Please set either the IPCAllowedUsers, IPCAllowedGroups or IPCAccessControlFiles options to limit access to the IPC interface. Depending on your distribution defaults, access to this interface is limited to a certain group or a specific user only. The daemon provides the USBGuard public IPC interface. Hashes of descriptors (which include the serial number) from audit entries. Hides personally identifiable information such as device serial numbers and Required if AuditBackend is set to FileAudit.ĭefault: %localstatedir%/log/usbguard/usbguard-audit.log The backend value should be one of FileAudit or LinuxAudit. Generate device specific rules including the “via-port” attribute. The files at this location will be interpreted by the daemon as IPC access control definition files. Which device manager backend implementation to use.īackend should be one of uevent (default) or umockdev.Ī space delimited list of usernames that the daemon will accept IPC connections from.Ī space delimited list of groupnames that the daemon will accept IPC connections from. Using this setting, you can control whether the daemon will try to restore the attribute values to the state before modification on shutdown. The USBGuard daemon modifies some attributes of controller devices like the default authorization state of new child device instances. How to treat USB devices that are already connected after the daemon starts. How to treat USB controllers that are already connected when the daemon starts: apply-policy - evaluate the ruleset for every present device.keep - just sync the internal state and leave it.block - deauthorize every present device.How to treat devices that are already connected when the daemon starts: reject - logically remove the device node from the system.How to treat devices that don’t match any rule in the policy. The USBGuard daemon will use this file to load the policy rule set from it and to write new rules received via the IPC interface.ĭefault: %sysconfdir%/usbguard/nf It may be overridden using the -c command-line option, see usbguard-daemon(8) for further details. The default search path is /etc/usbguard/nf. The nf file is loaded by the USBGuard daemon after it parses its command-line options and is used to configure runtime parameters of the daemon. Configuration nf – USBGuard daemon configuration file
0 Comments
Leave a Reply. |