Thank you. I found that those sections quickly move to issues outside of Whonix-Gateway (host, hardware, hypersivosr etc) - those are important of course as well but my focus here is on Whonix-Gateway itself.
Seccomp - the first link strongly advises to activate it - are there any disadvantages to doing so? why isn’t it activated by default?
Same question regarding Tor Connection Padding.
I saw that there’s plenty of documentation about AppArmor - I will read more about it.
Barring any low-level filesystem bugs, you could store a catalog of malware on your Gateway as long as the files are never read / executed.
Well understood. And they could be executed not only intentionally but also by user mistake.
things that aren’t used or needed should be removed if possible
I completely agree. If I don’t need to do anything in Whonix-Gateway apart from running updates, performing some leak tests and viewing Tor Circuits (since this functionality was removed from the Workstation), how can I easily figure out how to remove everything else? one risk is that by trying to do that I’ll break something that is actually needed.
sudo netstat -tulpn
every open port should have a reason for being open
OK. Apart from Tor, I see python listening at 10.152.152.10:9052. Using ps aux I see that’s “usr/bin/python /usr/sbin/cpfpd start”.
Also brltty at 127.0.0.1:4101 and dhclient at UDP 0.0.0.0:24618,
0.0.0.0:68 and udp 6 :::14596
Does this look OK?