Ask Your Question

Does puppet block usb ports on ubuntu workstations?

asked 2014-05-05 08:57:12 -0600

Danilo gravatar image

I am trying to found some tool for manage my ubuntu worstations. The first step is block all usb ports on them. Does puppet can handle this task?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2014-05-05 11:14:00 -0600

doc75 gravatar image

Do you know how to do it with a shell script or executable ? If yes, then you need to launch this command with puppet exec.

Hope this helps.

edit flag offensive delete link more

answered 2014-05-05 11:28:32 -0600

spuder gravatar image

updated 2014-05-05 14:13:09 -0600

Puppet manages files + packages + services. (Often called the trifecta).

If there is a file or service that controls access to usb ports, then puppet can manage it. While there is nothing built in to puppet specifically for manage usb, puppet can manage the /etc/modprobe.d/blacklist.conf file.

A couple of different ways to accomplish this:

  1. With a template

  2. Using an augeas filter

Here is an augeas filter that will add usb-storage to the /etc/modprobe.d/blacklist.conf file

vim ~/blockusb.pp

class blockusb {

   augeas { 'block usb-storage':
    context   =>  "/files/etc/modprobe.d/blacklist.conf/", #File to change plus trailing slash
    changes => [ "set blacklist[last()+1] usb-storage", ], # Append to last line of file
    onlyif => "match blacklist[.='usb-storage'] size == 0 ", # Only make the change once, prevents duplicates

include blockusb

Apply it like so:

puppet apply blockusb.pp --debug --verbose


edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2014-05-05 08:57:12 -0600

Seen: 377 times

Last updated: May 05 '14