Git-Mirrors/Qubes-VM-hardening
1
0
Fork 0
mirror of https://github.com/tasket/Qubes-VM-hardening.git synced 2024-10-01 06:35:42 -04:00
Code Issues Packages Projects Releases Wiki Activity
Fend off malware at Qubes VM startup
6 Commits 3 Branches 7 Tags 186 KiB
Shell 97%
JavaScript 2.1%
Makefile 0.9%
a8b44f1511
Go to file
tasket a8b44f1511 Update rc.local
2017-03-15 01:39:36 -04:00
rc.local Update rc.local 2017-03-15 01:39:36 -04:00
README.md Update README.md 2017-03-14 22:23:43 -04:00

README.md

Qubes-VM-hardening

Files for enhancing Qubes VM security and privacy

rc.local: Protect sh and bash init files

Placed in /etc/rc.local of a template VM, this makes the shell init files immutable so PATH and alias cannot be used to hijack commands like su and sudo. I combed the dash and bash docs to address all the user-writable files. Feel free to comment or create issue if you see an omission or other problem.

See also:

Enabling dom0 prompt for sudo

AppArmor Profiles