There are a number of ways to disable storage on attached media using USB port of your computer, this can be a good solution if we want to prevent certain types of attacks from infecting our system through this type of device, but it can also serve as a method to try to limit the capabilities of a certain computer if we do not want to that others use this feature for a specific reason. Well, among the ways there are more extreme ones, such as directly eliminating the Linux kernel USB drivers (modules). In other words, delete the usb_storage.ko file, which is the module that acts as a controller for these devices.
But if we want a not so radical solution, we can use other ways to proceed so that these devices do not work in our distro. They are also quite simple methods to implement and that are usually effective, although not infallible ... For example, we can use the virtual device / bin / true to help us with what is called a "Fake Install", to proceed we simply have to create and open a file called block_usb.conf inside the /etc/modprobe.d/ directory where the kernel modules are stored.
Once that is done we can add the following content inside using the text editor that we like the most:
install usb-storage /bin/true
Now we save the file that we just created and voila, we will have a restriction for USB storage devices. eye! Because the rest of the USB devices will continue to work normally. Test the effectiveness, since I have heard some users say that it has not worked for them ...
The other method is to create a black listFor that we will create a file called blacklist.conf inside /etc/modprobe.d/ and with the text editor we add again inside all the device drivers that we want to add to our blacklist and that will not work. For example, for our USB:
Save the changes and check their effect ...