Coming out of a discussion in https://groups.google.com/forum/#!topic/qubes-users/hs2yapPlUVA
I am interested, does anyone run intrusion detection tools within their VMs? I use OSSEC [1] extensively elsewhere (on servers), but not sure it would work so well in agent-server model in Qubes. 'local' mode would work, but I would still want to get notifications of events/attacks, even from vaulted VMs that can't send email. Since Qubes design suggests we should expect VM compromise, I think it makes sense to having something looking for such a compromise rather than just periodically rebuild my VMs (as I currently do). Anyone else looked into a nice solution? [1] http://ossec.github.io -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/de52cd24-e836-4153-86c4-2edfa4304447%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.