Is it possible to deauthorize all foreign usb by default?

whatthe · 9 December 2020 06:39

I would like to reject unknown USB by default, and ask for a password to mount everytime an unauthorized USB enters one of my pleasure holes.

so for instance, all USB’s that are currently connected (keyboard, mouse, webcam etc) are allowed by default without problem.
however if I plugin a new usb device, I want my system to automatically ask for my password before it gets mounted.

is this possible?

I found this;
https://www.kernel.org/doc/html/latest/usb/authorization.html

however it’s from 2007 and I believe there should be a setting or program (usbguard?) to already do what I ask for.

Question 2)
Also I don’t understand the difference between a usb device and a usb interface? (somebody care to explain?)

thanks in advance

TriMoon · 9 December 2020 06:55

Hmmm interesting and thank you for the link (Added bookmark)
I personally never knew about this functionality, looks interesting !

You could check if it works with current kernel by just performing those commands manually with an USB-Stick…

cscs · 9 December 2020 07:25

The authorized file and its corresponding values of 1 or 0 are still in effect

merlock · 9 December 2020 12:21

That’s a pretty good idea; back around 2007 or so, the US DoD started prohibiting foreign USB devices…if you got caught…you lost not only your network access for 30 days, but you also got your security clearance suspended, with the accompanying pleasure of multiple interviews with the AFOSI-I knew one idiot that went thru this…AFOSI even polygraphed him. All over a stupid iPod.

linux-aarhus · 9 February 2022 18:19