Dave wrote:
> BertieBigBollox@gmail.com wrote:
>
>> OK. Can't completely turn off the USB ports because, of course, the
>> keyboard and mouse are USB.
>>
>> However, one of our customers has got a requirment that USB be
>> 'controlled' or locked down. Any ideas if this is possible or if there
>> is any software available to allow this to happen?
>
>
> Looking at my ports:
>
> kestrel /export/home/drkirkby/house % ls -l /dev/*usb*
> total 10
> lrwxrwxrwx 1 root root 48 Feb 12 16:21 hid0 ->
> ../../devices/pci@8,700000/usb@5,3/mouse@3:mouse
> lrwxrwxrwx 1 root root 60 Feb 12 16:21 hid1 ->
> ../../devices/pci@8,700000/usb@5,3/hub@1/keyboard@4:keyboard
> lrwxrwxrwx 1 root root 39 Oct 19 23:12 hub0 ->
> ../../devices/pci@8,700000/usb@5,3:hubd
> lrwxrwxrwx 1 root root 45 Oct 19 23:13 hub1 ->
> ../../devices/pci@8,700000/usb@5,3/hub@1:hubd
> lrwxrwxrwx 1 root root 45 Jan 2 06:33 hub2 ->
> ../../devices/pci@8,700000/usb@5,3/hub@2:hubd
>
>
>
> it is clear what one is the USB and what one is the mouse. If the other
> devices files were removed, would it be possible to use any other ports?
> I doubt it would - at least not without removing the keyboard or mouse.
>
>
> One would need to be root to create the device files, but then if
> someone can stick a DVD in the drive, then can get root access anyway.
> Or, if there is no drive, I guess they could stick one on the SCSI bus,
> although you can problely control that via the EEPROM.
>
>
> I've never hit the problem myself, but the above might give you a few ideas

That doesn't prevent somebody from plugging in some sort of "Keystroke
Logger" or something similar that monitors the bus and steals the data.