Qubes OS - Using Xen to Secure Linux
-
LinuxInsider gives us a look at Qubes OS which is a Xen distribution with integrated Fedora 18 for making highly secure desktops with total isolation between environments.
-
@Reid-Cooper This is pretty cool... and the first I've heard of it. Thanks for sharing.
-
Anybody using Qubes or have tried Qubes?
-
I've been using it for 3+ years and it's definitely come a long way. The last year has been very stable.
-
Awesome. Now I just have to find a decent laptop that it will install on. I was thinking about using an old laptop that I have at home, but its not in the HCL.
-
Wow, you found one old thread. I had no idea that this was even my thread till I looked at it!
-
Yeah I just realized that after replying.
-
This ranks high on the all time necropost lists here
-
Did a Google search the other day on the most secure or and Qubes was at the top. I tried to install it in Virtual box but had a problem with partitioning the drive.
Instead, I just may backup my laptop, install Qubes, and then restore windows as an AppVM, or its own domain.
-
@NerdyDad said in Qubes OS - Using Xen to Secure Linux:
Did a Google search the other day on the most secure or and Qubes was at the top. I tried to install it in Virtual box but had a problem with partitioning the drive.
Instead, I just may backup my laptop, install Qubes, and then restore windows as an AppVM, or its own domain.
I haven't tried with Windows yet, last a read there was no audio and limited GPU support. Also Windows isnt my idea of a secure desktop, no matter what it runs with, lol.
Would be interested to know how you fair though.
-
@bigbear said in Qubes OS - Using Xen to Secure Linux:
@NerdyDad said in Qubes OS - Using Xen to Secure Linux:
Did a Google search the other day on the most secure or and Qubes was at the top. I tried to install it in Virtual box but had a problem with partitioning the drive.
Instead, I just may backup my laptop, install Qubes, and then restore windows as an AppVM, or its own domain.
I haven't tried with Windows yet, last a read there was no audio and limited GPU support. Also Windows isnt my idea of a secure desktop, no matter what it runs with, lol.
Would be interested to know how you fair though.
Need Win10 for work. Can't go without that. Not totally concerned about audio though. I might attempt on a personal that isn't on the HCL and go from there.
-
Installed Qubes and is running. I like the concept but I kind of at the point of "Okay, what now?". I attempted to install the Brave browser and keep getting blocked. My best guess right now is outside firewall because we're not a Linux house at all. Attempted to do a Yum update and discovered that yum has been deprecated and is now going to DNF. WTF?
-
@NerdyDad said in Qubes OS - Using Xen to Secure Linux:
Installed Qubes and is running. I like the concept but I kind of at the point of "Okay, what now?". I attempted to install the Brave browser and keep getting blocked. My best guess right now is outside firewall because we're not a Linux house at all. Attempted to do a Yum update and discovered that yum has been deprecated and is now going to DNF. WTF?
DNF replaced YUM in the Fedora world a few releases ago.
YUM is ancient.
-
The DNF commands are essentially the same. The only one I've noticed a difference on was
yum localinstall package.rpm
. It's nowdnf install ./package.rpm
.And
yum-cron
is nowdnf-automatic
. That's about the only differences you see from a high level. -
One other thing that struck me. For some odd reason DNF usually requires the full path to do a
provides
search. So an easy way to fix that isdnf provides "*"/command
The asterisk is the wildcard for any path. So an example
[jhooks@megatron ~]$ sudo dnf provides "*"/nslookup Last metadata expiration check: 3:03:21 ago on Wed Mar 22 16:36:46 2017. bind-utils-32:9.10.4-2.P3.fc25.x86_64 : Utilities for querying DNS name servers Repo : @System bind-utils-32:9.10.4-2.P3.fc25.x86_64 : Utilities for querying DNS name servers Repo : fedora bind-utils-32:9.10.4-4.P6.fc25.x86_64 : Utilities for querying DNS name servers Repo : updates
-
So I was able to get passed dnf by discovering that once you connect it to the Internet that it reaches out and pulls the updates. Updates are pretty simple to manage, as long as you manage the vm appropriately.
All default VM's are updated and I am in the process of installing Kali. However, I have run into another problem. One of the reasons why I wanted Qubes was to be able to setup and learn CentOS & Freepbx, along with several other server systems. When I go to install a server, I receive anews error trying to create a templateVM or to make it a standalone. It doesn't have the specs for an x86_64 HVM.
Got any suggestions?
-
@NerdyDad What is the error that appears?
-
-
@NerdyDad You can't build it a standalone either?
-
@NerdyDad https://www.qubes-os.org/doc/building-non-fedora-template/ that's for creating your own template not that easy to create.
But it should let you build it as standalone and HVM
https://www.qubes-os.org/doc/hvm/@NerdyDad said in Qubes OS - Using Xen to Secure Linux:
One of the reasons why I wanted Qubes was to be able to setup and learn CentOS & Freepbx, along with several other server systems. When I go to install a server, I receive anews error trying to create a templateVM or to make it a standalone. It doesn't have the specs for an x86_64 HVM.
Instead of using Qubes, did you try just using a regular linux distro and using KVM with virt-manager.