Hello, I cam across a slide from dc24 today on the twitters; it describes a udev rule that will invoke the lockscreen.sh when ever a HID (human interface device) is plugged into the computer.
Create a .rules file in/etc/udev/rules.d/ e.g. 10-lockonhid.rules and add this as content of the file:ACTION=="add", SUBSYSTEM=="hid", RUN+="/etc/udev/scripts/lockscreen.sh"
and than restart the udev service (sudo service udev restart)
With that the thread of malicious "thumbdrives" and similiar devices that act as HID keyboard and type out their bash/powershell mallware are mitigated as they get stuck in the lockscreen...
But there is a huge downside - which I have no idea how to come around yet and where I hope for help:
Is there a way to exclude a yubikey by its USB ID? As the yubikey identifies as HID as well which triggers the udev rule, and that's not realy any convenient. So any udev guru around to help? =D