Description
Kernel-module attack surface can be reduced by blacklisting modules that are not needed on a host. Administrators use this tool when hardening a Linux system against unexpected module loading.
It changes module-loading policy. Blocking the wrong module can break hardware, storage, networking, or boot workflows, so test carefully and keep recovery access.