Difference between revisions of "USBGuard"

From ArchWiki
Jump to navigation Jump to search
(first draft)
 
(further explanations)
Line 1: Line 1:
 
This software allows one to implement a white/black-listing mechanism for usb-devices. Inspiration for this is drawn from exploits like BadUSB.
 
This software allows one to implement a white/black-listing mechanism for usb-devices. Inspiration for this is drawn from exploits like BadUSB.
 +
It consists of
  
 
== Installation ==
 
== Installation ==
  
Install {{Aur|badusb}} or {{Aur|badusb-git}}.
+
Install {{Aur|usbguard}} or {{Aur|usbguard-git}}.
  
 
== Configuration ==
 
== Configuration ==
Line 10: Line 11:
  
 
Start the deamon usbguard.service.
 
Start the deamon usbguard.service.
 +
 +
== Usage ==
 +
 +
USBGuard has a core deamon, a CLI, a QT GUI, a DBUS interface and an API via libusbguard.
 +
 +
=== Rules ===
 +
 +
To configure usbguard to your needs, you can edit {{ic|/etc/usbguard/rules.conf}}. The rules syntax is formally explained [https://github.com/dkopecek/usbguard#rule-language here].
 +
An example for a hp printer connected via USB can look like this:
 +
{{ic|<nowiki>allow id 03f0:0c17 serial "00CNFD234631" name "hp LaserJet 2020" hash "a0ef07fceb6fb77698f79a44a450121m" parent-hash "69d19c1a5733a31e7e6d9530e6k434a6" with-interface { 07:01:03 07:01:02 07:01:01 }</nowiki>}}
 +
 +
== Weblinks ==
 +
* [https://raw.githubusercontent.com/dkopecek/usbguard/master/doc/usbguard-component-diagram.png USBGuard component diagram]
 +
* [https://srlabs.de/bites/usb-peripherals-turn/ BadUSB background info]
 +
*

Revision as of 10:16, 12 August 2016

This software allows one to implement a white/black-listing mechanism for usb-devices. Inspiration for this is drawn from exploits like BadUSB. It consists of

Installation

Install usbguardAUR or usbguard-gitAUR.

Configuration

The main configuration file is found in /etc/usbguard/usbguard-deamon.conf.

Start the deamon usbguard.service.

Usage

USBGuard has a core deamon, a CLI, a QT GUI, a DBUS interface and an API via libusbguard.

Rules

To configure usbguard to your needs, you can edit /etc/usbguard/rules.conf. The rules syntax is formally explained here. An example for a hp printer connected via USB can look like this: allow id 03f0:0c17 serial "00CNFD234631" name "hp LaserJet 2020" hash "a0ef07fceb6fb77698f79a44a450121m" parent-hash "69d19c1a5733a31e7e6d9530e6k434a6" with-interface { 07:01:03 07:01:02 07:01:01 }

Weblinks