From Fedora Project Wiki
Description
This test case tests usbguard
CLI rule management.
Setup
- Ensure the
usbguard
package is installed - To start from a clean state, ensure that the usbguard service is stopped and that there's no existing policy.
- Ensure that there's at least one USB device connected to your system which can be disconnected and connected again. For example a USB flash drive. Do not use a USB keyboard if it's your only keyboard. You'll need it to type in the commands ;-)
How to test
- Start the usbguard service:
systemctl start usbguard
- Check that your connected USB devices are still working.
- List rules using the usbguard tool and check that there are no rules:
sudo usbguard list-rules
- Create a permanent allow rule for the connected USB device:
sudo usbguard allow-device -p <id>
- List rules and check that there is an allow rule for the device:
sudo usbguard list-rules
- Disconnect the USB device and connect it again. Check that it's working.
- Restart the usbguard service:
systemctl restart usbguard
- Disconnect the USB device and connect it again. Check that it's working.
- Remove the allow rule:
sudo usbguard remove-rule <id>
- Disconnect the USB device and connect it again. Check that it's NOT working.
Expected Results
- Connected USB devices work after the usbguard service start.
- Permanent changes to the policy survive usbguard service restart.
- While the usbguard service is running, the USB device works if it's reconnected and there's a matching allow rule for the device.
- While the usbguard service is running, the USB device does NOT work when it's reconnected and there's no matching allow rule for the device.