Block USB completely
From Notes_Wiki
Home > CentOS > CentOS 6.x > Desktop tips and tricks > Blocking USB ports in Linux > Block USB completely
Block by disabling kernel module usb_storage
To block USB by disabling kernel module use following steps:
- See if any usb_storage device is already in use using: "lsmod | grep usb"
- The last number displayed should be 0 such as:
- usb_storage 49100 0
-
- Or there would be no output line, which is also perfectly fine.
- The last number displayed should be 0 such as:
- In case a line was displayed with non-zero number, umount devices till number is zero. Then remove kernel module using:
- rmmod usb_storage
-
- Do not worry we are not deleting the module, just removing it from current kernel temporarily.
- To disable auto insertion of usb_storage module use:
- echo 'install usb-storage :' > /etc/modprobe.conf
-
- Note that kernel module has hypen(-) in filename and underscore(_) when detected. Please type - or _ appropriately as suggested here.
- Ignore "WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/" warnings
Enable kernel-module manually as root
To enable kernel module manually as root use:
- insmod /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko
- "lsmod | grep usb" and verify module is avialable
- Use the USB device and then umount / disconnect it
- "lsmod | grep usb" and verify that count of devices is 0 (Last number)
- rmmod usb_storage
Disabling USB in BIOS
USB can be disabled in BIOS, but then password-protect BIOS. Also remember this password properly as resetting BIOS password would require motherboard jumper configuration (or removal of CMOS battery)
Disable USB via GRUB
To disable USB via GRUB add parameter 'nousb' at end of kernel parameters. This requires reboot.
Many steps learned from http://www.cyberciti.biz/faq/linux-disable-modprobe-loading-of-usb-storage-driver/
Home > CentOS > CentOS 6.x > Desktop tips and tricks > Blocking USB ports in Linux > Block USB completely
