Disable USB Storage Device Support

Posted: August 7, 2013 in Uncategorized
0

USB flash or hard drives allow an attacker with physical access to a system to quickly copy an enormous amount of data from it.

 # Disable Modprobe Loading of USB Storage Driver :

If USB storage devices should not be used, the modprobe program used for automatic kernel module loading should be configured to not load the USB storage driver upon demand.
Add the following line to /etc/modprobe.conf to prevent loading of the usb-storage kernel module:[root@afzalkhan ~]# echo “install usb-storage /bin/true” >> /etc/modprobe.conf

This will prevent the modprobe program from loading the usb-storage module, but will not prevent an administrator from using the insmod program to load the module manually.

# Remove USB Storage Driver :

If your system never requires the use of USB storage devices, then the supporting driver can be removed. To remove the USB storage driver from the system use following command. In my system its located at /lib/modules/2.6.18-128.el5/kernel/drivers/usb/storage/usb-storage.ko

[root@afzalkhan ~]# rm -frv /lib/modules/2.6.18-128.el5/kernel/drivers/usb/storage/usb-storage.ko
removed `/lib/modules/2.6.18-128.el5/kernel/drivers/usb/storage/usb-storage.ko’
[root@afzalkhan ~]#

This command will need to be repeated every time the kernel is updated.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s