PaulDotCom mailing list archives
Re: Blocking new devices with UDEV?
From: Adrian Crenshaw <irongeek () irongeek com>
Date: Tue, 5 Oct 2010 22:20:28 -0400
Pretty much a white list. I want to make it so once the core devices are installed, nothing else can be with out manual acceptance by root. Blocking PHUKD devices is the core goal more or less. Thanks, Adrian On Tue, Oct 5, 2010 at 6:53 PM, Michael Miller <mike.mikemiller () gmail com>wrote:
Adrian, Are you looking to block USB storage devices? Or are you looking to have a whitelist of USB devices? On Sat, Oct 2, 2010 at 11:23 AM, Adrian Crenshaw <irongeek () irongeek com> wrote:Hi all, I'm trying to figure out how to block the install of new USB hardwareinLinux, sort of like how I can do it in Windows:http://www.irongeek.com/i.php?page=security/locking-down-windows-vista-and-windows-7-against-malicious-usb-devicesI'm using blacklisting Dell stuff by vendor ID as an example, though it's not my end goal I'm just trying to figure out how things work. I do a "cat /proc/bus/input/devices" to figure out which keyboard iswhich,then a "udevadm info -a -p /class/input/input10" to probe it for stringsIcan use in a udev rule. My rule looks like this (I tried two differentones,and commented things out): ATTRS{idVendor}=="413c", MODE="0000", RUN+="/opt/kde3/bin/kate"#ATTR{modalias}=="input:b0003v413Cp2106e0110-e0,1,4,11,14,k71,72,73,74,75,77,79,7A,7B,7C,7D,7E,7F,80,81,82,83,84,85,86,87,88,89,8A,8C,8E,96,98,9E,9F,A1,A3,A4,A5,A6,AD,B0,B1,B2,B3,B4,B7,B8,B9,BA,BB,BC,BD,BE,BF,C0,C1,C2,F0,ram4,l0,1,2,sfw",MODE="0000", RUN+="/opt/kde3/bin/kate" Neather seems to do anything. Any ideas? I'm also not sure how to makesomerules override others. Yes, I've seen http://www.reactivated.net/writing_udev_rules.html#external-run but it'snotreally helping me. Thanks, Adrian _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Blocking new devices with UDEV? Adrian Crenshaw (Oct 02)
- Re: USB DOS attack (was Blocking new devices with UDEV?) Nathan Sweaney (Oct 04)
- Re: Blocking new devices with UDEV? Michael Miller (Oct 05)
- Re: Blocking new devices with UDEV? Tidball, Christopher (Oct 06)
- Re: Blocking new devices with UDEV? Adrian Crenshaw (Oct 06)
- Re: Blocking new devices with UDEV? Michael Miller (Oct 06)
- Re: Blocking new devices with UDEV? Adrian Crenshaw (Oct 06)
- Re: Blocking new devices with UDEV? Tidball, Christopher (Oct 06)
- Re: Blocking new devices with UDEV? Adrian Crenshaw (Oct 06)