added kernel.modules_disabled=1

Signed-off-by: k4yt3x <i@k4yt3x.com>
2025-12-17 17:56:47 +00:00 · 2023-07-06 23:24:49 +00:00 · 2023-07-06 23:24:49 +00:00 · feeb1516bc
commit feeb1516bc
parent b6f10417e7
1 changed files with 9 additions and 2 deletions
--- a/sysctl.conf
+++ b/sysctl.conf
@ -4,11 +4,11 @@
 # Contributor: HorlogeSkynet
 # Contributor: shenzhui007
 # Date Created: October 5, 2020
-# Last Updated: September 30, 2022
+# Last Updated: July 6, 2023

 # Licensed under the GNU General Public License Version 3 (GNU GPL v3),
 #   available at: https://www.gnu.org/licenses/gpl-3.0.txt
-# (C) 2020-2022 K4YT3X
+# (C) 2020-2023 K4YT3X

 # Multiple sources have been consulted while writing this configuration
 #  file (e.g., nixCraft's sysctl.conf). Sources are not cited since this
@ -56,6 +56,13 @@ kernel.kexec_load_disabled = 1
 # disable unprivileged user namespaces to decrease attack surface
 kernel.unprivileged_userns_clone = 0

+# disable the loading of kernel modules
+# this can be used to prevent runtime insertion of malicious modules
+# could break the system if enabled within sysctl.conf
+# consider setting this manually after system is up
+# sudo sysctl -w kernel.modules_disabled=1
+#kernel.modules_disabled = 1
+
 # allow for more PIDs
 # this value can be up to:
 #   - 32768 (2^15) on a 32-bit system