Blocking USB Storage Devices in Linux

This guide explains multiple methods to block USB mass storage devices by preventing the `usb-storage` and `uas` kernel modules from loading.

Method 1: Using Blacklist File

1. Edit the Blacklist File

Create and open a new configuration file using a text editor such as nano:

sudo nano /etc/modprobe.d/blacklist-usb-storage.conf

2. Add the Following Lines

Add the following two lines to block the usb-storage and uas modules:

blacklist usb_storage
blacklist uas

3. Update initramfs

Run the following command to update the initial RAM file system:

sudo update-initramfs -u

4. Reboot the System

Restart your computer for the changes to take effect. The `usb-storage` and `uas` modules will no longer be loaded, effectively blocking USB mass storage devices.

Method 2: Using the Install Command

This method prevents the `usb-storage` module from loading by telling the system to execute a non-existent command instead.

1. Edit the Configuration File

Create and open a new file using a text editor:

sudo nano /etc/modprobe.d/usb-storage.conf

2. Add the Following Line

Add the following line to block the module:

install usb-storage /bin/true

4. Reboot the System

Restart your computer to apply the changes.

Method 3: Using the Immutable File Attribute

This method locks the configuration files so that even the root user cannot modify or delete them.

1. Set the Immutable Attribute

Use the `chattr` command to set the immutable flag on the configuration files:

sudo chattr +i /etc/modprobe.d/blacklist-usb-storage.conf
sudo chattr +i /etc/modprobe.d/usb-storage.conf

Once set, these files cannot be modified, deleted, renamed, or linked to — even by the root user.

2. Remove the Immutable Attribute (If Needed)

To make changes later, remove the immutable flag using:

sudo chattr -i /etc/modprobe.d/blacklist-usb-storage.conf
sudo chattr -i /etc/modprobe.d/usb-storage.conf