Version information
released Aug 29th 2017
This version is compatible with:
- Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 4.7.0 < 6.0.0
- ,
Start using this module
Add this module to your Puppetfile:
mod 'vinzent-usbguard', '0.2.0'Learn more about managing modules with a PuppetfileDocumentation
vinzent/usbguard — version 0.2.0 Aug 29th 2017
usbguard
Table of Contents
- Description
- Setup - The basics of getting started with usbguard
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
Install usbguard and configure the daemon and rules.
https://dkopecek.github.io/usbguard/
Usbguard is available for RHEL/CentOS >= 7.4 and Fedora.
Setup
What usbguard affects
- the usbguard package
- the usbguard-daemon.conf file
- the rules file (by default
/etc/usbguard/rules-managed-by-puppet.conf)
Beginning with usbguard
Just include ::usbguard to start without any rule - but it won't
Usage
Install, configure some rules and start the service:
include ::usbguard
$rule_content = @(CONTENT)
allow with-interface equals { 08:*:* }
reject with-interface all-of { 08:*:* 03:00:* }
reject with-interface all-of { 08:*:* 03:01:* }
reject with-interface all-of { 08:*:* e0:*:* }
reject with-interface all-of { 08:*:* 02:*:* }
| CONTENT
# DON'T DO THIS ON YOUR COMPUTER OR YOU MIGHT LOCK YOU OUT
# this is just an example. :-)
usbguard::rule { 'allow usb disks without keyboard interface':
rule => $rule_content,
}
Limitations
- The usbguard package for RHEL/CentOS is only available for 7.4 and later or you need to configure a external repo on your own (this module will never fiddle with your repo config)
Development
No defined process available. :-) Github pull-request style.
Dependencies
- puppetlabs-stdlib (>= 4.13.1 < 5.0.0)
- puppetlabs-concat (>= 4.0.0 < 5.0.0)