XK0-004 · Question #184
A systems administrator wants to disable the Linux Kernel WatchDog Timer Driver for security purposes. Which of the following will accomplish this task?
The correct answer is A. Add blacklist watchdog to the /etc/modprobe.d/blacklist file.. Adding a 'blacklist' directive to a file under /etc/modprobe.d/ is the correct Linux method to prevent a kernel module such as the watchdog driver from loading at boot time.
Question
A systems administrator wants to disable the Linux Kernel WatchDog Timer Driver for security purposes. Which of the following will accomplish this task?
Options
- AAdd blacklist watchdog to the /etc/modprobe.d/blacklist file.
- BRename the /etc/modprobe.d/watchdog file to watchdog.off instead.
- CRemove the watchdog=1 from the /usr/modules/watchdog.conf file.
- DAdd watchdog=0 to the /etc/modprobe.conf file.
How the community answered
(69 responses)- A83% (57)
- B6% (4)
- C9% (6)
- D3% (2)
Why each option
Adding a 'blacklist' directive to a file under /etc/modprobe.d/ is the correct Linux method to prevent a kernel module such as the watchdog driver from loading at boot time.
The blacklist directive in any .conf file under /etc/modprobe.d/ instructs modprobe to refuse automatic loading of the named module; adding 'blacklist watchdog' prevents the Linux Kernel WatchDog Timer Driver module from being loaded, effectively disabling it for security purposes.
modprobe only processes files in /etc/modprobe.d/ that have a .conf extension; renaming a file to .off causes it to be silently ignored, but this is not a reliable or documented method and does not guarantee the module is blacklisted.
/usr/modules/watchdog.conf is not a real or standard kernel module configuration path; kernel module blacklisting and parameters are managed exclusively via /etc/modprobe.d/, not this non-existent location.
/etc/modprobe.conf is a deprecated single-file location superseded by /etc/modprobe.d/; additionally, 'watchdog=0' is not valid blacklist syntax - the correct syntax is 'blacklist <module_name>'.
Concept tested: Blacklisting kernel modules via /etc/modprobe.d/
Source: https://www.freedesktop.org/software/systemd/man/modprobe.d.html
Topics
Community Discussion
No community discussion yet for this question.