Disable USB storage and CDROM, but not mice and keybord

Disable USB storage and CDROM, but not mice and keybord

Postby illki » 23 Dec 2014, 15:06

Hi everyone,
As a part of security policy in our company I need to block USB storage, CDROM, and other removable storage for non-root (non admin) users, how can I do that?
Thanks in advance for replies.
illki
 
Posts: 3
Joined: 23 Dec 2014, 15:02

Re: Disable USB storage and CDROM, but not mice and keybord

Postby Maroman » 23 Dec 2014, 15:48

and what about blacklisting these devices? you can check kernel modules loaded (lsmod command in terminal. in my case, looking for usb devices and modules I have
Code: Select all
~$ lsmod | grep usb
usb_storage            56154  0
usbhid                 48599  0
hid                   102250  2 hid_generic,usbhid
btusb                  29721  0
bluetooth             386513  3 ath3k,btusb
usbcore               199395  10 ath3k,btusb,uvcvideo,usb_storage,ohci_hcd,ohci_pci,ehci_hcd,ehci_pci,usbhid,xhci_hcd
scsi_mod              195196  4 sg,usb_storage,libata,sd_mod
usb_common             12440  1 usbcore

) and choose what to blacklist. next create the file /etc/modprobe.d/blacklist.conf containing blacklisted kernel modules. in case of usb storages
Code: Select all
# block access to USB storages
blacklist usb_storage

(always # stands for comment. if you want to change option, just put the sign in front) since I do not have cdrom so I do not know the name of appropriate module. checked, works.

cheers,

you can read also Debian wiki
ride my bike,
User avatar
Maroman
 
Posts: 369
Joined: 02 Jun 2013, 09:17
Location: Warsaw Metropolitan Area, Poland

Re: Disable USB storage and CDROM, but not mice and keybord

Postby illki » 24 Dec 2014, 07:26

will i be able in that case mount usb devices with sudo or root access?
or this case is for disabling usb storage completely?
illki
 
Posts: 3
Joined: 23 Dec 2014, 15:02

Re: Disable USB storage and CDROM, but not mice and keybord

Postby Maroman » 24 Dec 2014, 07:55

illki wrote:will i be able in that case mount usb devices with sudo or root access?
or this case is for disabling usb storage completely?

no. physically the above procedure prevents from loading kernel module (responsible for usb storage). the question is how often you need root access to usb. probable very seldom. so you can comment (#) the line in blacklist config file, reboot (usb is available), do all you need, uncomment and reboot. seems to be complicated, but it isn't. to shorten the time for commenting/uncommenting you can add pluma or caja as root (command gksu pluma) functionality to your menu.

cheers,
ride my bike,
User avatar
Maroman
 
Posts: 369
Joined: 02 Jun 2013, 09:17
Location: Warsaw Metropolitan Area, Poland

Re: Disable USB storage and CDROM, but not mice and keybord

Postby illki » 24 Dec 2014, 16:18

ok, thank you for answer
illki
 
Posts: 3
Joined: 23 Dec 2014, 15:02


Return to Newbie Questions

Who is online

Users browsing this forum: No registered users and 3 guests

cron