Richard,
On the surface, it appears to have value, but as you say it would need to be
extended to other traditional, and non-traditional, removable media. Further, the
initial appeal in having the capability directly within the kernel was to make it a
little more difficult to subvert, centralise auditing policy/monitoring and, if
frame-worked appropriately, easily extensible to other than USB media types (which
was the basis for the Proof of Concept developed by RedHat back in 2016).
I have not used USBGuard myself, so will do some experimentation and report back.
Regards
On Tue, 2020-01-21 at 15:16 -0500, Richard Guy Briggs wrote:
Hi Burn, and all,
I've been aware of this issue for a while now, but wasn't directlyworking on
it. Now that I'm taking a closer look at this issue, I amwondering how much
USBGuard changes the equation?
https://www.kernel.org/doc/Documentation/usb/authorization.txt
https://usbguard.github.io/
https://github.com/USBGuard/usbguard
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
It has tools to generate baseline lists of devices, but this is only
forusb. Other interfaces would need to be appropriately instrumented.
- RGB
--Richard Guy Briggs <rgb(a)redhat.com>Sr. S/W Engineer, Kernel Security, Base
Operating SystemsRemote, Ottawa, Red Hat CanadaIRC: rgb, SunRaycerVoice:
+1.647.777.2635, Internal: (81) 32635