Richard, On the surface, it appears to have value, but as you say it would need to be extended to other traditional, and non-traditional, removable media. Further, the initial appeal in having the capability directly within the kernel was to make it a little more difficult to subvert, centralise auditing policy/monitoring and, if frame-worked appropriately, easily extensible to other than USB media types (which was the basis for the Proof of Concept developed by RedHat back in 2016). I have not used USBGuard myself, so will do some experimentation and report back. Regards On Tue, 2020-01-21 at 15:16 -0500, Richard Guy Briggs wrote: > Hi Burn, and all, > I've been aware of this issue for a while now, but wasn't directlyworking on > it. Now that I'm taking a closer look at this issue, I amwondering how much > USBGuard changes the equation? > https://www.kernel.org/doc/Documentation/usb/authorization.txt > https://usbguard.github.io/ > https://github.com/USBGuard/usbguard > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-using-usbguard > > It has tools to generate baseline lists of devices, but this is only > forusb. Other interfaces would need to be appropriately instrumented. > - RGB > --Richard Guy Briggs <[email protected]>Sr. S/W Engineer, Kernel Security, Base > Operating SystemsRemote, Ottawa, Red Hat CanadaIRC: rgb, SunRaycerVoice: > +1.647.777.2635, Internal: (81) 32635
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
