Creating USBGuard Rules

In this lab, we’ll be creating rules within USBGuard. These rules are what will permit or deny a host to communicate with a USB device. We’ll also look at defining how to treat USB devices that dont meet any of the configured rules.

*This course is not approved or sponsored by Red Hat.*

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create USBGuard Rules for Permitted Devices

Create a local file named rules.conf and add two allow lines
```
[root@host]# nano rules.conf
```
Enter these two lines:
```
allow name "Ubikey"
allow serial "7856749487475"
```
Press Ctrl+x to quit, and save at the prompt

Commit the USBGuard rule changes by running the following command

install -m 0600 -o root -g root rules.conf /etc/usbguard/rules.conf

Set Rule for Devices that Don’t Meet Criteria

Edit the /etc/usbguard/usbguard-daemon.conf file
```
[root@host]# nano /etc/usbguard/usbguard-daemon.conf
```
Set the ImplicitPolicyTarget to block:
```
ImplicitPolicyTarget=block
```
Press Ctrl+x to quit, and save at the prompt

Restart the USBGuard service

[root@host]# systemctl restart usbguard.service

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Creating USBGuard Rules

About this Hands-on Lab

Learning Objectives

Additional Resources

What are Hands-on Labs

Newsletter