Pretty much a white list. I want to make it so once the core devices are installed, nothing else can be with out manual acceptance by root. Blocking PHUKD devices is the core goal more or less. Thanks,
Adrian On Tue, Oct 5, 2010 at 6:53 PM, Michael Miller <[email protected]>wrote: > Adrian, > > Are you looking to block USB storage devices? Or are you looking to > have a whitelist of USB devices? > > On Sat, Oct 2, 2010 at 11:23 AM, Adrian Crenshaw <[email protected]> > wrote: > > Hi all, > > I'm trying to figure out how to block the install of new USB hardware > in > > Linux, sort of like how I can do it in Windows: > > > > > http://www.irongeek.com/i.php?page=security/locking-down-windows-vista-and-windows-7-against-malicious-usb-devices > > > > I'm using blacklisting Dell stuff by vendor ID as an example, though it's > > not my end goal I'm just trying to figure out how things work. > > > > I do a "cat /proc/bus/input/devices" to figure out which keyboard is > which, > > then a "udevadm info -a -p /class/input/input10" to probe it for strings > I > > can use in a udev rule. My rule looks like this (I tried two different > ones, > > and commented things out): > > > > ATTRS{idVendor}=="413c", MODE="0000", RUN+="/opt/kde3/bin/kate" > > > #ATTR{modalias}=="input:b0003v413Cp2106e0110-e0,1,4,11,14,k71,72,73,74,75,77,79,7A,7B,7C,7D,7E,7F,80,81,82,83,84,85,86,87,88,89,8A,8C,8E,96,98,9E,9F,A1,A3,A4,A5,A6,AD,B0,B1,B2,B3,B4,B7,B8,B9,BA,BB,BC,BD,BE,BF,C0,C1,C2,F0,ram4,l0,1,2,sfw", > > MODE="0000", RUN+="/opt/kde3/bin/kate" > > > > > > Neather seems to do anything. Any ideas? I'm also not sure how to make > some > > rules override others. Yes, I've seen > > http://www.reactivated.net/writing_udev_rules.html#external-run but it's > not > > really helping me. > > > > Thanks, > > Adrian > > > > > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
