-
Notifications
You must be signed in to change notification settings - Fork 0
/
30-usb-lockdown.rules
47 lines (35 loc) · 3.23 KB
/
30-usb-lockdown.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# USB 장치의 유형을 식별하는 코드는 아래 링크 참고
# https://usb.org/defined-class-codes
# block all USB
#ACTION=="add", SUBSYSTEMS=="usb", RUN+="/bin/sh -c 'for host in /sys/bus/usb/devices/usb*; do echo 0 > $host/authorized_default; done'"
# Mass Storage 유형의 장치만 모두 작동되지 않도록 블럭
ACTION=="add", SUBSYSTEMS=="usb", RUN+="/bin/sh -c 'for host in /sys/bus/usb/devices/usb*; do echo 1 > $host/authorized_default; done'"
ACTION=="add", ATTR{bInterfaceClass}=="08", RUN+="/bin/sh -c 'for host in /sys/bus/usb/devices/usb*; do echo 0 > $host/authorized_default; done'"
ACTION=="remove", ATTR{bInterfaceClass}=="08", RUN+="/bin/sh -c 'for host in /sys/bus/usb/devices/usb*; do echo 0 > $host/authorized_default; done'"
# 모든 허가되지 않은 USB에 대해서 차단 메세지 보이기
ACTION=="add", ATTR{bInterfaceClass}=="08", RUN+="/bin/sh -c '/usr/local/bin/usb-unauthorized'"
# DONT REMOVE !!! - Intel vPro Keyboard
ACTION=="add", ATTR{idVendor}=="8087", ATTR{idProduct}=="002c", RUN="/bin/sh -c 'echo 1 >/sys/\$devpath/authorized'"
# Enable hub devices
ACTION=="add", ATTR{bDeviceClass}=="03", RUN+="/bin/sh -c 'echo 1 >/sys$DEVPATH/authorized'"
ACTION=="add", ATTR{bDeviceClass}=="07", RUN+="/bin/sh -c 'echo 1 >/sys$DEVPATH/authorized'"
ACTION=="add", ATTR{bDeviceClass}=="09", RUN+="/bin/sh -c 'echo 1 >/sys$DEVPATH/authorized'"
# only specific USB ALLOW - this case is my pc's usb mouse
ACTION=="add", ATTR{idVendor}=="046d", ATTR{idProduct}=="c077", RUN="/bin/sh -c 'echo 1 >/sys/\$devpath/authorized'"
# Authorized USB only ALLOW - this case is HamoniKR USB
ACTION=="add", ATTR{idVendor}=="0781", ATTR{idProduct}=="5567", RUN="/bin/sh -c 'echo 1 >/sys/\$devpath/authorized'"
# Authorized USB only ALLOW - Intel vPro Keyboard
ACTION=="add", ATTR{idVendor}=="8087", ATTR{idProduct}=="002c", RUN="/bin/sh -c 'echo 1 >/sys/\$devpath/authorized'"
# added for samsumg laptop nx-200
ACTION=="add", ATTR{idVendor}=="8087", ATTR{idProduct}=="8001", RUN="/bin/sh -c 'echo 1 >/sys/\$devpath/authorized'"
ACTION=="add", ATTR{idVendor}=="196b", ATTR{idProduct}=="0002", RUN="/bin/sh -c 'echo 1 >/sys/\$devpath/authorized'"
ACTION=="add", ATTR{idVendor}=="05e3", ATTR{idProduct}=="0747", RUN="/bin/sh -c 'echo 1 >/sys/\$devpath/authorized'"
ACTION=="add", ATTR{idVendor}=="0781", ATTR{idProduct}=="5583", RUN="/bin/sh -c 'echo 1 >/sys/\$devpath/authorized'"
ACTION=="add", ATTR{idVendor}=="1a6b", ATTR{idProduct}=="0003", RUN="/bin/sh -c 'echo 1 >/sys/\$devpath/authorized'"
ACTION=="add", ATTR{idVendor}=="2232", ATTR{idProduct}=="1072", RUN="/bin/sh -c 'echo 1 >/sys/\$devpath/authorized'"
ACTION=="add", ATTR{idVendor}=="0cf3", ATTR{idProduct}=="e300", RUN="/bin/sh -c 'echo 1 >/sys/\$devpath/authorized'"
ACTION=="add", ATTR{idVendor}=="1d6b", ATTR{idProduct}=="0002", RUN="/bin/sh -c 'echo 1 >/sys/\$devpath/authorized'"
# unAuthorized USB Block with Message
#ACTION=="add", ATTR{idVendor}=="0781", ATTR{idProduct}=="556b", RUN="/usr/local/bin/usb-unauthorized Vendor:0781,Product:556b"
#ACTION=="add", ATTR{idVendor}=="0781", ATTR{idProduct}=="5581", RUN="/usr/local/bin/usb-unauthorized Vendor:0781,Product:5581"
#ACTION=="add", ATTR{idVendor}=="090c", ATTR{idProduct}=="1000", RUN="/usr/local/bin/usb-unauthorized Vendor:090c,Product:1000"