Thursday, October 7, 2010

Linux USB policies

Many people don't know this, but the Linux kernel allows the administrators to enable/disable the use of USB devices in the system;  per device or with a default policy (that is allow everything by default).

Authorize a device to connect:  
        $ echo 1 > /sys/bus/usb/devices/DEVICE/authorized
Deauthorize a device: 
        $ echo 0 > /sys/bus/usb/devices/DEVICE/authorized
Set new devices connected to hostX to be deauthorized by default (ie:  lock down):
        $ echo 0 > /sys/bus/usb/devices/usbX/authorized_default
Remove the lock down: 
        $ echo 1 > /sys/bus/usb/devices/usbX/authorized_default

For more information:

It is also possible to disable all the storage devices by disabling the kernel module. Yes,  old school :D

Just adding the following entry to /etc/rc.local

rmmod usb_storage

No comments:

Post a Comment