From 22170eb52764efd888a5ee03393434525cf65345 Mon Sep 17 00:00:00 2001 From: deathrow Date: Wed, 31 Aug 2022 19:50:40 -0400 Subject: [PATCH] Added 'Links & Resoources' along with additional kernel instructions for kicksecure --- _information/QubesOS.md | 72 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 66 insertions(+), 6 deletions(-) diff --git a/_information/QubesOS.md b/_information/QubesOS.md index f1bd3dc..9555785 100644 --- a/_information/QubesOS.md +++ b/_information/QubesOS.md @@ -18,6 +18,11 @@ A collection of QubesOS-related information. - -\> *[Security](#debian-security)*
- -\> *[Fedora](#fedora)*
- -\> *[Upgrading Fedora](#upgrading-fedora)*
+ +-\>> [Links & Resources](#links--resources)
+ - -\> *[Guides](#guides)*
+ - -\> *[Wiki](#wiki)*
+
### Template Setup @@ -47,7 +52,7 @@ sudo apt update Installing packages ``` -sudo apt install qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git apt-transport-tor curl -y +sudo apt install qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git apt-transport-tor curl ``` Configuring git proxy @@ -60,6 +65,19 @@ git config --global http.proxy http://127.0.0.1:8082/ #### Debian Security + +``` +sudo apt-get install grub2 qubes-kernel-vm-support +``` + +``` +sudo apt-get -t bullseye-backports --no-install-recommends install linux-image-amd64 linux-headers-amd64 +``` + +``` +grub-install /dev/xvda +``` + Adding the Kicksecure repository: ``` @@ -84,7 +102,7 @@ sudo apt install --no-install-recommends kicksecure-qubes-cli Installing LKRG: ``` -sudo apt install --no-install-recommends lkrg-dkms linux-headers-amd64 +sudo apt install --no-install-recommends lkrg-dkms ``` @@ -117,7 +135,7 @@ sudo dnf update Installing packages ``` -sudo dnf install qubes-core-agent-passwordless-root qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git -y +sudo dnf install qubes-core-agent-passwordless-root qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git ``` Configuring git proxy @@ -134,13 +152,21 @@ Running in Dom0: ``` qvm-clone fedora-35 fedora-36 +``` +``` truncate -s 5GB /var/tmp/template-upgrade-cache.img +``` +``` qvm-run -a fedora-36 gnome-terminal +``` +``` dev=$(sudo losetup -f --show /var/tmp/template-upgrade-cache.img) +``` +``` qvm-block attach fedora-36 dom0:${dev##*/} ``` @@ -148,21 +174,55 @@ Running inside Fedora-36: ``` sudo mkfs.ext4 /dev/xvdi +``` +``` sudo mount /dev/xvdi /mnt/removable +``` +``` sudo dnf clean all +``` +``` sudo dnf --releasever=36--setopt=cachedir=/mnt/removable --best --allowerasing distro-sync - ``` Running inside Dom0: ``` qvm-shutdown fedora-36 - +``` +``` sudo losetup -d $dev +``` +``` rm /var/tmp/template-upgrade-cache.img -``` \ No newline at end of file +``` + +
+ +### Links & Resources + +- [Qubes for security auditing](https://forum.qubes-os.org/t/qubes-for-organizational-security-auditing-talk-notes/199) + +
+ +#### Guides + +- [Fully ephemeral dispvms](https://forum.qubes-os.org/t/fully-ephemeral-dispvms/12030) + +- [Opening all files in disposable qube](https://forum.qubes-os.org/t/opening-all-files-in-disposable-qube/4674) + +- [Kicksecure Guide](https://forum.qubes-os.org/t/guide-kicksecure-for-disp-sys/13324) + +
+ +#### Wiki + +- [Hardened-Kernel](https://www.kicksecure.com/wiki/Hardened-kernel) + +- [VM Fingerprinting](https://www.whonix.org/wiki/VM_Fingerprinting) + +- \ No newline at end of file