Dev/VirusForget

From Kicksecure
< Dev
Jump to navigation Jump to search


similar to https://github.com/tasket/Qubes-VM-hardening but for any (Debian) Linux which is booted without root access

deactivate malware after reboot from non-root compromise

notes, scratch pad

features

  • run at boot before mounting /home
  • allow root to modify file and commit
  • file same as /etc/skel (root location) is ok
  • carantaine
  • delete
  • diff
  • init
  • commit
  • show
  • extra file
  • changed file
  • whitelisting of files such as for netvm
  • file by tag
  • qubes root compromise with protected root image /usr/local /rw
  • move anything not skel
  • after pam?
  • what if dotfile does not exist -> note to log that it does not exist
  • Don't bother with root protections in template or standalone.
  • Don't bother when root.
  • deploy
  • duplicate files for later diff

Because Tor Browser in home folder:

  • snapshot binaries with:
  • find . -executable -type f
  • upgrade mode to allow changing executables

command line interface:

  • --path
    • home folder can be in any location such as
    • --path /home/user
    • --path /rw/home/user
    • --path /path/to/chroot/folder/home/user
  • --simulate - do nothing but output what would be done
  • --protect - remove(?) important files after reboot
  • --unprotect - disable
  • --immutable - make important files immutable (cannot be written to)
  • --mutable
  • --reset-to-skel - reset important files as if created from /etc/skel
  • --skel /path/to/skel (default to /etc/skel)

considerations:

  • first boot
  • subsequent boot
  • what if new file gets added to config?

status:


Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

Retrieved from "https://www.kicksecure.com/w/index.php?title=Dev/VirusForget&oldid=56425"