Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-07-29 09:28:51 -04:00
Code Issues Projects Releases Packages Wiki Activity

qubes update, pdf macro, last edited macro

Browse source
This commit is contained in:
anarsec 2023-07-08 17:35:15 +00:00
parent 27cbe3f4fd
commit 0dc607247e
No known key found for this signature in database
14 changed files with 38 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

13
content/posts/qubes/index.md
View file

@ -9,6 +9,7 @@ tags = ["intro", "linux", "windows", "qubes", "intermediate"]
[extra]
blogimage="/images/qubes-os.png"
toc=true
dateedit=2023-05-10
+++
Qubes OS is a security-oriented [operating system](/glossary#operating-system-os) (OS), meaning it is an operating system designed from the ground up to be more difficult to hack. This is achieved through [compartmentalization](https://www.qubes-os.org/faq/#how-does-qubes-os-provide-security), where each compartment is called a "qube" (using "virtual machines" — more on that below). All other Linux systems like [Tails](/tags/tails/) are *monolithic*, which means that if a hack succeeds anywhere on the system it can take over more easily. In Qubes OS, if one qube is compromised, the others remain safe. You can think of using Qubes OS as like having many different computers on your desk for different activities but with the convenience of a single physical machine, a single unified desktop environment, and a set of tools for using a number of different qubes together securely as parts of a unified system.
@ -26,7 +27,7 @@ Qubes OS is not quite another version of Linux. Rather, it is based on many "[vi
What is a virtual machine? [Virtualization](/glossary/#virtualization) is the process of running a virtual computer *inside* your computer. The virtual machine thinks it's a computer running on real hardware, but really it's running on abstracted hardware (software imitating hardware). Qubes OS uses a special program called a hypervisor to manage and run many of these virtual machines at once, on the same physical computer. To simplify things, virtual machines are referred to as qubes. Different operating systems like Debian, Whonix, Fedora, Windows, etc. can all run together simultaneously. The hypervisor strongly isolates each of the qubes from one another.
![desktop](r4.0-xfce.png)
![](r4.0-xfce.png)
At the risk of overwhelming you, here is an overview of how Qubes OS is structured. You don't need to memorize any of this to actually use Qubes OS, it can just be helpful to understand the outline of the system before getting started. Each rectangle represents a qube (that is, a virtual machine). Let's break it down.
@ -226,7 +227,7 @@ If your file is opening in a different application than what you require, you'll
6. Delete the file from the disposable Template (don't forget to empty the trash).
7. Shut down the disposable Template for the change to take effect.
For PDF files, right-clicking will also give the option **Convert To Trusted PDF**. This will sanitize the PDF file so that it can go from being untrusted to trusted. This is achieved by it being converted into images in a disposable, and cleaning the metadata.
For PDF files, right-clicking will also give the option **Convert To Trusted PDF**, and image files will give the option **Convert To Trusted Img**. This will sanitize the file so that it can go from being untrusted to trusted. This is achieved by it being converted into images in a disposable, and cleaning the metadata.
Particular types of files in an App qube can be set to be opened in a disposable by default. However, if I set PDF files to always open in a disposable, this is not failsafe - some files may end in `.pdf` but in reality be something else. [This guide](https://forum.qubes-os.org/t/opening-all-files-in-disposable-qube/4674) sets all file types to open in a disposable to mitigate this possibility. If you'd nonetheless like to set the default of only opening PDF files in a disposable, right-click a PDF and select **Open With Other Application → qvm-open-in-dvm**.
@ -248,7 +249,9 @@ To learn how to attach devices, we will format the empty USB or hard drive you w
4. Before removing the USB drive, first eject it using the Qubes Devices widget, which ejects it from the qube. Then go to **Applications menu → sys-usb → Files**, and select "Safely Remove Drive" to eject it from the computer.
There are command line instructions for using an [external keyboard](https://www.qubes-os.org/doc/usb-qubes/#manual-setup-for-usb-keyboards) or [mouse](https://www.qubes-os.org/doc/usb-qubes/#usb-mice). Webcams and microphones are considered devices, and must be attached to an App qube in order to use them.
Webcams and microphones are considered devices, and must be attached to an App qube in order to use them.
There are command line instructions for setting up an [external keyboard](https://www.qubes-os.org/doc/usb-qubes/#manual-setup-for-usb-keyboards) or [mouse](https://www.qubes-os.org/doc/usb-qubes/#usb-mice) - we recommend to configure a confirmation prompt. It is also recommended to enable a USB keyboard [on a dedicated USB controller](https://www.qubes-os.org/doc/usb-qubes/#qubes-41-how-to-enable-a-usb-keyboard-on-a-separate-usb-controller) to compartmentalize the use of peripherals.
You don't always need to attach a USB drive to another qube with the Qubes Devices widget - it will also be accessible from sys-usb directly, through the File Manager. You can [copy specific files](#how-to-copy-and-move-files) between the USB and another App qube without needing to attach the USB controller to the App qube. After the USB is ejected, restart sys-usb - since it's disposable, it does the job of sanitizing for another device.
@ -348,7 +351,9 @@ Qubes OS also applies proper software mitigation to this class of attacks at the
#### OPSEC for Memory Use
To address "future not-yet-identified vulnerabilities of this kind" on older hardware that is no longer receiving microcode updates, the OPSEC suggestion is to limit the presence of secrets in memory that could result in leaks. Every qube that is running is using memory, and a compromised qube could use such vulnerabilities to read and exfiltrate the memory being used by other qubes. Disposables will be reset after being shutdown, so we can assume that their compromise would likely be transient. Perform sensitive operations in qubes with no networking, and shutdown secure qubes when not in use. Pay attention to which qubes are running simultaneously:
* [vault qube](#how-to-organize-your-qubes): Do not run with an unlocked KeePassXC database at the same time as a highly-untrusted qube.
* [vault qube](#how-to-organize-your-qubes):
* Do not run an unlocked KeePassXC database at the same time as a highly-untrusted qube.
* Rather than having only one vault qube which stores all files (as described above), you can compartmentalize by having different vault qubes dedicated to specific activities (i.e. `vault-personal`, `vault-project1`, etc.). This means that if a networked qube is compromised while working on project1, [intentional sniffing](https://www.qubes-os.org/doc/data-leaks/) will not have potential access to all files, but only to those files that are compartmentalized for project1.
* sys-usb: Disposable. Only run when needed, and shutdown when finished.
* sys-net: Disposable. Only run when needed, and shutdown when finished. Shutdown when performing sensitive operations in other qubes, as far as possible. Restart before activities which require sys-net (i.e. email, ssh sessions, etc.).