Skip to main content

PayComplete™™ Help Center

USB access restriction for Linux-based machines

Important

Prerequisites:

  • To configure USB protection or temporarily switch it off, you need the USB_PROTECTION_EDIT and USB_PROTECTION_TEMP_OFF permissions for your current role.

  • A Linux image containing the USB Guard package must be installed on the machine.

The USB protection feature restricts access for USB devices so that a potential hacker can't connect a mouse and keyboard after obtaining physical access to a machine. You can also use USB protection to permit technicians to use their peripherals.

A role with the required permissions can set up authorization rules in Connect on-Device Studio that allow only specified USB devices to connect to the machine — a whitelist of devices. The rules prevent unspecified USB devices from connecting.

You can temporarily permit USB devices to connect to the machine.

The use case for when temporary access can be granted is, for example, when a technician needs to do maintenance on a machine. Temporarily disabling USB protection must be done before the technician connects a USB device. When the technician has completed the maintenance and disconnects the USB device, the permission expires and the USB protection is re-enabled.

If USB protection has been temporarily disabled, it will be re-enabled when the system is rebooted.

When the maintenance has been completed, you must manually re-enable the USB protection or restart the system.

From the Connect on-Device Operator view, you can check the current USB protection status and also enable or disable USB protection.

See also

Connect on-Device features

Permissions M–Z

Action menu — Linux configuration

Action menu

Operator view