nixos/hardened: blacklist a few obscure net protocols

2017-09-03 01:49:01 +02:00 · 2017-09-03 01:49:01 +02:00 · 8aa0618cf0
commit 8aa0618cf0
parent 2bce0b13e7
1 changed files with 7 additions and 0 deletions
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@ -25,6 +25,13 @@ with lib;
    "nohibernate"
  ];

+  boot.blacklistedKernelModules = [
+    # Obscure network protocols
+    "ax25"
+    "netrom"
+    "rose"
+  ];
+
  # Restrict ptrace() usage to processes with a pre-defined relationship
  # (e.g., parent/child)
  boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;