USB Kill Switch for Qubes OS - Physical Security Enhancement revisions

Go back to topic: USB Kill Switch for Qubes OS - Physical Security Enhancement

Revision #7

It’s similar to **BusKill**, but purpose-built for Qubes OS.

It’s similar to **BusKill**, but purpose-built for Qubes OS. **ONLY TESTED FOR XFCE ENVIRONMENT WITH THE XFCE SCREENSAVER**

~~ListUSBDevices~~() {	ListDevices() {
	Types=()
	Types+=("block")
~~done < <(qvm-block list 2>/dev/null \| tail -n +2)~~	done < <(qvm-block list 2>/dev/null \| tail -n +2) echo echo "===== Available Raw USB Devices =====" while IFS= read -r Line; do BackendDevice=$(echo "$Line" \| awk '{print $1}') Description=$(echo "$Line" \| cut -d' ' -f3-) Devices+=("$BackendDevice") Types+=("usb") echo "$Index) $BackendDevice - $Description" ((Index++)) done < <(qvm-usb list 2>/dev/null \| tail -n +2)
~~ListUSBDevices~~	ListDevices
	MonitorType="${Types[$((Choice-1))]}"
echo "Selected: $MonitorDevice from $~~MonitorVM~~"	echo "Selected: $MonitorDevice from $MonitorVM (type: $MonitorType)"
echo "MonitorVM=$MonitorVM" > "$ConfigDir/USBDevice.conf"	echo "MonitorType=$MonitorType" > "$ConfigDir/USBDevice.conf" echo "MonitorVM=$MonitorVM" >> "$ConfigDir/USBDevice.conf"
qvm-block list "$MonitorVM" 2>/dev/null \| grep -q "$MonitorDevice"	if [[ "$MonitorType" == "block" ]]; then qvm-block list "$MonitorVM" 2>/dev/null \| grep -q "$MonitorDevice" else qvm-usb list "$MonitorVM" 2>/dev/null \| grep -q "$MonitorDevice" fi
LogMessage "USB Kill Switch started - Monitoring $MonitorDevice on $MonitorVM"	LogMessage "USB Kill Switch started - Monitoring $MonitorType device $MonitorDevice on $MonitorVM"

systemctl --user ~~restart~~ monitor-drive-usbkill.service ~~systemctl --user enable monitor-drive-usbkill.service~~

systemctl --user start monitor-drive-usbkill.service

## Introduction

# \[GUIDE] USB Kill Switch for Qubes OS - Physical Security Enhancement