History of usb connections in linux. Linux forensics in the form of tracking the connection history of USB devices. Reboot Linux to fix USB port

As part of my immersion in one of the disciplines (during the course of my studies in the Compeza specialty), I worked on one interesting project that I would not want to simply bury in the depths of the “Univer” folder on an external hard drive.

This project is called

usbrip

and is a small open source console utility for Linux forensics, namely for working with the history of USB device connections. The program is written in pure Python 3 (using some third-party modules) and does not require dependencies other than the Python 3.x interpreter and a few lines from

requirements.txt

Resolved in one line using pip3.

In this post I will describe some of the capabilities of this software and leave a short manual with a link to the download source.

$ python3 usbrip.py ids download

Links and postscript

You can get the utility from

GitHub

All dependencies for launching and correct operation are listed in

requirements.txt

Thank you for attention!

P.S.

yes, the style of the banner and information messages is inspired by the project

sqlmap

As part of my immersion in one of the disciplines (while studying for the specialty of computer security), I worked on one entertaining project that I would not want to simply bury in the depths of the “Univer” folder on an external hard drive.

This project is called usbrip and is a small open source console utility for Linux forensics, namely for working with the history of USB device connections. The program is written in pure Python 3 (using some third-party modules) and does not require dependencies other than a Python 3.x interpreter and a couple of lines from requirements.txt, resolved in one line using pip.

In this post I will describe some of the capabilities of this software and leave a short manual with a link to the download source.

Cut! (...I mean Cut!)

Note. The functionality described in the article is relevant for the version of the utility. Behind latest version With a lot of new goodies, I suggest going to the repository.

Screenshots

Getting connection history of removable USB devices:

Search additional information about a USB device by model identifier (PID):

Description

As you know, operating systems based on GNU/Linux are very sensitive to logging various kinds of events, and connecting/disconnecting USB devices is no exception. Combined with one of the UNIX philosophy's "text streams as universal interfaces" information about the artifacts of such events (in varying degrees of detail) depending on the distribution can be found in one or more of the following text files:

/var/log/kern.log*;
/var/log/syslog*;
/var/log/messages*;
/var/log/dmesg*;
/var/log/daemon.log*.

FORENSIC-PROOF even shows us this picture on this matter (a little incomplete, but no matter):

For its work, usbrip finds universal ones for all Linux builds based on Debian (Ubuntu, Linux Mint etc.) and RPM (CentOS, Fedora, openSUSE, etc.), log files, namely: /var/log/syslog* or /var/log/messages* , parses them in search of the necessary information and reveals the traces found connections of USB devices into beautiful plates (or lists - whatever you like).

USBrip can also:

create lists of authorized (trusted) devices in the form of JSON files;
search for “offending events” based on the list of trusted devices: events (USB connection/disconnection) that involved USB devices that were not marked as trusted;
look for additional information about a USB device by its VID (Vendor ID) and/or PID (Product ID).

Reference

Get a list of available modules:

$ python3 usbrip.py -h
Get a list of available submodules for a specific module:

$python3 usbrip.py<модуль>-h
Get list available options for a specific submodule:

$python3 usbrip.py<модуль> <подмодуль>-h

Syntax

$ python3 usbrip.py banner Displays the utility banner on the screen. $ python3 usbrip.py events history [-q] [-t | -l] [-e] [-n NUMBER OF EVENTS] [-d DATE [DATE...]] [-c COLUMN [COLUMN...]] [-f LOGFILE [LOGFILE...]] View USB connection history . $ python3 usbrip.py events gen_auth<ВЫХОДНОЙ_ФАЙЛ.JSON>[-a SIGN [SIGN...]] [-q] [-e] [-n NUMBER_EVENTS] [-d DATE [DATE...]] [-f LOG_FILE [LOG_FILE...]] Formation of a list of authorized ( trusted) USB devices. $ python3 usbrip.py events violations<ВХОДНОЙ_ФАЙЛ.JSON>[-a CHARACTER [CHARGET...]] [-q] [-t | -l] [-e] [-n NUMBER OF EVENTS] [-d DATE [DATE...]] [-c COLUMN [COLUMN...]] [-f LOGFILE [LOGFILE...]] Search for "offending events" " based on a list of trusted devices. $ python3 usbrip.py ids search [-q] [ --vid VID] [--pid PID] [--offline] Search for additional information about a device by its VID and/or PID in the identifier database. $ python3 usbrip.py ids download [-q] Update (download) the local USB device identifier database.

Options

Options supported by the "events history", "events gen_auth", "events violations", "ids search", "ids download" submodules: -q, --quiet omit the display of banners, information (green) messages, and do not ask questions during execution ############################################### ###################################### Options supported by the "events history", "events gen_auth" submodules ", "events violations": -e, --external search only for removable USB devices (that have disconnection information) -n NUMBER OF EVENTS, --number NUMBER OF EVENTS the number of latest events by date that will be displayed -d DATE [DATE. ..], --date DATE [DATE...] list of dates by which events will be filtered when searching -f LOG_FILE [LOG_FILE...], --file LOG_FILE [LOG_FILE...] list of log files ( if not specified, the event history will be searched using the default log files: /var/log/syslog* or /var/log/messages* depending on the OS version) ############# ################################################## ###################### Options supported by the "events history", "events violations" submodules: -t, --table generate output in the form of a table (if the size the terminal window is not enough to display the table correctly, the output will be automatically generated in the form of a list; when specifying the -t flag, the output will be generated in the form of a table forcibly) -l, --list generate the output as a list -c COLUMN [COLUMN...], --column COLUMN [COLUMN...] list of columns that will be used when building a table (has effect only when generating output in the form of a table); allowed keys: "conn", "user", "vid", "pid", "prod", "manufact", "serial", "port", "disconn". ################################################## ################################### Options supported by "events gen_auth", "events violations" submodules: - a SIGN [SIGN...], --attribute SIGN [SIGN...] a list of attributes that will be used when constructing a list of authorized devices (as well as when searching for “violating events” in the case of the “events violations” submodule); allowed keys: "vid", "pid", "prod", "manufact", "serial". ################################################## ################################### Options supported by "ids search", "ids download" submodules: - -vid VID vendor ID or USB device manufacturer ID (usually 4 hexadecimal digits) --vid PID product ID or USB device model ID (usually 4 hexadecimal digits) --offline if specified, search for additional information about the USB device in the database identifier data will be produced without first updating it (the database)

Examples of using

Show the connection history of all USB devices, omitting the banner, informational (green) messages, and also without asking questions during execution (-q, --quite), generating the output in the form of a list (-l, --list), including in it contains the 100 most recently found events (-n NUMBER OF EVENTS, --number NUMBER OF EVENTS):
$ python3 usbrip.py events history -ql -n 100
Show the connection history of removable USB devices (-e, --external), generating the output in the form of a table with fields (columns) “Connected”, “VID”, “PID”, “Disconnected” and “Serial Number” (-c COLUMN [COLUMN...], --column COLUMN [COLUMN...]), filtering the search by dates (-d DATE [DATE...], --date DATE [DATE...]), taking the information from external log files (-f LOG_FILE [LOG_FILE...], --file LOG_FILE [LOG_FILE...]):
$ python3 usbrip.py events history -et -c conn vid pid disconn serial -d "Dec 9" "Dec 10" -f /var/log/syslog.1 /var/log/syslog.2.gz
Build a table of the connection history of all USB devices and redirect the output to a file for further analysis. In the event that the output stream is not standard stdout ("|" or ">" for example), special ones will not be present in the output data. characters responsible for the font color in the terminal, so text file will not be littered with unreadable characters. It should also be noted that usbrip uses some UNICODE constants, so it would be a good idea to immediately convert the encoding created file in UTF-8 to display them correctly (for example, using encov), and also use characters new line in Windows style for better portability (for example using awk):
$ python3 usbrip.py history events -t | awk "( sub("$", "\r"); print )" > usbrip.txt && enconv -x UTF8 usbrip.txt
Note: get rid of special characters responsible for color are also possible if the output has already been sent to stdout. To do this, you need to copy the received data to a new file usbrip.txt and add another awk instruction:
$ awk "( sub("$", "\r"); gsub("\\x1B\\[*[ -/]*[@-~]", ""); print )" usbrip.txt && enconv -x UTF8 usbrip.txt
Create a list of trusted devices in the form of a JSON file (trusted/auth.json) containing the fields “VID” and “PID” of the first three devices connected on September 26th:
$ python3 usbrip.py events gen_auth trusted/auth.json -a vid pid -n 3 -d "Sep 26"
Find “offender events” among the history of connections of removable USB devices based on the list of trusted devices (trusted/auth.json) using the “PID” field and generate the output in the form of a table with the “Connected”, “VID” and “PID” fields:
$ python3 usbrip.py events violations trusted/auth.json -a pid -et -c conn vid pid
Find additional information about a USB device based on its VID and PID:
$ python3 usbrip.py ids search --vid 0781 --pid 5580
Download/Update USB Device ID Database (source):
$ python3 usbrip.py ids download

Links and postscript

You can get the utility from Github, all dependencies for launching and correct operation are listed in requirements.txt.

Thank you for attention!

P.S. yes, the style of the banner and information messages is inspired by the project sqlmap (*^.^*)

UPD 06/13/2018. There was an investigation into a real (?) case involving my utility from a person with Codeby (I’m shocked, to be honest).

USB - Universal Serial Bus was developed by a consortium of companies with the goal of providing a single, simple bus for connecting peripherals.

USB design allows devices to connect on the fly using standard jacks for connection. USB devices include: keyboards, mice, printers, scanners, hard disks, flash drives, cameras, modems, network adapters and columns, and their list is constantly growing.

Linux support for USB devices is quite comprehensive, but some devices require special drivers, and others, mainly printers and scanners, may not be supported or only partially supported.

Computer systems may contain one or more controllers or hubs designed to connect USB devices or other (external) hub. The hub can support up to 7 devices, which, in turn, can have additional hubs. Hub inside system unit called root hub. Each star topology can support up to 127 hubs or devices.

When we say USB port, we mean the computer's USB support and port for connection, not the internal port address used by the device.

The USB system's layering allows the host to determine the characteristics of a USB device, including class, manufacturer name, device name, voltage requirements, speed, USB support level, and other functions.

Linux USB Device Support Module

USB devices are currently fully supported on Linux. Most of the changes appeared in the 2.6 kernel branch, although there was some support even in the 2.2 kernels. Linux supports both USB 2.0 and earlier specifications. Due to the hot-plug nature of USB, support is typically done through kernel modules that can be loaded or unloaded as needed.

The lspci command allows you to display USB devices:

Root@localhost:~:# lspci | grep -i usb 00:03.0 USB Controller: Silicon Integrated Systems USB 1.1 Controller (rev 0f) 00:03.1 USB Controller: Silicon Integrated Systems USB 1.1 Controller (rev 0f) 00:03.3 USB Controller: Silicon Integrated Systems USB 2.0 Controller

The command output shows that there are 3 USB controllers in the system.

Using the lsmod command you can display loaded USB modules:

Displaying connected USB devices

A summary of currently connected USB devices is contained in the /proc/bus/usb/devices file. You can display it with the following command:

Root@localhost:~:# cat /proc/bus/usb/devices T: Bus=03 Lev=00 Prnt=00 Port=00 Cnt=00 Dev#= 1 Spd=12 MxCh= 3 B: Alloc= 0/900 us (0%), #Int= 0, #Iso= 0 D: Ver= 1.10 Cls=09(hub) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1d6b ProdID=0001 Rev= 2.06 S: Manufacturer=Linux 2.6.29.6 ohci_hcd S: Product=OHCI Host Controller S: SerialNumber=0000:00:03.1 C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr= 0mA I:* If#= 0 Alt = 0 #EPs= 1 Cls=09(hub) Sub=00 Prot=00 Driver=hub E: Ad=81(I) Atr=03(Int.) MxPS= 2 Ivl=255ms T: Bus=02 Lev=00 Prnt=00 Port=00 Cnt=00 Dev#= 1 Spd=12 MxCh= 3 B: Alloc= 28/900 us (3%), #Int= 2, #Iso= 0 D: Ver= 1.10 Cls=09( hub) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1d6b ProdID=0001 Rev= 2.06 S: Manufacturer=Linux 2.6.29.6 ohci_hcd S: Product=OHCI Host Controller S: SerialNumber=0000:00: 03.0 C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr= 0mA I:* If#= 0 Alt= 0 #EPs= 1 Cls=09(hub) Sub=00 Prot=00 Driver=hub E: Ad =81(I) Atr=03(Int.) MxPS= 2 Ivl=255ms T: Bus=02 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=1.5 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc) Sub=00 Prot=00 MxPS= 8 #Cfgs= 1 P: Vendor=045e ProdID=00db Rev= 1.73 S: Manufacturer=Microsoft S: Product=Natural� Ergonomic Keyboard 4000 C:* #Ifs = 2 Cfg#= 1 Atr=a0 MxPwr=100mA I:* If#= 0 Alt= 0 #EPs= 1 Cls=03(HID) Sub=01 Prot=01 Driver=usbhid E: Ad=81(I) Atr =03(Int.) MxPS= 8 Ivl=10ms I:* If#= 1 Alt= 0 #EPs= 1 Cls=03(HID) Sub=00 Prot=00 Driver=usbhid E: Ad=82(I) Atr =03(Int.) MxPS= 8 Ivl=10ms T: Bus=01 Lev=00 Prnt=00 Port=00 Cnt=00 Dev#= 1 Spd=480 MxCh= 6 B: Alloc= 0/800 us (0% ), #Int= 0, #Iso= 0 D: Ver= 2.00 Cls=09(hub) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1d6b ProdID=0002 Rev= 2.06 S: Manufacturer= Linux 2.6.29.6 ehci_hcd S: Product=EHCI Host Controller S: SerialNumber=0000:00:03.3 C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr= 0mA I:* If#= 0 Alt= 0 #EPs = 1 Cls=09(hub) Sub=00 Prot=00 Driver=hub E: Ad=81(I) Atr=03(Int.) MxPS= 4 Ivl=256ms

In the listing, Spd=480 corresponds to the USB 2.0 bus, and Spd=12 corresponds to USB 1.1 devices. Further in the list you can see that there is currently 1 USB device connected to the system - Microsoft Natural Ergonomic Keyboard 400 (Spd=1.5).

Naturally, I type this text on this keyboard.

The hierarchy of USB device connections can be seen using the lsusb command with the -t option:

Root@localhost:~:# lsusb -t Bus# 3 `-Dev# 1 Vendor 0x1d6b Product 0x0001 Bus# 2 `-Dev# 1 Vendor 0x1d6b Product 0x0001 `-Dev# 2 Vendor 0x045e Product 0x00db Bus# 1 `-Dev# 1 Vendor 0x1d6b Product 0x0002

Displaying information about a specific USB device can be obtained with the following command:

Root@localhost:~:# lsusb -vd 0x045e:0x00db Bus 002 Device 002: ID 045e:00db Microsoft Corp. Natural Ergonomic Keyboard 4000 V1.0 Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 8 idVendor 0x045e Microsoft Corp. idProduct 0x00db Natural Ergonomic Keyboard 4000 V1.0 bcdDevice 1.73 iManufacturer 1 Microsoft iProduct 2 Natural Ergonomic Keyboard 4000 iSerial 0 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 59 bNumInterfaces 2 bConfigurationValue 1 iConfiguration 0 bmAttributes 0xa0 (Bus Powered) Remote Wakeup MaxPower 100mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 3 Human Interface Device bInterfaceSubClass 1 Boot Interface Subclass bInterfaceProtocol 1 Keyboard iInterface 0 ** UNRECOGNIZED: 09 21 11 01 00 01 22 3c 00 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0008 1x 8 bytes bInterval 10 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 3 Human Interface Device bInterfaceSubClass 0 No Subclass bInterfaceProtocol 0 None iInterface 0 ** UNRECOGNIZED: 09 21 11 01 00 01 22 56 00 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x82 EP 2 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0008 1x 8 bytes bInterval 10 Device Status: 0 x0000 (Bus Powered)

Connecting a USB device on the fly

New systems have support for connecting USB devices on the fly (hot plugging), which means connecting the device to a running system, which must:

determine the type of USB device, find the driver and run it;
associate the driver with the device;
notify other subsystems about the USB device.

This project is called usbrip and is a small open source console utility for Linux forensics, namely for working with the history of USB device connections. The program is written in pure Python 3 (using some third-party modules) and does not require dependencies other than the Python 3.x interpreter and a few lines from requirements.txt, resolved in one line using pip3.

In this post I will describe some of the capabilities of this software and leave a short manual with a link to the download source.

Cut! (...I mean Cut!)

Screenshots

Getting connection history of removable USB devices:

Finding additional information about a USB device by model identifier (PID):

Description

/var/log/kern.log* ;
/var/log/syslog* ;
/var/log/messages* ;
/var/log/dmesg* ;
/var/log/daemon.log* .

FORENSIC-PROOF even shows us this picture on this matter (a little incomplete, but no matter):

For its work, usbrip finds log files that are universal for all Linux builds based on Debian (Ubuntu, Linux Mint, etc.) and RPM (CentOS, Fedora, openSUSE, etc.), namely: /var/log/syslog* or /var/log/messages* , parses them in search of the necessary information and turns the found traces of USB device connections into beautiful plates (or lists - whatever you like).

USBrip can also:

create lists of authorized (trusted) devices in the form of JSON files;
search for “offending events” based on the list of trusted devices: events (USB connection/disconnection) that involved USB devices that were not marked as trusted;
look for additional information about a USB device by its VID (Vendor ID) and/or PID (Product ID).

Reference

Get a list of available modules:

$ python3 usbrip.py -h
Get a list of available submodules for a specific module:

$python3 usbrip.py<модуль>-h
Get a list of available options for a specific submodule:

$python3 usbrip.py<модуль> <подмодуль>-h

Syntax

$ python3 usbrip.py banner $ python3 usbrip.py events history [-q] [-t | -l] [-e] [-n NUMBER OF EVENTS] [-d DATE [DATE...]] [-c COLUMN [COLUMN...]] [-f LOGFILE [LOGFILE...]] $ python3 usbrip.py events gen_auth<ВЫХОДНОЙ_ФАЙЛ.JSON>[-q] [-e] [-n NUMBER OF EVENTS] [-d DATE [DATE...]] [-f LOGFILE [LOGFILE...]] $ python3 usbrip.py events violations<ВХОДНОЙ_ФАЙЛ.JSON>[-q] [-t | -l] [-e] [-n NUMBER OF EVENTS] [-d DATE [DATE...]] [-c COLUMN [COLUMN...]] [-f LOGFILE [LOGFILE...]] $ python3 usbrip.py ids search [-q] [--vid VID] [--pid PID] [--offline] $ python3 usbrip.py ids download [-q]

Options

Options supported by the "events history", "events gen_auth", "events violations", "ids search", "ids download" submodules: -q, --quiet omit the display of banners, information (green) messages, and do not ask questions during execution ############################################### ###################################### Options supported by the "events history", "events gen_auth" submodules ", "events violations": -e, --external search only for removable USB devices (that have disconnection information) -n NUMBER OF EVENTS, --number NUMBER OF EVENTS the number of latest events by date that will be displayed -d DATE [DATE. ..], --date DATE [DATE...] list of dates by which events will be filtered when searching -f LOG_FILE [LOG_FILE...], --file LOG_FILE [LOG_FILE...] list of log files ( if not specified, the event history will be searched using the default log files: /var/log/syslog* or /var/log/messages* depending on the OS version) ############# ################################################## ###################### Options supported by the "events history", "events violations" submodules: -t, --table generate output in the form of a table (if the size the terminal window is not enough to display the table correctly, the output will be automatically generated in the form of a list; when specifying the -t flag, the output will be generated in the form of a table forcibly) -l, --list generate the output as a list -c COLUMN [COLUMN...], --column COLUMN [COLUMN...] list of columns that will be used when building a table (has effect only when generating output in the form of a table); allowed keys: "conn", "user", "vid", "pid", "prod", "manufact", "serial", "port", "disconn". ################################################## ################################### Options supported by "ids search", "ids download" submodules: - -vid VID vendor ID or USB device manufacturer ID (usually 4 hexadecimal digits) --vid PID product ID or USB device model ID (usually 4 hexadecimal digits) --offline if specified, search for additional information about the USB device in the database identifier data will be produced without first updating it (the database)

Examples of using

Show the connection history of all USB devices, omitting the banner, informational (green) messages, and also without asking questions during execution (-q, --quite), generating the output in the form of a list (-l, --list), including in it contains the 100 most recently found events (-n NUMBER OF EVENTS, --number NUMBER OF EVENTS):
$ python3 usbrip.py events history -ql -n 100
Show the connection history of removable USB devices (-e, --external), generating the output in the form of a table with fields (columns) “Connected”, “VID”, “PID”, “Disconnected” and “Serial Number” (-c COLUMN [COLUMN...], --column COLUMN [COLUMN...]), filtering the search by dates (-d DATE [DATE...], --date DATE [DATE...]), taking the information from external log files (-f LOG_FILE [LOG_FILE...], --file LOG_FILE [LOG_FILE...]):
$ python3 usbrip.py events history -et -c conn vid pid disconn serial -d "Dec 9" "Dec 10" -f /var/log/syslog.1 /var/log/syslog.2.gz
Build a table of the connection history of all USB devices and redirect the output to a file for further analysis. In the event that the output stream is not standard stdout ("|" or ">" for example), special ones will not be present in the output data. characters responsible for the font color in the terminal, so the text file will not be littered with unreadable characters. It should also be noted that usbrip uses some UNICODE constants, so it would be a good idea to immediately convert the encoding of the created file to UTF-8 to display them correctly (for example, using encov), and also use Windows-style newline characters for better portability ( for example using awk):
$ python3 usbrip.py history events -t | awk "( sub("$", "\r"); print )" > usbrip.txt && enconv -x UTF8 usbrip.txt
Note: get rid of special characters responsible for color are also possible if the output has already been sent to stdout. To do this, you need to copy the received data to a new file usbrip.txt and add another awk instruction:
$ awk "( sub("$", "\r"); gsub("\\x1B\\[*[ -/]*[@-~]", ""); print )" usbrip.txt && enconv -x UTF8 usbrip.txt
Create a list of trusted devices in the form of a JSON file (trusted/auth.json) containing the first three devices connected on September 26th:
$ python3 usbrip.py events gen_auth trusted/auth.json -n 3 -d "Sep 26"
Search for “violating events” among the connection history of removable USB devices based on the list of trusted devices (trusted/auth.json) and generate the output in the form of a table with the “Connected”, “VID” and “PID” fields:
$ python3 usbrip.py events violations trusted/auth.json -et -c conn vid pid
Finding additional information about a USB device based on its VID and PID:
$ python3 usbrip.py ids search --vid 0781 --pid 5580
Download/Update USB Device ID Database (source

You have connected a USB flash drive or a keyboard or mouse to your Linux PC. But nothing happens.

What's the matter? Why doesn't your Linux PC detect the device? Is it Linux, or has your USB device stopped working?

USB doesn't work in Ubuntu?

Disk drives, memory card readers, phones, media players and peripherals multimedia...they are all useful, but if there is a problem with the USB port or your system's drivers, they won't work. This can be especially frustrating if you're using a Bluetooth keyboard or mouse (with a USB dongle), since it means digging out wired USB alternatives.

However, it may not be a dead port. The USB device you are using may be faulty and cannot be detected.

Solving USB problems can be challenging, but these problems are not impossible to diagnose and make the necessary fixes.

For elimination USB problems On Linux there are five steps to follow:

Make sure the USB port is detected
Produce the necessary renovation work to the port
Fix or repair USB devices
Reboot operating system Linux
Confirm the availability of device drivers

Let's look at each of them in turn and learn how to work with tricky USB devices in Linux.

1. Is your device detected by Linux?

The first thing to check when inserting your USB device into your Linux computer is whether it is detected. USB device detection is usually not verbal or audible (in Linux Deepin it is not) as in Windows or macOS, which means you often have to verify that the device has been captured by the operating system.

Fortunately, it's simple.

First, unplug the USB devices you are asking for. Then open a terminal window and enter the command » list USB:

The dmesg command will list the connected USB devices on your system. It will also include non-USB hardware and unfortunately provides a huge amount of information. To counter this you can try:

This looks like a cross between the dmesg and lsusb commands, listing connected USB hardware with enough information to identify them.

So, is the USB you connected listed here? If not, the port may be damaged or there is a problem with the device. Likewise, the device may not be compatible with Linux.

2. How to check the USB port

If the USB device is not displayed, it may be due to a problem with the USB port.

The best way to test this is to simply use a different USB port on your computer. If the USB hardware is now detected, then you know that you have a problem with one of the USB ports.

If another USB port is not available, you need to try the USB device on another PC or laptop. However, this may not be ideal option, because alternatively you can use a Windows or macOS computer and in this case, some USB devices cannot be used in Linux. So it will be difficult to determine what exactly is causing the problem, whether it is the USB device or the USB port.

For best results, stick to Linux-compatible hardware whenever possible when troubleshooting USB devices.

3. Fixing damaged USB hardware

If your USB hardware is faulty, you have two options: fix it or return it.

The fix usually involves checking USB port, as well as devices that are currently not working. Corrections will almost always center around USB cable and port on your computer. USB cables can usually be replaced, but USB ports can be repaired.

Physically checking the USB hardware is a good idea. The cables must be strong, without any breaks, and the metal section must be securely fastened.

USB ports, meanwhile, should be tested with the PC turned off and unplugged. Check that the ports are secure, wobbly USB ports are a sign of equipment wear.

If the USB port becomes loose, you can solder it back in place. Of course, you should already know how to solder, never attempt a DIY job without prior experience.

Also, check the USB ports for dust and dirt, especially on the back of the computer, where dust regularly collects. Dust is the enemy of a PC, so it's a good idea to keep your system in a dust-free environment. Dust can find its way into your PC through USB ports, take the time to keep these ports clean. Use compressed air to disperse dust and dirt.

Can you return your USB device? If it's new, it's likely. The problem is that unless it is clearly marked as running Linux, the store is unlikely to accept returns.

4. Reboot Linux to fix USB port

In some cases—for example, if you're using a laptop—power issues can affect its ability to detect USB devices. The autosuspend option is intended to reduce power consumption on Linux laptops, but it can be counterproductive.

So what can you do?

First check if autosuspend is causing the problem. You can do this by restarting your computer. If the USB device is running, then that USB port receives power.

The next step is to make sure this doesn't happen again. Next tricks command line are for Ubuntu 18.10, so check the correct procedure on your preferred Linux distribution.

Open a terminal window and type:

cat /sys/module/usbcore/parameters/autosuspend

Look here:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

GRUB_CMDLINE_LINUX_DEFAULT = "quiet splash"