USB flash or hard drives allow an attacker with physical access to a system to quickly copy an enormous amount of data from it.
# Disable Modprobe Loading of USB Storage Driver :
Add the following line to /etc/modprobe.conf to prevent loading of the usb-storage kernel module:[root@afzalkhan ~]# echo “install usb-storage /bin/true” >> /etc/modprobe.conf
This will prevent the modprobe program from loading the usb-storage module, but will not prevent an administrator from using the insmod program to load the module manually.
# Remove USB Storage Driver :
If your system never requires the use of USB storage devices, then the supporting driver can be removed. To remove the USB storage driver from the system use following command. In my system its located at /lib/modules/2.6.18-128.el5/kernel/drivers/usb/storage/usb-storage.ko
[root@afzalkhan ~]# rm -frv /lib/modules/2.6.18-128.el5/kernel/drivers/usb/storage/usb-storage.ko
removed `/lib/modules/2.6.18-128.el5/kernel/drivers/usb/storage/usb-storage.ko’
[root@afzalkhan ~]#
This command will need to be repeated every time the kernel is updated.