That seems useful.
Archive: https://archive.today/E2zIJ
From the post:
>A single POSIX shell script that shrinks a Linux host's kernel-module attack surface by writing a modprobe.d blacklist for every kernel module not currently in use, minus a built-in baseline and an optional sysadmin whitelist. No daemons, no initramfs changes, no AI inside the tool. One script, one run, one blacklist file.
That seems useful.
Archive: https://archive.today/E2zIJ
From the post:
>>A single POSIX shell script that shrinks a Linux host's kernel-module attack surface by writing a modprobe.d blacklist for every kernel module not currently in use, minus a built-in baseline and an optional sysadmin whitelist. No daemons, no initramfs changes, no AI inside the tool. One script, one run, one blacklist file.
Login or register