0

I am following Mastering Linux Security and Hardening 3rd ed. by Donald a. Tevault on Ubuntu 22.04 VPS.

I have accepted suggested by lynis value 1 for kernel parameter kernel.modules_disabled, as recommended.

$ sudo apt install lynis
$ lynis audit system | grep kernel.modules_disabled
    - kernel.modules_disabled (exp: 1)                        [ DIFFERENT ]
$ sudo echo 'kernel.modules_disabled = 1' >> /etc/sysctl.d/999-disable-modules.conf
$ sudo reboot

Then I tried to configure ufw. I got the following error.

$ sudo apt install ufw
$ sudo ufw status verbose
ERROR: Couldn't determine iptables version

When kernel.modules_disabled is set to 0, ufw is working as expected.

Is it possible to use ufw with parameter kernel.modules_disabled = 1?

Improve this question
1
  • In short: disable kernel modules you do not need, not all.
    – Romeo Ninov
    Commented Apr 6 at 10:53

1 Answer 1

Reset to default
0

Is it possible to use ufw with parameter kernel.modules_disabled = 1?

Yes, if a) all necessary modules have been pre-loaded before setting this sysctl, or if b) all necessary features have been compiled as built-in to the kernel (i.e. not modular).

Set up your ruleset, reboot, verify that the ruleset has been loaded, then run lsmod to see which modules are necessary. List those modules in /etc/modules-load.d/*.conf. (You can skip modules that are dependencies of some other module; they'll be loaded implicitly.)

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .