oxeo0/opsec-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts.git synced 2025-06-08 05:19:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix stuff

Browse source
This commit is contained in:
nihilist 2025-05-29 19:03:51 +02:00
parent 7739e73322
commit 9a415258f4
84 changed files with 313 additions and 191 deletions
Download patch file Download diff file Expand all files Collapse all files

43
whonix_hiddenservice/index.md
View file

@ -19,6 +19,10 @@ Since the goal of self-hosting hidden services is to avoid revealing your home I
## Targeted Setup:
![](../context/anon_self.png)
Our targeted setup depends on a [previous tutorial](../whonixqemuvms/index.md), to setup the whonix QEMU Vms you can follow the same steps as we detailed on the clientside.
![alt text](image.png)
For this targeted setup, we're going to re-use a set of QEMU Whonix VMs on our homeserver, the nginx service with the local website are going to sit on the whonix workstation, meanwhile the actual Tor daemon will remain on the Whonix Gateway. We're going to follow the [official whonix documentation](https://www.whonix.org/wiki/Onion_Services#Hidden_Webserver) to do this setup.
@ -119,4 +123,41 @@ And it works! Now let's reboot the whonix workstation back into user mode since
After rebooting the whonix workstation we see that it is still accessible as intended!
The point of going back into the regular user mode is that in case if the service were to get hacked, the whonix hardening features are going to make it impossible for the attacker to do anything. For example they can't get the onion hidden service keys because those sit on the Whonix gateway, rather than on the Workstation.
The point of going back into the regular user mode is that in case if the service were to get hacked, the whonix hardening features are going to make it impossible for the attacker to do anything. For example they can't get the onion hidden service keys because those sit on the Whonix gateway, rather than on the Workstation.
# Bonus: Shared folder on whonix workstation with the Host OS:
Since you can't copy paste from the host OS into the guest OS of the whonix workstation (it's intentional to prevent clipboard attacks), you're going to require to get files in and out of the whonix workstation VM from time to time, to do so, you need a shared folder between the Host and the Guest OS:
First power off the VM and enable shared memory:
![alt text](image-7.png)
Then create the shared folder on the host OS in /home/user/shared/:
```sh
[user ~]% mkdir /home/user/shared
[user ~]% chmod 777 /home/user/shared
```
Then, click add hardware to add a new "filesystem" in the /home/user/shared folder, using the virtiofs driver:
![alt text](image-8.png)
Then for this example we're going to boot into the sysmaint user session and run the following commands:
![alt text](image-9.png)
From the Host OS:
```sh
[user ~/shared]% vim /home/user/shared/test2
[user ~/shared]% cat /home/user/shared/test1
Hello from whonix workstation !
```
From the whonix workstation vm:
```sh
[workstation sysmaint ~]% sudo -i
[workstation root ~]# cat mount.sh
mount -t virtiofs shared /mnt/shared
[workstation root ~]# vim /home/user/shared/test1
[workstation root ~]# cat /home/user/shared/test1
Hello from Host OS
```
That way you'll be able to share files back and forth from inside the whonix workstation if you ever need it.