Disallow users to mount usb flash drives or HDD
Hi there,
I am looking for a precise way to block the users from mount USB mass storage devices (i.e., flash drives, hard disks and etc) in my Debian 9 diskless stations. I checked the PolicyKit instructions but I still have no idea in how to prevent the users from the users from mounting USB media. Disabling the udisks2 service is not working and even if I can stop the udisks2 he can start again and allow the users to mount their removeable usb media normally. I need to secure my server and cannot allow anyone mount their media on the server. Best regards, F.Borges |
Couple of thoughts
Remove the kernel module Code:
mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /home/somewhere Code:
/usr/lib/modules/5.0.9-arch1-1-ARCH/kernel/drivers/usb/storage/usb-storage.ko.xz Code:
cat /etc/modprobe.d/blacklist.conf You can modprobe it back though. Turn off usb in BIOS/UEFI Deny access Code:
chmod 000 /media lsusb to see whats attached, then Code:
echo "disabled" > /sys/bus/usb/devices/usbX/power/wakeup Code:
cat /sys/bus/usb/devices/usb1/power/wakeup Then there is Code:
pacman -Si usbguard |
Check out usbguard
To start protecting your system, you can use the USBGuard shell command and its generate-policy sub-command to generate an initial policy for your system instead of writing one from scratch. The tool generates an allow policy for all devices currently connected to your system. Code:
sudo apt-get update ; sudo apt-get install usbguard |
Thanks for the help. I also successfully blocked the USB mounting with the policykit by adding the following rule at /etc/polkit-1/localauthority/50-local.d by creating the file disallow-mounting.pkla with the following contents:
Quote:
|
All times are GMT -5. The time now is 02:45 AM. |