Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity
d8c7fbe205
qubes-doc/privacy/whonix-customize.md
Axon 73a546854a
Clean up and organize privacy pages 
* Logically organize the Whonix-related pages
* Move the VPN page to /configuration/
  * VPNs are used for more than just privacy, and many VPN setups and
    services either can't or don't claim to provide privacy.
* Remove `/privacy/` from URLs
  * These directory names are just for organizing the source pages,
    *unless* an actual page resides there. Since there is no
    /doc/privacy/ page, it's unnecessary and misleading to have this in
    the URLs. It also breaks uniformity, since none of the other pages
    have their informal group name in their URL (again, unless there's
    a page with that name).
2016-02-20 21:15:30 +00:00

2.8 KiB
Raw Blame History

layout title permalink redirect_from
doc Customizing Whonix /doc/whonix/customize/ /doc/privacy/customizing-whonix/

Customizing Whonix

There are numerous ways to customize your Whonix install. All require a degree of technical knowledge and comfort with the command line.

Enabling AppArmor

This is an optional security enhancement (for testers-only). If you're technical & interested, proceed, but do so at your own risk!

Note, if you want to use Tor bridges, AppArmor has been known in the past to cause problems with obfsproxy see this issue

You will want to complete the following instructions in both the Whonix-Gateway referred to in Qubes VM Manager as whonix-gw and the Whonix-Workstation or whonix-ws. You only need to apply these settings to the TemplateVMs before creating any template based VMs from these Whonix templates.

(This is because, since Qubes Q3, TemplateBasedVMs inherit the kernelopts setting of their TemplateVM.)

Configuring Whonix-Gateway

Launch the dom0 terminal app Konsole from your Qubes App Launcher. Then get a list of current kernel parameters.

qvm-prefs -l whonix-gw kernelopts

As of Qubes Q3 RC1, this will show: nopat

Keep those existing kernel parameters and add apparmor=1 security=apparmor by entering:

qvm-prefs -s whonix-gw kernelopts "nopat apparmor=1 security=apparmor"

When running the command to get a list of current kernel parameters again (just hit the arrow up key twice, so you don't have to type the command again).

qvm-prefs -l whonix-gw kernelopts

It should show the old and the new kernel parameters. For example:

nopat apparmor=1 security=apparmor

Once you started the VM, you can check if AppArmor is now active.

sudo aa-status --enabled ; echo $?

It should show: 0

Configuring Whonix-Workstation

In dom0 terminal Konsole, get a list of current kernel parameters.

qvm-prefs -l whonix-ws kernelopts

In current version of Qubes, this will show nopat as a response. To keep those existing kernel parameters and add apparmor=1 security=apparmor do the following:

qvm-prefs -s whonix-ws kernelopts "nopat apparmor=1 security=apparmor"

When running the command to get a list of current kernel parameters again (just hit the arrow up key twice, so you don't have to type the command again).

qvm-prefs -l whonix-ws kernelopts

It should show the old and the new kernel parameters. For example:

nopat apparmor=1 security=apparmor

Once you started the VM, you can check if AppArmor is now active by typing:

sudo aa-status --enabled ; echo $?

It should show: 0