USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)
I know there is usbguard-daemon.conf’s keep value for options like PresentDevicePolicy, but this just generally keeps every device (respectively host controller) present when the daemon starts.
What I would like being able to do is using apply-policy in those options and requiring specific rules for such devices to be added to rules.conf but still have a way to have them only match when the daemon starts.
The idea is that this would allow to harden things a bit more, should any future (other) device that is attached after the daemon has started match those rules, which are only intended for when the daemon starts.
Hey.
I know there is
usbguard-daemon.conf’skeepvalue for options likePresentDevicePolicy, but this just generally keeps every device (respectively host controller) present when the daemon starts.What I would like being able to do is using
apply-policyin those options and requiring specific rules for such devices to be added torules.confbut still have a way to have them only match when the daemon starts.The idea is that this would allow to harden things a bit more, should any future (other) device that is attached after the daemon has started match those rules, which are only intended for when the daemon starts.
Thanks, Chris.