blacklist_kernel_module (Blacklist Linux kernel modules)

Blacklist specifc Linux kernel modules.

Allows to blacklist specific Linux kernel modules and unloading them if they were already loaded by means of running rmmod.

User with elevated privileges can maintain kernel modules not overriden by ansible in /etc/modprobe.d/custom-blacklist.conf.

Requirements

None that are not handled within the role.

Role Variables

Name Type Default Value Description
blacklist_kernel_module_conf bool false If true enable tasks from the role
blacklist_kernel_module_list list null A list of dictionaries with keys of the dictionary beeing the name of the Linux kernel module and a comment to be put in as comment line.

For the blacklist_kernel_module_list the structure might be as follows:

blacklist_kernel_module_list:
  - name: n_gsm
    comment: https://github.com/YuriiCrimson/ExploitGSM
  - name: vivid
    comment: For CVE-2019-18683
  - name: n_hdlc
    comment: For CVE-2017-2636
  - name: dccp
    comment: The 'dccp' protocol is not actively maintained or widely used

Example Playbook

- hosts: all
  roles:
    - { role: blacklist_kernel_module }

License

BSD-3-Clause

Author Information

Written for the ETH Linux Client Product

Maintainer: Salvatore Bonaccorso bonaccos@ee.ethz.ch

Support-Contact: linux@ethz.ch https://linux.ethz.ch/