Hello, Am Di., 8. Jan. 2019, 13:25 hat <simon.new...@gmail.com> geschrieben:
> As per subject, does anyone use things such as AIDE (or other file > integrity IDS) ? > > I understand the security model is "if dom0 is compromised, you are > fscked" but it would be at least nice to have something that gave me a > heads up if such an event happens. > I was thinking about this as I am currently running a dual boot setup, which means that the /Boot partition is unencrypted and could theoretically be compromised as it unencrypted. I have therefore written a small script which fingerprints all files in the Boot partition and verify the fingerprints later - basically something like a poor man's IDS. The hash sume file itself is GPG signed and _not_ stored on boot but the encrypted part of dom0. So if files in boot got changed I do get an alarm when I verify the fingerprints. This could then lead to the decision to rebuild/drop the whole system as it could have become (reasonable) insecure. I tried to find out if I can run the scripts before login into Qubes but it seems that there is no way to do so. So now I have the idea that the script will run after login of dom0 and then present a notification: boot files are ok. - O. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2tNqF-L99i287-KCxZd3D095-j8OfUNXgTLfixBOkaRng%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.