I wrote: > Another possibility is some built-in Qubes support for building udev rules > (similar to how the firewall makes iptables rules), or perhaps adding > USBGuard to dom0 (or any USB Qube). A good comparison of the two options > is here: > > https://dkopecek.github.io/usbguard/blog/2015/USBGuard-vs-UDev
After reading this comparison: https://dkopecek.github.io/usbguard//blog/2015/USBGuard-vs-UDev I though the huge difference in simplicity of rules that USBGuard brings, it was worth trying out. Not wanting to just grab a binary of a project I had just learned about, I thought I'd grab the sources and compile: https://dkopecek.github.io/usbguard/documentation/compilation.html Sounded simple enough, but wow, I delved into dependency hell, a lot due to the Qt applet (which sounds cool) that brings in Qt5 and a bunch of other things. I gave up after hunting down dependencies for an hour or two, after failing to find a few "dbus modules" that were required. It brings in way too many dependencies, and is way to hard to build, for my comfort level, especially for a dom0 app. Such a shame. (Maybe when I recover from the frustration, I'll try again without the Qt applet.) It makes learning the strange udev rules syntax a lot less intimidating after all :) There really should be some simpler system to turn declarative USB permissions into udev rules. USBGuard seemed like it, but it's far too complex internally for my tastes. Some m4, python, bash scripts, and/or make should be able to do the job without all the complexity. These tutorials give the spirit of the type of thing I'd like to see automated a bit: http://www.irongeek.com/i.php?page=security/plug-and-prey-malicious-usb-devices#3.2_Locking_down_Linux_using_UDEV https://askubuntu.com/questions/531445/only-use-mass-storage-devices-on-a-selected-usb-port-how A simple lockdown: https://incenp.org/notes/2014/disable-new-usb-input-devices.html JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/df5ba4cbf56f02a0b0c5eb774d2a98d4.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
