mirror of https://github.com/ben-grande/qusal.git synced 2024-10-01 02:35:49 -04:00

History

Ben Grande 56a4296421 fix: skip YUM weak dependencies installation Fixes: https://github.com/ben-grande/qusal/issues/96		2024-08-16 14:03:58 +02:00
..
files	fix: enforce https on repository installation	2024-05-16 18:57:59 +02:00
clone.sls	chore: copyright update	2024-01-29 16:49:54 +01:00
clone.top	chore: copyright update	2024-01-29 16:49:54 +01:00
create.sls	fix: remove cacher tag from Kicksecure template	2024-06-22 12:14:36 +02:00
create.top	chore: copyright update	2024-01-29 16:49:54 +01:00
init.top	chore: copyright update	2024-01-29 16:49:54 +01:00
install-developers.sls	fix: skip YUM weak dependencies installation	2024-08-16 14:03:58 +02:00
install-developers.top	fix: less intrusive kicksecure default install	2024-02-01 17:40:26 +01:00
install-repo.sls	chore: copyright update	2024-01-29 16:49:54 +01:00
install-repo.top	chore: copyright update	2024-01-29 16:49:54 +01:00
install.sls	fix: skip YUM weak dependencies installation	2024-08-16 14:03:58 +02:00
install.top	chore: copyright update	2024-01-29 16:49:54 +01:00
kernel-default.sls	fix: vm kernel only applies to developers	2024-02-03 20:58:28 +01:00
kernel-default.top	fix: vm kernel only applies to developers	2024-02-03 20:58:28 +01:00
kernel-hvm.sls	fix: vm kernel only applies to developers	2024-02-03 20:58:28 +01:00
kernel-hvm.top	fix: vm kernel only applies to developers	2024-02-03 20:58:28 +01:00
kernel-pv.sls	fix: skip YUM weak dependencies installation	2024-08-16 14:03:58 +02:00
kernel-pv.top	fix: vm kernel only applies to developers	2024-02-03 20:58:28 +01:00
README.md	doc: lint markdown files	2024-07-04 17:27:31 +02:00
template.jinja	chore: copyright update	2024-01-29 16:49:54 +01:00
version	fix: generate RPM Specs for Qubes Builder V2	2024-06-21 17:00:06 +02:00

README.md

kicksecure-minimal

Kicksecure Minimal Template in Qubes OS.

Description
Installation
- Kicksecure Developers Installation
Usage
- Kicksecure Developers Usage

Description

Creates the Kicksecure Minimal template as well as a Disposable Template based on it.

Installation

Top:

sudo qubesctl top.enable kicksecure-minimal
sudo qubesctl --targets=kicksecure-17-minimal state.apply
sudo qubesctl top.disable kicksecure-minimal

State:

sudo qubesctl state.apply kicksecure-minimal.create
sudo qubesctl --skip-dom0 --targets=kicksecure-17-minimal state.apply kicksecure-minimal.install

Kicksecure Developers Installation

If you want to help improve Kicksecure integration on Qubes, install packages that are known to be broken on Qubes and can break the boot of the Kicksecure Qube, to report bugs upstream (get a terminal with qvm-console-dispvm):

sudo qubesctl --skip-dom0 --targets=kicksecure-17-minimal state.apply kicksecure-minimal.install-developers

Choose the kernel according to the virt_mode you want for the template:

hvm:

sudo qubesctl state.apply kicksecure-minimal.kernel-hvm

pvh:

sudo qubesctl state.apply kicksecure-minimal.kernel-pv

Dom0 provided kernel (resets virt_mode to pvh):

sudo qubesctl state.apply kicksecure-minimal.kernel-default

Usage

AppVMs and StandaloneVMs can be based on this template.

Kicksecure Developers Usage

This is intended for Kicksecure Developers to test known to be broken hardening measures. It is not intended for other developers or users.

After you have ran the developers SaltFile, when reporting bugs upstream, share the following information of the customizations made by this formula:

hardened-malloc:

libhardened_malloc.so

hide-hardware-info:

sysfs_whitelist=0
cpuionfo_whitelist=0

permission-hardener:

whitelists_disable_all=true