kernel-modules

ModuleJail is a POSIX shell script that shrinks a Linux host's kernel-module attack surface by blacklisting every module not currently in use, helping sysadmins reduce risk from upcoming kernel module vulnerabilities.