Le jeudi 3 novembre 2016 23:42:21 UTC+1, [email protected] a écrit : > Coming out of a discussion in > https://groups.google.com/forum/#!topic/qubes-users/hs2yapPlUVA > > I am interested, does anyone run intrusion detection tools within their VMs? > > I use OSSEC [1] extensively elsewhere (on servers), but not sure it would > work so well in agent-server model in Qubes. > > 'local' mode would work, but I would still want to get notifications of > events/attacks, even from vaulted VMs that can't send email. > > Since Qubes design suggests we should expect VM compromise, I think it makes > sense to having something looking for such a compromise rather than just > periodically rebuild my VMs (as I currently do). > > Anyone else looked into a nice solution? > > [1] http://ossec.github.io
Thx man you make my day. I have allready done that's but without notification, great improvement for me. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b54cbd4f-7fd3-41e9-b1a5-a4d16c842379%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
