'\" t .\" Title: usbguard-daemon .\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 03/17/2024 .\" Manual: \ \& .\" Source: \ \& .\" Language: English .\" .TH "USBGUARD\-DAEMON" "8" "03/17/2024" "\ \&" "\ \&" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" usbguard-daemon \- USBGuard daemon .SH "SYNOPSIS" .sp usbguard\-daemon [OPTIONS] .SH "DESCRIPTION" .sp The \fBusbguard\-daemon\fR is the main component of the USBGuard software framework\&. It runs as a service in the background and enforces the USB device authorization policy for all USB devices\&. The policy is defined by a set of rules using a rule language described in \fBusbguard\-rules\&.conf\fR(5)\&. The policy and the authorization state of USB devices can be modified during runtime using the \fBusbguard\fR(1) tool\&. .SH "OPTIONS" .PP \fB\-d\fR .RS 4 Enable debugging messages in the log\&. .RE .PP \fB\-f\fR .RS 4 Enable classical daemon behavior (fork at start, sysV compliant)\&. .RE .PP \fB\-s\fR .RS 4 Log to syslog\&. .RE .PP \fB\-k\fR .RS 4 Log to console\&. (default) .RE .PP \fB\-K\fR .RS 4 Disable Logging to console\&. .RE .PP \fB\-l\fR \fIpath\fR .RS 4 Log to a file at \fIpath\fR\&. .RE .PP \fB\-p\fR \fIpath\fR .RS 4 Write PID to a file at \fIpath\fR (default: \fI/var/run/usbguard\&.pid\fR)\&. .RE .PP \fB\-c\fR \fIpath\fR .RS 4 Load configuration from a file at \fIpath\fR (default: \fI/etc/usbguard/usbguard\-daemon\&.conf\fR)\&. .RE .PP \fB\-P\fR .RS 4 Disable permissions check on conf and policy files (default: \fI/etc/usbguard/usbguard\-daemon\&.conf\fR)\&. .RE .PP \fB\-C\fR .RS 4 Drop capabilities to limit privileges of the process\&. .RE .PP \fB\-W\fR .RS 4 Use a seccomp whitelist to limit available syscalls to the process\&. .RE .PP \fB\-h\fR .RS 4 Show the help/usage screen\&. .RE .SH "SECURITY CONSIDERATIONS" .sp The daemon provides the USBGuard public IPC interface\&. Depending on your distribution defaults, the access to this interface is limited to a certain group or a specific user only\&. Please refer to the usbguard\-daemon\&.conf(5) man page for more information on how to configure the ACL correctly\&. \fBDo not leave the ACL unconfigured as that will expose the IPC interface to all local users\&. That will allow them to manipulate the authorization state of USB devices and modify the USBGuard policy\fR\&. .SH "SEE ALSO" .sp usbguard\-daemon\&.conf(5), usbguard\-rules\&.conf(5), usbguard(1)