 /usr/bin/disabled-network-by-security-misc
install rose /usr/bin/disabled-network-by-security-misc
install decnet /usr/bin/disabled-network-by-security-misc
install econet /usr/bin/disabled-network-by-security-misc
install af_802154 /usr/bin/disabled-network-by-security-misc
install ipx /usr/bin/disabled-network-by-security-misc
install appletalk /usr/bin/disabled-network-by-security-misc
install psnap /usr/bin/disabled-network-by-security-misc
install p8023 /usr/bin/disabled-network-by-security-misc
install p8022 /usr/bin/disabled-network-by-security-misc
install can /usr/bin/disabled-network-by-security-misc
install atm /usr/bin/disabled-network-by-security-misc
install ax25 /usr/bin/disabled-network-by-security-misc
install can /usr/bin/disabled-network-by-security-misc
install decnet /usr/bin/disabled-network-by-security-misc
install dccp /usr/bin/disabled-network-by-security-misc
install econet /usr/bin/disabled-network-by-security-misc
install ipx /usr/bin/disabled-network-by-security-misc
install n-hdlc /usr/bin/disabled-network-by-security-misc
install netrom /usr/bin/disabled-network-by-security-misc
install p8022 /usr/bin/disabled-network-by-security-misc
install p8023 /usr/bin/disabled-network-by-security-misc
install psnap /usr/bin/disabled-network-by-security-misc
install rds /usr/bin/disabled-network-by-security-misc
install rose /usr/bin/disabled-network-by-security-misc
install sctp /usr/bin/disabled-network-by-security-misc
install tipc /usr/bin/disabled-network-by-security-misc
install x25 /usr/bin/disabled-network-by-security-misc
## Miscellaneous:
#