Skip to content

Instantly share code, notes, and snippets.

@grawity

grawity/50-usb-deauthorize.rules

Last active October 4, 2023 16:27
Show Gist options
  • Save grawity/d73af40663b639625839364541e78751 to your computer and use it in GitHub Desktop.
Save grawity/d73af40663b639625839364541e78751 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
50-usb-deauthorize.rules
ACTION!="add", GOTO="deauthorize_end"
SUBSYSTEM!="usb", GOTO="deauthorize_end"
TEST!="authorized", GOTO="deauthorize_end"
## make hubs deauthorize all devices by default
TEST=="authorized_default", ATTR{authorized_default}="0", GOTO="deauthorize_end"
## whitelist specific devices
ENV{ID_VENDOR}=="Yubico", ENV{ID_MODEL}=="Yubikey_NEO*", ATTR{authorized}="1", GOTO="deauthorize_end"
ENV{ID_VENDOR}=="Zubico", ENV{ID_MODEL}=="Zubikey_GEO*", ATTR{authorized}="1", GOTO="deauthorize_end"
LABEL="deauthorize_end"
Raw
README.md

This is written as a complement for https://usbguard.github.io/blog/2015/USBGuard-vs-UDev (because I had deleted the original gist linked from that page).

The most common question about it was: "Where is the usb-unauthorized script?"

The script is probably lost in history. You don't need it anyway. The only thing it did was send a push notification to my phone (via Pushover). It has nothing to do with actual authorization of devices.

Because there is no script anymore, this 2nd revision was somewhat simplified (there is no need for the ENV{valid} indirection either).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment