added kernel.modules_disabled=1

Signed-off-by: k4yt3x <[email protected]>
k4yt3x · Jul 6, 2023 · feeb151 · feeb151
1 parent b6f1041
commit feeb151
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/sysctl.conf b/sysctl.conf
@@ -4,11 +4,11 @@
 # Contributor: HorlogeSkynet
 # Contributor: shenzhui007
 # Date Created: October 5, 2020
-# Last Updated: September 30, 2022
+# Last Updated: July 6, 2023
 
 # Licensed under the GNU General Public License Version 3 (GNU GPL v3),
 #   available at: https://www.gnu.org/licenses/gpl-3.0.txt
-# (C) 2020-2022 K4YT3X
+# (C) 2020-2023 K4YT3X
 
 # Multiple sources have been consulted while writing this configuration
 #  file (e.g., nixCraft's sysctl.conf). Sources are not cited since this
@@ -56,6 +56,13 @@ kernel.kexec_load_disabled = 1
 # disable unprivileged user namespaces to decrease attack surface
 kernel.unprivileged_userns_clone = 0
 
+# disable the loading of kernel modules
+# this can be used to prevent runtime insertion of malicious modules
+# could break the system if enabled within sysctl.conf
+# consider setting this manually after system is up
+# sudo sysctl -w kernel.modules_disabled=1
+#kernel.modules_disabled = 1
+
 # allow for more PIDs
 # this value can be up to:
 #   - 32768 (2^15) on a 32-bit system