Corrected kerenl module disabling

etc/modprobe.d/30_security-misc.conf

@@ -11,77 +11,77 @@ options nf_conntrack nf_conntrack_helper=0
 
 ## Disable bluetooth to reduce attack surface due to extended history of security vulnerabilities
 ## https://en.wikipedia.org/wiki/Bluetooth#History_of_security_concerns
-install bluetooth /bin/disabled-module-by-security-misc/block-bluetooth
-install btusb /bin/disabled-module-by-security-misc/block-bluetooth
+install bluetooth /bin/disabled-bluetooth-by-security-misc
+install btusb /bin/disabled-bluetooth-by-security-misc
 
 ## Disable thunderbolt and firewire modules to prevent some DMA attacks
-install thunderbolt /bin/disabled-module-by-security-misc/block-thunderbolt
-install firewire-core /bin/disabled-module-by-security-misc/block-firewire
-install firewire_core /bin/disabled-module-by-security-misc/block-firewire
-install firewire-ohci /bin/disabled-module-by-security-misc/block-firewire
-install firewire_ohci /bin/disabled-module-by-security-misc/block-firewire
-install firewire_sbp2 /bin/disabled-module-by-security-misc/block-firewire
-install firewire-sbp2 /bin/disabled-module-by-security-misc/block-firewire
-install ohci1394 /bin/disabled-module-by-security-misc/block-firewire
-install sbp2 /bin/disabled-module-by-security-misc/block-firewire
-install dv1394 /bin/disabled-module-by-security-misc/block-firewire
-install raw1394 /bin/disabled-module-by-security-misc/block-firewire
-install video1394 /bin/disabled-module-by-security-misc/block-firewire
+install thunderbolt /bin/disabled-thunderbolt-by-security-misc
+install firewire-core /bin/disabled-firewire-by-security-misc
+install firewire_core /bin/disabled-firewire-by-security-misc
+install firewire-ohci /bin/disabled-firewire-by-security-misc
+install firewire_ohci /bin/disabled-firewire-by-security-misc
+install firewire_sbp2 /bin/disabled-firewire-by-security-misc
+install firewire-sbp2 /bin/disabled-firewire-by-security-misc
+install ohci1394 /bin/disabled-firewire-by-security-misc
+install sbp2 /bin/disabled-firewire-by-security-misc
+install dv1394 /bin/disabled-firewire-by-security-misc
+install raw1394 /bin/disabled-firewire-by-security-misc
+install video1394 /bin/disabled-firewire-by-security-misc
 
 ## Disable CPU MSRs as they can be abused to write to arbitrary memory.
 ## https://security.stackexchange.com/questions/119712/methods-root-can-use-to-elevate-itself-to-kernel-mode
-install msr /bin/disabled-module-by-security-misc/block-msr
+install msr /bin/disabled-msr-by-security-misc
 
 ## Disables unneeded network protocols that will likely not be used as these may have unknown vulnerabilties.
 ## Credit to Tails (https://tails.boum.org/blueprint/blacklist_modules/) for some of these.
 ## > Debian ships a long list of modules for wide support of devices, filesystems, protocols. Some of these modules have a pretty bad security track record, and some of those are simply not used by most of our users.
 ## > Other distributions like Ubuntu[1] and Fedora[2] already ship a blacklist for various network protocols which aren't much in use by users and have a poor security track record.
-install dccp /bin/disabled-module-by-security-misc/block-network
-install sctp /bin/disabled-module-by-security-misc/block-network
-install rds /bin/disabled-module-by-security-misc/block-network
-install tipc /bin/disabled-module-by-security-misc/block-network
-install n-hdlc /bin/disabled-module-by-security-misc/block-network
-install ax25 /bin/disabled-module-by-security-misc/block-network
-install netrom /bin/disabled-module-by-security-misc/block-network
-install x25 /bin/disabled-module-by-security-misc/block-network
-install rose /bin/disabled-module-by-security-misc/block-network
-install decnet /bin/disabled-module-by-security-misc/block-network
-install econet /bin/disabled-module-by-security-misc/block-network
-install af_802154 /bin/disabled-module-by-security-misc/block-network
-install ipx /bin/disabled-module-by-security-misc/block-network
-install appletalk /bin/disabled-module-by-security-misc/block-network
-install psnap /bin/disabled-module-by-security-misc/block-network
-install p8023 /bin/disabled-module-by-security-misc/block-network
-install p8022 /bin/disabled-module-by-security-misc/block-network
-install can /bin/disabled-module-by-security-misc/block-network
-install atm /bin/disabled-module-by-security-misc/block-network
+install dccp /bin/disabled-network-by-security-misc
+install sctp /bin/disabled-network-by-security-misc
+install rds /bin/disabled-network-by-security-misc
+install tipc /bin/disabled-network-by-security-misc
+install n-hdlc /bin/disabled-network-by-security-misc
+install ax25 /bin/disabled-network-by-security-misc
+install netrom /bin/disabled-network-by-security-misc
+install x25 /bin/disabled-network-by-security-misc
+install rose /bin/disabled-network-by-security-misc
+install decnet /bin/disabled-network-by-security-misc
+install econet /bin/disabled-network-by-security-misc
+install af_802154 /bin/disabled-network-by-security-misc
+install ipx /bin/disabled-network-by-security-misc
+install appletalk /bin/disabled-network-by-security-misc
+install psnap /bin/disabled-network-by-security-misc
+install p8023 /bin/disabled-network-by-security-misc
+install p8022 /bin/disabled-network-by-security-misc
+install can /bin/disabled-network-by-security-misc
+install atm /bin/disabled-network-by-security-misc
 
 ## Disable uncommon file systems to reduce attack surface
-install cramfs /bin/disabled-module-by-security-misc/block-filesys
-install freevxfs /bin/disabled-module-by-security-misc/block-filesys
-install jffs2 /bin/disabled-module-by-security-misc/block-filesys
-install hfs /bin/disabled-module-by-security-misc/block-filesys
-install hfsplus /bin/disabled-module-by-security-misc/block-filesys
-install udf /bin/disabled-module-by-security-misc/block-filesys
+install cramfs /bin/disabled-filesys-by-security-misc
+install freevxfs /bin/disabled-filesys-by-security-misc
+install jffs2 /bin/disabled-filesys-by-security-misc
+install hfs /bin/disabled-filesys-by-security-misc
+install hfsplus /bin/disabled-filesys-by-security-misc
+install udf /bin/disabled-filesys-by-security-misc
 
 ## Disable uncommon network file systems to reduce attack surface
-install cifs /bin/disabled-module-by-security-misc/block-netfilesys
-install nfs /bin/disabled-module-by-security-misc/block-netfilesys
-install nfsv3 /bin/disabled-module-by-security-misc/block-netfilesys
-install nfsv4 /bin/disabled-module-by-security-misc/block-netfilesys
-install ksmbd /bin/disabled-module-by-security-misc/block-netfilesys
-install gfs2 /bin/disabled-module-by-security-misc/block-netfilesys
+install cifs /bin/disabled-netfilesys-by-security-misc
+install nfs /bin/disabled-netfilesys-by-security-misc
+install nfsv3 /bin/disabled-netfilesys-by-security-misc
+install nfsv4 /bin/disabled-netfilesys-by-security-misc
+install ksmbd /bin/disabled-netfilesys-by-security-misc
+install gfs2 /bin/disabled-netfilesys-by-security-misc
 
 ## Disables the vivid kernel module as it's only required for testing and has been the cause of multiple vulnerabilities
 ## https://forums.whonix.org/t/kernel-recompilation-for-better-hardening/7598/233
 ## https://www.openwall.com/lists/oss-security/2019/11/02/1
 ## https://github.com/a13xp0p0v/kconfig-hardened-check/commit/981bd163fa19fccbc5ce5d4182e639d67e484475
-install vivid /bin/disabled-module-by-security-misc/block-vivid
+install vivid /bin/disabled-vivid-by-security-misc
 
 ## Disable Intel Management Engine (ME) interface with the OS
 ## https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html
-install mei /bin/disabled-module-by-security-misc/block-intelme
-install mei-me /bin/disabled-module-by-security-misc/block-intelme
+install mei /bin/disabled-intelme-by-security-misc
+install mei-me /bin/disabled-intelme-by-security-misc
 
 ## Blacklist automatic loading of the Atheros 5K RF MACs madwifi driver
 ## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-ath_pci.conf?h=ubuntu/disco
@@ -139,7 +139,7 @@ blacklist udlfb
 ## Disable CD-ROM devices
 ## https://nvd.nist.gov/vuln/detail/CVE-2018-11506
 ## https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
-#install cdrom /bin/disabled-module-by-security-misc/block-cdrom
-#install sr_mod /bin/disabled-module-by-security-misc/block-cdrom
+#install cdrom /bin/disabled-cdrom-by-security-misc
+#install sr_mod /bin/disabled-cdrom-by-security-misc
 blacklist cdrom
 blacklist sr_mod