Authorize Human Interface Devices in USBGuard daemon

An XCCDF Rule

Details
Profiles
Prose

Description

To allow authorization of Human Interface Devices (keyboard, mouse) by USBGuard daemon, add the line allow with-interface match-all { 03:*:* } to /etc/usbguard/rules.conf.

warning alert: Warning

This rule should be understood primarily as a convenience administration feature. This rule ensures that if the USBGuard default rules.conf file is present, it will alter it so that USB human interface devices are allowed. However, if the rules.conf file is altered by system administrator, the rule does not check if USB human interface devices are allowed. This assumes that an administrator modified the file with some purpose in mind.

Rationale

Without allowing Human Interface Devices, it might not be possible to interact with the system.

ID: xccdf_org.ssgproject.content_rule_usbguard_allow_hid
Severity: Medium
References: FMT_SMF_EXT.1

SRG-OS-000114-GPOS-00059
Updated: about 1 year ago