diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2015-07-16 12:34:08 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2015-07-16 12:34:08 -0300 |
| commit | 9cc4ae694bab02694511c588bd4e68743accf0ed (patch) | |
| tree | cbdd04cac1c46328b475e59e31c638d9b5cbcee4 | |
| parent | 245914ce083785cc72b1c0b63309e743cf1ddd52 (diff) | |
| download | badusb-switcher-9cc4ae694bab02694511c588bd4e68743accf0ed.tar.gz badusb-switcher-9cc4ae694bab02694511c588bd4e68743accf0ed.tar.bz2 | |
Fixes BadUSB mitigation
| -rwxr-xr-x | usb-disable | 24 | ||||
| l---------[-rwxr-xr-x] | usb-enable | 18 | ||||
| l---------[-rwxr-xr-x] | usb-status | 18 |
3 files changed, 23 insertions, 37 deletions
diff --git a/usb-disable b/usb-disable index cc4525e..5268256 100755 --- a/usb-disable +++ b/usb-disable @@ -2,16 +2,34 @@ # # USB hotplug switcher. # See https://links.sarava.org/tags/badusb +# https://www.kernel.org/doc/Documentation/usb/authorization.txt # # Parameters BASENAME="`basename $0`" +# Set hotplug state +function usb_set_state { + echo "Applying at /sys/module/usbcore/parameters/authorized_default..." + sudo su -c "echo $1 > /sys/module/usbcore/parameters/authorized_default" + + for bus in /sys/bus/usb/devices/usb*; do + echo "Applying at ${bus}/authorized_default..." + sudo su -c "echo $1 > ${bus}/authorized_default" + done +} + # Dispatch if [ "$BASENAME" == 'usb-enable' ]; then - sudo su -c "echo '-1' > /sys/module/usbcore/parameters/authorized_default" + usb_set_state 1 elif [ "$BASENAME" == 'usb-disable' ]; then - sudo su -c "echo '0' > /sys/module/usbcore/parameters/authorized_default" + usb_set_state 0 elif [ "$BASENAME" == 'usb-status' ]; then - cat /sys/module/usbcore/parameters/authorized_default + status="`cat /sys/module/usbcore/parameters/authorized_default`" + + if [ "$status" == "0" ]; then + echo "Hotplug disabled." + elif [ "$status" == "1" ]; then + echo "Hotplug enabled." + fi fi diff --git a/usb-enable b/usb-enable index cc4525e..f54f446 100755..120000 --- a/usb-enable +++ b/usb-enable @@ -1,17 +1 @@ -#!/bin/bash -# -# USB hotplug switcher. -# See https://links.sarava.org/tags/badusb -# - -# Parameters -BASENAME="`basename $0`" - -# Dispatch -if [ "$BASENAME" == 'usb-enable' ]; then - sudo su -c "echo '-1' > /sys/module/usbcore/parameters/authorized_default" -elif [ "$BASENAME" == 'usb-disable' ]; then - sudo su -c "echo '0' > /sys/module/usbcore/parameters/authorized_default" -elif [ "$BASENAME" == 'usb-status' ]; then - cat /sys/module/usbcore/parameters/authorized_default -fi +usb-disable
\ No newline at end of file diff --git a/usb-status b/usb-status index cc4525e..f54f446 100755..120000 --- a/usb-status +++ b/usb-status @@ -1,17 +1 @@ -#!/bin/bash -# -# USB hotplug switcher. -# See https://links.sarava.org/tags/badusb -# - -# Parameters -BASENAME="`basename $0`" - -# Dispatch -if [ "$BASENAME" == 'usb-enable' ]; then - sudo su -c "echo '-1' > /sys/module/usbcore/parameters/authorized_default" -elif [ "$BASENAME" == 'usb-disable' ]; then - sudo su -c "echo '0' > /sys/module/usbcore/parameters/authorized_default" -elif [ "$BASENAME" == 'usb-status' ]; then - cat /sys/module/usbcore/parameters/authorized_default -fi +usb-disable
\ No newline at end of file |