Copyright 2005 Sun Microsystems, Inc. ALL RIGHTS RESERVED Use of this software is authorized pursuant to the terms of the license found at http://developers.sun.com/berkeley_license.html USB Secure script Demo: ====================== # ./usbsecure.pl -h usage: ./usbsecure.pl [-f filename] [-chlnrsvwy] where: -c - checkpoint the current bindings to /var/tmp/usb-default-bindings or filename specified using -f option -f filename - change default binding filename -h - this usage message -l - list current bindings -n - show but do not execute update_drv cmds -r - restore original bindings from /var/tmp/usb-default-bindings or filename specified using -f option -s - secure bindings but save old bindings in /var/tmp/usb-default-bindings or filename specified using -f option -v - verbose -w - wipe out all bindings # ./usbsecure.pl -l existing bindings: hid "usbif,class3" hubd "usbif,class9" scsa2usb "usbif,class8" usb_mid "usb,device" usbprn "usbif,class7.1" usb_ac "usbif,class1.1" usb_as "usbif,class1.2" usbser_edge "usbif1608,1.config1.0" usbser_edge "usbif1608,3.config1.0" usbser_edge "usbif1608,4.config1.0" usbser_edge "usbif1608,5.config1.0" usbser_edge "usbif1608,6.config1.0" usbser_edge "usbif1608,7.config1.0" usbser_edge "usbif1608,c.config1.0" usbser_edge "usbif1608,d.config1.0" usbser_edge "usbif1608,e.config1.0" usbser_edge "usbif1608,f.config1.0" usbser_edge "usbif1608,10.config1.0" usbser_edge "usbif1608,11.config1.0" usbser_edge "usbif1608,12.config1.0" usbser_edge "usbif1608,13.config1.0" usbser_edge "usbif1608,14.config1.0" usbser_edge "usbif1608,201.config1.0" usbser_edge "usbif1608,205.config1.0" usbser_edge "usbif1608,206.config1.0" usbser_edge "usbif1608,207.config1.0" usbser_edge "usbif1608,20c.config1.0" usbser_edge "usbif1608,20d.config1.0" usbser_edge "usbif1608,215.config1.0" usbser_edge "usbif1608,217.config1.0" usbser_edge "usbif1608,21a.config1.0" usbser_edge "usbif1608,240.config1.0" usbser_edge "usbif1608,241.config1.0" usbser_edge "usbif1608,242.config1.0" usbser_edge "usbif1608,243.config1.0" usbser_edge "usbif1608,1.100.config1.0" # ./usbsecure.pl -c check point the current bindings # ./usbsecure.pl -s secure with the current devices please reboot the system now # # ./usbsecure.pl -l list bindings existing bindings: hid "usb46d,c025.9802" hid "usb430,5.101" hubd "usb3f3,4000.100" usb_mid "usb471,101.100" usb_ac "usbif471,101.100.config1.0" usb_as "usbif471,101.100.config1.1" hid "usbif471,101.100.config1.2" usb_mid "usb1608,5.100" usbser_edge "usbif1608,5.100.config1.0" reboot the system so the restricted bindings will become effective # ./usbsecure.pl -r restore bindings please reboot the system now # We can now hotinsert a memory stick again to copy some data # ./usbsecure.pl -s secure with the current devices please reboot the system now # # ./usbsecure.pl -l list bindings existing bindings: hid "usbif,class3" hubd "usbif,class9" scsa2usb "usbif,class8" usb_mid "usb,device" usbprn "usbif,class7.1" usb_ac "usbif,class1.1" usb_as "usbif,class1.2" usbser_edge "usbif1608,1.config1.0" usbser_edge "usbif1608,3.config1.0" usbser_edge "usbif1608,4.config1.0" usbser_edge "usbif1608,5.config1.0" usbser_edge "usbif1608,6.config1.0" usbser_edge "usbif1608,7.config1.0" usbser_edge "usbif1608,c.config1.0" usbser_edge "usbif1608,d.config1.0" usbser_edge "usbif1608,e.config1.0" usbser_edge "usbif1608,f.config1.0" usbser_edge "usbif1608,10.config1.0" usbser_edge "usbif1608,11.config1.0" usbser_edge "usbif1608,12.config1.0" usbser_edge "usbif1608,13.config1.0" usbser_edge "usbif1608,14.config1.0" usbser_edge "usbif1608,201.config1.0" usbser_edge "usbif1608,205.config1.0" usbser_edge "usbif1608,206.config1.0" usbser_edge "usbif1608,207.config1.0" usbser_edge "usbif1608,20c.config1.0" usbser_edge "usbif1608,20d.config1.0" usbser_edge "usbif1608,215.config1.0" usbser_edge "usbif1608,217.config1.0" usbser_edge "usbif1608,21a.config1.0" usbser_edge "usbif1608,240.config1.0" usbser_edge "usbif1608,241.config1.0" usbser_edge "usbif1608,242.config1.0" usbser_edge "usbif1608,243.config1.0" usbser_edge "usbif1608,1.100.config1.0" #