From Fedora Project Wiki
(Created page with "{{QA/Test_Case |description=This test case tests {{package|usbguard}} CLI rule management. |setup= # Ensure the {{package|usbguard}} package is installed # To start from a cle...") |
No edit summary |
||
| Line 7: | Line 7: | ||
{{admon/tip|How to get to a clean state|As root, run {{command|systemctl stop usbguard}} and {{command|rm -f /etc/usbguard/rules.conf}}. '''This will remove your policy, so make a backup if you don't want to lose it'''.}} | {{admon/tip|How to get to a clean state|As root, run {{command|systemctl stop usbguard}} and {{command|rm -f /etc/usbguard/rules.conf}}. '''This will remove your policy, so make a backup if you don't want to lose it'''.}} | ||
|actions= | |actions= | ||
# Start the usbguard service: | # Start the usbguard service: <pre># systemctl start usbguard</pre> | ||
# Check that your connected USB devices are still working. | # Check that your connected USB devices are still working. | ||
# List rules using the usbguard tool and check that there are no rules: | # List rules using the usbguard tool and check that there are no rules: <pre># usbguard list-rules</pre> | ||
# Create a permanent allow rule for the connected USB device: | # Create a permanent allow rule for the connected USB device: <pre># usbguard allow-device -p <id></pre> | ||
# List rules and check that there is an allow rule for the device: | # List rules and check that there is an allow rule for the device: <pre># usbguard list-rules</pre> | ||
# Disconnect the USB device and connect it again. Check that it's working. | # Disconnect the USB device and connect it again. Check that it's working. | ||
# Restart the usbguard service: | # Restart the usbguard service: <pre># systemctl restart usbguard</pre> | ||
# Disconnect the USB device and connect it again. Check that it's working. | # Disconnect the USB device and connect it again. Check that it's working. | ||
# Remove the allow rule: | # Remove the allow rule: <pre># usbguard remove-rule <id></pre> | ||
# Disconnect the USB device and connect it again. Check that it's '''NOT''' working. | # Disconnect the USB device and connect it again. Check that it's '''NOT''' working. | ||
|results= | |results= | ||
Revision as of 08:13, 22 August 2016
Description
This test case tests 
usbguard
Setup
- Ensure the
usbguard - To start from a clean state, ensure that the usbguard service is stopped and that there's no existing policy.
- Ensure that there's at least one USB device connected to your system which can be disconnected and connected again. For example a USB flash drive. Do not use a USB keyboard if it's your only keyboard. You'll need it to type in the commands ;-)
How to get to a clean state
As root, run
As root, run
systemctl stop usbguard and rm -f /etc/usbguard/rules.conf. This will remove your policy, so make a backup if you don't want to lose it.How to test
- Start the usbguard service:
# systemctl start usbguard
- Check that your connected USB devices are still working.
- List rules using the usbguard tool and check that there are no rules:
# usbguard list-rules
- Create a permanent allow rule for the connected USB device:
# usbguard allow-device -p <id>
- List rules and check that there is an allow rule for the device:
# usbguard list-rules
- Disconnect the USB device and connect it again. Check that it's working.
- Restart the usbguard service:
# systemctl restart usbguard
- Disconnect the USB device and connect it again. Check that it's working.
- Remove the allow rule:
# usbguard remove-rule <id>
- Disconnect the USB device and connect it again. Check that it's NOT working.
Expected Results
- Connected USB devices work after the usbguard service start.
- Permanent changes to the policy survive usbguard service restart.
- While the usbguard service is running, the USB device works if it's reconnected and there's a matching allow rule for the device.
- While the usbguard service is running, the USB device does NOT work when it's reconnected and there's no matching allow rule for the device.