9.1.1.21. Least Functionality¶
Whenever possible, SIMP prevents kernel modules that could cause harm or are unnecessary from loading. The operating system’s modprobe blacklist feature is used to stop the following kernel modules from loading:
bluetooth
cramfs
dccp
dccp_ipv4
dccp_ipv6
freevxfs
hfs
hfsplus
ieee1394
jffs2
net-pf-31
rds
sctp
squashfs
tipc
udf
usb-storage
Certain applications or application features are also explicitly disabled. The``hosts.equiv`` (part of the r-series of commands) is disabled. Prelinking, which changes binaries to increase startup time, is also disabled.
References: CM-7 : LEAST FUNCTIONALITY