How To Disable USB Ports in Linux For Extra Security

Posted on by Aghassi

How To Disable USB Ports in Linux For Extra Security

To secure our infrastructure from data breaches, we have a tendency to use software package & hardware firewalls to limit unauthorized access from outside however knowledge breaches will occur from within in addition. to get rid of such a break, organizations limit & monitor access to the internet & conjointly disable usb storage devices. during this tutorial, we have a tendency to discuss 3 other ways to disable USB ports in Linux.

Method 1 – Fake install

In this techniquewe have a tendency to add a line ‘install usb-storage /bin/true’ that causes the ‘/bin/true’ to run rather than putting in usb-storage module & that is why it is also referred to as ‘Fake Install’ . To do this, create and open a file named ‘block_usb.conf’ (it will be something as well) within the folder ‘/etc/modprobe.d’,

$ sudo vim /etc/modprobe.d/block_usb.conf

& add the below mentioned line,

install usb-storage /bin/true

Now save the file and exit.

Method 2 – Removing the USB driver

Using this methodologywe are able to remove/move the drive for usb-storage (usb_storage.ko) from our machines, therefore creating it not possible to access a usb-storage device from the machine. to move the driver from it’s default location, execute the subsequent command,

$ sudo mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /home/user1

Now the driver isn’t offered on its default location & so wouldn’t be loaded once a usb-storage device is connected to the system & the device wouldn’t be ready to work. however this technique has one very little issue, that’s once the kernel of the system is updated the usb-storage module would once more show up in its default location.

Method 3- Blacklisting USB-storage

We can conjointly blacklist usb-storage using the file ‘/etc/modprobe.d/blacklist.conf’. This file is available on RHEL/CentOS 6 however may have to be compelled to be created on 7. To blacklist usb-storage, open/create the preceding file using vim

$ sudo vim /etc/modprobe.d/blacklist.conf

& enter the following line to blacklist the usb,

blacklist usb-storage

Save file & exit. USB-storage can currently be blocked on the system however this methodology has one major draw back i.e. any privileged user will load the usb-storage module by executing the subsequent command,

$ sudo modprobe usb-storage

This issue makes this technique somewhat not fascinating however it works well for non-privileged users.

Reboot your system once the changes are created to implement the changes created for all the above-named ways.

Conclusion

Do check these ways on a way to disable USB ports in UNIX system & allow us to recognize if you face any issue or have a question using the comment box below.