Qubes-VM-hardening
Qubes-VM-hardening copied to clipboard
tasket
Fend off malware at Qubes VM startup
Candidate whitelist items are commonly-used files such as: * Network Manager connections * VPN configurations etc. Maybe included as inactive examples.
When `sys-whonix` is started for the first time `Anon-Conection-Wizard` is supposed to automaicaly start, and walk users through Tor setup and configuration. However, unlike in previous Whonix versions {13,14} when...
Currently `vm-boot-protect` is the most compatible mode for Whonix VMs (but see issue #31). It might be desirable to explore using the more extensive `vm-boot-protect-root` mode for whonix-ws VMs by...
Using whonix-gw-15: The vm-boot-protect service is failing to run properly for sys-whonix. It looks like its not able to re-mount private volume as read-write: ``` user@host:~$ sudo journalctl -u vm-boot-protect...
The way that Qubes initializes /rw when a VM is first started presents a problem to vm-boot-protect. It appears that the Linux GUI bits (which run later) become jammed if...
Needs a way to set loglevel so admin can prevent details from showing after a normal VM startup.
Logic to detect VM type such as netVM, proxyVM, appVM and handle some things differently such as Network Manager settings, etc. User can already target policy for replacing and whitelisting...
Current sequence goes like: 1. Checksums 2. Quarantine /rw dirs a. Whitelist 3. Deploy files 4. Set immutable /home files An administrator may find a different sequence useful, for example...
