# # Rule set file path. # # The USBGuard daemon will use this file to load the policy # rule set from it and to write new rules received via the # IPC interface. # # RuleFile=/path/to/rules.conf # RuleFile=/etc/usbguard/rules.conf # # Implicit policy target. # # How to treat devices that don't match any rule in the # policy. One of: # # * allow - authorize the device # * block - block the device # * reject - remove the device # ImplicitPolicyTarget=block # # Present device policy. # # How to treat devices that are already connected when the # daemon starts. One of: # # * allow - authorize every present device # * block - deauthorize every present device # * reject - remove every present device # * keep - just sync the internal state and leave it # * apply-policy - evaluate the ruleset for every present # device # PresentDevicePolicy=keep # # Present controller policy. # # How to treat USB controllers that are already connected # when the daemon starts. One of: # # * allow - authorize every present device # * block - deauthorize every present device # * reject - remove every present device # * keep - just sync the internal state and leave it # * apply-policy - evaluate the ruleset for every present # device # PresentControllerPolicy=allow #!!! WARNING: It's good practice to set at least one of the !!! #!!! two options bellow. If none of them are set, !!! #!!! the daemon will accept IPC connections from !!! #!!! anyone, thus allowing anyone to modify the !!! #!!! rule set and (de)authorize USB devices. !!! # # Users allowed to use the IPC interface. # # A space delimited list of usernames that the daemon will # accept IPC connections from. # # IPCAllowedUsers=username1 username2 ... # # # Groups allowed to use the IPC interface. # # A space delimited list of groupnames that the daemon will # accept IPC connections from. # # IPCAllowedGroups=groupname1 groupname2 ... # IPCAllowedGroups=wheel