Blocking USB Storage Devices in Linux

This guide explains multiple methods to block USB mass storage devices by preventing the `usb-storage` and `uas` kernel modules from loading.

Method 1: Using Blacklist File

1. Edit the Blacklist File

Create and open a new configuration file using a text editor such as nano:

sudo nano /etc/modprobe.d/blacklist-usb-storage.conf

2. Add the Following Lines

Add the following two lines to block the usb-storage and uas modules:

blacklist usb_storage
blacklist uas

3. Update initramfs

Run the following command to update the initial RAM file system:

sudo update-initramfs -u

4. Reboot the System

Restart your computer for the changes to take effect. The `usb-storage` and `uas` modules will no longer be loaded, effectively blocking USB mass storage devices.

Method 2: Using the Install Command

This method prevents the `usb-storage` module from loading by telling the system to execute a non-existent command instead.

1. Edit the Configuration File

Create and open a new file using a text editor:

sudo nano /etc/modprobe.d/usb-storage.conf

2. Add the Following Line

Add the following line to block the module:

install usb-storage /bin/true

3. Update initramfs

Run the following command to update the initial RAM file system:

sudo update-initramfs -u

4. Reboot the System

Restart your computer to apply the changes.

Method 3: Using the Immutable File Attribute

This method locks the configuration files so that even the root user cannot modify or delete them.

1. Set the Immutable Attribute

Use the chattr command to set the immutable flag on the configuration files:

sudo chattr +i /etc/modprobe.d/blacklist-usb-storage.conf
sudo chattr +i /etc/modprobe.d/usb-storage.conf

Once set, these files cannot be modified, deleted, renamed, or linked to — even by the root user.

2. Remove the Immutable Attribute (If Needed)

To make changes later, remove the immutable flag using:

sudo chattr -i /etc/modprobe.d/blacklist-usb-storage.conf
sudo chattr -i /etc/modprobe.d/usb-storage.conf