Thanks, looking at it now. Those settings don't last a reboot so I'll have to see if I can figure out how to make scripts that start at the right times in case someone plugs in while the system is off.
Thanks, Adrian On Wed, Oct 6, 2010 at 4:28 PM, Michael Miller <[email protected]>wrote: > So after looking at udev and figuring out how sysfs and hotplug all > play into this. I think what your looking for is USB device > authorization. > > Take a look at the following. > http://www.mjmwired.net/kernel/Documentation/usb/authorization.txt > > > On Wed, Oct 6, 2010 at 7:29 AM, Adrian Crenshaw <[email protected]> > wrote: > > Thanks, but the first thing there mention is loading a kernel without > USB, > > which is not really a workable option on recent hardware. The rest seems > to > > be about just USB flash drives. I suppose I can black list the HID > modules, > > but that would also cause issues. What I really need is to be selective > > about what devices it let's install. > > > > > > Thanks, > > Adrian > > > > On Wed, Oct 6, 2010 at 9:26 AM, Tidball, Christopher > > <[email protected]> wrote: > >> > >> You might want to check out the CIS RedHat Benchmarks. There is a > section > >> on disabling USB devices. > >> > >> -----Original Message----- > >> From: [email protected] > >> [mailto:[email protected]] On Behalf Of > Michael > >> Miller > >> Sent: Tuesday, October 05, 2010 4:53 PM > >> To: PaulDotCom Security Weekly Mailing List > >> Subject: Re: [Pauldotcom] Blocking new devices with UDEV? > >> > >> Adrian, > >> > >> Are you looking to block USB storage devices? Or are you looking to > have > >> a whitelist of USB devices? > >> > >> On Sat, Oct 2, 2010 at 11:23 AM, Adrian Crenshaw <[email protected] > > > >> wrote: > >> > Hi all, > >> > I'm trying to figure out how to block the install of new USB > >> > hardware in Linux, sort of like how I can do it in Windows: > >> > > >> > > http://www.irongeek.com/i.php?page=security/locking-down-windows-vista > >> > -and-windows-7-against-malicious-usb-devices > >> > > >> > I'm using blacklisting Dell stuff by vendor ID as an example, though > >> > it's not my end goal I'm just trying to figure out how things work. > >> > > >> > I do a "cat /proc/bus/input/devices" to figure out which keyboard is > >> > which, then a "udevadm info -a -p /class/input/input10" to probe it > >> > for strings I can use in a udev rule. My rule looks like this (I tried > >> > two different ones, and commented things out): > >> > > >> > ATTRS{idVendor}=="413c", MODE="0000", RUN+="/opt/kde3/bin/kate" > >> > #ATTR{modalias}=="input:b0003v413Cp2106e0110-e0,1,4,11,14,k71,72,73,74 > >> > ,75,77,79,7A,7B,7C,7D,7E,7F,80,81,82,83,84,85,86,87,88,89,8A,8C,8E,96, > >> > 98,9E,9F,A1,A3,A4,A5,A6,AD,B0,B1,B2,B3,B4,B7,B8,B9,BA,BB,BC,BD,BE,BF,C > >> > 0,C1,C2,F0,ram4,l0,1,2,sfw", MODE="0000", RUN+="/opt/kde3/bin/kate" > >> > > >> > > >> > Neather seems to do anything. Any ideas? I'm also not sure how to make > >> > some rules override others. Yes, I've seen > >> > http://www.reactivated.net/writing_udev_rules.html#external-run but > >> > it's not really helping me. > >> > > >> > Thanks, > >> > Adrian > >> > > >> > > >> > > >> > _______________________________________________ > >> > Pauldotcom mailing list > >> > [email protected] > >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> > Main Web Site: http://pauldotcom.com > >> > > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > >> This communication is the property of Qwest and may contain confidential > >> or > >> privileged information. Unauthorized use of this communication is > strictly > >> prohibited and may be unlawful. If you have received this communication > >> in error, please immediately notify the sender by reply e-mail and > destroy > >> all copies of the communication and any attachments. > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > > > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
