Disable USB Storage Device Support

USB flash or hard drives allow an attacker with physical access to a system to quickly copy an enormous amount of data from it.

# Disable Modprobe Loading of USB Storage Driver :

If USB storage devices should not be used, the modprobe program used for automatic kernel module loading should be configured to not load the USB storage driver upon demand.
Add the following line to /etc/modprobe.conf to prevent loading of the usb-storage kernel module:[root@afzalkhan ~]# echo “install usb-storage /bin/true” >> /etc/modprobe.conf

This will prevent the modprobe program from loading the usb-storage module, but will not prevent an administrator from using the insmod program to load the module manually.

# Remove USB Storage Driver :

If your system never requires the use of USB storage devices, then the supporting driver can be removed. To remove the USB storage driver from the system use following command. In my system its located at /lib/modules/2.6.18-128.el5/kernel/drivers/usb/storage/usb-storage.ko

[root@afzalkhan ~]# rm -frv /lib/modules/2.6.18-128.el5/kernel/drivers/usb/storage/usb-storage.ko
removed `/lib/modules/2.6.18-128.el5/kernel/drivers/usb/storage/usb-storage.ko’
[root@afzalkhan ~]#

This command will need to be repeated every time the kernel is updated.

Advertisement