• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : How to Disable and Blacklist Linux Kernel Module to prevent it from loading automatically

by admin

To disallow the loading of malicious or unwanted modules, we can blacklist them. In order to prevent kernel modules loading during boot, the module name must be added into the blacklist file. Ensure the module is not configured to load either in /etc/modprobe.conf, /etc/modprobe.d/*, /etc/rc.modules, or /etc/sysconfig/modules/*. And then run the following commands:

1. Create a file in the /etc/modprobe.d directory and give it a related name (e.g. local-blacklist.conf). To prevent a module from being loaded directly you can add the following line to a configuration file specific to the system configuration for example /etc/modprobe.d/local-blacklist.conf:

# vi /etc/modprobe.d/local-blacklist.conf
blacklist [module name]

For Example to blacklist the kernel module be2iscsi, add below entry in the file /etc/modprobe.d/local-blacklist.conf.

# vi /etc/modprobe.d/local-blacklist.conf
blacklist be2iscsi

2. This will not prevent a module being loaded if it is a required or optional dependency of another module. Some kernel modules will attempt to load optional modules on demand.

This can be achieved by configuring the following setting in /etc/modprobe.d/local-blacklist.conf:

# vi /etc/modprobe.d/local-blacklist.conf
install [module name] /bin/false

The above install line simply causes /bin/false to be run instead of installing a module. Same can be achieved by using the /bin/true.

3. Reboot the server for the changes to take effect.

# shutdown -r now

4. If the kernel module is part of the initramfs (boot configuration), the initramfs should be regenerated. Boot the affected kernel and run the following command to regenerate the affected kernel initramfs.

# dracut -f
Note: There may be unexpected side affects if a module is blacklisted that is required for other specific hardware. So be sure what module you are disabling

Remove Module Temporarily

It is possible to remove any currently-loaded module by running:

# modprobe -r [module name]

If the module cannot be unloaded. A process or another module may still be using the module, terminate the process and unload the module using the module that is being removed.

Verify the Blacklisted module

To verify if the module is blacklisted run the command shown below.

# modprobe --showconfig | grep blacklist
blacklist [module]
Beginners guide to Kernel Module Configuration in Linux

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. Apache HTTP server – most commonly used configuration directives
  2. SSSD Service Failing with “SSSD is already running” in CentOS/RHEL 7
  3. How to mount and umount a file system in Linux
  4. Failed to start LSB: Bring up/down networking – On restarting network service CentOS/RHEL (DHCP client)
  5. How to create sparse files in Linux using ‘dd’ command
  6. How to use “btrfs scrub” command to manage scrubbing on Btrfs file systems
  7. Linux / UNIX : How to send mails with attachments using mailx command
  8. Unable to login with GUI on CentOS/RHEL 7
  9. What are “segfault” messages in /var/log/messages file
  10. CentOS / RHEL 7 : How to modify the kernel command line

You May Also Like

Primary Sidebar

Recent Posts

  • qemu-system-x86_64: command not found
  • timedatectl: command not found
  • mpirun.openmpi: command not found
  • startkde: command not found

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright