PaulDotCom mailing list archives

Re: Blocking new devices with UDEV?

From: Adrian Crenshaw <irongeek () irongeek com>
Date: Tue, 5 Oct 2010 22:20:28 -0400

Pretty much a white list. I want to make it so once the core devices are
installed, nothing else can be with out manual acceptance by root. Blocking
PHUKD devices is the core goal more or less.
Thanks,

Adrian

On Tue, Oct 5, 2010 at 6:53 PM, Michael Miller <mike.mikemiller () gmail com>wrote:

Adrian,

Are you looking to block USB storage devices?  Or are you looking to
have a whitelist of USB devices?

On Sat, Oct 2, 2010 at 11:23 AM, Adrian Crenshaw <irongeek () irongeek com>
wrote:

Hi all,
   I'm trying to figure out how to block the install of new USB hardware

in

Linux, sort of like how I can do it in Windows:

http://www.irongeek.com/i.php?page=security/locking-down-windows-vista-and-windows-7-against-malicious-usb-devices


I'm using blacklisting Dell stuff by vendor ID as an example, though it's
not my end goal I'm just trying to figure out how things work.

I do a "cat /proc/bus/input/devices" to figure out which keyboard is

which,

then a "udevadm info -a -p /class/input/input10" to probe it for strings

can use in a udev rule. My rule looks like this (I tried two different

ones,

and commented things out):

ATTRS{idVendor}=="413c", MODE="0000", RUN+="/opt/kde3/bin/kate"

#ATTR{modalias}=="input:b0003v413Cp2106e0110-e0,1,4,11,14,k71,72,73,74,75,77,79,7A,7B,7C,7D,7E,7F,80,81,82,83,84,85,86,87,88,89,8A,8C,8E,96,98,9E,9F,A1,A3,A4,A5,A6,AD,B0,B1,B2,B3,B4,B7,B8,B9,BA,BB,BC,BD,BE,BF,C0,C1,C2,F0,ram4,l0,1,2,sfw",

MODE="0000", RUN+="/opt/kde3/bin/kate"


Neather seems to do anything. Any ideas? I'm also not sure how to make

some

rules override others. Yes, I've seen
http://www.reactivated.net/writing_udev_rules.html#external-run but it's

not

really helping me.

Thanks,
Adrian



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Blocking new devices with UDEV? Adrian Crenshaw (Oct 02)
- Re: USB DOS attack (was Blocking new devices with UDEV?) Nathan Sweaney (Oct 04)
- Re: Blocking new devices with UDEV? Michael Miller (Oct 05)
  - Re: Blocking new devices with UDEV? Tidball, Christopher (Oct 06)
    - Re: Blocking new devices with UDEV? Adrian Crenshaw (Oct 06)
    - Re: Blocking new devices with UDEV? Michael Miller (Oct 06)
    - Re: Blocking new devices with UDEV? Adrian Crenshaw (Oct 06)
  - Re: Blocking new devices with UDEV? Adrian Crenshaw (Oct 06)