Share on Social Media

In this article, we will show you the best ways to disable USB ports in Linux. #centlinux #linux #cybersecurity

Method 1 – Fake Install:

In this method, we add a line ‘install usb-storage /bin/true’ which causes the ‘/bin/true’ to run instead of installing usb-storage module & that’s why it’s also called ‘Fake Install’.

To do this, execute the following command to create a file named ‘fake_usb.conf’ in the folder ‘/etc/modprobe.d’.

# echo 'install usb-storage /bin/true' > /etc/modprobe.d/fake_usb.conf

Method 2 – Removing the USB driver:

By using this method, you can remove/relocate the driver file for usb-storage (i.e usb_storage.ko) from your machines, thus making it impossible to access a usb-storage device from your Linux machine.

Execute the following command, to relocate the driver from it’s default location.

# mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /home/centlinux

Now the driver is not available at it’s default location, thus it would not be loaded when a usb-storage device is attached to the Linux system and the device would not be able to work.

But this method has one drawback that whenever the Linux Kernel is updated the usb-storage driver is also reinstalled at its default location.

Method 3 – Blacklisting USB-storage:

You can also blacklist usb-storage using the file ‘/etc/modprobe.d/blacklist.conf’. To blacklist usb-storage, execute the following command at Linux commandline.

# echo 'blacklist usb-storage' >> /etc/modprobe.d/blacklist.conf

USB-storage will now be blocked on your Linux system. This method has one downside i.e. any privileged user can load the usb-storage module by executing the following command.

$ sudo modprobe usb-storage

This issue makes this method somewhat not desirable but it works well for non-privileged users.

Reboot your system after the changes.

Conclusion – Disable USB Ports in Linux:

In this article, you have learned how to disable USB ports in Linux.

Leave a Reply

Your email address will not be published. Required fields are marked *