Package: wnpp Followup-For: Bug #1138266 I will use instead the title and description from the author of the software, who did start some debian packaging work:
Description: Shrink Linux kernel-module attack surface ModuleJail snapshots the set of currently loaded modules and writes a modprobe.d blacklist for every kernel module not currently in use, minus a built-in baseline and an optional sysadmin-supplied whitelist. . Aimed at Linux fleet operators who need to harden many servers against the wave of AI-assisted kernel privilege-escalation discoveries. Every additional loaded module is additional latent attack surface for the next disclosed CVE. . No daemon, no continuous monitoring, no AI inside the tool. One shell script, run once on a steady-state host, that writes one modprobe.d blacklist file.
