Allow 'usbguard' to use any mouse/keyboard on any USB port
Allow usbguard to use any mouse/keyboard on any USB port.
Environment
Red Hat Enterprise Linux 7,8,9
Those who harden servers for secured environments.
Issue
The rpm usbguard will often block a keyboard mouse it does not recognize.
- When a new (to the system) keyboard or mouse is connected, it is blocked.
- After a (re)boot, a mouse/keyboard might get blocked, and need to be unplugged and replugged in so it is allowed, and logs may demonstrate that.
Credits
A highly adept co-worker of mine created, and sent this to me, (and thank you) and I am sharing it here as something for others to hopefully use to resolve the above conditions. Please feel free to discuss.
Resolution
This usbguard policy exception will allow any keyboard or mouse in any USB port. Please try it, and report your own results, and please make sure to carefully type the policy.
NOTE: See /etc/usbguard/rules.conf and usbguard documentation
The snippit below is the fix, and is a rule-language example for usbguard. Please see the usbguard-rules.conf(5) man page for a detailed rule-language description and more examples.
allow with-interface one-of { 03:00:01 03:01:01 03:00:02 03:01:02 }
Additional Resources
- Red Hat documentation on usbguard, installing, it's use, making policies,
- Please see
usbguard(1),usbguard-rules.conf(5),usbguard-daemon(8), andusbguard-daemon.conf(5)man pages on your system. This is the upstream man(ual) page for usbguard(5) Recommend reading the man page on your Linux system that has usbguard installed.
NOTE: This specific discussion is merely to provide a fix for the conditions above. The case uses of usbguard are of course more than just the above.
Regards,
RJ
