Dev/VirusForget
< Dev
Jump to navigation
Jump to search
similar to https://github.com/tasket/Qubes-VM-hardening but for any (Debian) Linux which is booted without root access
deactivate malware after reboot from non-root compromise
notes, scratch pad
features
- run at boot before mounting /home
- allow root to modify file and commit
- file same as /etc/skel (root location) is ok
- carantaine
- delete
- diff
- init
- commit
- show
- extra file
- changed file
- whitelisting of files such as for netvm
- file by tag
- qubes root compromise with protected root image /usr/local /rw
- move anything not skel
- after pam?
- what if dotfile does not exist -> note to log that it does not exist
- Don't bother with root protections in template or standalone.
- Don't bother when root.
- deploy
- duplicate files for later diff
Because Tor Browser in home folder:
- snapshot binaries with:
- find . -executable -type f
- upgrade mode to allow changing executables
command line interface:
- --path
- home folder can be in any location such as
- --path /home/user
- --path /rw/home/user
- --path /path/to/chroot/folder/home/user
- --simulate - do nothing but output what would be done
- --protect - remove(?) important files after reboot
- --unprotect - disable
- --immutable - make important files immutable (cannot be written to)
- --mutable
- --reset-to-skel - reset important files as if created from /etc/skel
- --skel /path/to/skel (default to /etc/skel)
considerations:
- first boot
- subsequent boot
- what if new file gets added to config?
status:
- rewrite started, stalled for now
Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.