Leverage Qubes template non-persistence to fend off malware. Lock-down,
quarantine and check contents of /rw private storage that affect the VM
* Acts at VM startup before private volume /rw mounts
* User: Protect /home desktop & shell startup executables
* Root: Quarantine all /rw configs & scripts, with whitelisting
* Re-deploy custom or default files to /rw on each boot
* SHA256 hash checking against unwanted changes
* Provides rescue shell on error or request
* Works with template-based AppVMs, sys-net and sys-vpn
Also included is the 'configure-sudo-prompt' tool which restores
authorization for sudo on Debian. vm-boot-protect isn't effective with
"passwordless sudo" Qubes default -- this tool restores VM internal
security using a dom0 yes/no prompt in place of passwords.
Project link: https://github.com/tasket/Qubes-VM-hardening
Chris Laprise, tas...@posteo.net
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.