Daniel Kopeček

[RFE] allow a usb device with a mass storage interface but ensure it'll be mounted read-only

7

This could be used to prevent data leakage without the strict restriction of "no usb mass storage devices can be connected to the system". Obviously, this would be effective only...

[RFE] Add support for USB per-interface authorization

3

per-interface authorization was recently added to the kernel, so we should reflect this in USBGuard too. https://www.spinics.net/lists/linux-usb/msg126182.html

Some users may want to have site specific hashes. Allow them to set a device hash salt through the daemon configuration file.

Some devices provide not very useful attribute values. An example being a WiFi USB card having ff:ff:ff as device class:subclass:protocol and ff:00:00 as an interface type. ff is vendor specific,...

A logrotate configuration snippet for the audit log file should be shipped and installed. Whether to install it or not should be configurable at build-time via a ./configure script option.

The DeviceManager class should use the pair (bus number, dev number) to identify a device.

[RFE] When explicitly asked for using a rule, monitor the traffic to/from a USB device

4

Since it is usually hard to differentiate between a real keyboard and a faked one (no iSerial value exported, mobile users tend to use several keyboard and leave them at...

Some users may prefer not to run an additional daemon for various reasons: - their USB device usage policy doesn't need to be dynamic (no user interaction, fully defined by...

destination_file setting of the version_template section doesn't seem to work

1

Hello, I've tried to use the destination_file setting to have the current version stored in a file. Maybe I'm doing something wrong but there's no file written after I do...