pgervase
Cadet
Cadet
  • 46 Views

RH415 - usbguard question - why make a block rule?

From rh415-7.5/pages/ch04s03:

"4. Set a permanent USBGuard policy to allow the RED USB device access to the system.

5. From workstation, open a second terminal session and attach the BLUE USB device to the usbguard VM. Confirm that the BLUE USB device is blocked from interacting with the usbguard VM.

6. Generate a new base policy with a reject rule target that will ignore any additional USB devices that try to interact with the system. Using the reject rule target, additional USB devices will not be listed in command-line tool output, such as lsusb, lsblk, and other tools that provide disk information. "

If the default is that any new usb device is blocked:

[13865.557623] usb 1-1: SerialNumber: RED

[13865.560922] usb 1-1: Device is not authorized for usage

why should we create a rule to explicitly block new devices? Is it more of a defense in depth approach or is it something else?

0 Kudos
Join the discussion
You must log in to join this conversation.