How To Block USB Devices with CHMOD in Linux
Learn how you can block USB devices to avoid viruses using the chmod command in Linux.
Step 1: Check If The Driver Is On The Linux Kernel
To disable USB media support on the server, it will first be necessary to identify if the storage controller is loaded in the distribution kernel, in this case, Ubuntu 17, and validate the name of the controller responsible for this storage medium.
To verify this, we will execute the following.
Thanks to the command “lsmod” it is possible to validate that the “usb_storage” module is in use by the UAS module.
lsmod | grep usb_storage
The next step will be to download both USB storage modules from the kernel and verify if the removal process has been completed successfully, for this we can execute the following commands:
modprobe - r usb_storage modprobe - r uas lsmod | grep usb
Step 2: Edit Linux Policies
The next step will be to list the contents of the USB storage modules directory of the current kernel using the following command:
ls /lib/modules/`uname -r`/kernel/drivers/usb/storage/
There we must identify the name of the USB storage driver which in most cases has the following format:
usb-storage.ko.xz usb-storage.ko
Now, to block the USB storage module in the kernel, it will be necessary to change the path of the USB storage modules from the directory to the kernel and then rename the module usb-storage.ko.xz to usb-storage.ko.xz. Blacklist or usb-storage.ko to usb-storage.ko.blacklist, using the following commands:
cd /lib/modules/`uname -r`/kernel/drivers/usb/storage/ ls sudo mv usb-storage.ko usb-storage.ko.blacklist
In the case of Debian we must execute the following commands for the blocking of the USB storage module:
cd /lib/modules/`uname -r`/kernel/drivers/usb/storage/ ls sudo mv usb-storage.ko usb-storage.ko.blacklist
In this way, when any USB media is connected to the computer, the kernel cannot load the respective input kernel of this storage controller.
To revert the changes, it is enough to rename the device to its original name by executing the following:
cd /lib/modules/`uname -r`/kernel/drivers/usb/storage/ mv usb-storage.ko.blacklist usb-storage.ko
Step 3: Block USB Devices with CHMOD
There is another simple method to achieve the blocking of USB devices in Linux.
We know very well that each USB is mounted in / media / or if the distribution uses systemd, it will be mounted in /run/media/, therefore, we must edit the permissions of these routes so that only the root user has access and nobody else, for this we will execute the following:
sudo chmod 700 /media/
Or in her case:
sudo chmod 700 /run/media/
With this method, the unit will be mounted, but no notification will be displayed to the user, nor will it be able to directly access the contents of this, only the root user.
Hm.. this way is really complicated.
Just add as root:
echo -e “blacklist uas\nblacklist usb_storage” > /etc/modprobe.d/blacklist_usb.conf
update-initramfs -u -k all
Then simply reboot. After that no one can use any usb-storage and similar devices, but root can easily load the kernel-modules and use any usb-storage.
This is cool, but if we connect USB storage device and restart the OS the USB device will detect and use.
nice very good news ,thanks