Re: [qubes-users] Upgrading/creating "special" VMs (sys-net, vault, etc)
> So to clarify: > > > Sys-net and sys-firewall (and sys-vpn if you use it) will need it enabled. > > When you say "need it enabled", you're just referring again to "provides > network", is that correct? > Yes. > And secondly: Do I understand correctly so long as any qube sits in between > two other qubes in the networking chain, it automatically acts as a basic > firewall? That's all that sys-firewall is? > > Thanks again! I don't know. You can compare iptables rules between your VMs to find out. You're welcome. BTW, this mailing list prefers users to reply below the previous message. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/482KyN1jh8z6tmJ%40submission01.posteo.de.
Re: [qubes-users] Choosing a TemplateOS for security
> On 1/20/20 3:09 PM, tortuga verde wrote: > > > Also, since it was not listed in systemctl status, how would I be able > > to easily enumerate all such services, so that if I want to see if any > > service is running because I failed to disable it at install time, I can > > find and disable it now? > > You just need to learn more commands for systemctl. Debian generally has fewer services running than Fedora, but there are some that you might want to disable. Some services will work in an AppVM but fail in the TemplateVM because there is no network access. $ sudo systemctl list-units (--all) $ sudo systemctl list-timers (--all) $ sudo systemctl list-sockets (--all) Read the man page, especially the section about commands to learn how to disable and troubleshoot. $ man systemctl -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4827sN6wy5z9rxp%40submission02.posteo.de.
Re: [qubes-users] Upgrading/creating "special" VMs (sys-net, vault, etc)
> Hello, > > I was wondering if there are guides in the docs that I missed which > describe proper creation/upgrades of "special" VMs (sys-net, sys-firewall, > and possibly vault). I preferred Debian for my vault. I created a new VM with > a > black lock icon and no network connectivity. Other than chosen OS, the > config looks identical to the out-of-the-box vault VM. Is that all I need? > (From a brief look, the salt files seem to imply that it is) > "Vault" VMs have no network access, besides that there is nothing special about them. You might like to customize its template, though. For instance, multimedia use. > > Similar question for getting my sys-net and sys-firewall onto fedora30 The packages that sys-net and sys-firewall need to function are included in templates, except for the minimal templates. That's why the guides mention them specifically. Provide sys-net with a device and make sure that they provide networking to the next qube in line. Sys-net and sys-firewall (and sys-vpn if you use it) will need it enabled. If you plan to incorporate whonix into your configuration (with a DispVM and as the UpdateVM) then I recommend that you use salt to create everything it needs. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4827Xt5j9gz9rxX%40submission02.posteo.de.
Re: [qubes-users] Why does Qubes with XFCE use Gnome programs?
> > I've a question about the Qubes default desktop setup. Basically, the > > latest Qubes is running XFCE desktop environment, but I've noticed > > certain default programs are actually from Gnome. > > > Dom0 uses xfce but the templates use Gnome. Qubes offers a fedora xfce template. Whonix-15 also uses xfce. $ sudo qubes-dom0-update qubes-template-fedora-30-xfce -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47zDPB344cz6tmD%40submission01.posteo.de.
Re: [qubes-users] Why does Qubes with XFCE use Gnome programs?
> I've a question about the Qubes default desktop setup. Basically, the > latest Qubes is running XFCE desktop environment, but I've noticed > certain default programs are actually from Gnome. > Dom0 uses xfce but the templates use Gnome. > I did a quick test installing Thunar and it seemed to work fine. > Although one thing I noticed is that certain functions like the "Open in > disposable VM" in right-click menus were missing. > install qubes-core-agent-thunar -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47wky322MQz6tm8%40submission01.posteo.de.
Re: [qubes-users] Re: redshift or brightness control?
> > $ sudo qubes-dom0-update redshift-gtk > > > > The dnf command is only used for removing packages. > > > > do you invoke it from command line? if so, may I ask with what command > argument ? > I invoke it via the session and startup preferences in system tools, so it loads every time Qubes starts. There's an also an entry in Dom0's application menu. > via xfce menu "failed to run redshift, trying location provider > 'geoclue2' , > > maybe because dom0 has no access to the world or something ? > That's right. Geoclue2 won't work, but you can set the provider to "manual" and enter your location coordinates. You can put those settings in a file at ~/.local/redshift.conf. See the redshift man page for all the options. > > sorry if this might be more redshift-y than qubes-y > No worries, I had the same problem myself at one time. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47YhS11TK9z6tmF%40submission01.posteo.de.
Re: [qubes-users] Re: redshift or brightness control?
> > so $sudo dnf install redshift-gtk ? > > seems to not be the package name , hmm > $ sudo qubes-dom0-update redshift-gtk The dnf command is only used for removing packages. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47Ybtf5Tj4z9rxS%40submission02.posteo.de.
Re: [qubes-users] Re: redshift or brightness control?
> On 12/9/19 9:33 PM, beppo wrote: > > Am 10.12.19 um 08:09 schrieb rec wins: > >> hello, is there a way to install and use redshift or any brightness > >> control for dom0, which I assume is where the package would have to go > > > > That's right, you have to install it to dom0 (on your own risk). Just run > > $ sudo qubes-dom0-update redshift > > in dom0. (add also redshift-gtk for gtk-support. > > > > I was under the impression , esp since dom0 is Fedora 25 to "never > install anything" in dom0 but OK, > > is/are there any other helpful utilities people install in dom0 that are > "safe" > I second redshift. I also like having a graphical text editor. It's true that Qubes warns against adding packages to dom0, but the choice is yours. I rarely install anything to dom0, but when I do I only choose well-known packages with few or no dependencies. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47Y36f3HjDz6tmM%40submission01.posteo.de.
Re: [qubes-users] default dispvm template has a different networking setting than this qube
> I installed Kali Linux (as a non template vm) and in the qubes setting for > this Kali it says: > > default dispvm template has a different networking setting than this qube, > unexpected network access may occur > > what should I do in Kali for it to work? > DispVMs inheret their network settings from their parent VM. You can have three options: choose a different NetVM for your current DispVM template, choose a different DispVM template that uses the NetVM you need, or you can clone the current template and change its settings if for some reason you don't want to adjust the original. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47VjBp24gLz9rxG%40submission02.posteo.de.
Re: [qubes-users] sys-net
> On 9/18/19 2:43 PM, unman wrote: > >> today I had a look in logs of my router, and discovered that it logs my > >> qubes machine as "sys-net". I did not change anything in my > >> "out-of-the-box" sys-net, so I presume that the observed behaviour is > >> common to all standard qubes installs. > >> Q: is it a wanted feature that all wireless networks immediately know > >> that I use qubes? I think that this is a bad idea, and that some "dummy > >> name" suggesting a standard linux system would be a better choice. > > You can change the dhcp-hostname in sys-net or disable sending it entirely. See the man pages for nm-settings and NetworkManager. Configuration files go in /etc/NetworkManager/conf.d/. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47NK8h1vHdz9rxK%40submission02.posteo.de.
