oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 06:46:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Labeled key points with <b>

Browse source
This commit is contained in:
prism_breaker 2024-12-18 09:55:07 +00:00
parent 19f554029d
commit 7d9a09aa76
2 changed files with 13 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

6
opsec/qubesos/index.html
View file

@ -63,7 +63,7 @@
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 00 / 00 / 00</ba></p>
<h1>Qubes OS guide </h1>
<p>Official site of Qubes OS <a href="https://www.qubes-os.org">https://www.qubes-os.org</a></p>
<p>When you land into this tutorial, I assume you already have some Linux experience, if not this might not be suitable for you, since Qubes OS is not very user-friendly. I recommend you to try some normal Linux distribution first <a href="../linux/index.html">How to Install Linux as a beginner</a></p>
<p>When you land into this tutorial, I assume you already have some Linux experience, if not this might not be suitable for you, since Qubes OS is <b>not very user-friendly</b>. I recommend you to try some normal Linux distribution first <a href="../linux/index.html">How to Install Linux as a beginner</a></p>
<p>Qubes OS is a very cutting edge OS that uses virtualization everywhere to compartmentalize your digital life. It is technically not a Linux distribution, it is built on Xen which is a type 1 hypervisor that runs on bare metal, <a href="https://en.wikipedia.org/wiki/Xen">https://en.wikipedia.org/wiki/Xen</a></p>
<p>First you have Xen hypervisor booted at startup, then you get separate VM for all of your activities. Because all of your activities are separated by VM, one of them get hacked will not compromise the security of your entire system. It is like manage your personal pc like a server, that is why Qubes OS is a highly secure OS if used correctly</p>
<p>If you want to dive into the tech details and concepts about Qubes, official document is the best place <a href="https://www.qubes-os.org/intro/">https://www.qubes-os.org/intro/</a></p>
@ -122,7 +122,7 @@ $ sudo blkid
<pre><code class="nim">
$ sudo dd if=file_name.iso of=/dev/sda status=progress
</code></pre>
<p>Warning: dd is a low level tool aka data destroyer, check the parameters carefully and make sure parameters behind "of" points towards your usb, otherwise it might nuke your computer !!!</p>
<p>Warning: dd is a low level tool aka <b>data destroyer</b>, check the parameters carefully and make sure parameters behind "of" points towards your usb, otherwise it might nuke your computer !!!</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
@ -155,7 +155,7 @@ $ sudo dd if=file_name.iso of=/dev/sda status=progress
<p>If you are installing on a fresh drive just check the three areas on the pictures</p>
<p>Next is to choose a disk encryption password, notice this is the password used to encrypt your disk and is the only thing protects you when FBI kicks your door, so make sure it is strong enough</p>
<img src="Screenshot From 2024-12-05 16-29-12.png" class="imgRz" style="width: 900px">
<p>Select "delete all" and "reclaim space", make sure you backed up everything!</p>
<p>Select "delete all" and "reclaim space", make sure you <b>backed up </b>everything!</p>
<img src="Screenshot From 2024-12-05 16-29-23.png" class="imgRz" style="width: 900px">
<p>Next create a user with password, this is the password you will use to unlock the screen</p>
<img src="Screenshot From 2024-12-05 16-29-33.png" class="imgRz" style="width: 900px">

18
opsec/qubesosnetwork/index.html
View file

@ -114,21 +114,21 @@
<p>1.sys-usb</p>
<img src="usb-qube.png" class="imgRz" style="width: 400px">
<p>A qube that did not connect to network, and is responsible for providing usb service only, if you have usb keyboard or mouse it might also proxy the input for you. In some circumstances when you have an usb wifi dongle it also becomes the factual network qube</p>
<p>A qube that did not connect to network, and is responsible for providing <b>usb service</b> only, if you have usb keyboard or mouse it might also proxy the input for you. In some circumstances when you have an usb wifi dongle it also becomes the factual network qube</p>
<p>This is installed by default and is a disposable vm</p>
<p>1.sys-net</p>
<img src="net-qube.png" class="imgRz" style="width: 400px">
<p>This is where everything starts, you need to passthrough your Ethernet adapter(wired or wireless) to a qube, and that qube will be used to as a first part in the network chain</p>
<p>Since it is directly in contact with network adapter and the routers, it should be considered as untrusted because it is exposed to a lot of uncertain stuff</p>
<p>It is installed by default and only intended to be used as a basic router and nothing else</p>
<p>It is installed by default and only intended to be used as a <b>basic router</b> and nothing else</p>
<p>2.sys-firewall</p>
<p>The qube that separate the rest of your network chain from the sys-net for better security, and it is also the qube that enforces firewall rules if you have vpn qube directly behind it.</p>
<p>The qube that separate the rest of your network chain from the sys-net for better security, and it is also the qube that <b>enforces firewall </b> rules if you have vpn qube directly behind it.</p>
<p>If you have any public identity it is best to directly connect it to sys-firewall, for example online banking</p>
<img src="firewall-qube.png" class="imgRz" style="width: 400px">
<p>Each qube can select its own network qube, if none is selected it will not have internet at all. sys-firewall here set sys-net as its network qube</p>
<img src="firewall-net.png" class="imgRz" style="width: 1200px">
<p>And any qube provides network service need to enable "provides network" in advanced tab below "Run in debug mode"</p>
<p>And any qube provides network service need to enable <b>provides network</b> in advanced tab below "Run in debug mode"</p>
<img src="firewall-service.png" class="imgRz" style="width: 1200px">
<p>Any qube directly connect to sys-firewall will have your home isp ip address, best suited for public activity, for example online banking</p>
<p>Let's go back to our qubes manager, click "New qube" in the top left corner</p>
@ -140,7 +140,7 @@
<img src="banking.png" class="imgRz" style="width: 1000px">
<p>3.vpn qube</p>
<p>A qube setup with vpn profile, redirect all the traffic to your designated vpn server. Ideal for providing a pseudonymous identity. If applied with firewall rules it can be guaranteed leakproof</p>
<p>A qube setup with vpn profile, redirect all the traffic to your designated vpn server. Ideal for providing a <b>pseudonymous</b> identity. If applied with firewall rules it can be guaranteed leakproof</p>
<p>Qubes OS works fine with wireguard and openvpn cli programs, but for vpn vendor's own gui there might be problems, sometimes those apps break the dns setup in qubes</p>
<p>Mullvad has a very detailed tutorial on how to setup a vpn qube <a href="https://mullvad.net/en/help/wireguard-on-qubes-os">https://mullvad.net/en/help/wireguard-on-qubes-os</a>. However, iptables mentioned in it is already deprecated by Qubes, but it still works without DNS hijack config.</p>
<img src="vpn-qube.png" class="imgRz" style="width: 400px">
@ -152,7 +152,7 @@
<img src="torrent_vm.png" class="imgRz" style="width: 1000px">
<p>First give it a name called "torrent", and I personally prefer this is a medium trust score, so it is given a yellow tag.</p>
<p>We still leave it as appvm, and choose template as debian, since this is the template we just installed transmission</p>
<p>Most importantly set the networking to vpn qube you just setup, if you do not want DMCA notice get sent to your home. Then click ok the qube will be created</p>
<p>Most importantly set the networking to <b>vpn qube</b> you just setup, if you do not want DMCA notice get sent to your home. Then click ok the qube will be created</p>
<p>For accessing transmission app easily, we will add the transmission app into our "Q" menu which is in the top left corner</p>
<p>Right click the torrent qube in the manager, choose "settings", and choose "application"</p>
<img src="torrent_transmission.png" class="imgRz" style="width: 1000px">
@ -162,7 +162,7 @@
<p>4.whonix qubes</p>
<p>Whonix is the best part of qubes, it makes tor very easy to use. Whonix qubes consists of two parts, first is whonix gateway, which onionize all the network traffic behind it. Whonix workstation is a workstation specifically tuned for anonymity, and is usually disposable for increased security</p>
<p>You can also hook up other non workstation qubes behind whonix gateway in rare circumstances, for example a windows qube, but you should be careful and should have a specialized gateway qube only for this.</p>
<p>This is the ideal place for all the high risk activities like all the darknet stuff</p>
<p>This is the ideal place for all the high risk activities like all the <b>darknet</b> stuff</p>
<p>You might choose to whether or not to put whonix gateway behind a vpn</p>
<img src="whonix-qube.png" class="imgRz" style="width: 400px">
<p>Here we use whonix workstation to access tor.taxi for exploring the darknet</p>
@ -198,10 +198,12 @@
<p>First we created a test file called "new_file"</p>
<img src="file_await_transfer.png" class="imgRz" style="width: 1000px">
<p>Then we use "qvm-copy" command, and choose "banking" vm in the dom0 prompt.</p>
<code>qvm-copy new_file</code>
<p></p>
<img src="copy_destination.png" class="imgRz" style="width: 1000px">
<p>Then you can see the new_file in banking vm</p>
<img src="file_arrived.png" class="imgRz" style="width: 1000px">
<p>Files from other VM are all located inside ~/QubesIncoming </p>
<p>Files from other VM are all located inside <b>~/QubesIncoming</b> </p>
<p>Other stuff are inside the official document, no need to rebuild the wheels again</p>
<p><a href="https://www.qubes-os.org/doc/getting-started/">All the qubes "how to" guide</a></p>