Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-18-2006, 06:58 AM
|
#1
|
LQ Newbie
Registered: Aug 2006
Posts: 17
Rep:
|
Disable mounting removable media
Hi,
I would like to disable mounting the removable media like CD-Rom, USB, Floppy etc.. on the server.
How can I achieve it. Also how to enable it whenever I required?
I am using RHEL 4 AS version.
|
|
|
10-18-2006, 07:04 AM
|
#2
|
Member
Registered: Sep 2004
Location: Melbourne, Victoria Australia
Distribution: Support those that support you :)
Posts: 872
Rep:
|
Quote:
Originally Posted by pavangogineni
Hi,
I would like to disable mounting the removable media like CD-Rom, USB, Floppy etc.. on the server.
How can I achieve it. Also how to enable it whenever I required?
I am using RHEL 4 AS version.
|
do you Disable auto mount or prevent mounting period?
If you disable or uninstall HAL (engine that scans for new disks)
USB cd/dvd wont be mounted unless you use the full mount -t command.
|
|
|
10-18-2006, 08:16 AM
|
#3
|
Senior Member
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530
Rep:
|
It's a bit of a hack, and it'll probably end up making lots of warning/error messages in the system logs, and it is only for USB devices, but IF your setup has the usb_storage kernel module compiled as a module (and not simply built into the kernel itself), you can blacklist the usb_module kernel module. I tried it, and it works on Ubuntu.
In Ubuntu this can be done by creating a file in /etc/modprobe.d (with any name), containing:
Code:
blacklist usb_storage
Not sure how to do the same thing in RHEL. Anyone know?
Last edited by matthewg42; 10-18-2006 at 08:18 AM.
|
|
|
10-19-2006, 01:42 AM
|
#4
|
LQ Newbie
Registered: Aug 2006
Posts: 17
Original Poster
Rep:
|
Here I would like to disable automount and also using command (mount -t .......).
That is whenever anyone tries to mount any USB/CD/any removable media to copy some data it shouldn't allow them to do so.
Only I (superuser) want to enable mounting it whenever I required.
Is there anything possible to lock the mount process to work only for UID 0 or something like that???
If so is there any problem when the system boots??
I tried to rename the mount command and it worked fine. But when the system boots it fails to locate the "mount" command to mount the disks and it hangs. Where are the modifications I need to do this.
Last edited by pavangogineni; 10-19-2006 at 01:46 AM.
|
|
|
10-19-2006, 02:08 AM
|
#5
|
Member
Registered: Sep 2004
Location: Melbourne, Victoria Australia
Distribution: Support those that support you :)
Posts: 872
Rep:
|
Quote:
Originally Posted by pavangogineni
Here I would like to disable automount and also using command (mount -t .......).
That is whenever anyone tries to mount any USB/CD/any removable media to copy some data it shouldn't allow them to do so.
Only I (superuser) want to enable mounting it whenever I required.
Is there anything possible to lock the mount process to work only for UID 0 or something like that???
If so is there any problem when the system boots??
I tried to rename the mount command and it worked fine. But when the system boots it fails to locate the "mount" command to mount the disks and it hangs. Where are the modifications I need to do this.
|
Hey i just had an idea so great its Petarded
Code:
alias mount='echo "access to removable devices has been disabled"
Add this line to a startup script (after all devices have been mounted)
on Mandriva i have no idea else where
/etc/rc.local (the last list of command before prompt is shown)
this way noone can use mount
effects are not permanent and your drives will still mount at bootup.
Gatekeeper:~ # mount
access to removable devices has been disabled
Gatekeeper:~ #
Last edited by carl0ski; 10-19-2006 at 02:10 AM.
|
|
|
10-19-2006, 03:04 AM
|
#6
|
LQ Newbie
Registered: Aug 2006
Posts: 17
Original Poster
Rep:
|
But what about automount???
|
|
|
10-19-2006, 04:25 AM
|
#7
|
Member
Registered: Nov 2005
Posts: 144
Rep:
|
Quote:
Originally Posted by carl0ski
Hey i just had an idea so great its Petarded
Code:
alias mount='echo "access to removable devices has been disabled"
|
This is very easy to circumvent: just call mount with its full path (/bin/mount).
The safe way to do this would be to edit /etc/fstab and add "nouser" to the usb storage line:
Code:
/dev/sda1 /media/usb auto nouser,noauto 0 0
This should effectively prevent anyone from mounting usb devices. The normal mount command with mount point and options can only be executed by root (at least on my system, ubuntu).
Regards,
Lothar
|
|
|
10-19-2006, 11:24 AM
|
#8
|
Member
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480
Rep:
|
Quote:
Originally Posted by carl0ski
Hey i just had an idea so great its Petarded
Code:
alias mount='echo "access to removable devices has been disabled"
Add this line to a startup script (after all devices have been mounted)
on Mandriva i have no idea else where
/etc/rc.local (the last list of command before prompt is shown)
this way noone can use mount
effects are not permanent and your drives will still mount at bootup.
Gatekeeper:~ # mount
access to removable devices has been disabled
Gatekeeper:~ #
|
You used the words, not me, but this is a somewhat retarded solution which can be easily bypassed by someone invoking mount with it's full path, or by simply deleting the alias from the shell.
|
|
|
10-19-2006, 11:26 AM
|
#9
|
Member
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480
Rep:
|
Quote:
Originally Posted by pavangogineni
Here I would like to disable automount and also using command (mount -t .......).
That is whenever anyone tries to mount any USB/CD/any removable media to copy some data it shouldn't allow them to do so.
Only I (superuser) want to enable mounting it whenever I required.
Is there anything possible to lock the mount process to work only for UID 0 or something like that???
If so is there any problem when the system boots??
I tried to rename the mount command and it worked fine. But when the system boots it fails to locate the "mount" command to mount the disks and it hangs. Where are the modifications I need to do this.
|
If you kill off (or simply don't run) the automounter that takes care of auto-mounting, and if you'r e not using HAL/dbus there's nothing else that's likely to be able to automatically mount things.
Users can not, by default, mount anything. As long as you don't have anything in /etc/fstab saying they can mount media, only root will be able to do this.
|
|
|
All times are GMT -5. The time now is 04:58 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|