Allow Keyboard & Mouse

The following script allow input devices when you choose to block the USB devices via the device profile.

Prerequisites:

1. Enable block with USB policy from Device Profile.

2. Keep the Mouse and Keyboard Connected to Machine.

Steps:

1. Copy and save the contents below to a UTF-8 editor like notepad++ OR Sublime Text in Windows or gedit in Ubuntu.

   1. If you are using notepad++ then use the bottom right panel to change the type to Unix (LF).
      

      

      
      

      #!/bin/bash
      
      # Define file paths
      udev_rule_file="/etc/udev/rules.d/10-usb-authorize.rules"
      authorization_script_file="/usr/local/bin/usb-authorize.sh"
      log_file="/var/log/usb-authorize.log"
      
      # Create the udev rule to trigger the authorization script on USB device addition and removal
      cat > "$udev_rule_file" << EOF
      # Udev rule to run the script when a USB device is added or removed
      ACTION=="add|remove", SUBSYSTEM=="usb", RUN+="$authorization_script_file"
      EOF
      
      # Create the authorization script
      cat > "$authorization_script_file" << 'EOF'
      #!/bin/bash
      
      # Log file location
      log_file="/var/log/usb-authorize.log"
      
      # Initialize the log file
      echo "Script triggered at $(date)" >> $log_file
      
      # Get device path from the environment variable
      device_path="/sys$DEVPATH"
      
      # Log device information
      echo "Processing device at: $device_path" >> $log_file
      
      # Check if the device is a keyboard or mouse
      if [ -n "$ID_VENDOR_ID" ] && [ -n "$ID_MODEL_ID" ]; then
          if lsusb -v -d "$ID_VENDOR_ID:$ID_MODEL_ID" 2>/dev/null | grep -i -e 'keyboard' -e 'mouse' >/dev/null; then
              # Authorize the device
              echo "1" > "$device_path/authorized"
              echo "Authorized device: $ID_VENDOR_ID:$ID_MODEL_ID at $device_path" >> $log_file
          else
              echo "Device $ID_VENDOR_ID:$ID_MODEL_ID is not a keyboard or mouse" >> $log_file
          fi
      else
          echo "ID_VENDOR_ID or ID_MODEL_ID not found for device at $device_path" >> $log_file
      fi
      EOF
      
      # Make the authorization script executable
      sudo chmod +x "$authorization_script_file"
      
      # Reload udev rules
      sudo udevadm control --reload-rules
      
      # Provide feedback to the user
      echo "Udev rule and authorization script have been set up."
      echo "You can monitor the log file at $log_file for device authorization details."
      

2. Or click here to download the file.

3. Follow our guide to upload & publish the script using Scalefusion Dashboard.

Note:

1. Some of the scripts and their contents are sourced from internet and yes, our new friend ChatGPT.

2. Please validate the scripts on a test machine before deploying them on all your managed devices.

3. Scalefusion has tested these scripts, however Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the usage of these scripts.