The USBGuard software framework helps to protect your computer against unauthorized use of USB ports on a machine. To enforce the user-defined policy, it uses the USB device authorization feature implemented in the Linux kernel since 2007. USBGuard supports granular policy options as well as blacklisting and whitelisting capabilities for specifying how USB devices will interact with a particular host system. A device that is blocked will be listed by the operating system as being connected, but no communication is allowed for it. A device that is rejected will be completely ignored after it is inserted into the port. Optional dependencies: - audit To have the USBGuard daemon start and stop with your host, add to /etc/rc.d/rc.local: if [ -x /etc/rc.d/rc.usbguard ]; then /etc/rc.d/rc.usbguard start fi and to /etc/rc.d/rc.local_shutdown (creating it if needed): if [ -x /etc/rc.d/rc.usbguard]; then /etc/rc.d/rc.usbguard stop fi Warning: You must configure the daemon before you start it or all USB devices will immediately be blocked! In order to view the current policy execute the following command: sudo usbguard generate-policy If you are satisfied with the output then copy it to the rules file. sudo usbguard generate-policy >> /etc/usbguard/rules.conf