**Shawn Webb** @lattera@bsd.network · 2022-10-21T22:39:03Z

Shawn Webb @lattera@bsd.network

New #HardenedBSD feature: completely disable loading kernel modules without having to set securelevel: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/690b00d48077d53934ae6ddaff8e935d7017d813

Oct 21, 2022, 22:39 · · Web · · ·

**Shawn Webb** @lattera@bsd.network · Oct 23, 2022, 03:00

**Shawn Webb** @lattera@bsd.network · Oct 23, 2022, 03:00

Oct 23, 2022, 03:00

Shawn Webb @lattera@bsd.network

While I plan to MFC this to #HardenedBSD 13-STABLE next month, I've included this in what will be the next build of #hbsdfw ( HardenedBSD 13-STABLE + #OPNsense ).

Once the OPNsense boot scripts finish, loading kernel modules will be prohibited.

**Shawn Webb** @lattera@bsd.network · Oct 23, 2022, 05:30

**Shawn Webb** @lattera@bsd.network · Oct 23, 2022, 05:30

Oct 23, 2022, 05:30

Shawn Webb @lattera@bsd.network

And here we see #HardenedBSD #hbsdfw with kernel module loading prohibited. All kernel modules must be loaded at early boot time (as specified in loader.conf(5)).

There's a bug with Unbound in the #OPNsense codebase that I need to track down. Otherwise, I'd publish this build.

4b80b12c808736f2.jpeg

Resources

Developers

What is Mastodon?

bsd.network

More…