Luiz Augusto von Dentz wrote:
My aim is to prevent Bluetooth being used (in any way) to transfer
files/data on/off the workstation
I've found that if I blacklist the bnep, cmtp and rfcomm kernel modules
(just leaving the bluetooth and hidp kernel modules enabled) then the
Wacom tablet still works over Bluetooth
bnep is for tethering, depending on the system that might be useful,
and if you block RFCOMM you no only block usage of file transfer but
also HFP, but perhaps you don't care about those so that would be fine
to disable. Btw, for getting file sharing you would just need to
disable obexd though it doesn't seems it is a user service which you
can disable with systemctl.
Would this be sufficient to prevent any kind of file transfer over
Bluetooth ?
Looks like with these kernel modules disabled, I can still use
'bluetooth-send' to send a file to a paired (Android) phone ... removing
the OS provided obexd binary prevents bluetooth-send from running, but
it doesn't stop a user running their own copy of obexd
So it looks like, in our case, we won't be able to use a Wacom tablet
over Bluetooth - without opening up a whole can of worms ... which is a
shame
Thanks
James Pearson
