Description:
------------
Qubes-VM-hardening
Leverage Qubes template non-persistence to fend off malware at VM
startup: Lock-down, quarantine and check contents of /rw private storage
that affect the execution environment.
* Acts at VM startup before private volume /rw mounts
* User: Protect /home desktop & shell startup executables
* Root: Quarantine all /rw configs & scripts, with whitelisting
* Customize the root or home configuration on each boot
* Organize configurations with named tags
* SHA256 hash checking against unwanted changes
* Provides rescue shell on error or request
* Works with template-based AppVMs
Version 0.9.3 extends protection to dev nodes and suid files in home, so
upgrading is recommended.
The new configuration tag feature comes with several examples, including
the 'ibrowse' tag which can remove everything except browser bookmarks
whenever the VM starts. Applying these configuration tags to VMs is easy
and can help keep the number of custom templates low.
Github link - https://github.com/tasket/Qubes-VM-hardening
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/119bc276-fc18-a4b6-be26-4ab33d9379b3%40posteo.net.
