usbguard

pdk
Install & configure usbguard

Thomas Mueller

vinzent

5,880 downloads

5,793 latest version

5.0 quality score

Version information

  • 0.2.0 (latest)
  • 0.1.0
released Aug 29th 2017
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.7.0 < 6.0.0
  • Fedora
    ,
    RedHat

Start using this module

Documentation

vinzent/usbguard — version 0.2.0 Aug 29th 2017

usbguard

Table of Contents

  1. Description
  2. Setup - The basics of getting started with usbguard
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module

Description

Install usbguard and configure the daemon and rules.

https://dkopecek.github.io/usbguard/

Usbguard is available for RHEL/CentOS >= 7.4 and Fedora.

Setup

What usbguard affects

  • the usbguard package
  • the usbguard-daemon.conf file
  • the rules file (by default /etc/usbguard/rules-managed-by-puppet.conf)

Beginning with usbguard

Just include ::usbguard to start without any rule - but it won't

Usage

Install, configure some rules and start the service:

include ::usbguard

$rule_content = @(CONTENT)
  allow with-interface equals { 08:*:* }
  reject with-interface all-of { 08:*:* 03:00:* }
  reject with-interface all-of { 08:*:* 03:01:* }
  reject with-interface all-of { 08:*:* e0:*:* }
  reject with-interface all-of { 08:*:* 02:*:* }
  | CONTENT

# DON'T DO THIS ON YOUR COMPUTER OR YOU MIGHT LOCK YOU OUT
# this is just an example. :-)
usbguard::rule { 'allow usb disks without keyboard interface':
  rule => $rule_content,
}

Limitations

  • The usbguard package for RHEL/CentOS is only available for 7.4 and later or you need to configure a external repo on your own (this module will never fiddle with your repo config)

Development

No defined process available. :-) Github pull-request style.