Disable Kernel Modules in Centos 7


Disabling linux kernel modules is ideal in order to maximise system resources and reduce potential attack vectors.


Disable Temporarily

List loaded modules by using lsmod and identify if it's being used under the Used by column.

Unload the module(s) using modprobe -r <...>.

Disable Permanently

Disabling modules permanently will likely be a site-by-site / server-by-server policy however if you can build a base list then that is a good start.

The script below is what I use for virtualised servers.

for category in bluetooth firewire infiniband thermal usb video block/floppy.ko net/usb net/wireless net/ppp net/wan net/slip net/team; do
 for module in $(find /lib/modules/`uname -r`/kernel/drivers/$category -name "*.ko" -type f); do
  filename=$(basename "$module")
  echo "blacklist $filename" >> /etc/modprobe.d/blacklist-base.conf
Copyright 2018