Coming out of a discussion in 
https://groups.google.com/forum/#!topic/qubes-users/hs2yapPlUVA

I am interested, does anyone run intrusion detection tools within their VMs? 

I use OSSEC [1] extensively elsewhere (on servers), but not sure it would work 
so well in agent-server model in Qubes. 

'local' mode would work, but I would still want to get notifications of 
events/attacks, even from vaulted VMs that can't send email.

Since Qubes design suggests we should expect VM compromise, I think it makes 
sense to having something looking for such a compromise rather than just 
periodically rebuild my VMs (as I currently do).

Anyone else looked into a nice solution?

[1] http://ossec.github.io



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/de52cd24-e836-4153-86c4-2edfa4304447%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to