what is about lynis hardening tool on QubesOS?
The problem I have, is to understand some entries and the things Qubes needs for it’s own working by using the suggestions of lynis.
Such things as “accounts-daemon.service / alsa-state.service” and much more, but also “qubes-firewall.service” and such things that belongs to qubes are marked as unsafe. So some of them I can surely shut down, but other I suppose I should not.
Also by “Kernel hardening / Comparing sysctl key pairs with scan profile” I can see many entries marked as “different”, such as “dev.tty.ldisc_autoload / fs.protected_fifos” and much more.
Did somebody try to harden some VMs with lynis and can help out?