Dev/VirusForget

From Kicksecure
< Dev
Jump to navigation Jump to search

deactivate malware after reboot from non-root compromise

similar to https://github.com/tasket/Qubes-VM-hardeningarchive.org but for any (Debian) Linux which is booted without root access

deactivate malware after reboot from non-root compromise

notes, scratch pad

features

  • run at boot before mounting /home
  • allow root to modify file and commit
  • file same as /etc/skel (root location) is ok
  • carantaine
  • delete
  • diff
  • init
  • commit
  • show
  • extra file
  • changed file
  • whitelisting of files such as for netvm
  • file by tag
  • qubes root compromise with protected root image /usr/local /rw
  • move anything not skel
  • after pam?
  • what if dotfile does not exist -> note to log that it does not exist
  • Don't bother with root protections in template or standalone.
  • Don't bother when root.
  • deploy
  • duplicate files for later diff

Because Tor Browser in home folder:

  • snapshot binaries with:
  • find . -executable -type f
  • upgrade mode to allow changing executables

command line interface:

  • --path
    • home folder can be in any location such as
    • --path /home/user
    • --path /rw/home/user
    • --path /path/to/chroot/folder/home/user
  • --simulate - do nothing but output what would be done
  • --protect - remove(?) important files after reboot
  • --unprotect - disable
  • --immutable - make important files immutable (cannot be written to)
  • --mutable
  • --reset-to-skel - reset important files as if created from /etc/skel
  • --skel /path/to/skel (default to /etc/skel)

considerations:

  • first boot
  • subsequent boot
  • what if new file gets added to config?

status:

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!