From Fedora Project Wiki
(Created page with "{{QA/Test_Case |description=This test case tests {{package|usbguard}} CLI rule management. |setup= # Ensure the {{package|usbguard}} package is installed # To start from a cle...") |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 7: | Line 7: | ||
{{admon/tip|How to get to a clean state|As root, run {{command|systemctl stop usbguard}} and {{command|rm -f /etc/usbguard/rules.conf}}. '''This will remove your policy, so make a backup if you don't want to lose it'''.}} | {{admon/tip|How to get to a clean state|As root, run {{command|systemctl stop usbguard}} and {{command|rm -f /etc/usbguard/rules.conf}}. '''This will remove your policy, so make a backup if you don't want to lose it'''.}} | ||
|actions= | |actions= | ||
# Start the usbguard service: | # Start the usbguard service: <pre># systemctl start usbguard</pre> | ||
# Check that your connected USB devices are still working. | # Check that your connected USB devices are still working. | ||
# List rules using the usbguard tool and check that there are no rules: | # List rules using the usbguard tool and check that there are no rules: <pre># usbguard list-rules</pre> | ||
# Create a permanent allow rule for the connected USB device: | # Create a permanent allow rule for the connected USB device: <pre># usbguard list-devices</pre><pre># usbguard allow-device -p <device_id></pre> | ||
# List rules and check that there is an allow rule for the device: | # List rules and check that there is an allow rule for the device: <pre># usbguard list-rules</pre> | ||
# Disconnect the USB device and connect it again. Check that it's working. | # Disconnect the USB device and connect it again. Check that it's working. | ||
# Restart the usbguard service: | # Restart the usbguard service: <pre># systemctl restart usbguard</pre> | ||
# Disconnect the USB device and connect it again. Check that it's working. | # Disconnect the USB device and connect it again. Check that it's working. | ||
# Remove the allow rule: | # Remove the allow rule: <pre># usbguard remove-rule <id></pre> | ||
# Disconnect the USB device and connect it again. Check that it's '''NOT''' working. | # Disconnect the USB device and connect it again. Check that it's '''NOT''' working. | ||
|results= | |results= |
Latest revision as of 09:41, 21 March 2017
Description
This test case tests usbguard
CLI rule management.
Setup
- Ensure the
usbguard
package is installed - To start from a clean state, ensure that the usbguard service is stopped and that there's no existing policy.
- Ensure that there's at least one USB device connected to your system which can be disconnected and connected again. For example a USB flash drive. Do not use a USB keyboard if it's your only keyboard. You'll need it to type in the commands ;-)
How to test
- Start the usbguard service:
# systemctl start usbguard
- Check that your connected USB devices are still working.
- List rules using the usbguard tool and check that there are no rules:
# usbguard list-rules
- Create a permanent allow rule for the connected USB device:
# usbguard list-devices
# usbguard allow-device -p <device_id>
- List rules and check that there is an allow rule for the device:
# usbguard list-rules
- Disconnect the USB device and connect it again. Check that it's working.
- Restart the usbguard service:
# systemctl restart usbguard
- Disconnect the USB device and connect it again. Check that it's working.
- Remove the allow rule:
# usbguard remove-rule <id>
- Disconnect the USB device and connect it again. Check that it's NOT working.
Expected Results
- Connected USB devices work after the usbguard service start.
- Permanent changes to the policy survive usbguard service restart.
- While the usbguard service is running, the USB device works if it's reconnected and there's a matching allow rule for the device.
- While the usbguard service is running, the USB device does NOT work when it's reconnected and there's no matching allow rule for the device.