Issue:
How to disable USB storage device and external Hard Disk ( Note:- Don't want to disable USB keyboard and mouse ) in Red hat 7 and CentOS 7.
Solution:
You have to edit and write a few udev policy rules.
You cannot "disable" it (easily) - remove the plugs from the mother board, inactivate them in the bios is as close as you get to disabling things completely. In the end, the way to prevent it's use is to not install software to use a feature, and not provide physical access to a system. Once it's known by the BIOS it's known to the system. You can completely remove USB support from the kernel, but you can still work around that in theory.
So remove FUSE, use udev to set security so the devices cannot be accessed by end users (note that anyone can create device file and use that - so you need other system security like selinux to block for those options). http://weininger.net/how-to-write-udev-rules-for-usb-devices.html is an example of how to do udev. UDev is quite complex and has many many rules that you'll need to visit.
No comments:
Post a Comment