On Sunday, November 6, 2016 at 11:07:43 PM UTC-5, raah...@gmail.com wrote: > On Sunday, November 6, 2016 at 9:27:04 PM UTC-5, David Renz wrote: > > Hello everyone, > > > > currently I don't have QubesOS installed unfortunately, so I can't check > > this by myself, and it might take some time until I'll be able to install > > it, therefore I'm asking about this on the list: > > > > I think that AIDE is the most sophisticated tool for checking file system > > integrity (and I believe that this approach might be one of the best in > > order to see whether a system got compromised or not), but obviously it > > could render this approach useless, if one would first habe to go online > > after having installed QubesOS and then AIDE from a Repo, which might be > > compromised. Therefore my question: Is AIDE included in the Fedora > > installation iso, so that those security issues couls be circumvented? > > > > By the way, doing so should not only be done before going online for the > > first time, but already before the system restarts after its installation > > (because otherwise ACPI or other firmware code might compromise the system > > during the first boot process). > > > > If it's not included in the installation iso, then I'd strongly suggest > > that it should be added. (The second best solution would be to download it > > and pray that this download is not compromised (probably I don't need to > > mention that there are various ways to compromise this download without > > someone being able to notice that), bur actually that doesn't even sound > > like a 'second best', but a rather careless approach.) > > > > Maybe manually hashing files by writing a script could be another approach > > (I'd rather do that than trust a security relevant tool I downloaded from > > somewhere), though AIDE is really great in its functionality and it would > > be really nice if doing so would be possible. > > > > > > Kind regards and all the best > > > > David > > You just install the package like any other linux. > > I still like tripwire the best, even though the opensource version is so > outdated. Some more modern solutions are OSSEC or Samhain, but they are > more like windows type all in one solutions and might be considered bloated.
When using these type of programs on qubes though I found it too noisy and pointless. Just for dom0 might not be a bad idea. Just routinely wipe your other vms at the slightest anomaly haha. its so easy in qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c4311424-82d6-48a2-99a6-bde137b5d719%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
