Blacklisting modules prevents them from being loaded and used, and it is sometimes an important step in keeping a system running properly. Credit: Elvert Barnes The Linux kernel is modular — composed of modules that work together but are largely independent of each other. New functionality can be added when a kernel module is loaded, but there are times when you might need to block functionality because modules interfere with each other or leave a system vulnerable. When that is the case, you can restrict what modules the kernel is able to use by blacklisting the troublemakers. This blocks them from being loaded. Listing Kernel modules You can list kernel modules with the lsmod command. For a taste of what you’re likely to see, the lsmod command below shows us the top of the lsmod command output on a sample system. $ lsmod | head -20 Module Size Used by nf_log_ipv6 16384 5 xt_hl 16384 22 ip6t_rt 16384 3 ipt_REJECT 16384 1 nf_reject_ipv4 16384 1 ipt_REJECT nf_log_ipv4 16384 5 nf_log_common 16384 2 nf_log_ipv6,nf_log_ipv4 xt_LOG 16384 10 xt_limit 16384 13 xt_tcpudp 16384 20 xt_addrtype 16384 4 nf_conntrack_netbios_ns 16384 0 nf_conntrack_broadcast 16384 1 nf_conntrack_netbios_ns nf_nat_ftp 16384 0 nf_nat 28672 1 nf_nat_ftp nf_conntrack_ftp 20480 1 nf_nat_ftp nf_conntrack_ipv6 20480 8 nf_defrag_ipv6 36864 1 nf_conntrack_ipv6 ip6table_filter 16384 1 The first column displays each of the module names. The “Used by” column indicates how many instances of the module are currently in use and sometimes what processes are using them. The “Size” column purports to be the size of the module but is not really correct. You might note in the example above how many of the listed modules appear to be 16,384 bytes long — a value equal to “16KiB”. But you can track down the actual sizes using a command like this, and note that the sizes vary quite a bit. $ lsmod | grep 16384 | cut -f1 -d ' ' | xargs modinfo | grep filename | grep -o '/.*' | xargs stat -c "%s - %n" | head -7 16214 - /lib/modules/4.13.0-39-generic/kernel/net/ipv6/netfilter/nf_log_ipv6.ko 5830 - /lib/modules/4.13.0-39-generic/kernel/net/netfilter/xt_hl.ko 17902 - /lib/modules/4.13.0-39-generic/kernel/net/ipv6/netfilter/ip6t_rt.ko 6974 - /lib/modules/4.13.0-39-generic/kernel/net/ipv4/netfilter/ipt_REJECT.ko 7726 - /lib/modules/4.13.0-39-generic/kernel/net/ipv4/netfilter/nf_reject_ipv4.ko 12446 - /lib/modules/4.13.0-39-generic/kernel/net/ipv4/netfilter/nf_log_ipv4.ko 10046 - /lib/modules/4.13.0-39-generic/kernel/net/netfilter/nf_log_common.ko To get an idea how many modules are in use at any particular time, you can run a command like this: $ lsmod | wc -l 84 If you’d like more information about any of the modules listed, you can ask for it with the modinfo command. $ modinfo psmouse filename: /lib/modules/4.13.0-39-generic/kernel/drivers/input/mouse/psmouse.ko license: GPL description: PS/2 mouse driver author: Vojtech Pavlik srcversion: 3AECF712F9899761F63DFB2 alias: serio:ty05pr*id*ex* alias: serio:ty01pr*id*ex* depends: intree: Y name: psmouse vermagic: 4.13.0-39-generic SMP mod_unload signat: PKCS#7 signer: sig_key: sig_hashalgo: md4 parm: synaptics_intertouch:Use a secondary bus for the Synaptics device. (int) parm: proto:Highest protocol extension to probe (bare, imps, exps, any). Useful for KVM switches. (proto_abbrev) parm: resolution:Resolution, in dpi. (uint) parm: rate:Report rate, in reports per second. (uint) parm: smartscroll:Logitech Smartscroll autorepeat, 1 = enabled (default), 0 = disabled. (bool) parm: resetafter:Reset device after so many bad packets (0 = never). (uint) parm: resync_time:How long can mouse stay idle before forcing resync (in seconds, 0 = never). (uint) How to blacklist a module To blacklist a kernel module, edit the /etc/modprobe.d/blacklist.conf file and add a line that says “blacklist “. Here’s an example that you might find in your current blacklist.conf file. # replaced by tulip blacklist de4x5 It’s a good idea to preface the “blacklist” line with a comment that explains why you’re blacklisting the module. Many of those already blocked will have been blocked because newer, better replacements have come along. Removing a module from the kernel You can remove a module from the running kernel with the sudo modprobe -r command. You will get a warning if it’s being used and the module will not be unloaded. $ sudo modprobe -r video [sudo] password for shs: modprobe: FATAL: Module video is in use. Removing a module with modprobe is temporary. The module will be loaded again when the system reboots or when you reload it with the modprobe command. 2-Minute Linux Tip: Learn how to use the logsave command Related content how-to How to find files on Linux There are many options you can use to find files on Linux, including searching by file name (or partial name), age, owner, group, size, type and inode number. By Sandra Henry Stocker Jun 24, 2024 8 mins Linux opinion Linux in your car: Red Hat’s milestone collaboration with exida With contributions from Red Hat and critical collaborators, the safety and security of automotive vehicles has reached a new level of reliability. By Sandra Henry Stocker Jun 17, 2024 5 mins Linux how-to How to print from the Linux command line: double-sided, landscape and more There's a lot more to printing from the Linux command line than the lp command. Check out some of the many available options. By Sandra Henry Stocker Jun 11, 2024 6 mins Linux how-to Converting between uppercase and lowercase on the Linux command line Converting text between uppercase and lowercase can be very tedious, especially when you want to avoid inadvertent misspellings. Fortunately, Linux provides a handful of commands that can make the job very easy. By Sandra Henry Stocker Jun 07, 2024 5 mins Linux PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe