V8.02.512.2025.05.30

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

config/hooks/live/9980_usb_guard.chroot

@@ -0,0 +1,45 @@
+#!/bin/bash
+# SPDX-Version: 3.0
+# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
+# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
+# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
+# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
+# SPDX-PackageName: CISS.debian.live.builder
+# SPDX-Security-Contact: security@coresecret.eu
+set -C -e -u -o pipefail
+
+printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
+# sleep 1
+
+apt-get install -y usbguard
+
+# sleep 1
+
+# Preparing USBGuard: see https://www.privacy-handbuch.de/handbuch_91a.htm
+touch /tmp/rules.conf
+usbguard generate-policy >> /tmp/rules.conf
+
+if [[ -f /etc/usbguard/rules.conf && -s /etc/usbguard/rules.conf ]]; then
+  mv /etc/usbguard/rules.conf /root/.ciss/dlb/backup/usbguard_rules.conf.bak
+  cp -a /tmp/rules.conf /etc/usbguard/rules.conf
+  chmod 0600 /etc/usbguard/rules.conf
+else
+  rm -f /etc/usbguard/rules.conf
+  cp -a /tmp/rules.conf /etc/usbguard/rules.conf
+  chmod 0600 /etc/usbguard/rules.conf
+fi
+
+cp -a /etc/usbguard/usbguard-daemon.conf /root/.ciss/dlb/backup/usbguard-daemon.conf.bak
+sed -i "s/PresentDevicePolicy=apply-policy/PresentDevicePolicy=allow/" /etc/usbguard/usbguard-daemon.conf
+# sleep 1
+
+rm -f /tmp/rules.conf
+
+printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
+# sleep 1
+
+exit 0
+# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh