Lab
A Cloud Guru

Creating USBGuard Rules

In this lab, we'll be creating rules within USBGuard. These rules are what will permit or deny a host to communicate with a USB device. We'll also look at defining how to treat USB devices that dont meet any of the configured rules. *This course is not approved or sponsored by Red Hat.*

Try for free Contact sales

Path Info

Level

Intermediate

Duration

30m

Published

May 17, 2019

Challenge

Create USBGuard Rules for Permitted Devices
1. Create a local file named rules.conf and add two allow lines
```
[root@host]# nano rules.conf
```
Enter these two lines:
```
allow name "Ubikey"
allow serial "7856749487475"
```
Press Ctrl+x to quit, and save at the prompt
1. Commit the USBGuard rule changes by running the following command
```
install -m 0600 -o root -g root rules.conf /etc/usbguard/rules.conf
```
Challenge

Set Rule for Devices that Don't Meet Criteria
1. Edit the /etc/usbguard/usbguard-daemon.conf file
```
[root@host]# nano /etc/usbguard/usbguard-daemon.conf
```
Set the ImplicitPolicyTarget to block:
```
ImplicitPolicyTarget=block
```
Press Ctrl+x to quit, and save at the prompt
1. Restart the USBGuard service
```
[root@host]# systemctl restart usbguard.service
```

Author

A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.