USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system). Simply put, it is a USB device allowlisting tool.
Warning
|
The 0.x releases are not production ready packages. They serve for tech-preview and user feedback purposes only. Please share your feedback or request a feature in the Github issue trackers for each project: |
-
User Guide (TBA)
-
Manual Pages
To compile the source code, you will require at least C++17.
If you are compiling sources from a release tarball, you’ll need the development files for:
-
libqb - used for local UNIX socket based IPC
-
protobuf - used for IPC message (de)serialization
-
asciidoc (a2x) - needed to generate documentation
Optionally, you may want to install:
-
libseccomp - used to implement a syscall whitelist
-
libcap-ng - used to drop process capabilities
And then do:
$ ./configure --with-crypto-library=sodium # or "gcrypt", based on your preference $ make $ sudo make install
After the sources are successfully built, you can run the test suite by executing:
$ make check
Copyright © 2015-2019 Red Hat, Inc.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.