Merge branch 'master' into master

This commit is contained in:
uranuspucksaxophone 2022-09-03 16:24:21 +02:00 committed by GitHub
commit 7df5e7b9d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 120 additions and 58 deletions

View File

@ -17,6 +17,7 @@ A collection of links, articles, resources and more. [<i class="fa fa-rss" aria-
-\>> [Main Collection](#main-collection) <br> -\>> [Main Collection](#main-collection) <br>
- -\> *[News](#news)* <br> - -\> *[News](#news)* <br>
- -\> *[Articles](#articles)* <br> - -\> *[Articles](#articles)* <br>
- -\> *[Communities](#communities)* <br>
- -\> *[Products](#products)* <br> - -\> *[Products](#products)* <br>
- -\> *[Projects](#projects)* <br> - -\> *[Projects](#projects)* <br>
- -\> *[Research](#research)* <br> - -\> *[Research](#research)* <br>
@ -30,9 +31,10 @@ A collection of links, articles, resources and more. [<i class="fa fa-rss" aria-
## News ## News
For news
- [China targeting human rights](https://www.technologyreview.com/2022/08/16/1057894/hackers-linked-to-china-have-been-targeting-human-rights-groups-for-years/) - [China targeting human rights](https://www.technologyreview.com/2022/08/16/1057894/hackers-linked-to-china-have-been-targeting-human-rights-groups-for-years/)
For news
<br> <br>
@ -46,6 +48,17 @@ Articles and stories related to technology, security or privacy
- [Hacking Police Body Cameras](https://www.wired.com/video/watch/hacking-police-body-cameras) - [Hacking Police Body Cameras](https://www.wired.com/video/watch/hacking-police-body-cameras)
<br> <br>
## Communities
A place for related various communities & media
- [PrivacyGuides](https://privacyguides.org) <button type="button" class="btn btn-xs btn-xs"><a href="http://eter4u55b667kuo72ntpm7ut54sa2mxmr22iqgzns4jw7boeox3qgyid.onion">Tor</a></button>
- [Privsec](https://privsec.dev)
- [Privacy.do](https://privacy.do)
## Products ## Products
Items you can buy Items you can buy
@ -65,10 +78,6 @@ A list of interesting projects
- [DEDA](https://github.com/dfd-tud/deda) - [DEDA](https://github.com/dfd-tud/deda)
- [Privsec](https://privsec.dev)
- [Privacy.do](https://privacy.do)
<br> <br>
## Research ## Research

View File

@ -18,6 +18,11 @@ A collection of Qubes OS-related information.
- -\> *[Security](#debian-security)* <br> - -\> *[Security](#debian-security)* <br>
- -\> *[Fedora](#fedora)* <br> - -\> *[Fedora](#fedora)* <br>
- -\> *[Upgrading Fedora](#upgrading-fedora)* <br> - -\> *[Upgrading Fedora](#upgrading-fedora)* <br>
-\>> [Links & Resources](#links--resources) <br>
- -\> *[Guides](#guides)* <br>
- -\> *[Wiki](#wiki)* <br>
<br> <br>
### Template Setup ### Template Setup
@ -47,7 +52,7 @@ sudo apt update
Installing packages Installing packages
``` ```
sudo apt install qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git apt-transport-tor curl -y sudo apt install qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git apt-transport-tor curl
``` ```
Configuring git proxy Configuring git proxy
@ -60,6 +65,19 @@ git config --global http.proxy http://127.0.0.1:8082/
#### Debian Security #### Debian Security
```
sudo apt-get install grub2 qubes-kernel-vm-support
```
```
sudo apt-get -t bullseye-backports --no-install-recommends install linux-image-amd64 linux-headers-amd64
```
```
grub-install /dev/xvda
```
Adding the Kicksecure repository: Adding the Kicksecure repository:
``` ```
@ -84,7 +102,7 @@ sudo apt install --no-install-recommends kicksecure-qubes-cli
Installing LKRG: Installing LKRG:
``` ```
sudo apt install --no-install-recommends lkrg-dkms linux-headers-amd64 sudo apt install --no-install-recommends lkrg-dkms
``` ```
@ -117,7 +135,7 @@ sudo dnf update
Installing packages Installing packages
``` ```
sudo dnf install qubes-core-agent-passwordless-root qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git -y sudo dnf install qubes-core-agent-passwordless-root qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git
``` ```
Configuring git proxy Configuring git proxy
@ -134,13 +152,21 @@ Running in Dom0:
``` ```
qvm-clone fedora-35 fedora-36 qvm-clone fedora-35 fedora-36
```
```
truncate -s 5GB /var/tmp/template-upgrade-cache.img truncate -s 5GB /var/tmp/template-upgrade-cache.img
```
```
qvm-run -a fedora-36 gnome-terminal qvm-run -a fedora-36 gnome-terminal
```
```
dev=$(sudo losetup -f --show /var/tmp/template-upgrade-cache.img) dev=$(sudo losetup -f --show /var/tmp/template-upgrade-cache.img)
```
```
qvm-block attach fedora-36 dom0:${dev##*/} qvm-block attach fedora-36 dom0:${dev##*/}
``` ```
@ -148,21 +174,55 @@ Running inside Fedora-36:
``` ```
sudo mkfs.ext4 /dev/xvdi sudo mkfs.ext4 /dev/xvdi
```
```
sudo mount /dev/xvdi /mnt/removable sudo mount /dev/xvdi /mnt/removable
```
```
sudo dnf clean all sudo dnf clean all
```
```
sudo dnf --releasever=36--setopt=cachedir=/mnt/removable --best --allowerasing distro-sync sudo dnf --releasever=36--setopt=cachedir=/mnt/removable --best --allowerasing distro-sync
``` ```
Running inside Dom0: Running inside Dom0:
``` ```
qvm-shutdown fedora-36 qvm-shutdown fedora-36
```
```
sudo losetup -d $dev sudo losetup -d $dev
```
```
rm /var/tmp/template-upgrade-cache.img rm /var/tmp/template-upgrade-cache.img
``` ```
<br>
### Links & Resources
- [Qubes for security auditing](https://forum.qubes-os.org/t/qubes-for-organizational-security-auditing-talk-notes/199)
<br>
#### Guides
- [Fully ephemeral dispvms](https://forum.qubes-os.org/t/fully-ephemeral-dispvms/12030)
- [Opening all files in disposable qube](https://forum.qubes-os.org/t/opening-all-files-in-disposable-qube/4674)
- [Kicksecure Guide](https://forum.qubes-os.org/t/guide-kicksecure-for-disp-sys/13324)
- [Qubes OS installation encrypted boot and header](https://forum.qubes-os.org/t/qubes-os-installation-detached-encrypted-boot-and-header/6205)
<br>
#### Wiki
- [Hardened-Kernel](https://www.kicksecure.com/wiki/Hardened-kernel) <button type="button" class="btn btn-xs btn-xs"><a href="http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/wiki/Hardened-kernel">Tor</a></button>
- [VM Fingerprinting](https://www.whonix.org/wiki/VM_Fingerprinting) <button type="button" class="btn btn-xs btn-xs"><a href="http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/wiki/VM_Fingerprinting">Tor</a></button>

View File

@ -322,6 +322,8 @@ The official requirements can be found [here](https://www.qubes-os.org/doc/syste
Why should we use Qubes OS? Why should we use Qubes OS?
Note: Qubes OS / Qubes generally refers to the operating system, and the term qube is used describe the individual "VMs".
- It is commonly regarded as one of the most secure operating systems - It is commonly regarded as one of the most secure operating systems
- Provides amazing potential for creativity - Provides amazing potential for creativity
- Still can be considered trusted even if a section is compromised - Still can be considered trusted even if a section is compromised
@ -386,12 +388,16 @@ We also want our default qubes along with the default system qubes.
#### Qubes Basic Setup #### Qubes Basic Setup
Visit the [Qubes notes](../qubes) page for other notes.
#### Qube Basic Setup
As for networking, if you have a VPN service such as ProtonVPN, you are able to utilize ``qtunnel`` and setup multiple VPNs. As for networking, if you have a VPN service such as ProtonVPN, you are able to utilize ``qtunnel`` and setup multiple VPNs.
For each of our VPN qubes, we will need a ``sys-firewall``. For each of our VPN qubes, we will need a ``sys-firewall``.
If you wanted a dedicated ``sys-dns``, there are several guides on this: If you wanted a dedicated ``sys-dns``, there are several guides on this:
- [qubes-dns](https://github.com/3hhh/qubes-dns) - [qubes-dns](https://github.com/3hhh/qubes-dns)
- [Pihole qube](https://github.com/92VV3M42d3v8/PiHole) - [Pihole qube](https://github.com/92VV3M42d3v8/PiHole)
``sys-net`` -> ``sys-firewall`` -> ``sys-vpn`` -> ``sys-firewall-vpn`` ``sys-net`` -> ``sys-firewall`` -> ``sys-vpn`` -> ``sys-firewall-vpn``
@ -399,6 +405,27 @@ We will now create additional qubes for our use.
- ``sys-net`` -> ``sys-firewall`` -> ``sys-firewall-email-personal`` -> ``personal-email`` - By placing the firewall here, this allows us to only whitelist internet traffic from specifically our email provider. - ``sys-net`` -> ``sys-firewall`` -> ``sys-firewall-email-personal`` -> ``personal-email`` - By placing the firewall here, this allows us to only whitelist internet traffic from specifically our email provider.
- ``sys-net`` -> ``sys-firewall`` -> ``sys-firewall-IN-vpn-us-1`` -> ``sys-vpn-us-1`` -> ``sys-firewall-vpn-us-1`` - This again gives us the ability to whitelist traffic from only the ``sys-vpn-us-1``.
Each qube has the ability to utilize the built-in firewall rules.
Using a dedicated firewall qube is more secure.
More:
- ``personal-web`` - Web Traffic
- ``personal-email`` - Email
- ``personal-dvm`` - Disposable
- ``personal-random`` - Random Web
- ``personal-social`` - Social Activity
- ``sys-personal-vpn`` - VPN for only ``personal``
- ``sys-firewall-personal`` - Firewall for only ``personal``
- ``personal-vault`` - Vault VM for only ``personal``
This can be used for a wide variety of activities, not just specifically "personal".
Your setup should take heavy use of the ``sys-firewall`` VM.
We can utilize the firewall to help maintain compartmentalization among our system.
The firewall can be useful for preventing data leaks & sniffing along with enforcing VPN policies.
<br> <br>
#### Template Setup #### Template Setup
@ -415,9 +442,7 @@ The official minimal templates are available:
- Fedora - Fedora
- Debian - Debian
- CentOS - CentOS
- Gentoo - GentooVPNs.
For installing templates:
dom0: dom0:
``` ```
sudo qubes-dom0-update qubes-template-<DISTRO_NAME>-<RELEASE_NUMBER>-minimal sudo qubes-dom0-update qubes-template-<DISTRO_NAME>-<RELEASE_NUMBER>-minimal
@ -432,10 +457,10 @@ qubes-usb-proxy
qubes-gpg-split qubes-gpg-split
``` ```
Fedora-35: Fedora-36:
``` ```
sudo qubes-dom0-update qubes-template-fedora-35 sudo qubes-dom0-update qubes-template-fedora-36
``` ```
Debian-11: Debian-11:
@ -484,41 +509,6 @@ Edit ``/etc/yum.repos.d/qubes-r[version].repo``, comment out the clearnet ``base
<br> <br>
#### Qube Basic Setup
As for networking, if you have a VPN service such as ProtonVPN, you are able to utilize ``qtunnel`` and setup multiple VPNs.
For each of our VPN qubes, we will need a ``sys-firewall``.
If you wanted a dedicated ``sys-dns``, there are several guides on this:
- [qubes-dns](https://github.com/3hhh/qubes-dns)
- [Pihole qube](https://github.com/92VV3M42d3v8/PiHole)
``sys-net`` -> ``sys-firewall`` -> ``sys-vpn`` -> ``sys-firewall-vpn``
We will now create additional qubes for our use.
- ``sys-net`` -> ``sys-firewall`` -> ``sys-firewall-email-personal`` -> ``personal-email`` - By placing the firewall here, this allows us to only whitelist internet traffic from specifically our email provider.
- ``sys-net`` -> ``sys-firewall`` -> ``sys-firewall-IN-vpn-us-1`` -> ``sys-vpn-us-1`` -> ``sys-firewall-vpn-us-1`` - This again gives us the ability to whitelist traffic from only the ``sys-vpn-us-1``.
More:
- ``personal-web`` - Web Traffic
- ``personal-email`` - Email
- ``personal-dvm`` - Disposable
- ``personal-random`` - Random Web
- ``personal-social`` - Social Activity
- ``sys-personal-vpn`` - VPN for only ``personal``
- ``sys-firewall-personal`` - Firewall for only ``personal``
- ``personal-vault`` - Vault VM for only ``personal``
This can be used for a wide variety of activities, not just specifically "personal".
Your setup should take heavy use of the ``sys-firewall`` VM.
We can utilize the firewall to help maintain compartmentalization among our system.
The firewall can be useful for preventing data leaks & sniffing along with enforcing VPN policies.
<br>
#### "Splitting" #### "Splitting"
Let's startup by creating some basic qubes. Let's startup by creating some basic qubes.
@ -697,7 +687,8 @@ Each of our aliases is going to need some sort of "story".
We are not putting this story out to tell per say, but simply knowing basic information about our new alias would be important. We are not putting this story out to tell per say, but simply knowing basic information about our new alias would be important.
Information including age, country, special food, and activities. Information including age, country, special food, and activities.
We just need to make note of them, not giving any of this information away. We just need to make note of them, not giving any of this information away.
It's crucial to blend in, therefore some of this information may be used in conversation.Remember, each alias we create is different, therefore there should be absolutely no connection between any of them. It's crucial to blend in, therefore some of this information may be used in conversation.
Remember, each alias we create is different, therefore there should be absolutely no connection between any of them.
For each alias, you will need to "reset" your memory in a way. For each alias, you will need to "reset" your memory in a way.
You must be able to organize information you know from all of your aliases. You must be able to organize information you know from all of your aliases.
Grudges, friendships and other must not travel over, this is how you fail. Grudges, friendships and other must not travel over, this is how you fail.
@ -839,8 +830,6 @@ There are a variety of tools to test your different browser configurations in a
<br> <br>
--- ---
## __Secure Communications__ ## __Secure Communications__
@ -935,7 +924,7 @@ Something like this is recommended to have a backup clone and stored in a safe l
<br> <br>
[Faraday Pouch](https://wikiless.northboot.xyz/wiki/Faraday_cage) - This will block all radio waves and signals, which can ensure that absolutely connectionn is traveling out of your devices. [Faraday Pouch](https://wikiless.northboot.xyz/wiki/Faraday_cage) - This will block all radio waves and signals, which can ensure that absolutely no connection is traveling out of your devices.
It completely air-gaps the device. It completely air-gaps the device.
It's best to actually test this before you will need to actually use this. It's best to actually test this before you will need to actually use this.
Connect to a bluetooth speaker while playing music, put the device into the bag and wait to see after the buffer for the music to stop. Connect to a bluetooth speaker while playing music, put the device into the bag and wait to see after the buffer for the music to stop.

View File

@ -79,4 +79,7 @@ Password Policy:
- At least 1 lowercase character - At least 1 lowercase character
- At least 1 uppercase character - At least 1 uppercase character
Due to how the Matrix protocol functions, metadata including your PfP, username, display name and device list will be sent to other servers if you are in a federated room.
An IP address is automatically assigned with each client, signing out will remove your IP from the client and from the database as well.

View File

@ -245,8 +245,9 @@ This information is often times sold to 3rd parties and given away to government
They often show biased search results. Choose a better one here. They often show biased search results. Choose a better one here.
- [DuckDuckGo](https://duckduckgo.com) <button type="button" class="btn btn-xs btn-xs"><a href="https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/">Tor</a></button> <button type="button" class="btn btn-xs btn-warning"><a href="https://help.duckduckgo.com/duckduckgo-help-pages/community/open-source/">Partially Closed-Source</a></button> - [DuckDuckGo](https://duckduckgo.com) <button type="button" class="btn btn-xs btn-xs"><a href="https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/">Tor</a></button> <button type="button" class="btn btn-xs btn-warning"><a href="https://help.duckduckgo.com/duckduckgo-help-pages/community/open-source/">Partially Closed-Source</a></button>
- [SearX](https://searx.me) - [SearX](https://searx.space) <button type="button" class="btn btn-xs btn-xs"><a href="searxspbitokayvkhzhsnljde7rqmn7rvoga6e4waeub3h7ug3nghoad.onion">Tor</a></button>
- [Brave Search](https://search.brave.com)
- [Brave Search](https://search.brave.com) <button type="button" class="btn btn-xs btn-xs"><a href="https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/">Tor</a></button>
<br> <br>