Bug#879714: ITP: libusbauth-configparser1 -- Library for USB Firewall including flex/bison parser
Am 26.10.2017 um 22:43 schrieb Ben Hutchings: On Wed, 2017-10-25 at 00:44 +0200, Stefan Koch wrote: Package: wnpp Severity: wishlist Owner: Stefan Koch <stefan.koc...@gmail.com> * Package name: libusbauth-configparser1 Version : 1.0 Upstream Author : Stefan Koch <stefan.koc...@gmail.com> * URL : https://github.com/kochstefan/usbauth-all/libusba uth-configparser * License : LGPL-2.1 Programming Lang: C Description : Library for USB Firewall including flex/bison parser The library is used to read the usbauth config file into data structures and is used by usbauth and YaST. This work was initially created for SUSE in 2015. Part of it was the USB interface authorization for the Linux kernel. It's contained in Linux since kernel version 4.4. Please add the packages libusbauth-configparser, usbauth, usbauth- notifier to debian unstable. You titled this as an ITP (Intent To Package) but this sentence makes it sound like an RFP (Request For Package). Which is it? I have created RFP #880983. Thanks. Ben. See also: openSUSE package request (https://build.opensuse.org/request/show/533512)
Bug#880983: RFP: libusbauth-configparser1, usbauth, usbauth-notifier -- USB Firewall including flex/bison parser
Package: wnpp Severity: wishlist This work was initially created for SUSE in 2015. Part of it was the USB interface authorization for the Linux kernel. It's contained in Linux since kernel version 4.4. Please add the following packages libusbauth-configparser1, usbauth, usbauth-notifier to debian unstable. The packages are already packaged for debian (see debian subfolder for each package). GIT Repository: https://github.com/kochstefan/usbauth-all.git This bug report replaces bug reports #879714, #879715, #879716 PACKAGE libusbauth-configparser1: * Package name: libusbauth-configparser1 Version : 1.0 Upstream Author : Stefan Koch <stefan.koc...@gmail.com> * URL : https://github.com/kochstefan/usbauth-all/tree/master/libusbauth-configparser * License : LGPL-2.1 Programming Lang: C Description : Library for USB Firewall including flex/bison parser The library is used to read the usbauth config file into data structures and is used by usbauth and YaST. See also: openSUSE package request (https://build.opensuse.org/request/show/533512) PACKAGE usbauth: * Package name: usbauth Version : 1.0 Upstream Author : Stefan Koch <stefan.koc...@gmail.com> * URL : https://github.com/kochstefan/usbauth-all/tree/master/usbauth * License : GPL-2.0 Programming Lang: C Description : USB firewall against BadUSB attacks It is a firewall against BadUSB attacks. A config file descibes in which way USB interfaces would be accepted or denied. To the kernel an interface authorization was developed with this firewall. The firewall sets the authorization mask according to the rules. See also: openSUSE package request (https://build.opensuse.org/request/show/533513) PACKAGE usbauth-notifier: * Package name: usbauth-notifier Version : 1.0 Upstream Author : Stefan Koch <stefan.koc...@gmail.com> * URL : https://github.com/kochstefan/usbauth-all/tree/master/usbauth-notifier * License : GPL-2.0 Programming Lang: C Description : Notifier for USB Firewall to use with desktop environments A notifier for the usbauth firewall against BadUSB attacks. The user could manually allow or deny USB devices. Every user that wants use the notifier must be added to the usbauth group. See also: openSUSE package request (https://build.opensuse.org/request/show/533514) NOTICE aboud usbguard and usbauth: The usbguard project provides an USB firewall, too. It is already packaged within debian. The usbguard development was supported by RedHat and usbauth was supported by SUSE. Historical, usbguard was published while the working on usbauth has already been started. The main difference is that usbguard works with USB devices and usbauth works with USB interfaces. usbauth could allow/deny usb interfaces using the new usb interface authorization mechanism that is part of linux 4.4 and above. See also: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/log/?h=v4.4.94=grep=interface+auth Examples: * allow a storage functionality of a USB device and deny USB Ethernet of the same device * allow audio/video functionality of an USB TV card and deny using the remote control functionality * allow USB printing/scanning and deny USB storage usage of a multifunction printer (BTW: the interface mechanism supports denying user space triggered actions (using USB claiming) like scanning) usbguard could allow/deny USB devices using the usb device authorization mechanism of the Linux kernel. It allows to denying a whole device if one interface of it is considered as bad (usbauth supports this, too) usbguard allows creating actions that is not supported by usbauth. If you can understand German language you could read a detailed description: https://epub.uni-bayreuth.de/3048/1/koch2017sicherheitsaspekte.pdf
Bug#879716: ITP: usbauth-notifier -- Notifier for USB Firewall to use with desktop environments
Am 25.10.2017 um 08:55 schrieb intrigeri: Stefan Koch: * Package name: usbauth-notifier * URL : https://github.com/kochstefan/usbauth-all/usbauth-notifier FWIW I get an error 404 there. A notifier for the usbauth firewall against BadUSB attacks. The user could manually allow or deny USB devices. I'm curious: what are the pros/cons compared to usbguard, that's already in Debian? Sorry, it seems that github have changed some linking of project subfolders. The usbguard development was supported by RedHat and usbauth was supported by SUSE. Historical, usbguard was published while the working on usbauth has already been started. usbauth could allow/deny usb interfaces using the new usb interface authorization mechanism that is part of linux 4.4 and above. See also: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/log/?h=v4.4.94=grep=interface+auth Examples: * allow a storage functionality of a USB device and deny USB Ethernet of the same device * allow audio/video functionality of an USB TV card and deny using the remote control functionality * allow USB printing/scanning and deny USB storage usage of a multifunction printer (BTW: the interface mechanism supports denying user space triggered actions (using USB claiming) like scanning) usbguard could allow/deny USB devices using the usb device authorization mechanism of the Linux kernel. It allows to denying a whole device if one interface of it is considered as bad (usbauth supports this, too) usbguard allows creating actions that is not supported by usbauth. I hope this helps. If you can understand German language you could read a detailed description: https://epub.uni-bayreuth.de/3048/1/koch2017sicherheitsaspekte.pdf Thanks Stefan
Bug#879716: ITP: usbauth-notifier -- Notifier for USB Firewall to use with desktop environments
Package: wnpp Severity: wishlist Owner: Stefan Koch <stefan.koc...@gmail.com> * Package name: usbauth-notifier Version : 1.0 Upstream Author : Stefan Koch <stefan.koc...@gmail.com> * URL : https://github.com/kochstefan/usbauth-all/usbauth-notifier * License : GPL-2.0 Programming Lang: C Description : Notifier for USB Firewall to use with desktop environments A notifier for the usbauth firewall against BadUSB attacks. The user could manually allow or deny USB devices. Every user that wants use the notifier must be added to the usbauth group. This work was initially created for SUSE in 2015. Part of it was the USB interface authorization for the Linux kernel. It's contained in Linux since kernel version 4.4. Please add the packages libusbauth-configparser, usbauth, usbauth-notifier to debian unstable. See also: openSUSE package request (https://build.opensuse.org/request/show/533514)
Bug#879715: ITP: usbauth -- USB firewall against BadUSB attacks
Package: wnpp Severity: wishlist Owner: Stefan Koch <stefan.koc...@gmail.com> * Package name: usbauth Version : 1.0 Upstream Author : Stefan Koch <stefan.koc...@gmail.com> * URL : https://github.com/kochstefan/usbauth-all/usbauth * License : GPL-2.0 Programming Lang: C Description : USB firewall against BadUSB attacks It is a firewall against BadUSB attacks. A config file descibes in which way USB interfaces would be accepted or denied. To the kernel an interface authorization was developed with this firewall. The firewall sets the authorization mask according to the rules. This work was initially created for SUSE in 2015. Part of it was the USB interface authorization for the Linux kernel. It's contained in Linux since kernel version 4.4. Please add the packages libusbauth-configparser, usbauth, usbauth-notifier to debian unstable. See also: openSUSE package request (https://build.opensuse.org/request/show/533513)
Bug#879714: ITP: libusbauth-configparser1 -- Library for USB Firewall including flex/bison parser
Package: wnpp Severity: wishlist Owner: Stefan Koch <stefan.koc...@gmail.com> * Package name: libusbauth-configparser1 Version : 1.0 Upstream Author : Stefan Koch <stefan.koc...@gmail.com> * URL : https://github.com/kochstefan/usbauth-all/libusbauth-configparser * License : LGPL-2.1 Programming Lang: C Description : Library for USB Firewall including flex/bison parser The library is used to read the usbauth config file into data structures and is used by usbauth and YaST. This work was initially created for SUSE in 2015. Part of it was the USB interface authorization for the Linux kernel. It's contained in Linux since kernel version 4.4. Please add the packages libusbauth-configparser, usbauth, usbauth-notifier to debian unstable. See also: openSUSE package request (https://build.opensuse.org/request/show/533512)