projects / kconfig-hardened-check.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6df376e) | patch
Keep the recommendation to disable kernel modules
authorAlexander Popov <alex.popov@linux.com>
Sat, 2 Dec 2023 06:28:13 +0000 (09:28 +0300)
committerAlexander Popov <alex.popov@linux.com>
Sat, 2 Dec 2023 06:28:13 +0000 (09:28 +0300)
commit04f7596cfa16efb6cfb2fb8d6a56a55574489ecf
tree7cd535b8b3481103c3b9ea0c3a6cadd3e298629etree | snapshot (zip tar.gz)
parent6df376e63dd5f3f0fc7e82bb221e719aea4c166bcommit | diff
Keep the recommendation to disable kernel modules

Disabling kernel modules is a radical method to cut the kernel attack
surface. It may be useful for some systems.

Quoting CLIP OS recommendation:
```
Disable module loading once systemd has loaded the ones required for the
running machine according to a profile.
```
kernel_hardening_checker/checks.py diff | blob | history
kconfig-hardened-check