Does puppet block usb ports on ubuntu workstations?

asked 2014-05-05

Danilo gravatar image

I am trying to found some tool for manage my ubuntu worstations. The first step is block all usb ports on them. Does puppet can handle this task?

2 Answers

answered 2014-05-05

doc75 gravatar image

Do you know how to do it with a shell script or executable ? If yes, then you need to launch this command with puppet exec.

Hope this helps.

answered 2014-05-05

spuder gravatar image

updated 2014-05-05 14:13:09 -0600

Puppet manages files + packages + services. (Often called the trifecta).

If there is a file or service that controls access to usb ports, then puppet can manage it. While there is nothing built in to puppet specifically for manage usb, puppet can manage the /etc/modprobe.d/blacklist.conf file.

A couple of different ways to accomplish this:

  1. With a template

  2. Using an augeas filter

Here is an augeas filter that will add usb-storage to the /etc/modprobe.d/blacklist.conf file

vim ~/blockusb.pp

class blockusb {

   augeas { 'block usb-storage':
    context   =>  "/files/etc/modprobe.d/blacklist.conf/", #File to change plus trailing slash
    changes => [ "set blacklist[last()+1] usb-storage", ], # Append to last line of file
    onlyif => "match blacklist[.='usb-storage'] size == 0 ", # Only make the change once, prevents duplicates

include blockusb

Apply it like so:

puppet apply blockusb.pp --debug --verbose


