Install usbguard Package
An XCCDF Rule
Description
The usbguard
package can be installed with the following command:
$ sudo yum install usbguard
Rationale
usbguard
is a software framework that helps to protect
against rogue USB devices by implementing basic whitelisting/blacklisting
capabilities based on USB device attributes.
- ID
- xccdf_org.ssgproject.content_rule_package_usbguard_installed
- Severity
- Medium
- Updated
Remediation - Ansible
- name: Ensure usbguard is installed
package:
name: usbguard
state: present
when: ( ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman",
"container"] and ansible_architecture != "s390x" )
Remediation - Puppet
include install_usbguard
class install_usbguard {
package { 'usbguard':
ensure => 'installed',
}
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if ( [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && ! grep -q s390x /proc/sys/kernel/osrelease ); then
if ! rpm -q --quiet "usbguard" ; then
yum install -y "usbguard"
fi
Remediation - Anaconda Pre-Install Instructions
package --add=usbguard
Remediation - OS Build Blueprint
[[packages]]
name = "usbguard"
version = "*"
Remediation - Kubernetes Patch
---
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
config:
ignition: