Ahah i suggest it to Frederic one years ago. But we need to salt all VM with auditd policy, rsyslog forward, hids, build a repo syslog-ng and the most difficult part... did you know any siem without eating the power? xD. Splunk : ko. Graylog : gpl (as i know) Elastic? : ko for power saving. We can use virustotal api for hids check with checksum of file (requiert free account for limited submission but enough i guess for the usb VM) It is a very tough project by this is what QubesOS need. Absolutly because this is the 1st thing i was thinking when someone show me the project. How do you know this VM is compromise? Nothing.... But something we can do is : - build a minimum version for laptop ( it is like a non-sense because of the batterie power ahah) - build a solution for the server/cloud version of Qubes. This is a very good project! This can be a physical server with OpenSource SOC Base on QubesOS.
Le mer. 10 avr. 2019 à 09:12, Zrubi <[email protected]> a écrit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 4/9/19 6:51 AM, Harry Pantazis wrote: > > > The ideas (ordered by preference) that interest me: * Wayland > > Support (I like sway) * In-VM Configuration * LogVM(s) > > > > If someone is interested in mentoring me in some way, giving me > > tips or collaborating with me I'm open to discussion. > > I'm happy to collaborate about the LogVM project. > > As I really interested to make that happen, and I already played with > log (and traffic) analysis: > http://zrubi.hu/en/2017/traffic-analysis-qubes/ > http://zrubi.hu/en/2017/siem-at-home/ > > I think all of those can be related (and hopefully useful) for Qubes > Log VMs too. > (As I work with enterprise level SIEM solutions for years, I have some > experience on this field) > > - -- > Zrubi > -----BEGIN PGP SIGNATURE----- > > iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAlytl0kACgkQVjGlenYH > FQ0myQ//URPqj9uPERw4ivBN/VtGRLd+RHdofIRjlf363NcRNsLG4gaADGYEMrki > L397f6vXKn09Uv+c1mWvWGFIsFBD4BF5fRWSIrQNNzpwcO/zgLuLPSL7fCbF4kfC > 8SiMYLVZgppZ6sgnwMWZfvpTAehBeMYEjnClyrpi0FCkVYzKCuva8wGH4OcXzMyg > OiuUjyPer2OBwMYU4aoYaJahK/4RaB1PKFqEOQP2PzsuyG55qtauomIj1uEpN1Dl > Cup0xN2bKh6vyaCBc4nhC/h8tCo97hc9cprZCbylU+IUlapDDvXOx15ZSor2b7ZG > QdUkv6CoXSeIlBIrQMz0srGCdLh+U/wNHjpfb/VP3c+l7b9yCxpoXztzRQXtw8b2 > YeVJRhpYfpJwQobB7Vi7dMkvcViRN5gHkTU6Mv26z177Dgws1cw2LYQpap4Y5xbB > U67UbYz9mV1uVA3wwSKIde90fu/dbbEUnSvDzG/ROeUYp6XrAxLlBQB5pbIEeK+c > ST3mx+Slu3PY43TGL1AVmMMyNM+EWJbr3ZggCS1etZh2VljcHSeoPvjVEgEekJ6F > qqCuu84dMEHhfT0M01JimkOaWq/3AE9r3GjR9ox1S//5Llc/vTtHoOUbL0/mx+J2 > UDvVmaoj7ikurVSs9488Pj/9Vgq6L0SfAqwPO15zNUy0Zp4ZXsc= > =H/mE > -----END PGP SIGNATURE----- > > -- > You received this message because you are subscribed to the Google Groups > "qubes-devel" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-devel/2f59a7bb-a3af-fd3d-9b49-cbfe1902c794%40zrubi.hu > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CALwLNskABRBkLK_FMD6O0tBc86N3H8Tod1NHEy7J%3D0v6gSFt%3DQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
