Information
ID: 21
PHID: PHID-TASK-qalkfzu32umbcg4jv2fy
Author: Patrick
Status at Migration Time: open
Priority at Migration Time: Normal
Description
Important:
- Host firewall - still unfinished - still untested - https://github.com/Whonix/whonix-host-firewall
tcp timestamps: install tcp-timestamps-disable(done:anon-host-additionsdepends onanon-shared-packages-dependencieswhich depends ontcp-timestamps-disable)icmp timestamps(done: blocked by https://github.com/Whonix/whonix-host-firewall)sdwdate / timesync(done:anon-host-additionsdepends onanon-shared-packages-dependencieswhich depends onsdwdate,timesync,etc.)
Bonus:
-
corridorfirewall feature, see this post -
AppArmor for VBox(whonix-host-virtualbox suggests apparmor-profile-virtualbox) -
AppArmor for KVM(Not required. libvirt comes with svirt.) -
ksm -
~~GitHub - dnaeon/ksm-init.d-debian: init.d script for KVM KSM on Debian GNU/Linux ~~
-
~~Dev/KVM - Whonix ~~
-
~~Not enabled by default as per Whonix Forum ~~
-
Shared Folder Settings
-
Backup of hidden service keys.
-
~~Apply instructions from Advanced Security Guide - Whonix ~~ (no longer needed thanks to GitHub - Kicksecure/bootclockrandomization: Randomizes clock when systems boots by adding a few seconds and nanoseconds to enforce the design goal, that the host clock and Gateway/Workstation clock should always slightly differ (even before secure timesync succeeded!) to prevent time based fingerprinting / linkablity issues. For better anonymity and privacy. - https://www.kicksecure.com/wiki/Boot_Clock_Randomization)
-
create original snapshots of Virtual Machines (not for VirtualBox due to bug in VirtualBox)
If needed, we can split this ticket into separate ones.
Update:
Removed defunct ./whonix_host folder in meanwhile.
- https://github.com/Whonix/Whonix/blob/5404ab9f71f43b08c961f2b8f5b96974fb64b115/whonix_host/dev_clearnet
- https://github.com/Whonix/Whonix/blob/5404ab9f71f43b08c961f2b8f5b96974fb64b115/whonix_host/whonix_firewall
Comments
Patrick
2014-12-19 10:29:47 UTC
Patrick
2014-12-19 11:27:14 UTC
HulaHoop
2015-06-14 22:22:33 UTC
HulaHoop
2015-06-14 23:26:18 UTC
HulaHoop
2016-03-29 14:40:45 UTC
Patrick
2016-03-29 15:02:44 UTC