Update kernel module blacklist URLs

TommyTran732 · TommyTran732 · commit 4ccae72ffa69 · 2025-11-17T21:23:34.000Z
diff --git a/Proxmox-9.sh b/Proxmox-9.sh
@@ -85,7 +85,8 @@ proxmox-boot-tool refresh
 ###
 
 # Kernel hardening
-curl -s https://raw.githubusercontent.com/Metropolis-nexus/Common-Files/main/etc/modprobe.d/server-blacklist.conf | tee /etc/modprobe.d/server-blacklist.conf > /dev/null
+curl -s https://raw.githubusercontent.com/secureblue/secureblue/live/files/system/usr/lib/modprobe.d/secureblue-framebuffer.conf | tee /etc/modprobe.d/framebuffer-blacklist.conf > /dev/null
+curl -s https://raw.githubusercontent.com/secureblue/secureblue/live/files/system/usr/lib/modprobe.d/secureblue.conf | tee /etc/modprobe.d/server-blacklist.conf > /dev/null
 curl -s https://raw.githubusercontent.com/Metropolis-nexus/Common-Files/main/etc/sysctl.d/99-server.conf | tee /etc/sysctl.d/99-server.conf > /dev/null
 sysctl -p /etc/sysctl.d
 
diff --git a/RHEL-10.sh b/RHEL-10.sh
@@ -71,7 +71,9 @@ sudo systemctl daemon-reload
 sudo systemctl restart sshd
 
 # Security kernel settings
-unpriv curl -s https://raw.githubusercontent.com/Metropolis-nexus/Common-Files/main/etc/modprobe.d/server-blacklist.conf | sudo tee /etc/modprobe.d/server-blacklist.conf > /dev/null
+unpriv curl -s https://raw.githubusercontent.com/secureblue/secureblue/live/files/system/usr/lib/modprobe.d/secureblue-framebuffer.conf | sudo tee /etc/modprobe.d/framebuffer-blacklist.conf > /dev/null
+sudo chmod 644 /etc/modprobe.d/framebuffer-blacklist.conf
+unpriv curl -s https://raw.githubusercontent.com/secureblue/secureblue/live/files/system/usr/lib/modprobe.d/secureblue.conf | sudo tee /etc/modprobe.d/server-blacklist.conf > /dev/null
 sudo chmod 644 /etc/modprobe.d/server-blacklist.conf
 unpriv curl -s https://raw.githubusercontent.com/Metropolis-nexus/Common-Files/main/etc/sysctl.d/99-server.conf | sudo tee /etc/sysctl.d/99-server.conf > /dev/null
 sudo chmod 644 /etc/sysctl.d/99-server.conf
diff --git a/TrueNAS-25.10.sh b/TrueNAS-25.10.sh
@@ -49,8 +49,9 @@ sudo systemctl daemon-reload
 sudo systemctl restart sshd
 
 # Kernel hardening
-unpriv curl -s https://raw.githubusercontent.com/Metropolis-nexus/Common-Files/main/etc/modprobe.d/server-blacklist.conf | sudo tee /etc/modprobe.d/server-blacklist.conf > /dev/null
-sed -i 's/^install squashfs/#install squashfs/' /etc/modprobe.d/server-blacklist.conf
+unpriv curl -s https://raw.githubusercontent.com/secureblue/secureblue/live/files/system/usr/lib/modprobe.d/secureblue-framebuffer.conf | sudo tee /etc/modprobe.d/framebuffer-blacklist.conf > /dev/null
+unpriv curl -s https://raw.githubusercontent.com/secureblue/secureblue/live/files/system/usr/lib/modprobe.d/secureblue.conf | sudo tee /etc/modprobe.d/server-blacklist.conf > /dev/null
+sudo sed -i 's/^install squashfs/#install squashfs/' /etc/modprobe.d/server-blacklist.conf
 sudo chmod 644 /etc/modprobe.d/server-blacklist.conf
 unpriv curl -s https://raw.githubusercontent.com/Metropolis-nexus/Common-Files/main/etc/sysctl.d/99-server.conf | sudo tee /etc/sysctl.d/99-server.conf > /dev/null
 sudo chmod 644 /etc/sysctl.d/99-server.conf
