Disable all USB devices but keyboard/mouse/flash-drive
You can easily force and disable USB storage devices under any Linux distribution. The modprobe program used for automatic kernel module loading and can be configured to not load the USB storage driver upon demand. This will prevent the modprobe program from loading the usb-storage module, but will not prevent root (or another program) from using the insmod program to load the module manually.
Type the following command:
echo 'install usb-storage : ' >> /etc/modprobe.conf
You can also remove USB Storage driver, enter:
ls /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko
mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /root
BIOS option
You can also disable USB from system BIOS configuration option. Make sure BIOS is password protected.
Grub option
You can get rid of all USB devices by disabling kernel support for USB via GRUB. Open grub.conf or menu.lst (Under Debian / Ubuntu Linux) and append "nousb" to the kernel line as follows:
kernel /vmlinuz-2.6.18-128.1.1.el5 ro root=LABEL=/ console=tty0 console=ttyS1,19200n8 nousb
Save and close the file. Once done just reboot the system:
reboot
mveroone
Updated on September 18, 2022Comments
-
mveroone over 1 year
For security reasons, I would like to make sure no USB device can be connected to my servers running RHEL3 except keyboards, mice and flash drives. To sum up :
What should work :
- Mouse
- Keyboard
- USB storage device
What shouldn't work :
- Printer
- USB modem/NIC
- Wifi dongle
- anything else
Is there any other way than removing according kernel drivers ? If not, which files should be kept in order to keep functionality of accepted devices?
Side-note : some hosts are VMware VMs running on ESXi 4.1 or 5.0. That may be important since I think they may emulates important USB devices (I think about virtual DVD drives which I could need)
-
Michael Hampton over 10 yearsWhy on earth do you still have servers running RHEL 3? -
mveroone over 10 yearsBecause migration to newer OS is planified but will take a lot of time...
-
ott-- over 10 yearsCan't you just setup some udev rules?
-
mveroone over 10 yearsNope,
udevis a feature of 2.6 kernel. RHEL3 is 2.4 =/
-
mveroone over 10 yearsThanks for the extensive answer but it does not totally solve my problem. I want to disable all USB devices BUT mice, keyboards and flash drives. That means disable printers, disable Wireless USB sticks etc. see what I want ?
-
mveroone over 10 yearsThat answers would still be helpful for anyone with the basic need of totally disabling USB.
-
iMitwe over 7 yearsSo to enable back the USB storage, I'd have to move back usb_storage.ko from /root to its previous directory ?
