3

I need to block all USB storage devices (pendrives & mobile devices) but I need to access USB keyboard and USB mouse.

I have already tried by editing /etc/modprobe.d/blacklist.conf by adding blacklist usb_storage but still the system can access USB devices.

Melebius
  • 11,431
  • 9
  • 52
  • 78
Binto Paul K
  • 31

4 Answers4

4

I found in Ubuntu 16.04, some pendrives trigger pickup of the uas.ko kernel driver (USB Attached SCSI driver). And a kernel driver dependency of uas.ko is usb_storage.ko.

Hence, eventhough I had blacklist usb_storage in /etc/modprobe.d/blacklist.conf, usb_storage.ko still got loaded by virtue of dependency to uas.ko

After placing in:

blacklist uas
blacklist usb_storage

into /etc/modprobe.d/blacklist.conf, access to those pendrives no longer works (uas.ko & usb_storage.ko no longer loads) in a running system.

Bear in mind to enforce this during kernel boot, one would also need to make some grub/kernel line modifications of some similar sort in link.

chrish
  • 41
  • 3
2

Another, To disable USB storage, create the following file and edit it with your favourite text editor.

/etc/modprobe.d/usb-storage.conf

Within this file, add the following line.

install usb-storage /bin/true

After saving that line to the /etc/modprobe.d/usb-storage.conf file you will need to perform a reboot to complete the process. After rebooting if you plug in a USB storage device you should not be able to access it.

Nullpointer
  • 1,161
  • 3
  • 15
  • 32
1

From cyberciti:

The usb-storage.ko is the USB Mass Storage driver for Linux operating system. You can see the file typing the following command:

ls -l /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko

All you have to do is disable or remove the usb-storage.ko driver to restrict to use USB devices on Linux such as:

  1. USB keyboards
  2. USB mice
  3. USB pen drive
  4. USB hard disk
  5. Other USB block storage

BIOS option

You can also disable USB from system BIOS configuration option. Make sure BIOS is password protected. This is recommended option so that nobody can boot it from USB.

Grub option

You can get rid of all USB devices by disabling kernel support for USB via GRUB. Open grub.conf or menu.lst and append "nousb" to the kernel line as follows (taken from RHEL 5.x):

kernel /vmlinuz-2.6.18-128.1.1.el5 ro root=LABEL=/ console=tty0 console=ttyS1,19200n8 nousb

Make sure you remove any other reference to usb-storage in the grub or grub2 config files. Save and close the file. Once done just reboot the system:

reboot

Hope this helps.

muru
  • 197,895
  • 55
  • 485
  • 740
steeef
  • 129
  • 1
  • 2
  • 11
1

on /etc/modprobe.d/blacklist.conf add

blacklist uas
blacklist usb-storage

disable uas mod also , i don't kow why it's necessary to blacklist module of uas protocol but it worked for me

jahly
  • 11
  • Welcome to Ask Ubuntu! Could you please explain why it's necessary or beneficial to disable the uas module in this case? (See also How do I write a good answer? for general advice about what sorts of answers are considered most valuable on Ask Ubuntu.) – David Foerster Jan 16 '18 at 13:28
  • Hi,i'm not sure why it's necessary but it worked for me disabling uas module protocol since blacklisting usb-storage module only didn't work – jahly Jan 16 '18 at 13:35
  • Could you please [edit] your post, when you want to clarify something or add information? It’s best to have everything relevant in one place. Additionally, comments may be deleted for various reasons. Thanks. – David Foerster Jan 16 '18 at 13:36