1USBGUARD-DAEMON(8) USBGUARD-DAEMON(8)
2
3
4
6 usbguard-daemon - USBGuard daemon
7
9 usbguard-daemon [OPTIONS]
10
12 The usbguard-daemon is the main component of the USBGuard software
13 framework. It runs as a service in the background and enforces the USB
14 device authorization policy for all USB devices. The policy is defined
15 by a set of rules using a rule language described in
16 usbguard-rules.conf(5). The policy and the authorization state of USB
17 devices can be modified during runtime using the usbguard(1) tool.
18
20 -d
21 Enable debugging messages in the log.
22
23 -f
24 Enable classical daemon behavior (fork at start, sysV compliant).
25
26 -s
27 Log to syslog.
28
29 -k
30 Log to console. (default)
31
32 -K
33 Disable Logging to console.
34
35 -l path
36 Log to a file at path.
37
38 -p path
39 Write PID to a file at path (default: /var/run/usbguard.pid).
40
41 -c path
42 Load configuration from a file at path (default:
43 /etc/usbguard/usbguard-daemon.conf).
44
45 -P
46 Disable permissions check on conf and policy files (default:
47 /etc/usbguard/usbguard-daemon.conf).
48
49 -C
50 Drop capabilities to limit privileges of the process.
51
52 -W
53 Use a seccomp whitelist to limit available syscalls to the process.
54
55 -h
56 Show the help/usage screen.
57
59 The daemon provides the USBGuard public IPC interface. Depending on
60 your distribution defaults, the access to this interface is limited to
61 a certain group or a specific user only. Please refer to the
62 usbguard-daemon.conf(5) man page for more information on how to
63 configure the ACL correctly. Do not leave the ACL unconfigured as that
64 will expose the IPC interface to all local users. That will allow them
65 to manipulate the authorization state of USB devices and modify the
66 USBGuard policy.
67
69 usbguard-daemon.conf(5), usbguard-rules.conf(5), usbguard(1)
70
71
72
73 01/31/2020 USBGUARD-DAEMON(8)