Thanks, but the first thing there mention is loading a kernel without USB, which is not really a workable option on recent hardware. The rest seems to be about just USB flash drives. I suppose I can black list the HID modules, but that would also cause issues. What I really need is to be selective about what devices it let's install.
Thanks, Adrian On Wed, Oct 6, 2010 at 9:26 AM, Tidball, Christopher < [email protected]> wrote: > You might want to check out the CIS RedHat Benchmarks. There is a section > on disabling USB devices. > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Michael Miller > Sent: Tuesday, October 05, 2010 4:53 PM > To: PaulDotCom Security Weekly Mailing List > Subject: Re: [Pauldotcom] Blocking new devices with UDEV? > > Adrian, > > Are you looking to block USB storage devices? Or are you looking to have a > whitelist of USB devices? > > On Sat, Oct 2, 2010 at 11:23 AM, Adrian Crenshaw <[email protected]> > wrote: > > Hi all, > > I'm trying to figure out how to block the install of new USB > > hardware in Linux, sort of like how I can do it in Windows: > > > > http://www.irongeek.com/i.php?page=security/locking-down-windows-vista > > -and-windows-7-against-malicious-usb-devices > > > > I'm using blacklisting Dell stuff by vendor ID as an example, though > > it's not my end goal I'm just trying to figure out how things work. > > > > I do a "cat /proc/bus/input/devices" to figure out which keyboard is > > which, then a "udevadm info -a -p /class/input/input10" to probe it > > for strings I can use in a udev rule. My rule looks like this (I tried > > two different ones, and commented things out): > > > > ATTRS{idVendor}=="413c", MODE="0000", RUN+="/opt/kde3/bin/kate" > > #ATTR{modalias}=="input:b0003v413Cp2106e0110-e0,1,4,11,14,k71,72,73,74 > > ,75,77,79,7A,7B,7C,7D,7E,7F,80,81,82,83,84,85,86,87,88,89,8A,8C,8E,96, > > 98,9E,9F,A1,A3,A4,A5,A6,AD,B0,B1,B2,B3,B4,B7,B8,B9,BA,BB,BC,BD,BE,BF,C > > 0,C1,C2,F0,ram4,l0,1,2,sfw", MODE="0000", RUN+="/opt/kde3/bin/kate" > > > > > > Neather seems to do anything. Any ideas? I'm also not sure how to make > > some rules override others. Yes, I've seen > > http://www.reactivated.net/writing_udev_rules.html#external-run but > > it's not really helping me. > > > > Thanks, > > Adrian > > > > > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > This communication is the property of Qwest and may contain confidential or > privileged information. Unauthorized use of this communication is strictly > prohibited and may be unlawful. If you have received this communication > in error, please immediately notify the sender by reply e-mail and destroy > all copies of the communication and any attachments. > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
