diff --git a/whonixqemuvms/4.png b/whonixqemuvms/4.png deleted file mode 100644 index a568818..0000000 Binary files a/whonixqemuvms/4.png and /dev/null differ diff --git a/whonixqemuvms/image-1.png b/whonixqemuvms/image-1.png new file mode 100644 index 0000000..9829952 Binary files /dev/null and b/whonixqemuvms/image-1.png differ diff --git a/whonixqemuvms/image-2.png b/whonixqemuvms/image-2.png new file mode 100644 index 0000000..1d0877c Binary files /dev/null and b/whonixqemuvms/image-2.png differ diff --git a/whonixqemuvms/image-3.png b/whonixqemuvms/image-3.png new file mode 100644 index 0000000..2fb0eca Binary files /dev/null and b/whonixqemuvms/image-3.png differ diff --git a/whonixqemuvms/image-4.png b/whonixqemuvms/image-4.png new file mode 100644 index 0000000..e9eba52 Binary files /dev/null and b/whonixqemuvms/image-4.png differ diff --git a/whonixqemuvms/image-5.png b/whonixqemuvms/image-5.png new file mode 100644 index 0000000..cbefa96 Binary files /dev/null and b/whonixqemuvms/image-5.png differ diff --git a/whonixqemuvms/image-6.png b/whonixqemuvms/image-6.png new file mode 100644 index 0000000..c927041 Binary files /dev/null and b/whonixqemuvms/image-6.png differ diff --git a/whonixqemuvms/image.png b/whonixqemuvms/image.png new file mode 100644 index 0000000..830a652 Binary files /dev/null and b/whonixqemuvms/image.png differ diff --git a/whonixqemuvms/index.md b/whonixqemuvms/index.md index 1e0ba2d..08d0376 100644 --- a/whonixqemuvms/index.md +++ b/whonixqemuvms/index.md @@ -1,16 +1,16 @@ --- author: nihilist -date: 2024-03-10 +date: 2025-05-24 gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/93" xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8 tags: - Core Tutorial --- -# Whonix QEMU Setup +# Anonymous VM Setup - Whonix QEMU VMs ![](0.png) -Whonix is an open-source OS made specifically for general anonymous activities. In this tutorial we're going to set it up using the QEMU virtualization setup we installed previously. +Whonix is an open-source OS made specifically for general anonymous activities, which has been built with hardening in mind. In this tutorial we're going to set it up using the [QEMU virtualization](../hypervisorsetup/index.md) setup we installed previously. ## _OPSEC Recommendations:_ @@ -89,13 +89,13 @@ So now we have the qcow2 files (take note that it can), so we can proceed follow [ 10.0.2.2/24 ] [ nowhere ] [VAULT/VMs] → cat Whonix-Gateway-XFCE-17.0.3.0.xml | grep VAULT - <****source file='/mnt/VAULT/VMs/Whonix-Gateway-XFCE-17.0.3.0.Intel_AMD64.qcow2'/> + [ 10.0.2.2/24 ] [ nowhere ] [VAULT/VMs] → vim Whonix-Workstation-XFCE-17.0.3.0.xml [ 10.0.2.2/24 ] [ nowhere ] [VAULT/VMs] - → cat Whonix-Workstation-XFCE-17.0.3.0.xml | grep VAULT <****source file='/mnt/VAULT/VMs/Whonix-Workstation-XFCE-17.0.3.0.Intel_AMD64.qcow2'/> + → cat Whonix-Workstation-XFCE-17.0.3.0.xml | grep VAULT @@ -143,11 +143,11 @@ make sure you give them 4gb of RAM before launching them, then launch them: [nihilist@nowhere VMs]$ cat Whonix-Gateway.xml | grep KiB - <****memory dumpCore="off" unit="KiB">2097152 - <****currentMemory unit="KiB">2097152 + 2097152 + 2097152 [nihilist@nowhere VMs]$ cat Whonix-Workstation.xml | grep KiB - <****memory dumpCore="off" unit="KiB">4194304 - <****currentMemory unit="KiB">4194304 + 4194304 + 4194304 @@ -232,22 +232,39 @@ You can run it like so: ## **Basic Whonix Usage** -So now you can compatmentalize your anonymous usage in a separate VM by using the tor browser there, along with keepass and monero: - -You can open Onion Circuits on the gateway VM to view the tor connections being built up in real time like so : +On the Whonix Gateway VM you can open Onion Circuits on the gateway VM to view the tor connections being built up in real time like so : ![](3.png) -And inside the Workstation VM you can browse Tor, and use Keepass just like in the [previous tutorial](../torbrowsing/index.md): +And inside the Workstation VM you can browse the web using the Tor browser just like in the [previous tutorial](../torbrowsing/index.md): -![](4.png) +![alt text](image-1.png) -you can also use monero (take note that the default sudo password in whonix is "changeme", so don't forget to change it): - - - [workstation user ~]% passwd - [workstation user ~]% sudo apt install monero -y - [workstation user ~]% monero-wallet-cli - - +## Whonix Hardening Features +If you try to run sudo commands from inside the user account you'll see that it's not possible, which is intentional, [here's why](https://www.kicksecure.com/wiki/Dev/Strong_Linux_User_Account_Isolation): + +![alt text](image-2.png) + +To go around that issue you need to reboot the Workstation VM, to boot into persistent mode, into the sysmaint user: + +![alt text](image.png) + +This is where you'll be able to run sudo commands: + +![alt text](image-3.png) + +For example we install neofetch to display the system specs: + +![alt text](image-4.png) + +```sh +[workstation root ~]# reboot now +``` +![alt text](image-6.png) + +Then, after rebooting into the regular user mode, we see that neofetch is installed as intended: + +![alt text](image-5.png) + +And thats it! you now have a VM ready to be used for your Anonymous activities, \ No newline at end of file