Disable USB flash drive

borisstein · February 8, 2023, 12:14pm

Hi,
I am trying to create a hotplug rule to block any USB device which is inserted or plugged in on boot.

I added the following:

root@XXXXX:~# cat /etc/hotplug.d/usb/01_usb_block.sh 
#!/bin/sh

[ "$DEVTYPE" = usb_device ] && [ "$ACTION" = bind ] && {
    /bin/sh -c 'for host in /sys/bus/usb/devices/usb*; do echo 0 > $host/authorized_default; done'
}

[ "$DEVTYPE" = usb_device ] && [ "$ACTION" = add ] && {
    /bin/sh -c 'for host in /sys/bus/usb/devices/usb*; do echo 0 > $host/authorized_default; done'
}

exit 0

If i plugin USB flash drive after system is running i get notification that device is not authorized.
But if i boot system with USB flash drive pluged in - it gets mounted

USB FTDI adatpter works properly.

Please advise how to prevent this.

Regards,
Boris

frollic · February 8, 2023, 12:17pm

remove usb support from image ?
add usb modules to blacklist ?
rmmod the modules in rc.local ?

borisstein · February 8, 2023, 12:22pm

disable all USB devices by deafult that are inserted after system booted, and enable only specific vendors

frollic · February 8, 2023, 12:26pm

that would have to be scripted...

ismod the usb kmods post boot ?

borisstein · February 8, 2023, 12:29pm

I already added hotplug rule to enable specific FTDI device and it works.
I have issue with USB flash drive, if i leave it plugged in and reboot router, it gets mounted...i thought that if i created hotplug rule to disable all USBs it will work for flash drive as well

frollic · February 8, 2023, 12:31pm

that's not standard openwrt behavior though.

I would have expected the same.
what version are you running ?

borisstein · February 8, 2023, 12:38pm

i have a requirement to block everything plugged in to router, except FTDI adapter

frollic · February 8, 2023, 12:38pm

try rereading what I just wrote, and answer the question.

borisstein · February 8, 2023, 12:50pm

r16279-5cc0535800

frollic · February 8, 2023, 12:52pm

21.02.0, you might want to consider upgrading to .5

again, automount isn't enabled (not even installed, AFAIK) by default, if it's there, you put it there,
might even be contra productive, if you're not going to allow any USB storage "at all".

borisstein · February 8, 2023, 12:54pm

Automount is probably enabled as it is a Teltonika router, i will try to disable it
Thanks!

frollic · February 8, 2023, 12:56pm

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

system · February 18, 2023, 12:57pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.