The Geek Diary

CONCEPTS | BASICS | HOWTO

CentOS / RHEL : How to Disable and Blacklist Linux Kernel Module to prevent it from loading automatically

By

To disallow the loading of malicious or unwanted modules, we can blacklist them. In order to prevent kernel modules loading during boot, the module name must be added into the blacklist file. Ensure the module is not configured to load either in /etc/modprobe.conf, /etc/modprobe.d/*, /etc/rc.modules, or /etc/sysconfig/modules/*. And then run the following commands:

1. Create a file in the /etc/modprobe.d directory and give it a related name (e.g. local-blacklist.conf). To prevent a module from being loaded directly you can add the following line to a configuration file specific to the system configuration for example /etc/modprobe.d/local-blacklist.conf:

# vi /etc/modprobe.d/local-blacklist.conf
blacklist [module name]

For Example to blacklist the kernel module be2iscsi, add below entry in the file /etc/modprobe.d/local-blacklist.conf.

# vi /etc/modprobe.d/local-blacklist.conf
blacklist be2iscsi

2. This will not prevent a module being loaded if it is a required or optional dependency of another module. Some kernel modules will attempt to load optional modules on demand.

This can be achieved by configuring the following setting in /etc/modprobe.d/local-blacklist.conf:

# vi /etc/modprobe.d/local-blacklist.conf
install [module name] /bin/false

The above install line simply causes /bin/false to be run instead of installing a module. Same can be achieved by using the /bin/true.

3. Reboot the server for the changes to take effect.

# shutdown -r now

4. If the kernel module is part of the initramfs (boot configuration), the initramfs should be regenerated. Boot the affected kernel and run the following command to regenerate the affected kernel initramfs.

# dracut -f
Note: There may be unexpected side affects if a module is blacklisted that is required for other specific hardware. So be sure what module you are disabling

Remove Module Temporarily

It is possible to remove any currently-loaded module by running:

# modprobe -r [module name]

If the module cannot be unloaded. A process or another module may still be using the module, terminate the process and unload the module using the module that is being removed.

Verify the Blacklisted module

To verify if the module is blacklisted run the command shown below.

# modprobe --showconfig | grep blacklist
blacklist [module]
Beginners guide to Kernel Module Configuration in Linux

You May Also Like