mirror of
http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts.git
synced 2025-06-08 05:19:37 +00:00
fix whonixqemuvms tutorial
This commit is contained in:
nihilist
parent
c20213f5db
commit
299c4a29d5
9 changed files with 39 additions and 22 deletions
|
|
@ -1,16 +1,16 @@
|
|||
---
|
||||
author: nihilist
|
||||
date: 2024-03-10
|
||||
date: 2025-05-24
|
||||
gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/93"
|
||||
xmr: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
|
||||
tags:
|
||||
- Core Tutorial
|
||||
---
|
||||
# Whonix QEMU Setup
|
||||
# Anonymous VM Setup - Whonix QEMU VMs
|
||||
|
||||
|
||||
|
||||
Whonix is an open-source OS made specifically for general anonymous activities. In this tutorial we're going to set it up using the QEMU virtualization setup we installed previously.
|
||||
Whonix is an open-source OS made specifically for general anonymous activities, which has been built with hardening in mind. In this tutorial we're going to set it up using the [QEMU virtualization](../hypervisorsetup/index.md) setup we installed previously.
|
||||
|
||||
## _OPSEC Recommendations:_
|
||||
|
||||
|
|
@ -89,13 +89,13 @@ So now we have the qcow2 files (take note that it can), so we can proceed follow
|
|||
|
||||
[ 10.0.2.2/24 ] [ nowhere ] [VAULT/VMs]
|
||||
→ cat Whonix-Gateway-XFCE-17.0.3.0.xml | grep VAULT
|
||||
<****source file='/mnt/VAULT/VMs/Whonix-Gateway-XFCE-17.0.3.0.Intel_AMD64.qcow2'/>
|
||||
<source file='/mnt/VAULT/VMs/Whonix-Gateway-XFCE-17.0.3.0.Intel_AMD64.qcow2'/>
|
||||
|
||||
[ 10.0.2.2/24 ] [ nowhere ] [VAULT/VMs]
|
||||
→ vim Whonix-Workstation-XFCE-17.0.3.0.xml
|
||||
|
||||
[ 10.0.2.2/24 ] [ nowhere ] [VAULT/VMs]
|
||||
→ cat Whonix-Workstation-XFCE-17.0.3.0.xml | grep VAULT <****source file='/mnt/VAULT/VMs/Whonix-Workstation-XFCE-17.0.3.0.Intel_AMD64.qcow2'/>
|
||||
→ cat Whonix-Workstation-XFCE-17.0.3.0.xml | grep VAULT <source file='/mnt/VAULT/VMs/Whonix-Workstation-XFCE-17.0.3.0.Intel_AMD64.qcow2'/>
|
||||
|
||||
|
||||
|
||||
|
|
@ -143,11 +143,11 @@ make sure you give them 4gb of RAM before launching them, then launch them:
|
|||
|
||||
|
||||
[nihilist@nowhere VMs]$ cat Whonix-Gateway.xml | grep KiB
|
||||
<****memory dumpCore="off" unit="KiB">2097152
|
||||
<****currentMemory unit="KiB">2097152
|
||||
<memory dumpCore="off" unit="KiB">2097152
|
||||
<currentMemory unit="KiB">2097152
|
||||
[nihilist@nowhere VMs]$ cat Whonix-Workstation.xml | grep KiB
|
||||
<****memory dumpCore="off" unit="KiB">4194304
|
||||
<****currentMemory unit="KiB">4194304
|
||||
<memory dumpCore="off" unit="KiB">4194304
|
||||
<currentMemory unit="KiB">4194304
|
||||
|
||||
|
||||
|
||||
|
|
@ -232,22 +232,39 @@ You can run it like so:
|
|||
|
||||
## **Basic Whonix Usage**
|
||||
|
||||
So now you can compatmentalize your anonymous usage in a separate VM by using the tor browser there, along with keepass and monero:
|
||||
|
||||
You can open Onion Circuits on the gateway VM to view the tor connections being built up in real time like so :
|
||||
On the Whonix Gateway VM you can open Onion Circuits on the gateway VM to view the tor connections being built up in real time like so :
|
||||
|
||||
|
||||
|
||||
And inside the Workstation VM you can browse Tor, and use Keepass just like in the [previous tutorial](../torbrowsing/index.md):
|
||||
And inside the Workstation VM you can browse the web using the Tor browser just like in the [previous tutorial](../torbrowsing/index.md):
|
||||
|
||||
|
||||
|
||||
|
||||
you can also use monero (take note that the default sudo password in whonix is "changeme", so don't forget to change it):
|
||||
|
||||
|
||||
[workstation user ~]% passwd
|
||||
[workstation user ~]% sudo apt install monero -y
|
||||
[workstation user ~]% monero-wallet-cli
|
||||
|
||||
|
||||
## Whonix Hardening Features
|
||||
|
||||
If you try to run sudo commands from inside the user account you'll see that it's not possible, which is intentional, [here's why](https://www.kicksecure.com/wiki/Dev/Strong_Linux_User_Account_Isolation):
|
||||
|
||||
|
||||
|
||||
To go around that issue you need to reboot the Workstation VM, to boot into persistent mode, into the sysmaint user:
|
||||
|
||||
|
||||
|
||||
This is where you'll be able to run sudo commands:
|
||||
|
||||
|
||||
|
||||
For example we install neofetch to display the system specs:
|
||||
|
||||
|
||||
|
||||
```sh
|
||||
[workstation root ~]# reboot now
|
||||
```
|
||||
|
||||
|
||||
Then, after rebooting into the regular user mode, we see that neofetch is installed as intended:
|
||||
|
||||
|
||||
|
||||
And thats it! you now have a VM ready to be used for your Anonymous activities,
|
||||
Loading…
Add table
Add a link
Reference in a new issue