Blacklisting modules prevents them from being loaded and used, and it is sometimes an important step in keeping a system running properly. Credit: Elvert Barnes The Linux kernel is modular — composed of modules that work together but are largely independent of each other. New functionality can be added when a kernel module is loaded, but there are times when you might need to block functionality because modules interfere with each other or leave a system vulnerable. When that is the case, you can restrict what modules the kernel is able to use by blacklisting the troublemakers. This blocks them from being loaded. Listing Kernel modules You can list kernel modules with the lsmod command. For a taste of what you’re likely to see, the lsmod command below shows us the top of the lsmod command output on a sample system. $ lsmod | head -20 Module Size Used by nf_log_ipv6 16384 5 xt_hl 16384 22 ip6t_rt 16384 3 ipt_REJECT 16384 1 nf_reject_ipv4 16384 1 ipt_REJECT nf_log_ipv4 16384 5 nf_log_common 16384 2 nf_log_ipv6,nf_log_ipv4 xt_LOG 16384 10 xt_limit 16384 13 xt_tcpudp 16384 20 xt_addrtype 16384 4 nf_conntrack_netbios_ns 16384 0 nf_conntrack_broadcast 16384 1 nf_conntrack_netbios_ns nf_nat_ftp 16384 0 nf_nat 28672 1 nf_nat_ftp nf_conntrack_ftp 20480 1 nf_nat_ftp nf_conntrack_ipv6 20480 8 nf_defrag_ipv6 36864 1 nf_conntrack_ipv6 ip6table_filter 16384 1 The first column displays each of the module names. The “Used by” column indicates how many instances of the module are currently in use and sometimes what processes are using them. The “Size” column purports to be the size of the module but is not really correct. You might note in the example above how many of the listed modules appear to be 16,384 bytes long — a value equal to “16KiB”. But you can track down the actual sizes using a command like this, and note that the sizes vary quite a bit. $ lsmod | grep 16384 | cut -f1 -d ' ' | xargs modinfo | grep filename | grep -o '/.*' | xargs stat -c "%s - %n" | head -7 16214 - /lib/modules/4.13.0-39-generic/kernel/net/ipv6/netfilter/nf_log_ipv6.ko 5830 - /lib/modules/4.13.0-39-generic/kernel/net/netfilter/xt_hl.ko 17902 - /lib/modules/4.13.0-39-generic/kernel/net/ipv6/netfilter/ip6t_rt.ko 6974 - /lib/modules/4.13.0-39-generic/kernel/net/ipv4/netfilter/ipt_REJECT.ko 7726 - /lib/modules/4.13.0-39-generic/kernel/net/ipv4/netfilter/nf_reject_ipv4.ko 12446 - /lib/modules/4.13.0-39-generic/kernel/net/ipv4/netfilter/nf_log_ipv4.ko 10046 - /lib/modules/4.13.0-39-generic/kernel/net/netfilter/nf_log_common.ko To get an idea how many modules are in use at any particular time, you can run a command like this: $ lsmod | wc -l 84 If you’d like more information about any of the modules listed, you can ask for it with the modinfo command. $ modinfo psmouse filename: /lib/modules/4.13.0-39-generic/kernel/drivers/input/mouse/psmouse.ko license: GPL description: PS/2 mouse driver author: Vojtech Pavlik srcversion: 3AECF712F9899761F63DFB2 alias: serio:ty05pr*id*ex* alias: serio:ty01pr*id*ex* depends: intree: Y name: psmouse vermagic: 4.13.0-39-generic SMP mod_unload signat: PKCS#7 signer: sig_key: sig_hashalgo: md4 parm: synaptics_intertouch:Use a secondary bus for the Synaptics device. (int) parm: proto:Highest protocol extension to probe (bare, imps, exps, any). Useful for KVM switches. (proto_abbrev) parm: resolution:Resolution, in dpi. (uint) parm: rate:Report rate, in reports per second. (uint) parm: smartscroll:Logitech Smartscroll autorepeat, 1 = enabled (default), 0 = disabled. (bool) parm: resetafter:Reset device after so many bad packets (0 = never). (uint) parm: resync_time:How long can mouse stay idle before forcing resync (in seconds, 0 = never). (uint) How to blacklist a module To blacklist a kernel module, edit the /etc/modprobe.d/blacklist.conf file and add a line that says “blacklist “. Here’s an example that you might find in your current blacklist.conf file. # replaced by tulip blacklist de4x5 It’s a good idea to preface the “blacklist” line with a comment that explains why you’re blacklisting the module. Many of those already blocked will have been blocked because newer, better replacements have come along. Removing a module from the kernel You can remove a module from the running kernel with the sudo modprobe -r command. You will get a warning if it’s being used and the module will not be unloaded. $ sudo modprobe -r video [sudo] password for shs: modprobe: FATAL: Module video is in use. Removing a module with modprobe is temporary. The module will be loaded again when the system reboots or when you reload it with the modprobe command. 2-Minute Linux Tip: Learn how to use the logsave command Related content how-to Compressing files using the zip command on Linux The zip command lets you compress files to preserve them or back them up, and you can require a password to extract the contents of a zip file. By Sandra Henry-Stocker May 13, 2024 4 mins Linux opinion NSA, FBI warn of email spoofing threat Email spoofing is acknowledged by experts as a very credible threat. By Sandra Henry-Stocker May 13, 2024 3 mins Linux how-to The logic of && and || on Linux These AND and OR equivalents can be used in scripts to determine next actions. By Sandra Henry-Stocker May 02, 2024 4 mins Linux how-to Using the apropos command on Linux By Sandra Henry-Stocker Apr 24, 2024 3 mins Linux PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe