From 9cc4ae694bab02694511c588bd4e68743accf0ed Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Thu, 16 Jul 2015 12:34:08 -0300 Subject: Fixes BadUSB mitigation --- usb-disable | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) (limited to 'usb-disable') diff --git a/usb-disable b/usb-disable index cc4525e..5268256 100755 --- a/usb-disable +++ b/usb-disable @@ -2,16 +2,34 @@ # # USB hotplug switcher. # See https://links.sarava.org/tags/badusb +# https://www.kernel.org/doc/Documentation/usb/authorization.txt # # Parameters BASENAME="`basename $0`" +# Set hotplug state +function usb_set_state { + echo "Applying at /sys/module/usbcore/parameters/authorized_default..." + sudo su -c "echo $1 > /sys/module/usbcore/parameters/authorized_default" + + for bus in /sys/bus/usb/devices/usb*; do + echo "Applying at ${bus}/authorized_default..." + sudo su -c "echo $1 > ${bus}/authorized_default" + done +} + # Dispatch if [ "$BASENAME" == 'usb-enable' ]; then - sudo su -c "echo '-1' > /sys/module/usbcore/parameters/authorized_default" + usb_set_state 1 elif [ "$BASENAME" == 'usb-disable' ]; then - sudo su -c "echo '0' > /sys/module/usbcore/parameters/authorized_default" + usb_set_state 0 elif [ "$BASENAME" == 'usb-status' ]; then - cat /sys/module/usbcore/parameters/authorized_default + status="`cat /sys/module/usbcore/parameters/authorized_default`" + + if [ "$status" == "0" ]; then + echo "Hotplug disabled." + elif [ "$status" == "1" ]; then + echo "Hotplug enabled." + fi fi -- cgit v1.2.3