Leverage Qubes template non-persistence to fend off malware. Lock-down, quarantine and check contents of /rw private storage that affect the VM execution environment.


  *  Acts at VM startup before private volume /rw mounts

  *  User: Protect /home desktop & shell startup executables

  *  Root: Quarantine all /rw configs & scripts, with whitelisting

  *  Re-deploy custom or default files to /rw on each boot

  *  SHA256 hash checking against unwanted changes

  *  Provides rescue shell on error or request

  *  Works with template-based AppVMs, sys-net and sys-vpn

Also included is the 'configure-sudo-prompt' tool which restores authorization for sudo on Debian. vm-boot-protect isn't effective with "passwordless sudo" Qubes default -- this tool restores VM internal security using a dom0 yes/no prompt in place of passwords.

Project link: https://github.com/tasket/Qubes-VM-hardening


Chris Laprise, tas...@posteo.net
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to