<![CDATA[I've done]]>

<![CDATA[I've done]]>I've done

echo 1 > /proc/sys/kernel/modules_disabled

on some servers that don't need to load additional modules after startup. I've just configured this to run 5 minutes after boot. (Timing was an arbitrary choice.)

This reduces the attack surface and should help mitigate against vulnerabilities exploitable via kernel modules that you don't normally use, at the expense of on-demand loading of modules of course (including e.g. usbhid for remote kvm, so make sure whatever you might need is loaded first).

The setting takes a reboot to undo.

#copyfail #dirtyfrag

]]>https://board.circlewithadot.net/topic/c1f78e70-bc18-42cb-91aa-f2a1821490b2/i-ve-doneRSS for NodeFri, 15 May 2026 04:28:38 GMTFri, 08 May 2026 02:25:07 GMT60<![CDATA[Reply to I've done on Fri, 08 May 2026 11:18:03 GMT]]>@Vive_Levant

echo 0 > /proc/sys/kernel/modules_disabled
-bash: echo: write error: Invalid argument

]]>https://board.circlewithadot.net/post/https://hsnl.social/users/whreq/statuses/116538676605939780https://board.circlewithadot.net/post/https://hsnl.social/users/whreq/statuses/116538676605939780Fri, 08 May 2026 11:18:03 GMT<![CDATA[Reply to I've done on Fri, 08 May 2026 11:16:25 GMT]]>@whreq you can’t echo 0 in /proc/sys/kernel/modules_disabled to revert ?

]]>https://board.circlewithadot.net/post/https://masto.bike/users/Vive_Levant/statuses/116538670126949917https://board.circlewithadot.net/post/https://masto.bike/users/Vive_Levant/statuses/116538670126949917Fri, 08 May 2026 11:16:25 GMT