deactivate malware after reboot from non-root compromise
notes, scratch pad
- run at boot before mounting /home
- allow root to modify file and commit
- file same as /etc/skel (root location) is ok
- extra file
- changed file
- whitelisting of files such as for netvm
- file by tag
- qubes root compromise with protected root image /usr/local /rw
- move anything not skel
- after pam?
- what if dotfile does not exist -> note to log that it does not exist
- Don't bother with root protections in template or standalone.
- Don't bother when root.
- duplicate files for later diff
Because Tor Browser in home folder:
- snapshot binaries with:
- find . -executable -type f
- upgrade mode to allow changing executables
command line interface:
- home folder can be in any location such as
- --path /home/user
- --path /rw/home/user
- --path /path/to/chroot/folder/home/user
- --simulate - do nothing but output what would be done
- --protect - remove(?) important files after reboot
- --unprotect - disable
- --immutable - make important files immutable (cannot be written to)
- --reset-to-skel - reset important files as if created from /etc/skel
- --skel /path/to/skel (default to /etc/skel)
- first boot
- subsequent boot
- what if new file gets added to config?
- rewrite started, stalled for now
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)