Qubes-VM-hardening
Qubes-VM-hardening copied to clipboard
tasket
Fend off malware at Qubes VM startup
You have made some good contributions like the qvm mass update script, qvm tunnel, and this qubes hardening. Will these things eventually make it into qubes?
From an appvm with a hardened template, unable to mount an external usb thumbdrive. Nautilus/Files shows it is present, but once clicked on to mount, error pops up: Unable to...
Hi it would be nice if here are Notifications during startup or on error. In the way it is in Qubes-vpn-support. Like "system started without issue"
These folders are user writable. Similar to * https://github.com/QubesOS/qubes-issues/issues/5263 * https://github.com/tasket/Qubes-VM-hardening/issues/41
http://forums.whonix.org/t/msgdispatcher-bug-delete-wrapper/8034/1 Related source files: * https://github.com/Whonix/msgcollector/blob/master/usr/lib/msgcollector/msgdispatcher * https://github.com/Whonix/msgcollector/blob/master/usr/lib/msgcollector/msgdispatcher_delete_wrapper * https://github.com/Whonix/msgcollector/blob/master/etc/xdg/autostart/msgdispatcher.desktop * https://github.com/Whonix/msgcollector/blob/master/lib/systemd/system/msgcollector.service * https://github.com/Whonix/msgcollector/blob/master/usr/lib/msgcollector/msgdispatcher_init * https://github.com/Whonix/msgcollector/blob/master/etc/xdg/autostart/msgdispatcher.desktop
Firefox releases after the current ESR (version 66) don't permit simple creation or management of generic browser profiles such as _.mozilla/firefox/profile.default_. This means the ibrowse tag currently only works with...
Wondering if this could be useful for Debian too. (Not only Debian TemplateBased AppVMs in Qubes. I mean "normal" Debian systems without Qubes.) More operating system compatibility could get more...
* https://github.com/tasket/Qubes-VM-hardening/blob/master/vm-boot-protect.service ``` [Unit] After=qubes-sysinit.service Before=qubes-mount-dirs.service ``` * https://github.com/QubesOS/qubes-core-agent-linux/blob/master/vm-systemd/qubes-mount-dirs.service ``` After=qubes-sysinit.service dev-xvdb.device DefaultDependencies=no Before=local-fs.target rw.mount home.mount qubes-gui-agent.service ``` * https://github.com/QubesOS/qubes-core-agent-linux/blob/master/vm-systemd/mount-dirs.sh The issue with `mount-dirs.sh` is that it calls `/usr/lib/qubes/init/bind-dirs.sh` which...
I combed the dash and bash docs -- as well as Gnome, KDE, Xfce and X11 docs -- to address all the user-writable startup files that apply. This issue will...