1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = configure
# complexity = low
# disruption = low
if rpm --quiet -q usbguard
then
USBGUARD_CONF=/etc/usbguard/rules.conf
if [ ! -f "$USBGUARD_CONF" ] || [ ! -s "$USBGUARD_CONF" ]; then
usbguard generate-policy > $USBGUARD_CONF
if [ ! -s "$USBGUARD_CONF" ]; then
# make sure OVAL check doesn't fail on systems where
# generate-policy doesn't find any USB devices (for
# example a system might not have a USB bus)
echo "# No USB devices found" > $USBGUARD_CONF
fi
# make sure it has correct permissions
chmod 600 $USBGUARD_CONF
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'usbguard.service'
"$SYSTEMCTL_EXEC" restart 'usbguard.service'
"$SYSTEMCTL_EXEC" enable 'usbguard.service'
fi
else
echo "USBGuard is not installed. No remediation was applied!"
fi
|
