On 2008-04-03, BertieBigBollox@gmail.com <BertieBigBollox@gmail.com> wrote:
> On Apr 2, 10:23 am, jimle...@dorsai.org wrote:
>> On Apr 2, 5:22 am, "BertieBigBol...@gmail.com"
>>
>> <BertieBigBol...@gmail.com> wrote:
>> > OK. Can't completely turn off the USB ports because, of course, the
>> > keyboard and mouse are USB.
>>
>> > However, one of our customers has got a requirment that USB be
>> > 'controlled' or locked down. Any ideas if this is possible or if there
>> > is any software available to allow this to happen?
>>
>> Seehttp://www.sun.com/io_technologies/usb/USB-Faq.html#Security
>>
>> Add the following line to /etc/system and reboot.
>> exclude: drv/usba10_scsa2usb
>>
>> Have NOT VERIFIED this procedure to work as advertised.
>
>
> Have since seen this. In fact, this is what the NSA recommends you do.
>
> Any idea if this would just disable USB storage? Obviouslty, I'd still
> want the USB mouse and keyboard to work.

Yes, it only disables storage. Solaris implements USB storage by
plugging the basic USB access driver into the SCSI system (hence
the driver name, "scsa2usb"). The keyboard and mouse aren't
involved in this; you haven't touched their drivers, or the
base USB access driver, so they'll continue to work fine.
"man scsa2usb" talks some about the specifics. Read it
carefully, to make sure you get the name of the driver
correct. In Solaris 10, it's called just "scsa2usb".


--
Christopher Mattern

NOTICE
Thank you for noticing this new notice
Your noticing it has been noted
And will be reported to the authorities