Qubes OS - Using Xen to Secure Linux



  • LinuxInsider gives us a look at Qubes OS which is a Xen distribution with integrated Fedora 18 for making highly secure desktops with total isolation between environments.



  • @Reid-Cooper This is pretty cool... and the first I've heard of it. Thanks for sharing.



  • Anybody using Qubes or have tried Qubes?



  • I've been using it for 3+ years and it's definitely come a long way. The last year has been very stable.



  • Awesome. Now I just have to find a decent laptop that it will install on. I was thinking about using an old laptop that I have at home, but its not in the HCL.



  • Wow, you found one old thread. I had no idea that this was even my thread till I looked at it!



  • Yeah I just realized that after replying.


  • Service Provider

    This ranks high on the all time necropost lists here :)



  • Did a Google search the other day on the most secure or and Qubes was at the top. I tried to install it in Virtual box but had a problem with partitioning the drive.

    Instead, I just may backup my laptop, install Qubes, and then restore windows as an AppVM, or its own domain.



  • @NerdyDad said in Qubes OS - Using Xen to Secure Linux:

    Did a Google search the other day on the most secure or and Qubes was at the top. I tried to install it in Virtual box but had a problem with partitioning the drive.

    Instead, I just may backup my laptop, install Qubes, and then restore windows as an AppVM, or its own domain.

    I haven't tried with Windows yet, last a read there was no audio and limited GPU support. Also Windows isnt my idea of a secure desktop, no matter what it runs with, lol.

    Would be interested to know how you fair though.



  • @bigbear said in Qubes OS - Using Xen to Secure Linux:

    @NerdyDad said in Qubes OS - Using Xen to Secure Linux:

    Did a Google search the other day on the most secure or and Qubes was at the top. I tried to install it in Virtual box but had a problem with partitioning the drive.

    Instead, I just may backup my laptop, install Qubes, and then restore windows as an AppVM, or its own domain.

    I haven't tried with Windows yet, last a read there was no audio and limited GPU support. Also Windows isnt my idea of a secure desktop, no matter what it runs with, lol.

    Would be interested to know how you fair though.

    Need Win10 for work. Can't go without that. Not totally concerned about audio though. I might attempt on a personal that isn't on the HCL and go from there.



  • Installed Qubes and is running. I like the concept but I kind of at the point of "Okay, what now?". I attempted to install the Brave browser and keep getting blocked. My best guess right now is outside firewall because we're not a Linux house at all. Attempted to do a Yum update and discovered that yum has been deprecated and is now going to DNF. WTF?



  • @NerdyDad said in Qubes OS - Using Xen to Secure Linux:

    Installed Qubes and is running. I like the concept but I kind of at the point of "Okay, what now?". I attempted to install the Brave browser and keep getting blocked. My best guess right now is outside firewall because we're not a Linux house at all. Attempted to do a Yum update and discovered that yum has been deprecated and is now going to DNF. WTF?

    DNF replaced YUM in the Fedora world a few releases ago.

    YUM is ancient.



  • The DNF commands are essentially the same. The only one I've noticed a difference on was yum localinstall package.rpm. It's now dnf install ./package.rpm.

    And yum-cron is now dnf-automatic. That's about the only differences you see from a high level.



  • One other thing that struck me. For some odd reason DNF usually requires the full path to do a provides search. So an easy way to fix that is

    dnf provides "*"/command
    

    The asterisk is the wildcard for any path. So an example

    [[email protected] ~]$ sudo dnf provides "*"/nslookup
    Last metadata expiration check: 3:03:21 ago on Wed Mar 22 16:36:46 2017.
    bind-utils-32:9.10.4-2.P3.fc25.x86_64 : Utilities for querying DNS name servers
    Repo        : @System
    
    bind-utils-32:9.10.4-2.P3.fc25.x86_64 : Utilities for querying DNS name servers
    Repo        : fedora
    
    bind-utils-32:9.10.4-4.P6.fc25.x86_64 : Utilities for querying DNS name servers
    Repo        : updates
    


  • So I was able to get passed dnf by discovering that once you connect it to the Internet that it reaches out and pulls the updates. Updates are pretty simple to manage, as long as you manage the vm appropriately.

    All default VM's are updated and I am in the process of installing Kali. However, I have run into another problem. One of the reasons why I wanted Qubes was to be able to setup and learn CentOS & Freepbx, along with several other server systems. When I go to install a server, I receive anews error trying to create a templateVM or to make it a standalone. It doesn't have the specs for an x86_64 HVM.

    Got any suggestions?



  • @NerdyDad What is the error that appears?





  • @NerdyDad You can't build it a standalone either?



  • @NerdyDad https://www.qubes-os.org/doc/building-non-fedora-template/ that's for creating your own template not that easy to create.

    But it should let you build it as standalone and HVM
    https://www.qubes-os.org/doc/hvm/

    @NerdyDad said in Qubes OS - Using Xen to Secure Linux:

    One of the reasons why I wanted Qubes was to be able to setup and learn CentOS & Freepbx, along with several other server systems. When I go to install a server, I receive anews error trying to create a templateVM or to make it a standalone. It doesn't have the specs for an x86_64 HVM.

    Instead of using Qubes, did you try just using a regular linux distro and using KVM with virt-manager.


  • Service Provider

    I think that you have the wrong tool for the job. Others are correct, you just want a normal KVM install. Qubes is the wrong tool here.



  • @scottalanmiller said in Qubes OS - Using Xen to Secure Linux:

    I think that you have the wrong tool for the job. Others are correct, you just want a normal KVM install. Qubes is the wrong tool here.

    :-(



Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.