Re: [qubes-users] Qubes VM Hardening v0.8.2 Released!
On Sun, April 15, 2018 8:41 pm, Chris Laprise wrote: > On 04/15/2018 04:05 PM, Chris Laprise wrote: > >> On 04/15/2018 03:51 PM, Chris Laprise wrote: >> >>> Project link: https://github.com/tasket/Qubes-VM-hardening >>> >> >> TL;dr : This closes the obvious loopholes that malware can use in Qubes >> AppVMs to escalate privileges, _impersonate_ real apps (to steal >> credentials), and persist after shutdown/restart. > > ^FIXED :) > > >> >> VMs' own internal security has a chance to work and even shake-off >> rootkits and other malware when VMs are restarted or the template >> receives security updates. Thanks, tasket! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e0fb6f8b28e55bbde18824f44c1a57a9.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes VM Hardening v0.8.2 Released!
On 04/15/2018 04:05 PM, Chris Laprise wrote: On 04/15/2018 03:51 PM, Chris Laprise wrote: Project link: https://github.com/tasket/Qubes-VM-hardening TL;dr : This closes the obvious loopholes that malware can use in Qubes AppVMs to escalate privileges, _impersonate_ real apps (to steal credentials), and persist after shutdown/restart. ^FIXED :) VMs' own internal security has a chance to work and even shake-off rootkits and other malware when VMs are restarted or the template receives security updates. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f4fd3621-47dd-af94-e20a-777ebae504c4%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes VM Hardening v0.8.2 Released!
On 2018-04-16 01:05, Chris Laprise wrote: On 04/15/2018 03:51 PM, Chris Laprise wrote: Project link: https://github.com/tasket/Qubes-VM-hardening TL;dr : This closes the obvious loopholes that malware can use in Qubes AppVMs to escalate privileges, impersonal real apps (to steal credentials), and persist after shutdown/restart. VMs' own internal security has a chance to work and even shake-off rootkits and other malware when VMs are restarted or the template receives security updates. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 Awesome! Can't wait till I have some time to try this out. Thanks Chris!!! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/24460ed9cbee3be985c4470636a31956%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes VM Hardening v0.8.2 Released!
On 04/15/2018 03:51 PM, Chris Laprise wrote: Project link: https://github.com/tasket/Qubes-VM-hardening TL;dr : This closes the obvious loopholes that malware can use in Qubes AppVMs to escalate privileges, impersonal real apps (to steal credentials), and persist after shutdown/restart. VMs' own internal security has a chance to work and even shake-off rootkits and other malware when VMs are restarted or the template receives security updates. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/97a0b9aa-f97e-e008-c650-31742efd5348%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes VM Hardening v0.8.2 Released!
Leverage Qubes template non-persistence to fend off malware. Lock-down, quarantine and check contents of /rw private storage that affect the VM execution environment. vm-boot-protect.service: * Acts at VM startup before private volume /rw mounts * User: Protect /home desktop & shell startup executables * Root: Quarantine all /rw configs & scripts, with whitelisting * Re-deploy custom or default files to /rw on each boot * SHA256 hash checking against unwanted changes * Provides rescue shell on error or request * Works with template-based AppVMs, sys-net and sys-vpn Also included is the 'configure-sudo-prompt' tool which restores authorization for sudo on Debian. vm-boot-protect isn't effective with "passwordless sudo" Qubes default -- this tool restores VM internal security using a dom0 yes/no prompt in place of passwords. Project link: https://github.com/tasket/Qubes-VM-hardening -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8f5524fd-2dc3-ccda-c864-fa80c50c37b3%40posteo.net. For more options, visit https://groups.google.com/d/optout.