You might want to check out the CIS RedHat Benchmarks. There is a section on disabling USB devices.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Miller Sent: Tuesday, October 05, 2010 4:53 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Blocking new devices with UDEV? Adrian, Are you looking to block USB storage devices? Or are you looking to have a whitelist of USB devices? On Sat, Oct 2, 2010 at 11:23 AM, Adrian Crenshaw <[email protected]> wrote: > Hi all, > I'm trying to figure out how to block the install of new USB > hardware in Linux, sort of like how I can do it in Windows: > > http://www.irongeek.com/i.php?page=security/locking-down-windows-vista > -and-windows-7-against-malicious-usb-devices > > I'm using blacklisting Dell stuff by vendor ID as an example, though > it's not my end goal I'm just trying to figure out how things work. > > I do a "cat /proc/bus/input/devices" to figure out which keyboard is > which, then a "udevadm info -a -p /class/input/input10" to probe it > for strings I can use in a udev rule. My rule looks like this (I tried > two different ones, and commented things out): > > ATTRS{idVendor}=="413c", MODE="0000", RUN+="/opt/kde3/bin/kate" > #ATTR{modalias}=="input:b0003v413Cp2106e0110-e0,1,4,11,14,k71,72,73,74 > ,75,77,79,7A,7B,7C,7D,7E,7F,80,81,82,83,84,85,86,87,88,89,8A,8C,8E,96, > 98,9E,9F,A1,A3,A4,A5,A6,AD,B0,B1,B2,B3,B4,B7,B8,B9,BA,BB,BC,BD,BE,BF,C > 0,C1,C2,F0,ram4,l0,1,2,sfw", MODE="0000", RUN+="/opt/kde3/bin/kate" > > > Neather seems to do anything. Any ideas? I'm also not sure how to make > some rules override others. Yes, I've seen > http://www.reactivated.net/writing_udev_rules.html#external-run but > it's not really helping me. > > Thanks, > Adrian > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
