>> To bring this discussion back to Debian: does someone here know of a way >> to configure Debian so it asks for explicit confirmation before >> accepting new USB devices? > I fear you'll have to run with a big harvester through your udev rules. > OTOH, it makes sense -- there are other pluggable thingies besides USB. > A web search with "hardened" and "udev" doesn't turn up much for me, but > I'd try this approach.
I tried yet another search for such a thingy, and this time I did bump into something: USBGuard. It's even already included in Debian. Don't know yet if it matches my needs, but at least it targets the kinds of problems I'm thinking of. === Stefan
