From db4a82be7ee1b1ae08e5acf2f3873f6e33acb7a6 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Fri, 31 May 2024 13:46:59 -0700
Subject: [PATCH] Better regex for kernel module blacklist

Signed-off-by: Tommy <contact@tommytran.io>
---
 Fedora-Server-40.sh      | 6 +++---
 Fedora-Workstation-40.sh | 2 +-
 Proxmox-8.sh             | 6 +++---
 RHEL-9.sh                | 6 +++---
 Ubuntu-23.10-Desktop.sh  | 2 +-
 Ubuntu-24.04-Server.sh   | 6 +++---
 6 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/Fedora-Server-40.sh b/Fedora-Server-40.sh
index e41a719..349c51b 100644
--- a/Fedora-Server-40.sh
+++ b/Fedora-Server-40.sh
@@ -65,9 +65,9 @@ sudo systemctl restart sshd
 # Security kernel settings
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | sudo tee /etc/modprobe.d/30_security-misc.conf
 sudo chmod 644 /etc/modprobe.d/30_security-misc.conf
-sudo sed -i 's/#install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
-sudo sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf
-sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
+sudo sed -i 's/#[[:space:]]*install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
+sudo sed -i 's/#[[:space:]]*install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf
+sudo sed -i 's/#[[:space:]]*install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
 sudo chmod 644 /etc/sysctl.d/990-security-misc.conf
 sudo sed -i 's/kernel\.yama\.ptrace_scope[[:space:]]*=.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
diff --git a/Fedora-Workstation-40.sh b/Fedora-Workstation-40.sh
index 8027cc9..b5dd263 100644
--- a/Fedora-Workstation-40.sh
+++ b/Fedora-Workstation-40.sh
@@ -64,7 +64,7 @@ sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
 # Security kernel settings
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | sudo tee /etc/modprobe.d/30_security-misc.conf
 sudo chmod 644 /etc/modprobe.d/30_security-misc.conf
-sudo sed -i 's/#install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
+sudo sed -i 's/#[[:space:]]*install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
 sudo chmod 644 /etc/sysctl.d/990-security-misc.conf
 sudo sed -i 's/kernel\.yama\.ptrace_scope[[:space:]]*=.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
diff --git a/Proxmox-8.sh b/Proxmox-8.sh
index a0d0d08..5fd52d7 100644
--- a/Proxmox-8.sh
+++ b/Proxmox-8.sh
@@ -74,9 +74,9 @@ proxmox-boot-tool refresh
 
 # Kernel hardening
 curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf -o /etc/modprobe.d/30_security-misc.conf
-sudo sed -i 's/#install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
-sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf
-sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
+sudo sed -i 's/#[[:space:]]*install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
+sed -i 's/#[[:space:]]*install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf
+sed -i 's/#[[:space:]]*install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
 curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf -o /etc/sysctl.d/990-security-misc.conf
 sed -i 's/kernel\.yama\.ptrace_scope[[:space:]]*=.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
 sed -i 's/net\.ipv4\.icmp_echo_ignore_all[[:space:]]*=.*/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf
diff --git a/RHEL-9.sh b/RHEL-9.sh
index 5fd1d0d..f362aeb 100644
--- a/RHEL-9.sh
+++ b/RHEL-9.sh
@@ -59,9 +59,9 @@ sudo systemctl restart sshd
 # Security kernel settings
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | sudo tee /etc/modprobe.d/30_security-misc.conf
 sudo chmod 644 /etc/modprobe.d/30_security-misc.conf
-sudo sed -i 's/#install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
-sudo sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf
-sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
+sudo sed -i 's/#[[:space:]]*install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
+sudo sed -i 's/#[[:space:]]*install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf
+sudo sed -i 's/#[[:space:]]*install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
 sudo chmod 644 /etc/sysctl.d/990-security-misc.conf
 sudo sed -i 's/kernel\.yama\.ptrace_scope[[:space:]]*=.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
diff --git a/Ubuntu-23.10-Desktop.sh b/Ubuntu-23.10-Desktop.sh
index b8154fc..f0e0dee 100644
--- a/Ubuntu-23.10-Desktop.sh
+++ b/Ubuntu-23.10-Desktop.sh
@@ -55,7 +55,7 @@ sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
 # Kernel hardening
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | sudo tee /etc/modprobe.d/30_security-misc.conf
 sudo chmod 644 /etc/modprobe.d/30_security-misc.conf
-sudo sed -i 's/#install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
+sudo sed -i 's/#[[:space:]]*install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
 sudo chmod 644 /etc/sysctl.d/990-security-misc.conf
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/30_silent-kernel-printk.conf | sudo tee /etc/sysctl.d/30_silent-kernel-printk.conf
diff --git a/Ubuntu-24.04-Server.sh b/Ubuntu-24.04-Server.sh
index ecb5b54..76ba603 100644
--- a/Ubuntu-24.04-Server.sh
+++ b/Ubuntu-24.04-Server.sh
@@ -59,9 +59,9 @@ sudo systemctl restart ssh
 
 # Kernel hardening
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | sudo tee /etc/modprobe.d/30_security-misc.conf
-sudo sed -i 's/#install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
-sudo sed -i 's/# install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf
-sudo sed -i 's/# install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
+sudo sed -i 's/#[[:space:]]*install msr/install msr/g' /etc/modprobe.d/30_security-misc.conf
+sudo sed -i 's/#[[:space:]]*install bluetooth/install bluetooth/g' /etc/modprobe.d/30_security-misc.conf
+sudo sed -i 's/#[[:space:]]*install btusb/install btusb/g' /etc/modprobe.d/30_security-misc.conf
 unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/usr/lib/sysctl.d/990-security-misc.conf | sudo tee /etc/sysctl.d/990-security-misc.conf
 sudo sed -i 's/kernel.yama.ptrace_scope[[:space:]]*=.*/kernel.yama.ptrace_scope=3/g' /etc/sysctl.d/990-security-misc.conf
 sudo sed -i 's/net\.ipv4\.icmp_echo_ignore_all[[:space:]]*=.*/net.ipv4.icmp_echo_ignore_all=0/g' /etc/sysctl.d/990-security-misc.conf