Hello,
my intention is to scan every usb drive that is plugged into my computer by clamscan. To achieve this I made an udev rules that contains the following line
/etc/udev/rules.d/99-scan-UsbStorage.rules:
KERNEL=="sd*",RUN+="~/-udevscripts/clamscan.sh"
~/-udevscripts/clamscan.sh:
#!/bin/sh
file="~/.udevscripts/clamscan.log"
zenity --info --width=180 --title="ClamAV" --text="Bitte warten, es wird kurz auf Viren überprüft" --display=:0.0 &
if -f $file ]; then
rm -f $file
fi
/usr/bin/clamscan -r -i /run/media > ~/.udevscripts/clamscan.log
zenity --text-info --title="ClamAV" --filename="/home/saschawork/.udevscripts/clamscan.log" --display=:0.0 &
exit 0
But somehow it doesn’t work. When I manually run the script it runs pretty smooth. I want to make the usb drive describtion as general as possible to cover even partitioned drives from sdb1 to sdd8.
I based the udev-description of the drive on the following information
“sudo udevadm info -a -p /sys/block/sdb/sdb1”:
(...)
looking at device '/block/sdb/sdb1':
KERNEL=="sdb1"
SUBSYSTEM=="block"
DRIVER==""
ATTR{ro}=="0"
ATTR{size}=="31504384"
ATTR{stat}==" 405 15465 18830 1600 47 2 49 1070 0 1079 2670"
ATTR{partition}=="1"
ATTR{start}=="2048"
ATTR{discard_alignment}=="0"
ATTR{alignment_offset}=="0"
ATTR{inflight}==" 0 0"
(...)
When I want to test the sdb1 action with root, I get the following lines
“sudo udevadm test /sys/block/sdb/sdb1”:
calling: test
version 210
This program is for debugging only, it does not run any program
specified by a RUN key. It may show incorrect results, because
some values may be different, or not available at a simulation run.
load module index
timestamp of '/usr/lib/systemd/network' changed
Parsed configuration file /usr/lib/systemd/network/99-default.link
Created link configuration context.
timestamp of '/etc/udev/rules.d' changed
read rules file: /usr/lib/udev/rules.d/10-dm.rules
read rules file: /usr/lib/udev/rules.d/11-dm-lvm.rules
read rules file: /usr/lib/udev/rules.d/11-dm-mpath.rules
read rules file: /usr/lib/udev/rules.d/13-dm-disk.rules
read rules file: /usr/lib/udev/rules.d/40-libgphoto2.rules
read rules file: /usr/lib/udev/rules.d/40-usb-media-players.rules
read rules file: /usr/lib/udev/rules.d/40-usb_modeswitch.rules
read rules file: /usr/lib/udev/rules.d/42-hd-audio-pm.rules
read rules file: /usr/lib/udev/rules.d/42-usb-hid-pm.rules
read rules file: /usr/lib/udev/rules.d/50-udev-default.rules
read rules file: /usr/lib/udev/rules.d/51-android.rules
read rules file: /usr/lib/udev/rules.d/51-lirc.rules
read rules file: /etc/udev/rules.d/55-libsane.rules
read rules file: /usr/lib/udev/rules.d/55-scsi-sg3_id.rules
read rules file: /usr/lib/udev/rules.d/56-idedma.rules
read rules file: /usr/lib/udev/rules.d/56-multipath.rules
read rules file: /etc/udev/rules.d/56-sane-backends-autoconfig.rules
read rules file: /usr/lib/udev/rules.d/58-scsi-sg3_symlink.rules
read rules file: /usr/lib/udev/rules.d/60-cdrom_id.rules
read rules file: /usr/lib/udev/rules.d/60-drm.rules
read rules file: /usr/lib/udev/rules.d/60-keyboard.rules
read rules file: /usr/lib/udev/rules.d/60-pcmcia.rules
read rules file: /usr/lib/udev/rules.d/60-persistent-alsa.rules
read rules file: /usr/lib/udev/rules.d/60-persistent-input.rules
read rules file: /usr/lib/udev/rules.d/60-persistent-serial.rules
read rules file: /usr/lib/udev/rules.d/60-persistent-storage-tape.rules
read rules file: /usr/lib/udev/rules.d/60-persistent-storage.rules
read rules file: /usr/lib/udev/rules.d/60-persistent-v4l.rules
read rules file: /usr/lib/udev/rules.d/60-ssd-scheduler.rules
read rules file: /etc/udev/rules.d/60-vboxdrv.rules
read rules file: /usr/lib/udev/rules.d/60-vboxguest.rules
read rules file: /usr/lib/udev/rules.d/61-accelerometer.rules
read rules file: /usr/lib/udev/rules.d/63-md-raid-arrays.rules
read rules file: /usr/lib/udev/rules.d/64-btrfs.rules
read rules file: /usr/lib/udev/rules.d/64-md-raid-assembly.rules
read rules file: /usr/lib/udev/rules.d/65-wacom.rules
read rules file: /usr/lib/udev/rules.d/66-kpartx.rules
read rules file: /usr/lib/udev/rules.d/67-kpartx-compat.rules
read rules file: /usr/lib/udev/rules.d/69-dm-lvm-metad.rules
read rules file: /usr/lib/udev/rules.d/69-libmtp.rules
read rules file: /usr/lib/udev/rules.d/69-xorg-vmmouse.rules
skip empty file: /etc/udev/rules.d/70-persistent-net.rules
read rules file: /usr/lib/udev/rules.d/70-power-switch.rules
read rules file: /usr/lib/udev/rules.d/70-printers.rules
read rules file: /usr/lib/udev/rules.d/70-uaccess.rules
read rules file: /usr/lib/udev/rules.d/71-seat.rules
read rules file: /usr/lib/udev/rules.d/73-seat-late.rules
read rules file: /usr/lib/udev/rules.d/73-seat-numlock.rules
read rules file: /usr/lib/udev/rules.d/75-net-description.rules
read rules file: /usr/lib/udev/rules.d/75-persistent-net-generator.rules
read rules file: /usr/lib/udev/rules.d/75-probe_mtd.rules
read rules file: /usr/lib/udev/rules.d/75-tty-description.rules
read rules file: /usr/lib/udev/rules.d/76-net-sriov-names.rules
read rules file: /usr/lib/udev/rules.d/77-mm-ericsson-mbm.rules
read rules file: /usr/lib/udev/rules.d/77-mm-huawei-net-port-types.rules
read rules file: /usr/lib/udev/rules.d/77-mm-longcheer-port-types.rules
read rules file: /usr/lib/udev/rules.d/77-mm-nokia-port-types.rules
read rules file: /usr/lib/udev/rules.d/77-mm-pcmcia-device-blacklist.rules
read rules file: /usr/lib/udev/rules.d/77-mm-platform-serial-whitelist.rules
read rules file: /usr/lib/udev/rules.d/77-mm-simtech-port-types.rules
read rules file: /usr/lib/udev/rules.d/77-mm-usb-device-blacklist.rules
read rules file: /usr/lib/udev/rules.d/77-mm-usb-serial-adapters-greylist.rules
read rules file: /usr/lib/udev/rules.d/77-mm-x22x-port-types.rules
read rules file: /usr/lib/udev/rules.d/77-mm-zte-port-types.rules
read rules file: /usr/lib/udev/rules.d/77-nm-olpc-mesh.rules
read rules file: /usr/lib/udev/rules.d/78-sound-card.rules
read rules file: /usr/lib/udev/rules.d/80-drivers.rules
read rules file: /usr/lib/udev/rules.d/80-hotplug-cpu-mem.rules
read rules file: /usr/lib/udev/rules.d/80-mm-candidate.rules
read rules file: /usr/lib/udev/rules.d/80-net-setup-link.rules
read rules file: /usr/lib/udev/rules.d/80-udisks2.rules
read rules file: /usr/lib/udev/rules.d/85-regulatory.rules
read rules file: /usr/lib/udev/rules.d/90-alsa-restore.rules
read rules file: /usr/lib/udev/rules.d/90-haveged.rules
read rules file: /usr/lib/udev/rules.d/90-libgpod.rules
read rules file: /usr/lib/udev/rules.d/90-mcelog.rules
read rules file: /usr/lib/udev/rules.d/90-pulseaudio.rules
read rules file: /usr/lib/udev/rules.d/90-vconsole.rules
read rules file: /usr/lib/udev/rules.d/95-dm-notify.rules
read rules file: /usr/lib/udev/rules.d/95-udev-late.rules
read rules file: /usr/lib/udev/rules.d/95-upower-csr.rules
read rules file: /usr/lib/udev/rules.d/95-upower-hid.rules
read rules file: /usr/lib/udev/rules.d/95-upower-wup.rules
read rules file: /usr/lib/udev/rules.d/97-hid2hci.rules
read rules file: /usr/lib/udev/rules.d/99-iwlwifi-led.rules
read rules file: /etc/udev/rules.d/99-scan-UsbStorage.rules
read rules file: /usr/lib/udev/rules.d/99-systemd.rules
rules contain 393216 bytes tokens (32768 * 12 bytes), 38164 bytes strings
25073 strings (213127 bytes), 21735 de-duplicated (178302 bytes), 3339 trie nodes used
GROUP 6 /usr/lib/udev/rules.d/50-udev-default.rules:48
IMPORT '/usr/bin/sg_inq --export /dev/sdb' /usr/lib/udev/rules.d/55-scsi-sg3_id.rules:10
starting '/usr/bin/sg_inq --export /dev/sdb'
'/usr/bin/sg_inq --export /dev/sdb'(out) 'SCSI_TPGS=3'
'/usr/bin/sg_inq --export /dev/sdb'(out) 'SCSI_TYPE=disk'
'/usr/bin/sg_inq --export /dev/sdb'(out) 'SCSI_VENDOR=Verbatim'
'/usr/bin/sg_inq --export /dev/sdb'(out) 'SCSI_VENDOR_ENC=Verbatim'
'/usr/bin/sg_inq --export /dev/sdb'(out) 'SCSI_MODEL=STORE_N_GO'
'/usr/bin/sg_inq --export /dev/sdb'(out) 'SCSI_MODEL_ENC=STORE\x20N\x20GO\x20\x20\x20\x20\x20\x20'
'/usr/bin/sg_inq --export /dev/sdb'(out) 'SCSI_REVISION=1100'
'/usr/bin/sg_inq --export /dev/sdb' [11164] exit with return code 0
IMPORT '/usr/bin/sg_inq --export --page=sn /dev/sdb' /usr/lib/udev/rules.d/55-scsi-sg3_id.rules:19
starting '/usr/bin/sg_inq --export --page=sn /dev/sdb'
'/usr/bin/sg_inq --export --page=sn /dev/sdb'(out) 'SCSI_IDENT_SERIAL=12250000001425A2'
'/usr/bin/sg_inq --export --page=sn /dev/sdb' [11165] exit with return code 0
IMPORT '/usr/bin/sg_inq --export --page=di /dev/sdb' /usr/lib/udev/rules.d/55-scsi-sg3_id.rules:21
starting '/usr/bin/sg_inq --export --page=di /dev/sdb'
'/usr/bin/sg_inq --export --page=di /dev/sdb'(out) 'SCSI_IDENT_LUN_EUI64=0001020000060804'
'/usr/bin/sg_inq --export --page=di /dev/sdb'(out) 'SCSI_IDENT_LUN_NAA=2020030102060804'
'/usr/bin/sg_inq --export --page=di /dev/sdb' [11167] exit with return code 0
PROGRAM '/sbin/multipath -i -u sdb' /usr/lib/udev/rules.d/56-multipath.rules:12
starting '/sbin/multipath -i -u sdb'
'/sbin/multipath -i -u sdb'(out) 'Oct 21 12:53:14 | DM multipath kernel driver not loaded'
'/sbin/multipath -i -u sdb' [11168] exit with return code 1
LINK 'disk/by-id/scsi-SVerbatim_STORE_N_GO_12250000001425A2' /usr/lib/udev/rules.d/58-scsi-sg3_symlink.rules:12
LINK 'disk/by-id/scsi-32020030102060804' /usr/lib/udev/rules.d/58-scsi-sg3_symlink.rules:15
LINK 'disk/by-id/scsi-20001020000060804' /usr/lib/udev/rules.d/58-scsi-sg3_symlink.rules:18
LINK 'disk/by-id/scsi-32020030102060804' /usr/lib/udev/rules.d/60-persistent-storage.rules:42
IMPORT builtin 'path_id' /usr/lib/udev/rules.d/60-persistent-storage.rules:63
LINK 'disk/by-path/pci-0000:00:1d.0-usb-0:1.2:1.0-scsi-0:0:0:0' /usr/lib/udev/rules.d/60-persistent-storage.rules:64
IMPORT builtin 'blkid' /usr/lib/udev/rules.d/60-persistent-storage.rules:81
probe /dev/sdb raid offset=0
LINK 'disk/by-uuid/2014-10-27-15-28-42-00' /usr/lib/udev/rules.d/60-persistent-storage.rules:87
LINK 'disk/by-label/openSUSE\x2013.2\x20KDE\x20Live' /usr/lib/udev/rules.d/60-persistent-storage.rules:88
LINK 'disk/by-id/wwn-0x2020030102060804' /usr/lib/udev/rules.d/60-persistent-storage.rules:91
RUN '#!/bin/sh ~/-udevscripts/clamscan.sh' /etc/udev/rules.d/99-scan-UsbStorage.rules:1
handling device node '/dev/sdb', devnum=b8:16, mode=0660, uid=0, gid=6
preserve permissions /dev/sdb, 060660, uid=0, gid=6
preserve already existing symlink '/dev/block/8:16' to '../sdb'
found 'b8:16' claiming '/run/udev/links/\x2fdisk\x2fby-id\x2fscsi-20001020000060804'
creating link '/dev/disk/by-id/scsi-20001020000060804' to '/dev/sdb'
preserve already existing symlink '/dev/disk/by-id/scsi-20001020000060804' to '../../sdb'
found 'b8:16' claiming '/run/udev/links/\x2fdisk\x2fby-id\x2fscsi-32020030102060804'
creating link '/dev/disk/by-id/scsi-32020030102060804' to '/dev/sdb'
preserve already existing symlink '/dev/disk/by-id/scsi-32020030102060804' to '../../sdb'
found 'b8:16' claiming '/run/udev/links/\x2fdisk\x2fby-id\x2fscsi-SVerbatim_STORE_N_GO_12250000001425A2'
creating link '/dev/disk/by-id/scsi-SVerbatim_STORE_N_GO_12250000001425A2' to '/dev/sdb'
preserve already existing symlink '/dev/disk/by-id/scsi-SVerbatim_STORE_N_GO_12250000001425A2' to '../../sdb'
found 'b8:16' claiming '/run/udev/links/\x2fdisk\x2fby-id\x2fwwn-0x2020030102060804'
creating link '/dev/disk/by-id/wwn-0x2020030102060804' to '/dev/sdb'
preserve already existing symlink '/dev/disk/by-id/wwn-0x2020030102060804' to '../../sdb'
found 'b8:16' claiming '/run/udev/links/\x2fdisk\x2fby-label\x2fopenSUSE\x5cx2013.2\x5cx20KDE\x5cx20Live'
creating link '/dev/disk/by-label/openSUSE\x2013.2\x20KDE\x20Live' to '/dev/sdb'
preserve already existing symlink '/dev/disk/by-label/openSUSE\x2013.2\x20KDE\x20Live' to '../../sdb'
found 'b8:16' claiming '/run/udev/links/\x2fdisk\x2fby-path\x2fpci-0000:00:1d.0-usb-0:1.2:1.0-scsi-0:0:0:0'
creating link '/dev/disk/by-path/pci-0000:00:1d.0-usb-0:1.2:1.0-scsi-0:0:0:0' to '/dev/sdb'
preserve already existing symlink '/dev/disk/by-path/pci-0000:00:1d.0-usb-0:1.2:1.0-scsi-0:0:0:0' to '../../sdb'
found 'b8:16' claiming '/run/udev/links/\x2fdisk\x2fby-uuid\x2f2014-10-27-15-28-42-00'
creating link '/dev/disk/by-uuid/2014-10-27-15-28-42-00' to '/dev/sdb'
preserve already existing symlink '/dev/disk/by-uuid/2014-10-27-15-28-42-00' to '../../sdb'
ACTION=add
DEVLINKS=/dev/disk/by-id/scsi-20001020000060804 /dev/disk/by-id/scsi-32020030102060804 /dev/disk/by-id/scsi-SVerbatim_STORE_N_GO_12250000001425A2 /dev/disk/by-id/wwn-0x2020030102060804 /dev/disk/by-label/openSUSE\x2013.2\x20KDE\x20Live /dev/disk/by-path/pci-0000:00:1d.0-usb-0:1.2:1.0-scsi-0:0:0:0 /dev/disk/by-uuid/2014-10-27-15-28-42-00
DEVNAME=/dev/sdb
DEVPATH=/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2/2-1.2:1.0/host6/target6:0:0/6:0:0:0/block/sdb
DEVTYPE=disk
ID_BUS=scsi
ID_FS_APPLICATION_ID=0xe28d2fda
ID_FS_BOOT_SYSTEM_ID=EL\x20TORITO\x20SPECIFICATION
ID_FS_LABEL=openSUSE_13.2_KDE_Live
ID_FS_LABEL_ENC=openSUSE\x2013.2\x20KDE\x20Live
ID_FS_PUBLISHER_ID=SUSE\x20LINUX\x20GmbH
ID_FS_SYSTEM_ID=LINUX
ID_FS_TYPE=udf
ID_FS_USAGE=filesystem
ID_FS_UUID=2014-10-27-15-28-42-00
ID_FS_UUID_ENC=2014-10-27-15-28-42-00
ID_FS_VERSION=Joliet Extension
ID_MODEL=STORE_N_GO
ID_MODEL_ENC=STORE\x20N\x20GO\x20\x20\x20\x20\x20\x20
ID_PART_TABLE_TYPE=dos
ID_PART_TABLE_UUID=e28d2fda
ID_PATH=pci-0000:00:1d.0-usb-0:1.2:1.0-scsi-0:0:0:0
ID_PATH_TAG=pci-0000_00_1d_0-usb-0_1_2_1_0-scsi-0_0_0_0
ID_REVISION=1100
ID_SCSI=1
ID_SERIAL=32020030102060804
ID_SERIAL_SHORT=2020030102060804
ID_TYPE=disk
ID_VENDOR=Verbatim
ID_VENDOR_ENC=Verbatim
ID_WWN=0x2020030102060804
ID_WWN_WITH_EXTENSION=0x2020030102060804
MAJOR=8
MINOR=16
MPATH_SBIN_PATH=/sbin
SCSI_IDENT_LUN_EUI64=0001020000060804
SCSI_IDENT_LUN_NAA=2020030102060804
SCSI_IDENT_SERIAL=12250000001425A2
SCSI_MODEL=STORE_N_GO
SCSI_MODEL_ENC=STORE\x20N\x20GO\x20\x20\x20\x20\x20\x20
SCSI_REVISION=1100
SCSI_TPGS=3
SCSI_TYPE=disk
SCSI_VENDOR=Verbatim
SCSI_VENDOR_ENC=Verbatim
SUBSYSTEM=block
TAGS=:systemd:
USEC_INITIALIZED=28101423
run: '#!/bin/sh ~/-udevscripts/clamscan.sh'
unload module index
Unloaded link configuration context.
running udevadm test without root causes the output to claim not being able to have permission for sdb1 (“error opening file: /dev/sdb: Permission denied’”).
Do you have any idea what I could improve? I am thankful for any help.
These lines were inspired from the following sites:
http://www.linuxquestions.org/questions/linux-security-4/run-clamav-on-mount-of-flashdrive-797286/
http://reactivated.net/writing_udev_rules.html