Thanks to lynis I'm learning to hardened and diving a bit deeper into GNU/Linux systems.
One point the audit's reports indicates is to disable unnecessary protocols / kernel modules (I'm not sure what the distinction is; I guess a module may implement a protocol). Protocols concerned are DCCP, SCTP, TIPC and RDS.
Debian KernelModuleBlacklisting indicates 2 way to proceed:
- write
blacklist <modulname>into/etc/modprob.d/<modulename>.conf - write
install <modulname> /bin/trueinto/etc/modprob.d/<modulename>.conf
And CIS benchmark guide (v2.0, section 3.4.4) indicates to audit by running:
# modprobe -n -v tipcinstall /bin/true# lsmod | grep tipc<No output>I've blacklisted and fake-installed several modules by creating /etc/modprobe.d/blacklist.conf and /etc/modprobe.d/fake-install.conf. It's not the module specific approach that Debian recommands, but I've tested both way and the result looks similar.
However, TIPC seams to be persistent:
modprobe -n -v tipcinsmod /lib/modules/4.19.0-14-amd64/kernel/net/ipv4/udp_tunnel.koinsmod /lib/modules/4.19.0-14-amd64/kernel/net/ipv6/ip6_udp_tunnel.koinstall /bin/trueIs the module active ? If yes, how can I disable it persistently ?