conorsch/allow-usb

## allow-usb
#!/bin/bash
# Temporarily permit new USB devices by disabling the grsecurity sysctl option
# `kernel.grsecurity.deny_new_usb` for several seconds. Will automatically
# restore the ban on exit (even on error).

set -e
set -u
set -o pipefail


function deny-usb {
    sysctl --write --quiet kernel.grsecurity.deny_new_usb=1
}

# Set trap to lock out new USB devices after script runs, even if the
# script errors out or is canceled.
trap deny-usb EXIT

function temporarily-allow-usb {
    local allow_usb_seconds=$1
    sysctl --write --quiet kernel.grsecurity.deny_new_usb=0
    printf "New USB devices temporarily allowed; connect new device now.\n"
    for n in $(seq ${allow_usb_seconds} | tac); do
        sleep 1;
        printf "\rDisabling new USB devices in ${n}..."
    done
    printf " done.\n"
}

temporarily-allow-usb ${1-5}
	#!/bin/bash
	# Temporarily permit new USB devices by disabling the grsecurity sysctl option
	# `kernel.grsecurity.deny_new_usb` for several seconds. Will automatically
	# restore the ban on exit (even on error).

	set -e
	set -u
	set -o pipefail


	function deny-usb {
	sysctl --write --quiet kernel.grsecurity.deny_new_usb=1
	}

	# Set trap to lock out new USB devices after script runs, even if the
	# script errors out or is canceled.
	trap deny-usb EXIT

	function temporarily-allow-usb {
	local allow_usb_seconds=$1
	sysctl --write --quiet kernel.grsecurity.deny_new_usb=0
	printf "New USB devices temporarily allowed; connect new device now.\n"
	for n in $(seq ${allow_usb_seconds} \| tac); do
	sleep 1;
	printf "\rDisabling new USB devices in ${n}..."
	done
	printf " done.\n"
	}

	temporarily-allow-usb ${1-5}