Unable to Block USB Storage Devices in blacklist.conf

[linuxnewbie101]

I'm attempting to block usb storage for increased security, but when I add "blacklist usb-storage" to modprobe.d/blacklist.conf no change seems to take effect. I believe this is a bug as another Unbuntu user reported the same problem. Are there any other ways of doing this?

Here's what I've tried so far:
1. Tried to prevent device mounting: sudo udevadm control --exit
re-start the daemon: sudo udevd & disown

2. Added the following 2 lines in blacklist.conf:
"# Block access to USB
blacklist usb_storage"
Use terminal command to enable usb: sudo modprobe usb-storage
disable usb: sudo rmmod usb-storage

3. Terminal Comand: echo "blacklist usb-storage" | sudo tee -a /etc/modprobe.d/blacklist.conf
Then update the initramfs: sudo update-initramfs -u -k all

Code: Select all

Code: Select all

inxi -Fxz
System:    Host: mypc Kernel: 4.10.0-42-generic x86_64 (64 bit gcc: 5.4.0)
           Desktop: Cinnamon 3.6.7 (Gtk 3.18.9-1ubuntu3.3)
           Distro: Linux Mint 18.3 Sylvia
Machine:   System: Gigabyte product: H270N-WIFI v: Default string
           Mobo: Gigabyte model: H270N-WIFI-CF v: x.x
           Bios: American Megatrends v: F6 date: 07/06/2017
CPU:       Quad core Intel Core i5-6500 (-MCP-) cache: 6144 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 25536
           clock speeds: max: 3600 MHz 1: 900 MHz 2: 900 MHz 3: 900 MHz
           4: 900 MHz
Graphics:  Card: NVIDIA GK104 [GeForce GTX 660 Ti] bus-ID: 01:00.0
           Display Server: X.org 1.18.4 drivers: nvidia (unloaded: fbdev,vesa,nouveau)
           tty size: 80x24 Advanced Data: N/A for root
Audio:     Card-1 Intel Device a2f0 driver: snd_hda_intel bus-ID: 00:1f.3
           Card-2 NVIDIA GK104 HDMI Audio Controller
           driver: snd_hda_intel bus-ID: 01:00.1
           Sound: Advanced Linux Sound Architecture v: k4.10.0-42-generic
Network:   Card-1: Intel Ethernet Connection (2) I219-V
           driver: e1000e v: 3.2.6-k bus-ID: 00:1f.6
           IF: enp0s31f6 state: down mac: <filter>
           Card-2: Intel I211 Gigabit Network Connection
           driver: igb v: 5.4.0-k port: d000 bus-ID: 05:00.0
           IF: enp5s0 state: down mac: <filter>
           Card-3: Intel Device 24fd driver: iwlwifi bus-ID: 06:00.0
           IF: wlp6s0 state: up speed: N/A duplex: N/A mac: <filter>
Drives:    HDD Total Size: 7517.5GB (8.1% used)
           ID-1: /dev/sda model: WDC_WD10EZEX size: 1000.2GB temp: 33C
           ID-2: /dev/sdb model: Samsung_SSD_850 size: 500.1GB temp: 0C
           ID-3: /dev/sdc model: ST1000DM003 size: 1000.2GB temp: 39C
           ID-4: /dev/sdd model: WDC_WD10EZEX size: 1000.2GB temp: 38C
           ID-5: /dev/sde model: WDC_WD4004FZWX size: 4000.8GB temp: 46C
           ID-6: USB /dev/sdf model: USB_Flash_Drive size: 16.0GB temp: 0C
Partition: ID-1: / size: 885G used: 535G (64%) fs: ext4 dev: /dev/dm-1
           ID-2: /boot size: 472M used: 124M (28%) fs: ext2 dev: /dev/sdd1
           ID-3: swap-1 size: 34.32GB used: 0.00GB (0%) fs: swap dev: /dev/dm-3
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 29.8C mobo: 27.8C gpu: 0.0:28C
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 268 Uptime: 47 min Memory: 1816.3/32132.3MB
           Init: systemd runlevel: 5 Gcc sys: 5.4.0
           Client: Shell (bash 4.3.481) inxi: 2.2.35 

[illki]

I have the same problem
mint 18.3
adding blacklist usb-storage to blacklist.conf does not work anymore, is there any other solution?

[catweazel]

Code: Select all

blacklist usb_storage

How to block all USB storage devices in Ubuntu

[catweazel]

I have the same problem
mint 18.3
adding blacklist usb-storage to blacklist.conf does not work anymore, is there any other solution?

See above.

[illki]

thanks, this works fine:

Code: Select all

[i]Another, To disable USB storage, create the following file and edit it with your favourite text editor.

/etc/modprobe.d/usb-storage.conf

Within this file, add the following line.

install usb-storage /bin/true

After saving that line to the /etc/modprobe.d/usb-storage.conf file you will need to perform a reboot to complete the process. After rebooting if you plug in a USB storage device you should not be able to access it[/i].

[catweazel]

thanks

You're most welcome.

[illki]

ps
the above works only for regular users, for admin accounts - does not