Disable USB storage in Linux

USB inside

There are a number of ways to disable storage on attached media using USB port of your computer, this can be a good solution if we want to prevent certain types of attacks from infecting our system through this type of device, but it can also serve as a method to try to limit the capabilities of a certain computer if we do not want to that others use this feature for a specific reason. Well, among the ways there are more extreme ones, such as directly eliminating the Linux kernel USB drivers (modules). In other words, delete the usb_storage.ko file, which is the module that acts as a controller for these devices.

But if we want a not so radical solution, we can use other ways to proceed so that these devices do not work in our distro. They are also quite simple methods to implement and that are usually effective, although not infallible ... For example, we can use the virtual device / bin / true to help us with what is called a "Fake Install", to proceed we simply have to create and open a file called block_usb.conf inside the /etc/modprobe.d/ directory where the kernel modules are stored.

Once that is done we can add the following content inside using the text editor that we like the most:

install usb-storage /bin/true

Now we save the file that we just created and voila, we will have a restriction for USB storage devices. eye! Because the rest of the USB devices will continue to work normally. Test the effectiveness, since I have heard some users say that it has not worked for them ...

The other method is to create a black listFor that we will create a file called blacklist.conf inside /etc/modprobe.d/ and with the text editor we add again inside all the device drivers that we want to add to our blacklist and that will not work. For example, for our USB:

blacklist usb-storage

Save the changes and check their effect ...


2 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   John Fredy Herrera Herrera said

    For me the best way is to ask for administrator or root authentication when mounting a device, this is achieved by modifying the org.freedesktop.udisks2.policy or org.freedesktop.UDisks2.policy file, this file contains the policies to mount devices This file contains several policies such as:

    • Mount a file system
    • Mount a file system on a system device
    • Mount a file system of a connected device in another location
    • Mount / unmount filesystems defined in the fstab file with the x-udisks-auth option
    • Disassemble a device mounted by another user
    • Become the owner of a file system
    we are going to modify the policy

    Mount to filesystem

    we stand in politics
    Yes
    and we modify it
    auth_admin

    This will force the system to ask for the administrator's username and password when mounting a device via USB.

  2.   Yomen said

    And if what I want to do is the opposite, recognize one and discard all the others, how can we use this method.

    sudo chmod 700 / media / is radical and that's not the idea