How to disable USB Storage Devices on CentOS/RHEL 7?

How to disable USB Storage Devices on CentOS/RHEL 7 ?

The USB storage drive automatically detects USB flash or hard drives. You can easily force and disable USB storage devices under any Linux distribution. The modprobe program used for automatic kernel module loading and can be configured to not load the USB storage driver upon demand. This will prevent the modprobe program from loading the usb-storage module, but will not prevent root (or another program) from using the insmod program to load the module manually.

There are total four ways to do it,


1. Disable by BIOS

   Disable USB from system BIOS configuration option. Make sure BIOS is password protected.

2. Type the following command:
# echo 'install usb-storage /bin/true' >> disable-usb-storage.conf

   You can also remove USB Storage driver, enter:
# ls /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko
# mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /root

3. Create a block list file and add below entry:

# vi /etc/modprobe.d/blacklist.conf
blacklist usb-storage

4. By Grub option

   You can get rid of all USB devices by disabling kernel support for USB via GRUB. Open grub.conf or menu.lst (Under Debian / Ubuntu Linux) and append "nousb" to the kernel line as follows:

# vi //boot/grub2/grub.cfg
linux16 /vmlinuz-3.10.0-957.10.1.el7.x86_64 root=/dev/mapper/centos-root ro crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet LANG=en_IN.UTF-8 nousb

   Save and close the file. Once done just reboot the system:

 # reboot

Comments

Post a Comment

Popular posts from this blog

Recover or restore initramfs file in RHEL or CentOS 7

Image
What if "initramfs" file is deleted or corrupted on your RHEL or CentOS 7 ? Lets know what is initramfs image ? The INITial RAM Disk (initrd) is an initial root file system that usually get mounted prior to when the real root file system gets available. The "initrd" image is also known as "initramfs (Initial RAM FileSystem)" from RHEL 6.x onwards. The initrd/initramfs gets bound to the kernel and loaded as part of the kernel boot procedure. The kernel then mounts this initrd/initramfs as part of the two-stage boot process to load the modules to make the real file systems available and mount's the real root file system. Initrd/Initramfs image provides the capability to load a RAM disk by the boot loader. This RAM disk can then be mounted as the root filesystem and programs can be run from it. Afterwards, a new root file system can be mounted from a different device. The previous root filesystem which was mounted from initrd/initramfs is then
Read more

Space reclamation / UNMAP on RHEL or CentOS 7

What is Space Reclamation? This feature supports Thin Provisioned environment, and it is the process of freeing space from the storage system that has already been freed from the host file system. A host file system contains metadata to keep track to know which blocks are available to store new data and which blocks contain actual data and must not be overwritten. This metadata is stored within the LUN. When a file is deleted in the host file system, the file system metadata is updated to mark that file's blocks as free space. Total file system free space is then recalculated to include the newly-freed blocks. To the storage system, these metadata updates appear no different than any other writes being performed by the host. Therefore, the storage system is unaware that any deletions have occurred. What is Unmapping? Unmapping is a process which de-allocates relationship between LBA and a physical block in a logical unit. Reclamation within RHEL and CentOS: RHEL / Ce
Read more

How to recover /boot partition on RHEL or CentOS 7?

Image
What if mistakenly you delete all the files from /boot partition or files got corrupted due to some reason ! You will see below error on the screen at the time of system boot. But there is a way to recover /boot partition files :) Follow these steps to recover /boot partition : Step 1 :  Mount RHEL or CentOS 7 ISO image on your physical server and boot from it. In case you are using HPE Prolient server you can mount this ISO image on iLO, if this is virtual environment then mount it accordingly and reboot server or VM from ISO. Once rebooted you will see below options: Step 2 :  Scroll down and select "Troubleshooting" option from menu and PRESS "Enter" Step 3 :  Select "Rescue a CentOS system" and press ENTER: Step 4 :  Press ENTER key again to continue: Step 5 :  To continue, Type "1" and press ENTER, this will bring you to rescue mode, chroot sysimage filesystem using below command:
Read more