From efa3c6ce5c4c6a18d16b85afe0d638034d66f7ba Mon Sep 17 00:00:00 2001
From: k4yt3x <i@k4yt3x.com>
Date: Sun, 19 Oct 2025 00:00:00 +0000
Subject: [PATCH] feat: add deny new usb kernel param

Signed-off-by: k4yt3x <i@k4yt3x.com>
---
 sysctl.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sysctl.conf b/sysctl.conf
index ed94373..31da73c 100644
--- a/sysctl.conf
+++ b/sysctl.conf
@@ -96,6 +96,9 @@ dev.tty.ldisc_autoload = 0
 # breaks screen readers
 dev.tty.legacy_tiocsti = 0
 
+# block all newly connected USB devices
+#kernel.deny_new_usb=1
+
 ########## File System ##########
 
 # disallow core dumping by SUID/SGID programs