Whonix Host Additions

Information

ID: 21
PHID: PHID-TASK-qalkfzu32umbcg4jv2fy
Author: Patrick
Status at Migration Time: open
Priority at Migration Time: Normal

Description

Important:

• Host firewall - still unfinished - still untested - https://github.com/Whonix/whonix-host-firewall
• tcp timestamps: install tcp-timestamps-disable (done: anon-host-additions depends on anon-shared-packages-dependencies which depends on tcp-timestamps-disable)
• icmp timestamps (done: blocked by https://github.com/Whonix/whonix-host-firewall)
• sdwdate / timesync (done: anon-host-additions depends on anon-shared-packages-dependencies which depends on sdwdate, timesync,etc.)

Bonus:

• corridor firewall feature, see this post

• AppArmor for VBox (whonix-host-virtualbox suggests apparmor-profile-virtualbox)

• AppArmor for KVM (Not required. libvirt comes with svirt.)

• ksm

• ~~GitHub - dnaeon/ksm-init.d-debian: init.d script for KVM KSM on Debian GNU/Linux ~~

• ~~Dev/KVM - Whonix ~~

• ~~Not enabled by default as per Whonix Forum ~~

• Shared Folder Settings

• Backup of hidden service keys.

• ~~Apply instructions from Advanced Security Guide - Whonix ~~ (no longer needed thanks to GitHub - Kicksecure/bootclockrandomization: Randomizes clock when systems boots by adding a few seconds and nanoseconds to enforce the design goal, that the host clock and Gateway/Workstation clock should always slightly differ (even before secure timesync succeeded!) to prevent time based fingerprinting / linkablity issues. For better anonymity and privacy. - https://www.kicksecure.com/wiki/Boot_Clock_Randomization)

• create original snapshots of Virtual Machines (not for VirtualBox due to bug in VirtualBox)

If needed, we can split this ticket into separate ones.

Update:
Removed defunct ./whonix_host folder in meanwhile.

• https://github.com/Whonix/Whonix/blob/5404ab9f71f43b08c961f2b8f5b96974fb64b115/whonix_host/dev_clearnet
• https://github.com/Whonix/Whonix/blob/5404ab9f71f43b08c961f2b8f5b96974fb64b115/whonix_host/whonix_firewall

Comments

Patrick

2014-12-19 10:29:47 UTC

Patrick

2014-12-19 11:27:14 UTC

HulaHoop

2015-06-14 22:22:33 UTC

HulaHoop

2015-06-14 23:26:18 UTC

HulaHoop

2016-03-29 14:40:45 UTC

Patrick

2016-03-29 15:02:44 UTC