I wish to be able for security reasons to be able to disable all of my USB ports, to do this without having to do every USB port individually, I would have to disable my entire USB hub, so that really is my question, how would I go about disabling my USB hub?
I am running Ubuntu 14.10, and the command lsusb returns the following output:
Bus 002 Device 003: ID 058f:6366 Alcor Micro Corp. Multi Flash Reader
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 5986:0295 Acer, Inc
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hubIf you need for me to provide any more information to my question to help you answer it then please let me know.
2 Answers
That should be possible from BIOS. Another option is to write a udev rule to unbind any USB root hub driver: ohci-pci (USB 1.1), ehci-pci (USB 2.0) and xhci_hcd (USB 3.0).
Create new rules file
sudo nano /etc/udev/rules.d/90-disable-usb.rulesAdd these rule lines
DRIVERS=="?hci-pci", RUN+="/bin/sh -c 'echo -n %k >/sys%p/driver/unbind'" DRIVERS=="xhci_hcd", RUN+="/bin/sh -c 'echo -n %k >/sys%p/driver/unbind'"Reboot
Notes:
Example how to check which driver and other device attributes to use them in
udevrule:udevadm info --name=/dev/bus/usb/001/001 --attribute-walkor
lsusb -tDepending on your hardware/platform. There are many USB host drivers. Check Linux source
If you want to disable the entire USB hub so that no mice, keyboards, USB sticks whatever can be used, just do a:
lsmod | grep usband blacklist all modules that contain usb in the first column.
I'm sorry? Mice and stuff still need to work? Oh! Only blacklist usb_storage then!
;-)
