Blacklisting modules on Linux

Blacklisting modules on Linux



Blacklisting modules on Linux

Elvert Barnes

(CC BY-SA 2.0)

The “Size” column purports to be the size of the module but is not really correct. You might note in the example above how many of the listed modules appear to be 16,384 bytes long — a value equal to “16KiB”. But you can track down the actual sizes using a command like this, and note that the sizes vary quite a bit.

$ lsmod | grep 16384 | cut -f1 -d ' ' |\
 xargs modinfo | grep filename | grep -o '/.*' |\
 xargs stat -c "%s - %n" | head -7
16214 - /lib/modules/4.13.0-39-generic/kernel/net/ipv6/netfilter/nf_log_ipv6.ko
5830 - /lib/modules/4.13.0-39-generic/kernel/net/netfilter/xt_hl.ko
17902 - /lib/modules/4.13.0-39-generic/kernel/net/ipv6/netfilter/ip6t_rt.ko
6974 - /lib/modules/4.13.0-39-generic/kernel/net/ipv4/netfilter/ipt_REJECT.ko
7726 - /lib/modules/4.13.0-39-generic/kernel/net/ipv4/netfilter/nf_reject_ipv4.ko
12446 - /lib/modules/4.13.0-39-generic/kernel/net/ipv4/netfilter/nf_log_ipv4.ko
10046 - /lib/modules/4.13.0-39-generic/kernel/net/netfilter/nf_log_common.ko

To get an idea how many modules are in use at any particular time, you can run a command like this:

$ lsmod | wc -l
84

If you’d like more information about any of the modules listed, you can ask for it with the modinfo command.

$ modinfo psmouse
filename:       /lib/modules/4.13.0-39-generic/kernel/drivers/input/mouse/psmouse.ko
license:        GPL
description:    PS/2 mouse driver
author:         Vojtech Pavlik <vojtech@suse.cz>
srcversion:     3AECF712F9899761F63DFB2
alias:          serio:ty05pr*id*ex*
alias:          serio:ty01pr*id*ex*
depends:
intree:         Y
name:           psmouse
vermagic:       4.13.0-39-generic SMP mod_unload
signat:         PKCS#7
signer:
sig_key:
sig_hashalgo:   md4
parm:           synaptics_intertouch:Use a secondary bus for the Synaptics device. (int)
parm:           proto:Highest protocol extension to probe (bare, imps, exps, any). Useful for KVM switches. (proto_abbrev)
parm:           resolution:Resolution, in dpi. (uint)
parm:           rate:Report rate, in reports per second. (uint)
parm:           smartscroll:Logitech Smartscroll autorepeat, 1 = enabled (default), 0 = disabled. (bool)
parm:           resetafter:Reset device after so many bad packets (0 = never). (uint)
parm:           resync_time:How long can mouse stay idle before forcing resync (in seconds, 0 = never). (uint)

How to blacklist a module

To blacklist a kernel module, edit the /etc/modprobe.d/blacklist.conf file and add a line that says “blacklist <module-name>”. Here’s an example that you might find in your current blacklist.conf file.

Related

  • penguins

    22 essential Linux security commands

  • Book excerpt from NX-OS and Cisco Nexus Switching

  • recursion torley linden

    Linux: To recurse or not


  • template c100.00 01 16 36.still001

    Video
    2-Minute Linux Tip: How to use the top command

# replaced by tulip
blacklist de4x5

It’s a good idea to preface the “blacklist” line with a comment that explains why you’re blacklisting the module. Many of those already blocked will have been blocked because newer, better replacements have come along.

Removing a module from the kernel

You can remove a module from the running kernel with the sudo modprobe -r <module_name> command. You will get a warning if it’s being used and the module will not be unloaded.

$ sudo modprobe -r video
[sudo] password for shs:
modprobe: FATAL: Module video is in use.

Removing a module with modprobe is temporary. The module will be loaded again when the system reboots or when you reload it with the modprobe <module_name> command.

2-Minute Linux Tip: Learn how to use the logsave command

2-Minute Linux Tips

2-Minute Linux Tip: Learn how to use the logsave command

Leave a Reply

Your email address will not be published. Required fields are marked *