Every effort is always made to maximize device security, but the truth is that this is really difficult when there is physical access -that is, there are people who may be seated in front of them- since information can be extracted in several ways. So today we are going to see how to prevent the USB port of our GNU / Linux servers from being used.
In our operating system this is possible if we first identify that the storage module used in the linux kernel, and we do the same to obtain the name of it. The command used for this is lsmod, which shows us the modules that have been loaded in the running kernel, and we take advantage of the grep tool to filter and obtain only information related to 'usb_storage'.
We open a terminal window and enter:
# lsmod | grep usb_storage
This allows us to see which is the kernel module that uses sub_storage, and after having identified it, what we have to do is download it from the kernel. This is done with the modprobe command together with the "-r" parameter (for "remove"):
#modprobe -r usb_storage
#modprobe -r uas
#lsmod | grep usb
Now we identify the directories that host the GNU / Linux kernel modules with the name "usb-storage":
# ls / lib / modules / 'uname -r' / kernel / drivers / usb / storage /
Now, to prevent these modules from loading in the kernel, we change to the directory of these modules usb-storage and add the suffix "blacklist", with which we change their name to "usb-storage.ko.xz.blacklist" :
#cd / lib / modules / 'uname -r' / kernel / drivers / usb / storage /
#work
#mv usb-storage.ko.xz usb-storage.ko.xz.blacklist
In the case of Debian-based distributions, the name of the modules is slightly different, so the above commands would be as follows:
#cd / lib / modules / 'uname -r' / kernel / drivers / usb / storage /
#work
#mv usb-storage.ko usb-storage.ko.blacklist
That's all, from now on when a pendrive is inserted into the server the related modules will fail to load, and it will not be possible to read their content or copy or move files there. And if at some point we regret it and want to undo this, we simply have to leave the name of the modules as it was at the beginning, that is, removing the extension or suffix «blacklist».