In some situation, you may want to avoid loading a Linux driver module automatically. For example:
- You would like to use proprietary device driver (I am against any proprietary drivers) and not the inbuilt (reverse engineered) kernel, driver.
- You might want to block it loading the driver for security reasons. If your server system connected without a diskette / floppy drive; kernel will try to load floppy driver – disable floppy driver or module. Or just disable USB driver loading on Linux.
- In some cases buggy driver causes kernel BUG on load so you just want to avoid the problem.
The Linux kernel get module information from /etc/modprobe.conf file and /etc/modprobe.d/* file(s).
If you are using CentOS/Redhat/RHEL/Fedora Linux…
Just open your /etc/modprobe.conf OR /etc/modprobe.d/blacklist.conf file and turn of auto loading using following syntax:
alias driver-name off
If you are using Debian / Ubuntu Linux…
open /etc/modprobe.d/blacklist.conf file and add drivername using following syntax:
blacklist driver-name
Reboot your Linux box and use lsmod command to show the status of modules in the Linux Kernel:
# reboot
# lsmod
Say hello to kernel.modules_disabled kernel variable
You can place restrictions on module loading. When the following set to 1, unprivileged users cannot trigger the automatic loading of modules for security reasons:
# sysctl -w kernel.modules_disabled=1
You can add above to /etc/sysctl.d/99-custom.conf:
# echo 'kernel.modules_disabled=1' >> /etc/sysctl.d/99-custom.conf
- RSS feed or Weekly email newsletter
- Share to Twitter ⢠Facebook ⢠12 comments... add one ↓
30 Handy Bash Shell Aliases For Linux / Unix / MacOS
40 Linux Server Hardening Security Tips [2019 edition]
30 Best Sources For Linux / *BSD / Unix Documentation On the Web
Linux 25 PHP Security Best Practices For Sys Admins
30 Linux System Monitoring Tools Every SysAdmin Should Know
Top 25 Nginx Web Server Best Security Practices
The Novice Guide To Buying A Linux Laptop
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Blacklisting in /etc/modprobe.d/blacklist works in F7 too, not only in Debian!
On a similar path, how would you go about disabling USB without having to add nousb on the kernel settings line in GRUB ?
You need to add following drivers
usbcore
ehci_hcd
uhci_hcd
lsmod and modinfo command always gives information about loaded drivers.
the method is if nothing works in debian based distros to blacklist a certain module,try making a file /etc/modprobe.d/00local with content as
install modulename /bin/true
The debian way? An update has been written and is available here : http://wiki.debian.org/KernelModuleBlacklisting
I am unable to stop kvm, kvm_intel from getting loaded even after adding those to blacklist (Ubuntu 9.10).
Thanks a lot.
on fedora 15 you do:
sudo gedit /etc/modprobe.d/blacklist.conf
blacklist driver-name
On Suse is like fedora 15:
sudo gedit /etc/modprobe.d/blacklist.conf
blacklist driver-name
alias driver-name off does nto work on CentOS 5.5
OpenSuse 11.4 can only mount one type of filesystem ‘ISO9660’ . What is my problem?
Thank you
Nathan
How I can do to join the blacklist all except driver being used. thanks. cristian