Kernel Modules (sec-kernel)

Linux: Reads /proc/modules , /proc/sys/kernel/tainted , and dmesg .
Windows: Not available (Linux only).

Name: Brinkhaus FleetManager
Author: Brinkhaus GmbH

Monitors loaded kernel modules and the kernel taint status. Detects newly loaded modules and unusual kernel states.

Configuration

Parameter	Type	Default	Description
`enabled`	bool	`true`	Enable/disable module
`allowed_modules`	list	`[]`	Expected modules (baseline). Empty = automatic baseline on first run.
`check_taint`	bool	`true`	Check kernel taint flags
`allowed_taint_modules`	list	`[]`	Modules allowed to cause taint status

sec_kernel:
  enabled: true
  check_taint: true
  allowed_taint_modules:
    - "nvidia"
    - "vboxdrv"

Code	Severity	Meaning	Recommendation
7500	0	No kernel issues detected	—
7501	1	New kernel module loaded	Verify module or add to baseline
7502	1	Kernel is tainted	Investigate taint source (proprietary modules?)
7503	0	Module recently loaded (dmesg)	Informational — review module