From 4aea107130214ef223ad8f1fc501e5eb794ae382 Mon Sep 17 00:00:00 2001 From: deathrow Date: Wed, 31 Aug 2022 19:47:57 -0400 Subject: [PATCH 1/5] Add Brave and SearX onion links --- _items/tools.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/_items/tools.md b/_items/tools.md index 9e8d721..b814678 100644 --- a/_items/tools.md +++ b/_items/tools.md @@ -248,8 +248,9 @@ This information is often times sold to 3rd parties and given away to government They often show biased search results. Choose a better one here. - [DuckDuckGo](https://duckduckgo.com) -- [SearX](https://searx.me) -- [Brave Search](https://search.brave.com) +- [SearX](https://searx.space) + +- [Brave Search](https://search.brave.com)
From 22170eb52764efd888a5ee03393434525cf65345 Mon Sep 17 00:00:00 2001 From: deathrow Date: Wed, 31 Aug 2022 19:50:40 -0400 Subject: [PATCH 2/5] Added 'Links & Resoources' along with additional kernel instructions for kicksecure --- _information/QubesOS.md | 72 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 66 insertions(+), 6 deletions(-) diff --git a/_information/QubesOS.md b/_information/QubesOS.md index f1bd3dc..9555785 100644 --- a/_information/QubesOS.md +++ b/_information/QubesOS.md @@ -18,6 +18,11 @@ A collection of QubesOS-related information. - -\> *[Security](#debian-security)*
- -\> *[Fedora](#fedora)*
- -\> *[Upgrading Fedora](#upgrading-fedora)*
+ +-\>> [Links & Resources](#links--resources)
+ - -\> *[Guides](#guides)*
+ - -\> *[Wiki](#wiki)*
+
### Template Setup @@ -47,7 +52,7 @@ sudo apt update Installing packages ``` -sudo apt install qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git apt-transport-tor curl -y +sudo apt install qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git apt-transport-tor curl ``` Configuring git proxy @@ -60,6 +65,19 @@ git config --global http.proxy http://127.0.0.1:8082/ #### Debian Security + +``` +sudo apt-get install grub2 qubes-kernel-vm-support +``` + +``` +sudo apt-get -t bullseye-backports --no-install-recommends install linux-image-amd64 linux-headers-amd64 +``` + +``` +grub-install /dev/xvda +``` + Adding the Kicksecure repository: ``` @@ -84,7 +102,7 @@ sudo apt install --no-install-recommends kicksecure-qubes-cli Installing LKRG: ``` -sudo apt install --no-install-recommends lkrg-dkms linux-headers-amd64 +sudo apt install --no-install-recommends lkrg-dkms ``` @@ -117,7 +135,7 @@ sudo dnf update Installing packages ``` -sudo dnf install qubes-core-agent-passwordless-root qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git -y +sudo dnf install qubes-core-agent-passwordless-root qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git ``` Configuring git proxy @@ -134,13 +152,21 @@ Running in Dom0: ``` qvm-clone fedora-35 fedora-36 +``` +``` truncate -s 5GB /var/tmp/template-upgrade-cache.img +``` +``` qvm-run -a fedora-36 gnome-terminal +``` +``` dev=$(sudo losetup -f --show /var/tmp/template-upgrade-cache.img) +``` +``` qvm-block attach fedora-36 dom0:${dev##*/} ``` @@ -148,21 +174,55 @@ Running inside Fedora-36: ``` sudo mkfs.ext4 /dev/xvdi +``` +``` sudo mount /dev/xvdi /mnt/removable +``` +``` sudo dnf clean all +``` +``` sudo dnf --releasever=36--setopt=cachedir=/mnt/removable --best --allowerasing distro-sync - ``` Running inside Dom0: ``` qvm-shutdown fedora-36 - +``` +``` sudo losetup -d $dev +``` +``` rm /var/tmp/template-upgrade-cache.img -``` \ No newline at end of file +``` + +
+ +### Links & Resources + +- [Qubes for security auditing](https://forum.qubes-os.org/t/qubes-for-organizational-security-auditing-talk-notes/199) + +
+ +#### Guides + +- [Fully ephemeral dispvms](https://forum.qubes-os.org/t/fully-ephemeral-dispvms/12030) + +- [Opening all files in disposable qube](https://forum.qubes-os.org/t/opening-all-files-in-disposable-qube/4674) + +- [Kicksecure Guide](https://forum.qubes-os.org/t/guide-kicksecure-for-disp-sys/13324) + +
+ +#### Wiki + +- [Hardened-Kernel](https://www.kicksecure.com/wiki/Hardened-kernel) + +- [VM Fingerprinting](https://www.whonix.org/wiki/VM_Fingerprinting) + +- \ No newline at end of file From eea06f8b9415c1dd934d4c077bb3f4d01134d75f Mon Sep 17 00:00:00 2001 From: deathrow Date: Wed, 31 Aug 2022 20:38:01 -0400 Subject: [PATCH 3/5] Updated Guides URL --- _information/QubesOS.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_information/QubesOS.md b/_information/QubesOS.md index 9555785..074a433 100644 --- a/_information/QubesOS.md +++ b/_information/QubesOS.md @@ -217,6 +217,8 @@ rm /var/tmp/template-upgrade-cache.img - [Kicksecure Guide](https://forum.qubes-os.org/t/guide-kicksecure-for-disp-sys/13324) +- [QubesOS installation encrypted boot and header](https://forum.qubes-os.org/t/qubes-os-installation-detached-encrypted-boot-and-header/6205) +
#### Wiki From 0f73cab75d6ff4b3bd9a064b4d6a30c156b7e4bb Mon Sep 17 00:00:00 2001 From: deathrow Date: Wed, 31 Aug 2022 20:38:21 -0400 Subject: [PATCH 4/5] New communities section --- _information/Information.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/_information/Information.md b/_information/Information.md index 1bdf7ae..d36572f 100644 --- a/_information/Information.md +++ b/_information/Information.md @@ -17,6 +17,7 @@ A collection of links, articles, resources and more. [> [Main Collection](#main-collection)
- -\> *[News](#news)*
- -\> *[Articles](#articles)*
+ - -\> *[Communities](#communities)*
- -\> *[Products](#products)*
- -\> *[Projects](#projects)*
- -\> *[Research](#research)*
@@ -30,9 +31,10 @@ A collection of links, articles, resources and more. [ @@ -46,6 +48,17 @@ Articles and stories related to technology, security or privacy - [Hacking Police Body Cameras](https://www.wired.com/video/watch/hacking-police-body-cameras)
+## Communities + +A place for related various communities & media + + +- [PrivacyGuides](https://privacyguides.org) + +- [Privsec](https://privsec.dev) + +- [Privacy.do](https://privacy.do) + ## Products Items you can buy @@ -65,10 +78,6 @@ A list of interesting projects - [DEDA](https://github.com/dfd-tud/deda) -- [Privsec](https://privsec.dev) - -- [Privacy.do](https://privacy.do) -
## Research From 18c533adb66376e46de1a94afca0954f2b5662e7 Mon Sep 17 00:00:00 2001 From: deathrow Date: Thu, 1 Sep 2022 22:36:37 -0400 Subject: [PATCH 5/5] aranging various words and fixing certain letters along with adding new letters --- _items/Another guide.md | 79 ++++++++++++++++++----------------------- _items/Services.md | 5 ++- 2 files changed, 38 insertions(+), 46 deletions(-) diff --git a/_items/Another guide.md b/_items/Another guide.md index e06db88..45eb720 100644 --- a/_items/Another guide.md +++ b/_items/Another guide.md @@ -320,6 +320,8 @@ Due to the way QubesOS is built, requirements will be heavy. Recommend at *least* 16GB of RAM with plenty of storage. The official requirements can be found [here](https://www.qubes-os.org/doc/system-requirements/). +Note: QubesOS / Qubes generally refers to the operating system, and the term qube is used describe the individual "VMs". + Why should we use QubesOS? - It is commonly regarded as one of the most secure operating systems @@ -386,12 +388,16 @@ We also want our default qubes along with the default system qubes. #### Qubes Basic Setup +Visit the [Qubes notes](../qubes) page for other notes. + +#### Qube Basic Setup + As for networking, if you have a VPN service such as ProtonVPN, you are able to utilize ``qtunnel`` and setup multiple VPNs. For each of our VPN qubes, we will need a ``sys-firewall``. If you wanted a dedicated ``sys-dns``, there are several guides on this: - [qubes-dns](https://github.com/3hhh/qubes-dns) -- [Pihole qube](https://github.com/92VV3M42d3v8/PiHole) +- [Pihole qube](https://github.com/92VV3M42d3v8/PiHole) ``sys-net`` -> ``sys-firewall`` -> ``sys-vpn`` -> ``sys-firewall-vpn`` @@ -399,6 +405,27 @@ We will now create additional qubes for our use. - ``sys-net`` -> ``sys-firewall`` -> ``sys-firewall-email-personal`` -> ``personal-email`` - By placing the firewall here, this allows us to only whitelist internet traffic from specifically our email provider. +- ``sys-net`` -> ``sys-firewall`` -> ``sys-firewall-IN-vpn-us-1`` -> ``sys-vpn-us-1`` -> ``sys-firewall-vpn-us-1`` - This again gives us the ability to whitelist traffic from only the ``sys-vpn-us-1``. + +Each qube has the ability to utilize the built-in firewall rules. +Using a dedicated firewall qube is more secure. + +More: + +- ``personal-web`` - Web Traffic +- ``personal-email`` - Email +- ``personal-dvm`` - Disposable +- ``personal-random`` - Random Web +- ``personal-social`` - Social Activity +- ``sys-personal-vpn`` - VPN for only ``personal`` +- ``sys-firewall-personal`` - Firewall for only ``personal`` +- ``personal-vault`` - Vault VM for only ``personal`` + +This can be used for a wide variety of activities, not just specifically "personal". +Your setup should take heavy use of the ``sys-firewall`` VM. +We can utilize the firewall to help maintain compartmentalization among our system. +The firewall can be useful for preventing data leaks & sniffing along with enforcing VPN policies. +
#### Template Setup @@ -415,9 +442,7 @@ The official minimal templates are available: - Fedora - Debian - CentOS -- Gentoo - -For installing templates: +- GentooVPNs. dom0: ``` sudo qubes-dom0-update qubes-template---minimal @@ -432,10 +457,10 @@ qubes-usb-proxy qubes-gpg-split ``` -Fedora-35: +Fedora-36: ``` -sudo qubes-dom0-update qubes-template-fedora-35 +sudo qubes-dom0-update qubes-template-fedora-36 ``` Debian-11: @@ -484,41 +509,6 @@ Edit ``/etc/yum.repos.d/qubes-r[version].repo``, comment out the clearnet ``base
-#### Qube Basic Setup - -As for networking, if you have a VPN service such as ProtonVPN, you are able to utilize ``qtunnel`` and setup multiple VPNs. -For each of our VPN qubes, we will need a ``sys-firewall``. -If you wanted a dedicated ``sys-dns``, there are several guides on this: - -- [qubes-dns](https://github.com/3hhh/qubes-dns) -- [Pihole qube](https://github.com/92VV3M42d3v8/PiHole) - -``sys-net`` -> ``sys-firewall`` -> ``sys-vpn`` -> ``sys-firewall-vpn`` - -We will now create additional qubes for our use. - -- ``sys-net`` -> ``sys-firewall`` -> ``sys-firewall-email-personal`` -> ``personal-email`` - By placing the firewall here, this allows us to only whitelist internet traffic from specifically our email provider. - -- ``sys-net`` -> ``sys-firewall`` -> ``sys-firewall-IN-vpn-us-1`` -> ``sys-vpn-us-1`` -> ``sys-firewall-vpn-us-1`` - This again gives us the ability to whitelist traffic from only the ``sys-vpn-us-1``. - -More: - -- ``personal-web`` - Web Traffic -- ``personal-email`` - Email -- ``personal-dvm`` - Disposable -- ``personal-random`` - Random Web -- ``personal-social`` - Social Activity -- ``sys-personal-vpn`` - VPN for only ``personal`` -- ``sys-firewall-personal`` - Firewall for only ``personal`` -- ``personal-vault`` - Vault VM for only ``personal`` - -This can be used for a wide variety of activities, not just specifically "personal". -Your setup should take heavy use of the ``sys-firewall`` VM. -We can utilize the firewall to help maintain compartmentalization among our system. -The firewall can be useful for preventing data leaks & sniffing along with enforcing VPN policies. - -
- #### "Splitting" Let's startup by creating some basic qubes. @@ -697,7 +687,8 @@ Each of our aliases is going to need some sort of "story". We are not putting this story out to tell per say, but simply knowing basic information about our new alias would be important. Information including age, country, special food, and activities. We just need to make note of them, not giving any of this information away. -It's crucial to blend in, therefore some of this information may be used in conversation.Remember, each alias we create is different, therefore there should be absolutely no connection between any of them. +It's crucial to blend in, therefore some of this information may be used in conversation. +Remember, each alias we create is different, therefore there should be absolutely no connection between any of them. For each alias, you will need to "reset" your memory in a way. You must be able to organize information you know from all of your aliases. Grudges, friendships and other must not travel over, this is how you fail. @@ -839,8 +830,6 @@ There are a variety of tools to test your different browser configurations in a
- - --- ## __Secure Communications__ @@ -935,7 +924,7 @@ Something like this is recommended to have a backup clone and stored in a safe l
-[Faraday Pouch](https://wikiless.northboot.xyz/wiki/Faraday_cage) - This will block all radio waves and signals, which can ensure that absolutely connectionn is traveling out of your devices. +[Faraday Pouch](https://wikiless.northboot.xyz/wiki/Faraday_cage) - This will block all radio waves and signals, which can ensure that absolutely no connection is traveling out of your devices. It completely air-gaps the device. It's best to actually test this before you will need to actually use this. Connect to a bluetooth speaker while playing music, put the device into the bag and wait to see after the buffer for the music to stop. diff --git a/_items/Services.md b/_items/Services.md index 5ed7059..c6146a2 100644 --- a/_items/Services.md +++ b/_items/Services.md @@ -79,4 +79,7 @@ Password Policy: - At least 1 lowercase character -- At least 1 uppercase character \ No newline at end of file +- At least 1 uppercase character + +Due to how the Matrix protocol functions, metadata including your PfP, username, display name and device list will be sent to other servers if you are in a federated room. +An IP address is automatically assigned with each client, signing out will remove your IP from the client and from the database as well. \ No newline at end of file