CENTOS7 Disabling USB peripherals (for USB drives, removable hard drives)

Cause:

The company requires all computers to strictly control the use of USB interface, the company is a part of the Windows system

And a part of the machine is a Linux system.

(If it is easy to implement control on a Windows system, use an account with administrator privileges to

The registry is easy to do, usually the majority of companies use domain control, then modify the domain policy on the line

UP).

But before the CentOS7 really did not do (such as prohibit the USB device automatically mount), the following is

We deal with the process and ideas

Processing:

Method-1

[Email protected] ~]# Ll/dev/disk/by-uuid/
Total 0
lrwxrwxrwx 1 root root 4 08:54 5450-4444. /.. /sda1
lrwxrwxrwx 1 root root 4 08:54 5c74048d-cc06-42ca-a795-6016eb20e476. /.. /sda3
lrwxrwxrwx 1 root root 4 08:54 78f1-626f. /.. /sda2
lrwxrwxrwx 1 root root 4 08:54 a5295594-e14e-49c2-bdc0-689fa90f792a. /.. /dm-2
lrwxrwxrwx 1 root root 4 08:54 c37166f8-f9b7-4bf3-82fc-9cde167b32b9. /.. /dm-1
lrwxrwxrwx 1 root root 4 08:54 e3b4b4d2-6c4a-4036-aaeb-d1429d0129ab. /.. /dm-0

[email protected] ~]#Muont

[Email protected] ~]# Cat/etc/fstab

#
#/etc/fstab
# Created by Anaconda on Fri Jan 8 09:51:09 2016
#
# Accessible filesystems, by reference, is maintained under '/dev/disk '
# See mans Pages Fstab (5), Findfs (8), mount (8) and/or Blkid (8) for more info
#
/DEV/MAPPER/CENTOS-ROOT/XFS Defaults 0 0
Uuid=5c74048d-cc06-42ca-a795-6016eb20e476/boot XFS Defaults 0 0
/dev/mapper/centos-home/home XFS Defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0

/dev/sapo/microdisk/mnt/floppy vfat noauto,user,exec 0 0
/dev/cdrom/mnt/cdrom Auto noauto,user,exec 0 0
/dev/sdc4/run/media/lina/vfat noauto 0 0

Ideas:

Display all devices under/dev/disk/by-uuid/, if we insert a USB flash drive on the host then it will be displayed in this directory,

Of course, we can also execute the Mount command to display all the devices mounted on the current system (what we need here is just the

USB flash drive Information/dev/sdc4). Edit/etc/fstab Join a line (as shown) this is done to not let the device automatically mount, once

Cannot be mounted and is invisible to the user. But this approach is a failure (for what?). It's obvious that only the device

After mounting, we will be able to obtain information about the device and then manually include the relevant record in/etc/fstab. More importantly: information on the device

is a relative change is possible this device is/DEV/SDC4, and then inserting a device becomes/dev/sdxx, so this approach of the Bureau

Limit is obvious).

Method-2

[Email protected]/]# Dconf-editor

Org->gnome->desktop->media->handling

Autmount (un-tick)

Automount-open (un-tick)

[Email protected]/]# chmod o-x dconf-editor

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/89/CA/wKiom1gcUsGhnGfBAABP-x-v8H8255.png-wh_500x0-wm_3 -wmp_4-s_1990821696.png "title=" Qq20161104171930.png "alt=" Wkiom1gcusghngfbaabp-x-v8h8255.png-wh_50 "/>

Ideas:

By installing 3rd party tools (can be any of the 2 Gconf-editor, dconfig-editor) Here I use Dconf-editor

1. Install Dconf-editor:

#yum Install Dconf-editor

#yum Install Dconf-devel

2. Execution Dconf-editor:

[[email protected]/] #dconf-editor

3. Modifying the values of AutoMount and Automount-open

Uncheck the box as shown

org->gnome->desktop->media->handling

4. Modify Permissions

[Email protected]/]# chmod o-x dconf-editor

Do not allow users other than root to execute dconf-editor commands

CENTOS7 Disabling USB peripherals (for USB drives, removable hard drives)