1

I have a requirement to disable USB thumb drives, while still allowing other USB devices such as a portable hard drive.

Is there a way to do this in Linux? I know the Windows side has some software that enforces this, and need to do the same on Linux.

specto
  • 218
  • 2
  • 9
  • What is the difference between a thumb drive and an external hard drive? :) – lorenzog Nov 09 '10 at 14:15
  • 2
    I would go back to management and make them define a thumb drive. Tell them that plug in harddrives and thumbdrives are, to the system, the same thing. Find out what risk they are trying to address. The right solution from a security standpoint is to just ban mass storage devices, and allow them to individual users that understand, and have signed, an advanced security policy. – mfarver Nov 09 '10 at 14:35

2 Answers2

2

You can write a hal policy to make some forms of media unmountable. I'm not quite sure how you'd distinguish a thumb drive from a hard drive though.

Ignacio Vazquez-Abrams
  • 45,019
  • 5
  • 78
  • 84
  • Maybe a script that says anything under ~32 gig in size wouldn't mount...not many USB thumb drives are high capacity. But this isn't a kludge I'd want to maintain. But why allow hard disks but not thumbdrives? – Bart Silverstrim Nov 09 '10 at 14:07
  • Unfortunately it's just a bad requirement made by upper management. – specto Nov 09 '10 at 14:16
  • I like your idea about the less than 32gb, however I have no idea how I would implement this. Any insight would be nice. Thanks – specto Nov 09 '10 at 14:21
  • 1
    The `storage.size` property contains the detected size of the volume. – Ignacio Vazquez-Abrams Nov 09 '10 at 14:24
  • @specto: If UM believes that the difference is that a thumb drive is easier to physically conceal, then I can show you a moving-platter storage device that's not much bigger than a thumb drive. – Dennis Williamson Nov 09 '10 at 18:38
  • There are ugly security issues with flash based drives. They can't really be erased, or trusted to be erased. Portable HDD's on the other hand are easy to erase and securely destroy. – Tim Williscroft Nov 16 '10 at 04:05
2

I would definitely seek clarification from management and try to get them to define a better policy.

Also, take a look at writing udev rules, there are some things you can do there that might help. For example, you could write a rule that only mounts USB mass storage devices that are a particular model and/or a particular vendor. I think you could write a rule that would only mount a Maxtor One Touch and ignore anything else.

http://reactivated.net/writing_udev_rules.html

If the concern is that people are stealing data, you could mount everything read only.

If the concern is that people are unwittingly bringing in malware on thumb drives, then you could probably create a udev rule that runs clamav on the drive as soon as it's mounted.

mazianni
  • 241
  • 1
  • 2