It is best to disable any functionality that is not absolutely required as to minimize potential kernel attack surface.

• These features do not necessarily have to be dangerous; they could simply be benign code that is removed to reduce attack surface.
• Never disable random things that you do not understand.

The following are some examples that may be of use, depending on your setup.

Boot parameters can often be used to reduce attack surface. One such example is:

ipv6.disable=1

This disables the entire IPv6 stack which may not be required if you have not migrated to it.

• Do not use this boot parameter if you are using IPv6.