From 055e2dfe09f270bb2ceca89b5100ad840d9c0837 Mon Sep 17 00:00:00 2001
From: Jannik Schönartz
Date: Wed, 15 Nov 2017 09:29:10 +0100
Subject: [usbguard] USBGuard module added by Jannik Schönartz

[usb-lock-off] Updated usb info collection script to use the openslx config variables.

[usb-lock-off] Updated usbguard to version 0.7.2 and libsodium to 1.0.16. Fixed the build script, so that -c cleans everything.
---
 .../data/usr/local/etc/usbguard/sendUSBInfo.sh     | 23 ++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100755 core/modules/usbguard/data/usr/local/etc/usbguard/sendUSBInfo.sh

(limited to 'core/modules/usbguard/data/usr/local/etc/usbguard/sendUSBInfo.sh')

diff --git a/core/modules/usbguard/data/usr/local/etc/usbguard/sendUSBInfo.sh b/core/modules/usbguard/data/usr/local/etc/usbguard/sendUSBInfo.sh
new file mode 100755
index 00000000..3fe91fef
--- /dev/null
+++ b/core/modules/usbguard/data/usr/local/etc/usbguard/sendUSBInfo.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# use SLX_KCL_SERVERS
+. /opt/openslx/config
+
+SERVER_IP=${SLX_PXE_SERVER_IP}
+CLIENT_IP=${SLX_PXE_CLIENT_IP}
+NADAPTER="br0"
+
+if [ "$USBGUARD_DEVICE_EVENT" == "Insert" ]
+then
+	id=$(echo $USBGUARD_DEVICE_RULE | grep -Pzo '(?s)(?<=id\s).*(?=\sserial)')
+	serial=$(echo $USBGUARD_DEVICE_RULE | grep -Pzo '(?s)(?<=serial\s").*(?="\sname)')
+	name=$(echo $USBGUARD_DEVICE_RULE | grep -Pzo '(?s)(?<=name\s").*(?="\shash)')
+	vhash=$(echo $USBGUARD_DEVICE_RULE | grep -Pzo '(?s)(?<=\shash\s").*(?="\sparent-hash)')
+	phash=$(echo $USBGUARD_DEVICE_RULE | grep -Pzo '(?s)(?<=\sparent-hash\s").*(?="\svia-port)')
+	vport=$(echo $USBGUARD_DEVICE_RULE | grep -Pzo '(?s)(?<=\svia-port\s").*(?="\swith-interface)')
+	interface=$(echo $USBGUARD_DEVICE_RULE | grep -Pzo '(?s)(?<=\swith-interface\s).*')
+	# nat1 ONLY WORKS FOR some VM's THIS NEEDS TO BE EDITED. IP Info only needed for getting the machineuuid -> location of the machine.
+	# interface-policy is not needed here is it? --> Once it's implemented in usbguard it is.. but currently the device rule doesn't have those information.
+	url=$(echo "http://$SERVER_IP/slx-admin/api.php?do=usbguard&action=newdevice&id=$id&serial=$serial&name=$name&ip=$CLIENT_IP&hash=$vhash&parent-hash=$phash&via-port=$vport&with-interface=$interface" | sed 's/ /%20/g')
+	curl $url
+fi
-- 
cgit v1.2.3-55-g7522