Virtualisation setup
Next we do not virtualize anything using closed-source software like VMWare Workstation or else. We use QEMU/KVM with virt-manager, which is an open source hypervisor:
@@ -149,15 +114,23 @@ sudo systemctl enable --now libvirtd
[user ~]%:~# sudo usermod -a -G libvirt user
[user ~]%:~# sudo usermod -a -G kvm user
+Next we're going to use vim (which is a terminal-based text editor) to edit the libvirtd config files, that is to make sure that we can create and edit vms without requiring to type the admin password every time. From inside vim you need to press i to enter insert mode (to be able to actually edit the file contents), then you can edit the mentionned lines to mention the libvirt group and the "user" username, then press ESC to exit insert mode, and then type :wq to save your edits and exit the config files:
+
[user ~]%:~# sudo vim /etc/libvirt/libvirtd.conf
-[user ~]%:~# cat /etc/libvirt/libvirtd.conf | grep sock_group
+
unix_sock_group = "libvirt"
unix_sock_rw_perms = "0770"
-[user ~]%:~# cat /etc/libvirt/qemu.conf
+:wq
+
+[user ~]%:~# sudo vim /etc/libvirt/qemu.conf
+
group = "libvirt"
user = "user"
+:wq
+
[user ~]%:~# systemctl restart libvirtd.service
[user ~]%:~# virt-manager
@@ -177,6 +150,7 @@ user = "user"
[user ~]%:~$ sudo chown nihilist:libvirt -R VMs
[user ~]%:~$ sudo chown nihilist:libvirt -R ISOs
+
Then you can add the file directories in virt-manager like so:
diff --git a/opsec/index.html b/opsec/index.html index f58f255..5c9e431 100644 --- a/opsec/index.html +++ b/opsec/index.html @@ -184,7 +184,6 @@
π§ Serverside - Anonymous Hidden Services
diff --git a/opsec/linux/index.html b/opsec/linux/index.html index ee9b7fc..d06903f 100644 --- a/opsec/linux/index.html +++ b/opsec/linux/index.html @@ -177,6 +177,16 @@
And that's it! Bob has managed to get privacy from Microsoft's constant surveillance by replacing Windows with a Linux distribution.
+
Emergency Reboot Scenario
-
--the authorities are busting down your door, you see them coming
--you immediately press the right control key
--the computer immediately wipes all the ram contents and reboots
--as the computer is restarting, all forensic traces relating to the existance of the veracrypt hidden volume have been erased.
-
--the adversary pins you down and handcuffs you
--the adversary opens up the computer, dumps liquid nitrogen on the ramsticks, then takes them out to store them safely and takes out the harddrives (the system drive and the non-system harddrive)
-
-As explained higher up in this tutorial, you're going to have to test your emergency reboot procedure a few times to make sure it works but also to get used to it, because when there's going to be a real emergency, you're going to need perform that emergency reboot procedure in a split second.
So let's showcase how to do it. First setup the context, booting from the Host OS in live mode:
