How to stop USB Mass Storage device in RHEL/CentOS

Hello Friends,

I’d like to disable all USB devices connected to our Red Hat Linux based workstations. I’d like to disable USB flash or hard drives, which users can use with physical access to a system to quickly copy sensitive data from it.

How do I disable USB device support under RHEL/CentOS workstation operating systems. The USB storage drive automatically detects USB flash or hard drives. You can easily force and disable USB storage devices under any Linux distribution.

The modprobe program used for automatic kernel module loading and can be configured to not load the USB storage driver upon demand. This will prevent the modprobe program from loading the usb-storage module, but will not prevent root (or another program) from using the insmod program to load the module manually.


In linux it’s even more easily done, by unloading the usb_storage module:

for disable the usb storage run the below command :-

# modprobe -r usb_storage

for enable the usb storage run the below command :-

# modprobe -i usb_storage

##############################################################################

The easiest way to disable usb storage device in linux is create following file And add following line inside the file

# touch /etc/modprobe.d/no-usb

install usb-storage /bin/true

##############################################################################

How we will block USB on linux machine.

Hello Friends,

We can block the usb drive on linux system very easily. There are several ways using this we can block or open the USB drive on machine.

Here, we will block USB using script. This script is used in any version on Linux ( Redhat, Centos).
You can create a any .sh file on your linux machine and paste this below script content.

##############################################################################

#!/bin/bash
clear ;
yum -y install sshpass &> /tmp/temp ;
apt-get install sshpass -y &> /tmp/tmp ;
echo  " Welcome $USER , *** WARNING: THIS PROGRAM WILL RESTART THE REMOTE MACHINE *** "
echo ""
echo  " 1. Block USB ports of Machine "
echo  " 2. Open USB ports of Machine "
echo ""
echo -ne " Please Select your choice : "
read choice ;
echo -ne " Please Enter the IP address of Machine : "
read ip ;
echo -ne " please Enter the password for $ip : "
read -s pass ;
case "$choice" in

1)      echo -e "\n";
        echo -ne " You are going to Block the USB ports of $ip ,Are you sure you want to continue connecting (Yes/no)? "
    read choice1 ;
        if [ "$choice1" == "no" ];
        then
                exit ;
        else
                sshpass -p $pass ssh $ip  "echo 'blacklist usb_storage' >>  /etc/modprobe.d/blacklist.conf ; echo 'modprobe -r usb_storage' >> /etc/rc.local ; "
        fi

        echo -e "\n"
        echo -ne " $ip needs a reboot, So we are going to reboot $ip machine. Press 0 to EXIT or Press Enter to reboot the Machine."

        read choice2 ;
        if [ "$choice2" == "0" ]
        then
                exit ;
        else
                 sshpass -p $pass ssh $ip reboot ;
        fi

    ;;
2)      echo -e "\n" ;
        echo -ne " You are going to Open the USB ports of $ip ,Are you sure you want to continue connecting (Yes/no)? "
        read choice3 ;
        if [ "$choice3" == "no" ]
        then
                exit ;
        else
                 sshpass -p $pass ssh $ip "sed -i 's/"blacklist usb_storage"/""/g' /etc/modprobe.d/blacklist.conf ; sed -i 's/"modprobe -r usb_storage"/""/g' /etc/rc.local ;"
        fi
    ;;
*) echo "you have not selected the right option, Try Again. Bye"
   ;;
esac

##############################################################################

When you run the script, it is asking for 2 options, first option is used for blocking the USB drive and second option is for open the block usb drive.

Please read the script carefully and please let me know if you have any doubt in your mind. I will try to resolve your query as earliest.