forked from marktonneson/demo-usbguard
-
Notifications
You must be signed in to change notification settings - Fork 0
/
usbguard-setup.sh
executable file
·52 lines (40 loc) · 1.28 KB
/
usbguard-setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/bin/bash
TextReset='\033[0m'
TextGreen='\033[32m'
TextBlue='\033[34m'
TextLightGrey='\033[37m'
TextBold='\033[1m'
FormatTextPause="$TextReset $TextLightGrey" # Pause & continue
FormatTextCommands="$TextReset $TextGreen" # Commands to execute
FormatTextSyntax="$TextReset $TextBlue $TextBold" # Command Syntax & other text
# Place before command line to reset text format
FormatRunCommand="echo -e $TextReset"
# Reset text if script exits abnormally
trap 'echo -e $TextReset;exit' 1 2 3 15
clear
echo -e $FormatTextSyntax "
Installing usbguard ...
"
$FormatRunCommand
yum install -y usbguard
# Create local users for later
useradd usbuser
useradd nousbuser
# This is obviously a terrible security practice, never do this in real life!
echo "usbguard" | passwd --stdin usbuser
echo "rejected" | passwd --stdin nousbuser
echo -e $FormatTextSyntax "
To create the initial rule set, enter the following command as root:
"
echo -e $FormatTextCommands "
# usbguard generate-policy > /etc/usbguard/rules.conf
"
$FormatRunCommand
usbguard generate-policy > /etc/usbguard/rules.conf
cat /etc/usbguard/rules.conf
echo -e $FormatTextPause && read -p "<-- Press any key to continue -->" NULL
echo -e $FormatTextSyntax "
Start the usbguard service
"
systemctl start usbguard
systemctl status usbguard