One of the most common security problems in a company is the leakage of information, this is generally given by unrestricted access to the use of mass storage devices such as memory sticks and USB drives, burners. CD / DVD, Internet, etc
This time, I am going to show you how we can restrict a user's access to USB mass storage devices in Linux, so that access to the port is not lost in case of having to connect a mouse USB or charge a battery through it.
Note: all types of USB mass storage device will be disabled, including music players, cameras, etc.
The first thing we must do is remove the user from the group
plugdev
, for this, we execute the following line in the terminal:
sudo gpasswd -d [user] plugdev
This will serve so that once the session is started, Linux do not allow access to these USB devices, but it will not work in case the device is connected from before starting the system.
To avoid these situations, we must make a
blacklist
the module
usb_storage
in the File
/etc/modprobe.d/blacklist.conf
, as follows:
sudo gedit /etc/modprobe.d/blacklist.conf
We add the following lines to the end of the open file:
# Restricción de acceso a dispositivos de almacenamiento masivo USB por Ubunlog.com blacklist usb_storage
We save and close the edited file.
Now we just have to restart our system for the changes to take effect.
In case your USB ports continue to automatically mount the storage media even after following these steps, I recommend reading the entry I wrote to Ubuntising the planet called «Disable USB disk loading in Ubuntu (Extreme Edition)«, In it you can find some steps to follow a little more drastic to ensure the correct deactivation of the USB ports for storage media.
Very good. I schedule it. As soon as I return from my vacation, I do it on all Ubuntu machines (except mine of course). Greetings!
hey, good article, a question, if I want to re-enable the ports, sorry I'm new to Ubuntu.
Very good article, but I would like to know how to do it for only one user and if it can also be done for the reader or other resources in advance Thank you very much. Greetings!
How can we enable the usb device option again, I hope a favorable response as soon as possible
Surely doing the reverse steps, to those described in the post, that is, adding the user that you removed and editing the file and removing the line that you added
I hope the response was favorable and the wait was short 😛
regards
Could you give me a script to enable and disable the usb ports from now on thanks for answering me
Mmmm no, I don't think I can.
regards
disabled the usb ports of a pc with ubuntu following the steps described in ubunlog "sudo mv /lib/modules/`uname -r`/kernel/drivers/usb/storage/usb-storage.ko /home/[user]/", now you want to activate them again, following the steps also described in the post «sudo mv /home/[user]/usb-storage.ko /lib/modules/`uname -r`/kernel/drivers/usb/storage/»
The problem is that it throws an error and logically the ports are not enabled, I tried to do it with the 2 users that the pc has and nothing
why when I save the file it appears that I do not have permission?
And how could I allow only one USB that I want to be able to mount and access, and the rest not. It is like in windows like the MyUSBOnly. Can you help me?