If you are using Linux server or on PC and want to protect the sensitive from getting hacked we used different security software and hardware firewalls to limit external unauthorized access. However, data breaches can also occur internally. To curb on such issues and to save our highly classified data from being copied we can disable the access USB storage devices on our Linux server or desktops.
Block USB port on Linux to disable USB devices
Here we will see three ways to disable the usage of USB storage devices on Linux operating systems to increase the protection level… The tips given below are meant and work smoothly on most popular Linux server OS that is CentOS 6 and 7 including RHEL.
1: Spoof USB installation
The name of this method is spoof because we trick the system to load a bogus USB installation file instead of loading a real USB module. Thus, create and open a file named fake_usb.conf (or possibly you can give anyone name) in the folder /etc/modprobe.d
sudo vi /etc/modprobe.d/fake_usb.conf
Then in the configuration file add the following line:
Install usb - storage / bin / true
Finally, save the file and exit.
Press the ESC button and then type :wq and hit the Enter button.
2: Move the USB driver module to block it
The second way is very simple, uninstall or remove the USB storage driver from your Linux server. Which directly blocked the usage of USB drives, since the USB port will not be going to recognize by the system at all.
Run the following commands, here we are moving a usb-storage.ko.xz file which used by the Linux system to recognize the USB storage devices:
cd /lib/modules/$(uname -r)/kernel/drivers/usb/storage/ mv usb-storage.ko.xz /home/h2s
Note: Replace h2s at the last of above command with your home user.
After executing the above command in which we have m0ved the USB storage driver file from the default location, therefore would be no support for connecting USB storage devices. But this command has one catch, the moment you updated the system kernel, the USB storage module will get back to its place. Thus, if you are updating your server make sure run the above command again.
3: Blacklist the USB Module in Linux
In this method, we can disable USB storage access in Linux OS by putting its module in a blacklist configuration file. On the CentOS and RedHat 6 the blacklist configuration present by default, however, in the CentOS and RedHat 7, you have to create it manually.
Thus, if the blacklist file is not there, then simply use the below command:
sudo vi /etc/modprobe.d/blacklist.conf
When the file gets opened, add the following line in it:
Press the Esc button and to Save the file and exit type :wq and hit the Enter button.
However, like the Second way this method has one loophole, it works until and unless you have the root or superuser access. Because any one with a sudo or root access can easily revoke and load the USB-storage module by using the following command:
sudo modprobe usb-storage
However, don’t worry until you are not going to share the root access the USB storage will not going to work.
Alternatively, you can simply rename the USB storage module that is usb-storage.ko.xz this will also work in Debian Linux Distro.
cd /lib/modules/$(uname -r)/kernel/drivers/usb/storage/
mv usb-storage.ko.xz usb-storage.ko.xz.blacklist
In this way, we can stop anyone to access the USB ports by disabling the USB storage devices on Linux.