To secure our infrastructure from data breaches, we use software & hardware firewalls to restrict unauthorized access from outside but data breaches can occur from inside as well. To remove such a possibility, organizations limit & monitor access to the internet & also disable usb storage devices. In this tutorial, we are going to discuss three different ways on how to disable USB ports in Linux.

All three methods have been tested on CentOS 6 & 7 machine & are working as they are supposed to. So let's discuss all the three methods one by one,

( Also Read: Ultimate guide to securing SSH sessions )


Disable USB ports in Linux


Method 1 – Fake install

In this method, we add a line 'install usb-storage /bin/true' which causes the '/bin/true' to run instead of installing usb-storage module & that's why it's also called 'Fake Install' . To do this, create and open a file named 'block_usb.conf' (it can be something as well) in the folder '/etc/modprobe.d',

$ sudo vim /etc/modprobe.d/block_usb.conf

& add the below mentioned line,

install usb-storage /bin/true

Now save the file and exit.

 

Method 2 – Removing the USB driver

Using this method, we can remove/move the drive for usb-storage (usb_storage.ko) from our machines, thus making it impossible to access a usb-storage device from the machine. To move the driver from it's default location, execute the following command,

$ sudo mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /home/user1

Now the driver is not available on its default location & thus would not be loaded when a usb-storage device is attached to the system & the device would not be able to work. But this method has one little issue, that is when the kernel of the system is updated the usb-storage module would again show up in its default location.

 

Method 3- Blacklisting USB-storage

We can also blacklist usb-storage using the file '/etc/modprobe.d/blacklist.conf'. This file is available on RHEL/CentOS 6 but might need to be created on 7. To blacklist usb-storage, open/create the above-mentioned file using vim,

$ sudo vim /etc/modprobe.d/blacklist.conf

& enter the following line to blacklist the usb,

blacklist usb-storage

Save file & exit. USB-storage will now be blocked on the system but this method has one major downside i.e. any privileged user can load the usb-storage module by executing the following command,

$ sudo modprobe usb-storage

This issue makes this method somewhat not desirable but it works well for non-privileged users.

Reboot your system after the changes have been made to implement the changes made for all the above-mentioned methods. Do check these methods on how to disable USB ports in Linux & let us know if you face any issue or have a query using the comment box below.

If you think we have helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter

Linux TechLab is thankful for your continued support.