Unable to disable dccp , ticp , rds and other blacklisted modules in Arch Linux

Kicksecure / security-misc

Kernel Hardening; Protect Linux User Accounts against Brute Force Attacks; Improve Entropy Collection; Strong Linux User Account Separation; Enhances Misc Security Settings - https://www.kicksecure.com/wiki/Security-misc

https://www.kicksecure.com/wiki/Impressum

Other

518 stars 51 forks source link

Unable to disable dccp , ticp , rds and other blacklisted modules in Arch Linux #105

Closed evil-user closed 2 years ago

evil-user commented 2 years ago

i added rules to disable them in a security.conf inside /etc/modprobe.d/ folder and in /etc/mkinitcpio.conf added line FILES=(/etc/modprobe.d/security.conf) and ran sudo mkinitcpio -P and then rebooted system and verified output using lynis which showed rds , dccp , sctp , ticp not disabled.

the contents of security.conf was copied from https://github.com/Kicksecure/security-misc/blob/master/etc/modprobe.d/30_security-misc.conf

adrelanos commented 2 years ago

This is more likely a lynis usability issue or other bug.

Please demonstrate any blacklisted module is loaded indeed or loadable without referring to lynis.

No such issue on Debian / Kicksecure.

At time of writing, there is no maintainer that supports this package on Arch Linux. How to accomplish this on Arch Linux I cannot help with.