How to prevent a Linux kernel module from auto loading

Posted on in Categories CentOS, Debian Linux, Howto, Linux, RedHat/Fedora Linux, Sys admin, Tip of the day, Troubleshooting last updated August 30, 2017

In some situation, you may want to avoid loading a Linux driver module automatically. For example:

  1. You would like to use proprietary device driver (I am against any proprietary drivers) and not the inbuilt (reverse engineered) kernel, driver.
  2. You might want to block it loading the driver for security reasons. If your server system connected without a diskette / floppy drive; kernel will try to load floppy driver – disable floppy driver or module. Or just disable USB driver loading on Linux.
  3. In some cases buggy driver causes kernel BUG on load so you just want to avoid the problem.

The Linux kernel get module information from /etc/modprobe.conf file and /etc/modprobe.d/* file(s).

If you are using CentOS/Redhat/RHEL/Fedora Linux…

Just open your /etc/modprobe.conf OR /etc/modprobe.d/blacklist.conf file and turn of auto loading using following syntax:
alias driver-name off

If you are using Debian / Ubuntu Linux…

open /etc/modprobe.d/blacklist.conf file and add drivername using following syntax:
blacklist driver-name

Reboot your Linux box and use lsmod command to show the status of modules in the Linux Kernel:
# reboot
# lsmod

Say hello to kernel.modules_disabled kernel variable

You can place restrictions on module loading. When the following set to 1, unprivileged users cannot trigger the automatic loading of modules for security reasons:
# sysctl -w kernel.modules_disabled=1
You can add above to /etc/sysctl.d/99-custom.conf:
# echo 'kernel.modules_disabled=1' >> /etc/sysctl.d/99-custom.conf

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

12 comment

  1. the method is if nothing works in debian based distros to blacklist a certain module,try making a file /etc/modprobe.d/00local with content as
    install modulename /bin/true

  2. OpenSuse 11.4 can only mount one type of filesystem ‘ISO9660’ . What is my problem?
    Thank you
    Nathan

Comments are closed.