PaulDotCom mailing list archives
Re: Blocking new devices with UDEV?
From: "Tidball, Christopher" <Christopher.Tidball () qwest com>
Date: Wed, 6 Oct 2010 08:26:09 -0500
You might want to check out the CIS RedHat Benchmarks. There is a section on disabling USB devices. -----Original Message----- From: pauldotcom-bounces () pdc-mail pauldotcom com [mailto:pauldotcom-bounces () pdc-mail pauldotcom com] On Behalf Of Michael Miller Sent: Tuesday, October 05, 2010 4:53 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Blocking new devices with UDEV? Adrian, Are you looking to block USB storage devices? Or are you looking to have a whitelist of USB devices? On Sat, Oct 2, 2010 at 11:23 AM, Adrian Crenshaw <irongeek () irongeek com> wrote:
Hi all, I'm trying to figure out how to block the install of new USB hardware in Linux, sort of like how I can do it in Windows: http://www.irongeek.com/i.php?page=security/locking-down-windows-vista -and-windows-7-against-malicious-usb-devices I'm using blacklisting Dell stuff by vendor ID as an example, though it's not my end goal I'm just trying to figure out how things work. I do a "cat /proc/bus/input/devices" to figure out which keyboard is which, then a "udevadm info -a -p /class/input/input10" to probe it for strings I can use in a udev rule. My rule looks like this (I tried two different ones, and commented things out): ATTRS{idVendor}=="413c", MODE="0000", RUN+="/opt/kde3/bin/kate" #ATTR{modalias}=="input:b0003v413Cp2106e0110-e0,1,4,11,14,k71,72,73,74 ,75,77,79,7A,7B,7C,7D,7E,7F,80,81,82,83,84,85,86,87,88,89,8A,8C,8E,96, 98,9E,9F,A1,A3,A4,A5,A6,AD,B0,B1,B2,B3,B4,B7,B8,B9,BA,BB,BC,BD,BE,BF,C 0,C1,C2,F0,ram4,l0,1,2,sfw", MODE="0000", RUN+="/opt/kde3/bin/kate" Neather seems to do anything. Any ideas? I'm also not sure how to make some rules override others. Yes, I've seen http://www.reactivated.net/writing_udev_rules.html#external-run but it's not really helping me. Thanks, Adrian _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Blocking new devices with UDEV? Adrian Crenshaw (Oct 02)
- Re: USB DOS attack (was Blocking new devices with UDEV?) Nathan Sweaney (Oct 04)
- Re: Blocking new devices with UDEV? Michael Miller (Oct 05)
- Re: Blocking new devices with UDEV? Tidball, Christopher (Oct 06)
- Re: Blocking new devices with UDEV? Adrian Crenshaw (Oct 06)
- Re: Blocking new devices with UDEV? Michael Miller (Oct 06)
- Re: Blocking new devices with UDEV? Adrian Crenshaw (Oct 06)
- Re: Blocking new devices with UDEV? Tidball, Christopher (Oct 06)
- Re: Blocking new devices with UDEV? Adrian Crenshaw (Oct 06)