You are not logged in.

Pages: 1

#1 2020-12-20 02:35:26

mushotoku
Member
Registered: 2020-12-11
Posts: 14

[Solved] usbguard needs restart to start working

Hi,..

i followed the wiki and installed and configured usbguard.
I installed a basic ruleset and enabled both of the services:

# usbguard generate-policy > /etc/usbguard/rules.conf
# systemctl enable usbguard.service usbguard-dbus.service

Directly after booting, no usb devices are blocked! I have to restart the service, to make it work.

Did I missed something?

Journal entries after boot, plugging in a usbstick unkown to usbguard:

Dez 20 02:58:57 kernel: usb 1-2: new high-speed USB device number 10 using xhci_hcd
Dez 20 02:58:58 kernel: usb 1-2: New USB device found, idVendor=0930, idProduct=6545, bcdDevice= 1.00
Dez 20 02:58:58 kernel: usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Dez 20 02:58:58 kernel: usb 1-2: Product: TransMemory
Dez 20 02:58:58 kernel: usb 1-2: Manufacturer: TOSHIBA
Dez 20 02:58:58 kernel: usb 1-2: SerialNumber: 0D40BA60B2535B4C
Dez 20 02:58:58 kernel: usb 1-2: Device is not authorized for usage
Dez 20 02:58:58 kernel: usb-storage 1-2:1.0: USB Mass Storage device detected
Dez 20 02:58:58 kernel: scsi host0: usb-storage 1-2:1.0
Dez 20 02:58:58 kernel: usb 1-2: authorized to connect
Dez 20 02:58:58 usbguard-daemon[586]: [1608429538.133] (W) Ignoring unknown UEvent action: sysfs_devpath=/devices/pci0000:00/0000:00:14.0/usb1/1-2 action=bind
Dez 20 02:58:58 usbguard-daemon[586]: [1608429538.134] (W) Ignoring unknown UEvent action: sysfs_devpath=/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0 action=bind
Dez 20 02:58:58 mtp-probe[1478]: checking bus 1, device 10: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-2"
Dez 20 02:58:58 mtp-probe[1478]: bus: 1, device: 10 was not an MTP device
Dez 20 02:58:58 mtp-probe[1480]: checking bus 1, device 10: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-2"
Dez 20 02:58:58 mtp-probe[1480]: bus: 1, device: 10 was not an MTP device
Dez 20 02:58:59 kernel: scsi 0:0:0:0: Direct-Access     TOSHIBA  TransMemory      5.00 PQ: 0 ANSI: 0 CCS
Dez 20 02:58:59 kernel: sd 0:0:0:0: [sda] 2013184 512-byte logical blocks: (1.03 GB/983 MiB)
Dez 20 02:58:59 kernel: sd 0:0:0:0: [sda] Write Protect is off
Dez 20 02:58:59 kernel: sd 0:0:0:0: [sda] Mode Sense: 23 00 00 00
Dez 20 02:58:59 kernel: sd 0:0:0:0: [sda] No Caching mode page found
Dez 20 02:58:59 kernel: sd 0:0:0:0: [sda] Assuming drive cache: write through
Dez 20 02:58:59 kernel: GPT:Primary header thinks Alt. header is not at the end of the disk.
Dez 20 02:58:59 kernel: GPT:1497751 != 2013183
Dez 20 02:58:59 kernel: GPT:Alternate GPT header not at the end of the disk.
Dez 20 02:58:59 kernel: GPT:1497751 != 2013183
Dez 20 02:58:59 kernel: GPT: Use GNU Parted to correct GPT errors.
Dez 20 02:58:59 kernel:  sda: sda1 sda2 sda3
Dez 20 02:58:59 kernel: sd 0:0:0:0: [sda] Attached SCSI removable disk
Dez 20 02:59:00 kernel: ISO 9660 Extensions: Microsoft Joliet Level 3
Dez 20 02:59:00 kernel: ISO 9660 Extensions: Microsoft Joliet Level 3
Dez 20 02:59:00 kernel: ISO 9660 Extensions: RRIP_1991A

After restarting usbguard and plugging in the same usb device again it works:

Dez 20 02:59:46 kernel: usb 1-6: new high-speed USB device number 11 using xhci_hcd
Dez 20 02:59:46 kernel: usb 1-6: New USB device found, idVendor=0930, idProduct=6545, bcdDevice= 1.00
Dez 20 02:59:47 kernel: usb 1-6: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Dez 20 02:59:47 kernel: usb 1-6: Product: TransMemory
Dez 20 02:59:47 kernel: usb 1-6: Manufacturer: TOSHIBA
Dez 20 02:59:47 kernel: usb 1-6: SerialNumber: 0D40BA60B2535B4C
Dez 20 02:59:47 kernel: usb 1-6: Device is not authorized for usage
Dez 20 02:59:47 usbguard-daemon[1583]: [1608429587.001] (W) Ignoring unknown UEvent action: sysfs_devpath=/devices/pci0000:00/0000:00:14.0/usb1/1-6 action=bind
Dez 20 02:59:47 mtp-probe[1618]: checking bus 1, device 11: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-6"
Dez 20 02:59:47 mtp-probe[1618]: bus: 1, device: 11 was not an MTP device
Dez 20 02:59:47 mtp-probe[1620]: checking bus 1, device 11: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-6"
Dez 20 02:59:47 mtp-probe[1620]: bus: 1, device: 11 was not an MTP device
systemctl status usbguard.service usbguard-dbus.service 
● usbguard.service - USBGuard daemon
     Loaded: loaded (/usr/lib/systemd/system/usbguard.service; enabled; vendor preset: disabled)
     Active: active (running) since Sun 2020-12-20 02:59:26 CET; 20min ago
       Docs: man:usbguard-daemon(8)
   Main PID: 1583 (usbguard-daemon)
      Tasks: 3 (limit: 38323)
     Memory: 4.0M
     CGroup: /system.slice/usbguard.service
             └─1583 /usr/bin/usbguard-daemon -k -c /etc/usbguard/usbguard-daemon.conf

Dez 20 02:59:26 archlinux-5084f53a systemd[1]: Started USBGuard daemon.
Dez 20 02:59:47 archlinux-5084f53a usbguard-daemon[1583]: [1608429587.001] (W) Ignoring unknown UEvent action: sysfs_devpath=/devices/pci0000:00/0000:00:14.0/usb1/1-6 action=bind
● usbguard-dbus.service - USBGuard D-Bus Service
     Loaded: loaded (/usr/lib/systemd/system/usbguard-dbus.service; enabled; vendor preset: disabled)
     Active: active (running) since Sun 2020-12-20 02:59:26 CET; 20min ago
       Docs: man:usbguard-dbus(8)
   Main PID: 1587 (usbguard-dbus)
      Tasks: 4 (limit: 38323)
     Memory: 2.1M
     CGroup: /system.slice/usbguard-dbus.service
             └─1587 /usr/bin/usbguard-dbus --system

Dez 20 02:59:26 archlinux-5084f53a systemd[1]: Starting USBGuard D-Bus Service...
Dez 20 02:59:26 archlinux-5084f53a systemd[1]: Started USBGuard D-Bus Service.

I have no idea what happens here and need some help. Thank you!

Last edited by mushotoku (2020-12-22 09:23:14)

Offline

#2 2020-12-22 09:22:14

mushotoku
Member
Registered: 2020-12-11
Posts: 14

Re: [Solved] usbguard needs restart to start working

Turns out, that is perfect expected behaviour. Gnome talks to usbguard via dbus and new USB-Devices are blocked, only when the screen is locked.

Last edited by mushotoku (2020-12-22 09:30:53)

Offline

Pages: 1

Board footer

Powered by FluxBB