Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kernel.modules_disabled (exp: 1) - This Makes No Sense. #1252

Closed
0pLuS0 opened this issue Jan 11, 2022 · 3 comments
Closed

kernel.modules_disabled (exp: 1) - This Makes No Sense. #1252

0pLuS0 opened this issue Jan 11, 2022 · 3 comments
Assignees
@mboelen
Labels
no-change

Comments

@0pLuS0
Copy link

0pLuS0 commented Jan 11, 2022
edited by mboelen
Loading

Describe the bug
This doesn't work, breaks the Distro from loading needed modules at runtime/bootup.

Version

  • Distribution [Slackware 14.2]
  • Lynis version [3.0.6]

Expected behavior
I don't expect this to interfere with the loading of modules needed by the system to run.

Output

  • kernel.modules_disabled (exp: 1) [ DIFFERENT ]

Additional context
This does not work in Slackware, if I enable kernel.modules_disabled = 1 in sysctl.conf, then required/needed modules don't load at run time/bootup.
@konstruktoid
Copy link
Contributor

Don't blindly enable things without reading what it does.

For example:

https://linux-audit.com/increase-kernel-integrity-with-disabled-linux-kernel-modules-loading/:
"Depending on your environment, you might be careful with using this option. It may be working very well on servers, but not on desktop systems. The reason is the type of usage is different, especially when it comes with loading new kernel modules. For example inserting a USB drive, mouse or network functionality might break. So before deploying the option, make sure you test these common use cases."

systemd/systemd#13540:
"This would break various applications that require kernel auto module loading. For example kloak would no longer start. (Upstream bug report: vmonaco/kloak#16) Other applications break too such as for example VirtualBox guest additions and either X or XFCE."

Related: #1233

@0pLuS0
Copy link
Author

0pLuS0 commented Jan 18, 2022
edited
Loading

Hi,

I certainly understand about Testing before using.

Sorry for not making this clear, I should of said, it might be better to change the wording in Red saying Different to the color Yellow Suggested instead. The Red colors in the words makes it come across more like Danger, you need to change these, which Yellow as suggested comes across better.

Thanks

@mboelen mboelen self-assigned this Feb 10, 2022
@mboelen
Copy link
Member

mboelen commented Feb 10, 2022

The test is binary (it matches or not), therefore it uses green or red. I understand the risk of using red as a color. In this case, it is intended to show clearly when a setting is different. For now, we will keep things as-is, but give it some additional thought in the near future.

@mboelen mboelen closed this as completed Feb 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mboelen mboelen

Labels
no-change
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mboelen @konstruktoid @0pLuS0