With help of udev we can control USB bus on our machine, which devices can be plugged, which cannot.
Using this rule we only allow two USB flash devices.
#Authorized USB Devices
#1.Corsair Flash Voyager 8Gb
SUBSYSTEMS=="usb", ATTRS{serial}=="AA04012123017226", NAME="Authorized USB Device", GOTO="Exit"
#2. Transcend StoreJet 25F 320Gb
SUBSYSTEMS=="usb", ATTRS{serial}=="31341B14112C", NAME="Authorized USB Device", GOTO="Exit"
##Unauthorized USB Devices
SUBSYSTEMS=="usb", ATTRS{serial}==".*", GOTO="Block Unauthorized USB Devices"
##Block unauthorzed USB Devices
LABEL="Block Unauthorized USB Devices"
DRIVERS=="usb", OPTIONS+="ignore_device"
##Exit for authorized
LABEL="Exit"
#gather info: udevadm info -a -p /sys/block/sdb
#test your rules: udevadm test /sys/devices/....
#todo: logging (usb serial number)
#
Using this rule we only allow two USB flash devices.
#Authorized USB Devices
#1.Corsair Flash Voyager 8Gb
SUBSYSTEMS=="usb", ATTRS{serial}=="AA04012123017226", NAME="Authorized USB Device", GOTO="Exit"
#2. Transcend StoreJet 25F 320Gb
SUBSYSTEMS=="usb", ATTRS{serial}=="31341B14112C", NAME="Authorized USB Device", GOTO="Exit"
##Unauthorized USB Devices
SUBSYSTEMS=="usb", ATTRS{serial}==".*", GOTO="Block Unauthorized USB Devices"
##Block unauthorzed USB Devices
LABEL="Block Unauthorized USB Devices"
DRIVERS=="usb", OPTIONS+="ignore_device"
##Exit for authorized
LABEL="Exit"
#gather info: udevadm info -a -p /sys/block/sdb
#test your rules: udevadm test /sys/devices/....
#todo: logging (usb serial number)
#
Комментариев нет:
Отправить комментарий