Disabling USB storage.
 

!!!!!Hello Everyone!!!!!!!!

I am trying to disable USB storage from servers.
What I did is as following

1> modprobe -vr usb_storage

2> blacklist usb_storage

It is working fine. But root can again load the module into the kernel. [ modeprobe -v usb_storage ]

I want to restrict this also. My requirement is not even root can access the usb storage.


Distro: RHEL 5.X 64bit

Is there any way?

Unplug the USB ports from the mother board. Or as I once saw, fill the port with some kind of epoxy!

There isn't a software solution that can't be undone by someone with root access. That's the nature of the root account. If you can't trust someone with root access then perhaps they shouldn't have it.

disable USB
 

Yes we can do that... but we have 90 servers. can not afford downtime.
What if I directly delete the module usb-storage.ko??
Will it affect while booting??

rm /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko

I'm not sure. If it's been black listed then possibly not. You could certainly test it on one, but someone else will need to answer that part (I've not tried it)

Point to consider; if your concerned about some one with root access reloading the module then what's to stop them from rebuilding the module or copying it back in from somewhere. Just a thought.

Most Servers will let you selective turn off the internal/front/back USB ports as you wish in the BIOS or Management console. Of course this disabled the port completely.

!!!!Hello Everyone!!!

I have removed the usb-storage.ko module and rebooted the system. There is no problem while booting.
So think this way is working in my situation.

Thanks everybody for taking interest in my thread.