how to activate/install the GUI client thing?
you can try now to install sys-ips.
If you have already a qube sys-ips and sys-ips-template, delete them and execute installation shown on my github
2 Likes
This is great, thank you for developing this.
Is is possible (or does it make sense) to run sys-ips as a disposable? If so, what modifications would I have to make to make it disposable and still maintain logs across multiple reboots?
Hi @Zrubi , appreciate your sharing in your article in 2017! Based on my limited technical knowledge, it appears your settings used the NFQueue method while Suricata is a gateway (as opposed to host) placed somewhere between sys-net and App VM. I have tried similar settings but Suricata worked only on traffic generated by sys-Suricata itself but not other qubes (e.g. App VM). Also, I read that communications between qubes is restricted by design (except with Qrexec), so not sure how your settings could allow the sys-Suricata placed in the middle read and act on (e.g. drop) the network flow generated by App VM.
Details of my questions (there’s more) and what I tried are here:
Would you be able to help? Thanks.