Archive for June 6th, 2013

Tip: USB Storage security with IGEL Linux (LX/OS)

Thursday, June 6th, 2013

Hi Folks,

maybe you already noticed that you have an USB Security configuration in the Device section of the IGEL Setup.

If you want to allow a special USB Memory mostly people use the Vendor ID (VID) and Product ID (PID) for this. This works quite well but has one big disadvantage…. It works for all USB Memory with the same VID and PID.

To extend this, you can use the UUID (Unique ID) but how can you setup this?

1) First of all, it will only work with an Filesystem that supports a UUID… NTFS will do, FAT16 or FAT32 will not. So you need to format the USB Memory with NTFS.

2) Now use a thin client where one or more storage devices are allowed without any USB restrictions.

3) Open a console session and type in the command: “ls /dev/disk/by-uuid”. You will get a short list now and insert the USB Stick. Type in “ls /dev/disk/by-uuid” again, compare these lists and write down the new one. The UUID should look like “FE1CFEABB210AA”.

4) Create a new USB Device configuration and type in the PID/VID and the UUID you have written down and assign the configuration to a client. Don’t forget to allow HID devices (Mouse/ Keyboards) in General before assigning the configuration. For VID and PID, use always 4 Digits like 0C00 and remember: Linux is case sensitive! If you don’t know how you can get the VID and PID type in lsusb.

5) Done… Now you have a unique USB Memory to use with the client, all other will not work anymore. Also if someone format this USB Memory it will also not work anymore. Secure and easy to setup.

 

Cheers

Michael