[NEVER TESTED] modprobe USB devices except keyboards and mice

Support for security such as Firewalls and securing linux
Post Reply
User avatar
warron.french
Posts: 495
Joined: 2014/03/27 20:21:58

[NEVER TESTED] modprobe USB devices except keyboards and mice

Post by warron.french » 2016/01/19 12:33:41

Hello, where I work we have to put in USB device kernel driver 'blocks.'

Is there a way to modproble 'block' USB mass storage devices, but still allow USB keyboards and mice?

If so, what is the appropriate syntax for such a goal, and what else is left 'usable?'


Thank you in advance,
Last edited by warron.french on 2016/05/16 16:40:13, edited 1 time in total.
Thanks,
War

User avatar
Super Jamie
Posts: 310
Joined: 2014/01/10 23:44:51

Re: modprobe USB devices except keyboards and mice

Post by Super Jamie » 2016/02/15 13:12:30

A udev rule similar to this should match USB storage only:

Code: Select all

ACTION=="add", KERNEL=="sd?", SUBSYSTEM=="block", ENV{ID_BUS}=="usb", RUN="/bin/true"

User avatar
warron.french
Posts: 495
Joined: 2014/03/27 20:21:58

Re: modprobe USB devices except keyboards and mice

Post by warron.french » 2016/05/06 03:01:12

Super Jamie, and this will enable all other types of USB devices while still disabling USB storage devices?


Please confirm, thanks.


Last bumped by warron.french on 2016/05/06 03:01:12.
Thanks,
War

Post Reply

Return to “CentOS 6 - Security Support”