On 04/11/2017 12:14 PM, cooloutac wrote:
On Monday, April 10, 2017 at 11:43:55 AM UTC-4, Chris Laprise wrote:
Here is a small script for Linux templates that protects files executed
on startup by...
bash
sh
Gnome
KDE
Xfce
X11
Together with enabling sudo authentication, this is a simple way to make
template-based VMs less hospitable to malware.
LINK: https://github.com/tasket/Qubes-VM-hardening
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
ok you convinced me I have to enable sudo now. lol
I should mention this approach for /home init scripts does also help
standalone Linux VMs.
There is an update in the works that can knock-out even some root-user
(privilege escalation) malware, though this addition would not help
standalones. The technique is to erase-or-replace dirs like /rw/config
at boot time.
The overall result should be that an attacked VM (especially
template-based) has a better chance of malware being in a
dormant/disabled state when the VM is started. And the price in users'
time/energy for gaining this margin of security should be quite low.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/6848aa14-4b90-91e9-dfbf-77037cd9cb04%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.