VM Isolation post general improvements

This commit is contained in:
uranuspucksaxophone 2022-09-02 13:08:16 +02:00 committed by GitHub
parent 7caf2cb175
commit 8a16e855cc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -11,7 +11,7 @@ VM Isolation Guide
Credits: 0xTheFather Credits: 0xTheFather
As an alternate to using QubesOS, here is how one can properly setup isolation. This setup will provide proper isolation utilizing VMs and a secure host OS. This will provide increased security via isolation along with increased privacy with compartmentalization. As an alternate to using Qubes OS, here is how one can properly setup isolation. This setup will provide proper isolation utilizing VMs and a secure host OS. This will provide increased security via isolation along with increased privacy with compartmentalization.
Things needed for this setup: Things needed for this setup:
@ -24,7 +24,7 @@ Things needed for this setup:
Choosing the host OS is by far the most critical part of this setup. This host OS will need to have proper security updates and have the ability for increased hardening. Here are a few that would be recommended. Choosing the host OS is by far the most critical part of this setup. This host OS will need to have proper security updates and have the ability for increased hardening. Here are a few that would be recommended.
* [Fedora](https://getfedora.org/) * [Fedora](https://getfedora.org/)
* [Void Linux](https://voidlinux.org/) * [Void Linux](https://voidlinux.org/) (hardened musl build is higly recommended)
* [Arch](https://archlinux.org/) * [Arch](https://archlinux.org/)
* [PlagueOS](https://git.arrr.cloud/whichdoc/plagueos) (Hardened by default which makes it perfect for this setup) * [PlagueOS](https://git.arrr.cloud/whichdoc/plagueos) (Hardened by default which makes it perfect for this setup)
@ -38,7 +38,7 @@ Note: If you've chosen PlagueOS, many of these things will automatically be appl
After the host OS has been installed, it's now time to harden it. Depending on your distro, there will be slightly different techniques on hardening. General hardening ideas that apply to all distros are listed here: After the host OS has been installed, it's now time to harden it. Depending on your distro, there will be slightly different techniques on hardening. General hardening ideas that apply to all distros are listed here:
* UFW/IPTables * UFW / IPTables
* Fail2Ban * Fail2Ban
* Disable / tighten default SSH * Disable / tighten default SSH
* Kernel hardening * Kernel hardening
@ -81,4 +81,4 @@ The possibilities with this system are endless. You do what you want based upon
* Utilize VPNs to better compartmentalize your system * Utilize VPNs to better compartmentalize your system
* Using [PlagueOS](https://git.arrr.cloud/whichdoc/plagueos) as the host OS can provide many benefits because of the highly-hardened system, almost no additional hardening would be required and setup is easy. * Using [PlagueOS](https://git.arrr.cloud/whichdoc/plagueos) as the host OS can provide many benefits because of the highly-hardened system, almost no additional hardening would be required and setup is easy.
In the end, it is all up to the user based upon their needs. In the end, it is all up to the user based upon their needs.