On 2020-01-23 04:08, Vít Šesták wrote:
*APL external email warning: *Verify sender
qubes-users+bncbct5hvg33eerbeofuxyqkgqeaao4...@googlegroups.com before
clicking links or attachments
Thank you! This has allowed me to mount the volume to a DVM, which has
allowed me to fix the issue. Just running fsck in the DVM was enough to
fix the issue.
Maybe I should create an issue (or find an existing one) for that.
Maybe we should just wrap that set of commands into a script to make it
quick and easy?
Something like:
$ qvm-mount-lvm-image AppVM remote-mount-point thin-pool-volume-name1
Being a belt and suspenders kind, I would use it on a regular basis just
to grab a diff for any changes to the persistent areas like /rw/usrLocal
in specific internet facing VMs after shutdown.
If you ever have an AppVM get hacked, there are only so many places that
offer persistence within an AppVM, so I would like to launch a dispvm
every so often just to roll through each private volume to hash check
that set of directories and compare the new checksums to any prior
stored values. This way when something touches the /usr/local I will
know about it.
It would also be a good idea to measure places like the users special
areas like .config/ .local/bin looking specifically for executables that
might be launched automatically without the users own knowledge.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/3c01c7e5-1c42-4b7d-5ff8-631c7fde37e0%40jhuapl.edu.