Disable Kernel Support for USB via Bootloader Configuration

Docs > Datadog Security > OOTB Rules > Disable Kernel Support for USB via Bootloader Configuration

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

All USB support can be disabled by adding the nousb argument to the kernel’s boot loader configuration. To do so, append “nousb” to the kernel line in /etc/default/grub as shown:

kernel /vmlinuz-VERSION ro vga=ext root=/dev/VolGroup00/LogVol00 rhgb quiet nousb

Rationale

Disabling the USB subsystem within the Linux kernel at system boot will protect against potentially malicious USB devices, although it is only practical in specialized systems.

Warning

Disabling all kernel support for USB will cause problems for systems with USB-based keyboards, mice, or printers. This configuration is infeasible for systems which require USB devices, which is common.