Ubuntu Device Control

security usb debian

I work on the security team and we are trying to lock down our systems. We are looking for a technical solution to lock down media burning, USB blocking etc. I found USBdeview but that only allows me to block a thumb drive once it is used. Is there anything open source or COTS that I can try and use in our environments? We are heavily Debian flavored. Thank you!


This all depends on what you want to block. There are no out-of-the-box tools to configure this, and most of the ways to restrict this are going to be system-wide restrictions. I'll share some information that I have though on how to block certain things

USB Storage Media: Blocking all USB Storage Devices

One of the chaotic things I ran into with a temporary thing at my Full Time job was we wanted to disable USB storage devices except for a few devices on the system. Adapting that solution we can make it so USB Storage Devices will fail to operate and fail to be mounted or visible. It will also unbind the thing with sysfs, but will also permit the use of non-storage devices (keyboards, mice) theoretically. I do not have an extra system to test these rules at the moment, and they were written around the 12.04 era so they may not function as intended anymore.

  1. Create /etc/udev/rules.d/100-unbind-usb-storage.rules

  2. Add the following rules to the new file:

    KERNELS=="[1-9]*-[0-9]*", SUBSYSTEM=="block", ENV{ID_BUS}=="usb", ENV{IF_STORAGE_REMOVE_ME}="1"
ENV{IF_STORAGE_REMOVE_ME}=="1", RUN+="/bin/sh -c 'echo -n %k >/sys%p/driver/unbind'"

  3. Reboot your system for these rules to take effect. Any time your computer has a USB device connected to it which is a 'block' device (storage) it will trigger an unbind rule that basically disconnects the USB device. Anyone who does not have superuser will not be able to 'rebind' the device, even if they unplug and replug the device.

USB Storage Media blocking rule is based on answers to my six year old question on the UDEV approach to blocking USB devices - udev rules to allow only one vendor and model USB drive but no others

CD/Optical Media: Disallow Use of Drive (i.e. remove/disable driver)

Unless your users are given superuser on the system, you can simply remove the kernel module for the SCSI connected (SATA if you want to be more modern) connection for the sr devices that Optical Media list as.

echo "blacklist sr_mod" >> /etc/modprobe.d/blacklist-sr_mod.conf

This will blacklist the sr_mod kernel module which should render the CD/DVD/Bluray optical drives unusable.

I have not tested the veracity of this solution, as I have no devices with optical media attached, even external optical media reader/writer devices.

Source for the kernel blacklist answer: https://serverfault.com/a/448725/74939

Related

Logitech C922 webcam not detected on Ubuntu 18.04LTS
Air mouse not working if attached directly to USB, but it works if attached using a hub
Firefox cannot determine location in Ubuntu 20.04
How to download Games
Bluetooth doesn't turn on
mesg y command not working
USB Webcam microphone not working until re-plugged
I got this error while installing atom [duplicate]
Built-in laptop screen not detected when using Nvidia driver
Reactjs map works but forEach doesn't
Set minimum and maximum characters in a regular expression
Assigning 128 bit integer in C