Are there steps that can be taken to harden Qubes templates for Debian and Fedora? Things like exploit mitigations, kernel and boot flags, app sandboxing, apparmor, SELinux, etc. I don’t see any documentation that talks about this. Was looking to follow this guide
Creating templates themselves is the best hardening one could imagine, thanks to the Qubes OS concept of a security-by-isolation (or security-by-compartmentalization).
There are lot of topics on the forum regarding “hardening”, so please feel free to research.
Is there any kind of package available in the Qubes repo that can assist with the creation of templates or the hardening of templates? I mean something that can be installed via the Yum Extender (DNF)
It has some flaws though: Templates | Qubes OS
Which is why we call it “reasonably secure”, since hardly any other could fall into this category
How to harden a template is that a guide on how to do it?
It depends on why you want to harden it. What are you defending against? What is your threat model?
Let’s assume the highest possible threat model just for sake of example.
This is not so simple. Do you expect that someone can come to your home and take your machine and read your data? If yes, you probably should use TAILS, not Qubes. Do you expect that someone can infect your BIOS while you leave your computer unattended? Then, you should use Heads or AEM.
Now, realistically, for 99% people default Qubes install should be reasonably secure. You can use minimal templates to further reduce your attack surface and do other things mentioned above. The best approach with Qubes is to compartmentalize your digital life as much as possible, to defend from online threats. There is no end to hardening, but it’s a good idea to stop somewhere.
You are describing side-channel attacks performed by spooks.
Tempest (electromagnetic) monitoring, audio/video monitoring, evil maid attacks, and other firmware level
attacks like flashing SPI chip or attacks like USB, SD card, Ethernet, etc. Don’t forget side channels like
insecure smart tvs, laptops, cell
phones (anything with networking drivers). In reference to Tails, there was a legal case against a person
who used Tails in a malicious way and a 0-day in the Tor Browser was used to de-cloak the ip address
which led to an arrest. Whonix would have prevented this and Whonix is the gold standard. Tails is
woefully insufficient on its own. Something like
aforensics https://github.com/aforensics/HiddenVM would be a better option because you can run Whonix
inside of a Tails VM with anti-forensic properties. I was asking about specific steps to harden Qubes
templates (using Saltstack).
Also, I recently found that Alpine Linux has a Xen-specific .iso which can be used in Qubes as a
standalone OS, or as the basis for a template. I think the Qubes community should pursue Alpine Linux
as a means of offering a more secure OS template with exploit mitigations like PIE (Position Independent
Executables), muslc and stack smashing protection.