Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Linux Shell Script to authenticate usb drive deny others

  1. #1
    Join Date
    Feb 2013
    Beans
    25

    Linux Shell Script to authenticate usb drive deny others

    Hi, I am currently hardening my Kubuntu 12.10 OS and I want to run a shell script that automatically runs when my usb is plugged in. It should ask for authentication/authorization for my usb when its plugged in and deny ANY other device. So basically what I want is a lockdown of all external media except those which I have specified to be authenticated when they're plugged in. I've seen an example of running a script when a usb device is plugged in but I'm not sure how to incorporate a messagebox style prompt asking the user for a password and lockdown other devices. To me this is very challenging as I'm still relatively new to Linux and I probably wouldn't know how to do it on an OS I am familiar with.

    Thanks in advance.

  2. #2
    Join Date
    May 2007
    Location
    Leeds, UK
    Beans
    1,664
    Distro
    Ubuntu 13.10 Saucy Salamander

    Re: Linux Shell Script to authenticate usb drive deny others

    You should look into Zenity.

    EDIT: Manual page available here, with examples: http://www.linuxmanpages.com/man1/zenity.1.php

    Try this ...

    Code:
    zenity --entry --text="Password" --title="USB Device" --hide-text
    Last edited by r-senior; March 23rd, 2013 at 08:07 PM.
    Please create new threads for new questions.
    Please wrap code in code tags using the '#' button or enter it in your post like this: [code]...[/code].

  3. #3
    Join Date
    Aug 2011
    Location
    47°9′S 126°43W
    Beans
    2,165
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Linux Shell Script to authenticate usb drive deny others

    Quote Originally Posted by Cyrebo View Post
    Hi, I am currently hardening my Kubuntu 12.10 OS and I want to run a shell script that automatically runs when my usb is plugged in. It should ask for authentication/authorization for my usb when its plugged in and deny ANY other device. So basically what I want is a lockdown of all external media except those which I have specified to be authenticated when they're plugged in. I've seen an example of running a script when a usb device is plugged in but I'm not sure how to incorporate a messagebox style prompt asking the user for a password and lockdown other devices. To me this is very challenging as I'm still relatively new to Linux and I probably wouldn't know how to do it on an OS I am familiar with.

    Thanks in advance.
    I'm wondering what you are trying to achieve... is there any USB device that can take control of your computer by merely being plugged in? Furthermore plugging things in requires physical access to the computer so other attacks would be more efficient (like stealing the hard disk...).

  4. #4
    Join Date
    Feb 2013
    Beans
    25

    Re: Linux Shell Script to authenticate usb drive deny others

    Well, I simply want a shell script to run when my specific usb device is plugged in. The pass word is just an integrity check for both parties so it can only be me accessing the computer with that device. I then want to block other external media. This part can be done without plugging any device into the system. I've seen a thread on here where somebody runs a synchronisation script with a usb on plug in and i wanted to implement something similar buth for mutual authentication of device with computer.

  5. #5
    Join Date
    Feb 2013
    Beans
    Hidden!

    Re: Linux Shell Script to authenticate usb drive deny others

    double post deleted
    Last edited by schragge; March 26th, 2013 at 11:57 AM.

  6. #6
    Join Date
    Feb 2013
    Beans
    Hidden!

    Re: Linux Shell Script to authenticate usb drive deny others

    You probably need a custom udev rule
    http://unix.stackexchange.com/questi...device-plug-in
    Last edited by schragge; March 26th, 2013 at 12:06 PM.

  7. #7
    Join Date
    Aug 2011
    Location
    47°9′S 126°43W
    Beans
    2,165
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Linux Shell Script to authenticate usb drive deny others

    That doesn't really answer my question about the assumed dangerousness of plugged-in USB devices...

    OK, assume you can ask a password when one connects a USB device, so what? If there is an answer to the password prompt then that means the desktop is unlocked (if the desktop is locked this prompt is going to wait). Either it's you (or someone who has got your password...), or it's someone using your unlocked PC when you are not in sight. But since the desktop is unlocked, how do you prevent that person from killing the process that runs the script that asks for a password? And what happens while the script waits for the password? Is the device still usable?

    Using udev with a specific configuration file could help achieve what you want to do, but no password would be necessary...

  8. #8
    Join Date
    Feb 2013
    Beans
    25

    Re: Linux Shell Script to authenticate usb drive deny others

    Quote Originally Posted by ofnuts View Post
    That doesn't really answer my question about the assumed dangerousness of plugged-in USB devices...

    OK, assume you can ask a password when one connects a USB device, so what? If there is an answer to the password prompt then that means the desktop is unlocked (if the desktop is locked this prompt is going to wait). Either it's you (or someone who has got your password...), or it's someone using your unlocked PC when you are not in sight. But since the desktop is unlocked, how do you prevent that person from killing the process that runs the script that asks for a password? And what happens while the script waits for the password? Is the device still usable?

    Using udev with a specific configuration file could help achieve what you want to do, but no password would be necessary...
    I understand where your coming from but my emphasis wouldn't really be on the desktop itself its the copying of data onto the desktop. Of course anybody can sneak in somehow and do whatever they want with a machine so that's probably not even up to the security I wanna implement. I want it to be in such a way that files don't get copied to or from the system without a password. So its OS hardening but not the actual OS the files on the OS if you get what I mean? I can deal with the actual OS later, just need to get this down first. I'm pretty sure someone out there has done something like this before, I just need to find out how if anyone can tell me.

  9. #9
    Join Date
    Jul 2007
    Location
    Poland
    Beans
    4,499
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Linux Shell Script to authenticate usb drive deny others

    I want it to be in such a way that files don't get copied to or from the system without a password.
    the point is when the disk is mounted with your permissions or even in readonly mode, the data can be copied. In such a scenario slapping a password on top is like putting a note saying 'please don't steal it' next to a $100 bill and expecting it to work. You can completely ignore it, navigate to the source via file browser or terminal and copy.

    options i see:
    #1 encrypt your usb device and ask for password to decrypt it
    #2 make your system mount the device with permissions set to require admin credentials (so you have to go through sudo to get to the data), custom user account made only for that purpose would work too
    #3 make your system mount the device with you as an owner and do not give access to your account to others (all people using the computer should have their own account either way)

    only #1 truly protects the data from unwanted access (authorization is attached to the device not the machine), #2 and #3 can be easily circumvented by plugging in to another computer or whatever because the data on the device is there in plain view and you can obfuscate it a bit at best.
    Last edited by Vaphell; March 27th, 2013 at 12:32 AM.
    if your question is answered, mark the thread as [SOLVED]. Thx.
    To post code or command output, use [code] tags.
    Check your bash script here // BashFAQ // BashPitfalls

  10. #10
    Join Date
    Aug 2011
    Location
    47°9′S 126°43W
    Beans
    2,165
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Linux Shell Script to authenticate usb drive deny others

    I want it to be in such a way that files don't get copied to or from the system without a password.
    Then make mounting disks require root privileges.... and look at your mail client, instant messaging client, ftp client, source control system, and web browser(s)...

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •