Thursday, October 7, 2010

Linux USB policies

Many people don't know this, but the Linux kernel allows the administrators to enable/disable the use of USB devices in the system;  per device or with a default policy (that is allow everything by default).

Authorize a device to connect:  
        $ echo 1 > /sys/bus/usb/devices/DEVICE/authorized
 
Deauthorize a device: 
        $ echo 0 > /sys/bus/usb/devices/DEVICE/authorized
 
Set new devices connected to hostX to be deauthorized by default (ie:  lock down):
        $ echo 0 > /sys/bus/usb/devices/usbX/authorized_default
 
Remove the lock down: 
        $ echo 1 > /sys/bus/usb/devices/usbX/authorized_default


For more information:
http://www.mjmwired.net/kernel/Documentation/usb/authorization.txt


It is also possible to disable all the storage devices by disabling the kernel module. Yes,  old school :D

Just adding the following entry to /etc/rc.local

rmmod usb_storage




No comments:

Post a Comment