modulejail: Proactively shrink a Linux host's kernel-module attack surface by blacklisting every module not currently in use
Summary
ModuleJail is a Linux security hardening tool that automatically blacklists unused kernel modules by generating a modprobe.d blacklist. It operates as a one-shot, no-daemon script guided by a safety model and supports profiles like conservative, minimal, and desktop, with an optional site-wide whitelist and idempotent fingerprints for fleet-wide consistency.