usbguard-daemon man page

usbguard-daemon ā€” USBGuard daemon

Synopsis

usbguard-daemon [Options]

Description

The usbguard-daemon is the main component of the USBGuard software framework. It runs as a service in the background and enforces the USB device authorization policy for all USB devices. The policy is defined by a set of rules using a rule language described in usbguard-rules.conf(5). The policy and the authorization state of USB devices can be modified during runtime using the usbguard(1) tool.

Options

-d

Enable debugging messages in the log.

-f

Enable classical daemon behavior (fork at start, sysV compliant).

-s

Log to syslog.

-k

Log to console. (default)

-K

Disable Logging to console.

-l path

Log to a file at path.

-p path

Write PID to a file at path (default: /var/run/usbguard.pid).

-c path

Load configuration from a file at path (default: /etc/usbguard/usbguard-daemon.conf).

-P

Disable permissions check on conf and policy files (default: /etc/usbguard/usbguard-daemon.conf).

-C

Drop capabilities to limit privileges of the process.

-W

Use a seccomp whitelist to limit available syscalls to the process.

-h

Show the help/usage screen.

Security Considerations

The daemon provides the USBGuard public IPC interface. Depending on your distribution defaults, the access to this interface is limited to a certain group or a specific user only. Please refer to the usbguard-daemon.conf(5) man page for more information on how to configure the ACL correctly. Do not leave the ACL unconfigured as that will expose the IPC interface to all local users. That will allow them to manipulate the authorization state of USB devices and modify the USBGuard policy.

See Also

usbguard-daemon.conf(5), usbguard-rules.conf(5), usbguard(1)

Referenced By

usbguard(1), usbguard-daemon.conf(5), usbguard-dbus(8), usbguard-rules.conf(5).

12/19/2019 Ā