{"id":15033945,"url":"https://github.com/usbguard/usbguard","last_synced_at":"2025-05-15T20:06:00.907Z","repository":{"id":28933838,"uuid":"32459566","full_name":"USBGuard/usbguard","owner":"USBGuard","description":"USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)","archived":false,"fork":false,"pushed_at":"2025-04-28T23:21:54.000Z","size":3886,"stargazers_count":1205,"open_issues_count":130,"forks_count":147,"subscribers_count":46,"default_branch":"main","last_synced_at":"2025-05-15T20:05:46.268Z","etag":null,"topics":["blacklist","c-plus-plus","hacktoberfest","linux","rule-language","security","security-hardening","usb","usb-devices","whitelist"],"latest_commit_sha":null,"homepage":"https://usbguard.github.io/","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/USBGuard.png","metadata":{"files":{"readme":"README.adoc","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2015-03-18T13:14:42.000Z","updated_at":"2025-05-15T12:57:06.000Z","dependencies_parsed_at":"2024-01-14T15:25:54.861Z","dependency_job_id":"62aacbc9-e72e-49ae-a267-954a18896ee3","html_url":"https://github.com/USBGuard/usbguard","commit_stats":{"total_commits":913,"total_committers":61,"mean_commits":"14.967213114754099","dds":0.5355969331872946,"last_synced_commit":"d8f6595b0dbdecb64b63d9f3277fc59d48433c1d"},"previous_names":["dkopecek/usbguard"],"tags_count":33,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/USBGuard%2Fusbguard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/USBGuard%2Fusbguard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/USBGuard%2Fusbguard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/USBGuard%2Fusbguard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/USBGuard","download_url":"https://codeload.github.com/USBGuard/usbguard/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254414499,"owners_count":22067272,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blacklist","c-plus-plus","hacktoberfest","linux","rule-language","security","security-hardening","usb","usb-devices","whitelist"],"created_at":"2024-09-24T20:23:20.334Z","updated_at":"2025-05-15T20:05:55.851Z","avatar_url":"https://github.com/USBGuard.png","language":"C++","readme":"USBGuard\n========\n:toc:\n\n[.clearfix]\n--\n[.left]\nimage::https://travis-ci.com/USBGuard/usbguard.svg?branch=master[Travis CI, link=https://travis-ci.com/USBGuard/usbguard]\n[.left]\nimage::https://coveralls.io/repos/github/USBGuard/usbguard/badge.svg[Coverage, link=https://coveralls.io/github/USBGuard/usbguard]\n[.left]\nimage::https://img.shields.io/github/license/USBGuard/usbguard.svg[License, link=https://github.com/USBGuard/usbguard/#license]\n--\n\n== About\n\nUSBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system).\nSimply put, it is a USB device allowlisting tool.\n\n== Documentation\n\n * User Guide (TBA)\n * Manual Pages\n ** \u003c\u003cdoc/man/usbguard-daemon.8.adoc#name, usbguard-daemon(8)\u003e\u003e\n ** \u003c\u003cdoc/man/usbguard-daemon.conf.5.adoc#name, usbguard-daemon.conf(5)\u003e\u003e\n ** \u003c\u003cdoc/man/usbguard-rules.conf.5.adoc#name, usbguard-rules.conf(5)\u003e\u003e\n ** \u003c\u003cdoc/man/usbguard.1.adoc#name, usbguard(1)\u003e\u003e\n ** \u003c\u003cdoc/man/usbguard-dbus.8.adoc#name, usbguard-dbus(8)\u003e\u003e\n\n== Compilation \u0026 Installation\n\nWARNING: *Prior to starting the USBGuard daemon (or service) for the first time*\n         (but after installation)\n         we need to\n         generate a rules file for USBGuard so that the currently attached\n         USB devices (in particular mouse and keyboard) keep working\n         so that you will not **get locked out of your system**.\n         More on that below at \u003c\u003cbefore-the-first-start, Before the First Start\u003e\u003e.\n\nTo compile the source code, you will require at least C{plus}{plus}17. +\nIf you are compiling sources from a release tarball, you'll need the development files for:\n\n * https://github.com/ClusterLabs/libqb[libqb] - used for local UNIX socket based IPC\n * https://github.com/google/protobuf[protobuf] - used for IPC message (de)serialization\n * https://download.libsodium.org[libsodium] or https://www.gnupg.org/software/libgcrypt[libgcrypt] - used for hashing\n * https://asciidoc.org[asciidoc (a2x)] - needed to generate documentation\n\nOptionally, you may want to install:\n\n * https://github.com/seccomp/libseccomp[libseccomp] - used to implement a syscall allowlist\n * https://people.redhat.com/sgrubb/libcap-ng/[libcap-ng] - used to drop process capabilities\n\nIf you are on a Debian based GNU/Linux distribution like Ubuntu 21.10,\ninstallation of all build dependencies would be something like this:\n\n    $ sudo apt update \u0026\u0026 \\\n      sudo apt install --no-install-recommends -V \\\n        asciidoc autoconf automake bash-completion build-essential catch2 \\\n        docbook-xml docbook-xsl git ldap-utils libaudit-dev libcap-ng-dev \\\n        libdbus-glib-1-dev libldap-dev libpolkit-gobject-1-dev libprotobuf-dev \\\n        libqb-dev libseccomp-dev libsodium-dev libtool libxml2-utils \\\n        libumockdev-dev pkg-config protobuf-compiler sudo tao-pegtl-dev xsltproc\n\nAnd then do:\n\n    $ ./configure        # for arguments of interest see below\n    $ make\n    $ make check         # if you would like to run the test suite\n    $ sudo make install\n\nConfigure arguments that deserve explicit mentioning (quoting `./configure --help` output):\n\n      --enable-systemd        install the systemd service unit file (default=no)\n\n      --with-crypto-library   Select crypto backend library. Supported values:\n                              sodium, gcrypt, openssl.\n\n      --with-bundled-catch    Build using the bundled Catch library\n\n      --with-bundled-pegtl    Build using the bundled PEGTL library\n\n      --with-ldap             Build USBGuard with ldap support\n\nIf you want to compile the sources in a cloned repository, you'll have to run the `./autogen.sh` script.\nIt will fetch the sources (via git submodules) of https://github.com/taocpp/PEGTL/[PEGTL] and https://github.com/philsquared/Catch[Catch].\nThe script will then initialize the autotools based build system, e.g. generate the `./configure` script.\n\n== Before the First Start\n\n*Prior to starting the USBGuard daemon (or service) for the first time*\n(but after installation)\nwe need to\ngenerate a rules file for USBGuard so that the currently attached\nUSB devices (in particular mouse and keyboard) keep working\nso that you will not **get locked out of your system**.\n\nA rules file can be generated like this:\n\n    $ sudo sh -c 'usbguard generate-policy \u003e /etc/usbguard/rules.conf'\n\nAfter that, you can safely start service `usbguard`:\n\n    $ sudo systemctl start usbguard.service\n\nAnd you can make systemd start the service every time your boot your machine:\n\n    $ sudo systemctl enable usbguard.service\n\n== License\n\nCopyright (C) 2015-2019 Red Hat, Inc.\n\nThis program is free software; you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation; either version 2 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program.  If not, see \u003chttp://www.gnu.org/licenses/\u003e.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fusbguard%2Fusbguard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fusbguard%2Fusbguard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fusbguard%2Fusbguard/lists"}