From 7c8b9b294678056d684fd3dc22f012d75da40426 Mon Sep 17 00:00:00 2001
From: monsieuremre <130907164+monsieuremre@users.noreply.github.com>
Date: Fri, 17 Nov 2023 17:14:01 +0000
Subject: [PATCH] 30_security-misc.conf

---
 etc/usbguard/rules.d/30_security-misc.conf | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 etc/usbguard/rules.d/30_security-misc.conf

diff --git a/etc/usbguard/rules.d/30_security-misc.conf b/etc/usbguard/rules.d/30_security-misc.conf
new file mode 100644
index 0000000..a93e29e
--- /dev/null
+++ b/etc/usbguard/rules.d/30_security-misc.conf
@@ -0,0 +1,18 @@
+## Blacklisting is not the optimal approach to security. Normally all USB devices should be rejected (default) and only the devices you personally know and trust be whitelisted.
+## If you can do this, it is recommended to do. For convenience for the majority, we do the following:
+
+## Allow all USB devices with mass storage interface
+allow with-interface equals { 08:*:* }
+
+## Reject storage devices that also have extra suspicuous interfaces.
+## Like a usb storage device that also tries to behave like a keyboard.
+## This is a well known type of cyber attack.
+
+reject with-interface all-of { 08:*:* 03:00:* }
+reject with-interface all-of { 08:*:* 03:01:* }
+reject with-interface all-of { 08:*:* e0:*:* }
+reject with-interface all-of { 08:*:* 0a:*:* }
+reject with-interface all-of { 08:*:* 02:*:* }
+
+## We do not allow anything else. Keyboards, mice, and everything else, they will be rejected. The only exception is, if they were plugged in when the daemon starts.
+## If you have your keyboard plugged in before booting, it will be allowed. If you plug after the fact, you have to manually allow the device or do a restart.