CSysDig for Qubes

n00b · January 2, 2021, 1:37am

Sup homies. I want to add CSysdig to Qubes. Three things occurred to me while exploring this:

The best approach would be through dom0 terminal? If I understand this correctly, I can then use CSysdig with the other templates/domains?
Does Qubes already have a tool like CSysdig added?
If not, can I make a feature request to have it added to the Qubes dom environment in the next build?

-n00bs

427F11FD0FAA4B080123 · January 2, 2021, 1:58am

I don’t know much about Sysdig, but it does not sound like a good idea to put something like this in dom0. Also can it be used with Xen? If not, it won’t work.

n00b · January 2, 2021, 2:06am

I’ll have a play and a read. I don’t fully grasp Xen let alone Xen vs Dom. If you don’t mind me asking, what is the rational for this being a bad idea on dom0?

427F11FD0FAA4B080123 · January 2, 2021, 2:42am

In general you do not want to install much if anything extra in dom0. If one manages to break into dom0, they get access to everything. This looks like a complicated tool that analyzes what is going on in all containers, so it probably significantly increases the attack surface. If you want to use something like SysDig, you should probably run it in a different VM that would only have access to a subset of other VMs.

Qubes is based on Xen and from a brief look, this seemed like a tool for other virtualization solutions that use containers.

n00b · January 2, 2021, 2:58am

Beauty. I’ll give it a go. Thx!!

Nice wee blurb on Qubes architecture from Mr. Anthony Fair: https://www.youtube.com/watch?v=ORYrr5Eh7xg