diff options
Diffstat (limited to 'core/modules/usbguard/data')
5 files changed, 67 insertions, 0 deletions
diff --git a/core/modules/usbguard/data/etc/systemd/system/multi-user.target.wants/usbguard-daemon.service b/core/modules/usbguard/data/etc/systemd/system/multi-user.target.wants/usbguard-daemon.service new file mode 100644 index 00000000..4d7bc799 --- /dev/null +++ b/core/modules/usbguard/data/etc/systemd/system/multi-user.target.wants/usbguard-daemon.service @@ -0,0 +1,11 @@ +[Unit] +Description=USBGuard Services Daemon +After=systemd-user-sessions.service + +[Service] +ExecStart=/usr/local/sbin/usbguard-daemon -c /usr/local/etc/usbguard/usbguard-daemon.conf +Type=simple +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/core/modules/usbguard/data/etc/systemd/system/multi-user.target.wants/usbguard-watch.service b/core/modules/usbguard/data/etc/systemd/system/multi-user.target.wants/usbguard-watch.service new file mode 100644 index 00000000..d3654f55 --- /dev/null +++ b/core/modules/usbguard/data/etc/systemd/system/multi-user.target.wants/usbguard-watch.service @@ -0,0 +1,11 @@ +[Unit] +Description=USBGuard collect usb Daemon +After=usbguard-daemon.service + +[Service] +ExecStart=/usr/local/bin/usbguard watch -e /usr/local/etc/usbguard/sendUSBInfo.sh +Type=simple +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/core/modules/usbguard/data/etc/systemd/system/usbguard-daemon.service b/core/modules/usbguard/data/etc/systemd/system/usbguard-daemon.service new file mode 100644 index 00000000..4d7bc799 --- /dev/null +++ b/core/modules/usbguard/data/etc/systemd/system/usbguard-daemon.service @@ -0,0 +1,11 @@ +[Unit] +Description=USBGuard Services Daemon +After=systemd-user-sessions.service + +[Service] +ExecStart=/usr/local/sbin/usbguard-daemon -c /usr/local/etc/usbguard/usbguard-daemon.conf +Type=simple +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/core/modules/usbguard/data/etc/systemd/system/usbguard-watch.service b/core/modules/usbguard/data/etc/systemd/system/usbguard-watch.service new file mode 100644 index 00000000..d3654f55 --- /dev/null +++ b/core/modules/usbguard/data/etc/systemd/system/usbguard-watch.service @@ -0,0 +1,11 @@ +[Unit] +Description=USBGuard collect usb Daemon +After=usbguard-daemon.service + +[Service] +ExecStart=/usr/local/bin/usbguard watch -e /usr/local/etc/usbguard/sendUSBInfo.sh +Type=simple +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/core/modules/usbguard/data/usr/local/etc/usbguard/sendUSBInfo.sh b/core/modules/usbguard/data/usr/local/etc/usbguard/sendUSBInfo.sh new file mode 100755 index 00000000..3fe91fef --- /dev/null +++ b/core/modules/usbguard/data/usr/local/etc/usbguard/sendUSBInfo.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# use SLX_KCL_SERVERS +. /opt/openslx/config + +SERVER_IP=${SLX_PXE_SERVER_IP} +CLIENT_IP=${SLX_PXE_CLIENT_IP} +NADAPTER="br0" + +if [ "$USBGUARD_DEVICE_EVENT" == "Insert" ] +then + id=$(echo $USBGUARD_DEVICE_RULE | grep -Pzo '(?s)(?<=id\s).*(?=\sserial)') + serial=$(echo $USBGUARD_DEVICE_RULE | grep -Pzo '(?s)(?<=serial\s").*(?="\sname)') + name=$(echo $USBGUARD_DEVICE_RULE | grep -Pzo '(?s)(?<=name\s").*(?="\shash)') + vhash=$(echo $USBGUARD_DEVICE_RULE | grep -Pzo '(?s)(?<=\shash\s").*(?="\sparent-hash)') + phash=$(echo $USBGUARD_DEVICE_RULE | grep -Pzo '(?s)(?<=\sparent-hash\s").*(?="\svia-port)') + vport=$(echo $USBGUARD_DEVICE_RULE | grep -Pzo '(?s)(?<=\svia-port\s").*(?="\swith-interface)') + interface=$(echo $USBGUARD_DEVICE_RULE | grep -Pzo '(?s)(?<=\swith-interface\s).*') + # nat1 ONLY WORKS FOR some VM's THIS NEEDS TO BE EDITED. IP Info only needed for getting the machineuuid -> location of the machine. + # interface-policy is not needed here is it? --> Once it's implemented in usbguard it is.. but currently the device rule doesn't have those information. + url=$(echo "http://$SERVER_IP/slx-admin/api.php?do=usbguard&action=newdevice&id=$id&serial=$serial&name=$name&ip=$CLIENT_IP&hash=$vhash&parent-hash=$phash&via-port=$vport&with-interface=$interface" | sed 's/ /%20/g') + curl $url +fi |