What is Qubes OS

Qubes OS is an operating system based on Linux with security in mind.

Its main goal is to prevent compromising everything by one security vulnerability.
This is done by using compartmentalization through Xen while at the same time providing an easy to use desktop experience which is not far from a regular one.

It uses SaltStack for managing the Dom0 and in the upcoming release 3.2 also for the VMs. There are VM templates for Fedora and Debian.

Possible starting points

  • Try the new release 3.2 RC1 and fix/report issues
  • Create a VM which uses the local NIS server
  • Look into the new SaltStack
  • Try to build VM images with openSUSE Leap as base
  • Create a user directory based gem setup to provide an easy to use Ruby development vm
  • Try to build Qubes OS locally

Results

  • The new release works out of the box on my developer machine. There were no issues besides one X glitch once which I could not reproduce again and an already reported issue.
  • Since Qubes OS uses local users, network vms are separated and there is no login screen direct NIS usage was not possible but a shell server could be used instead to access the user data and NFS mounts for the rest.
  • The new SaltStack for the VMs makes handling of template updates and similar much easier. It should also be possible to setup all new templates by SaltStack, if they were not saved in a backup.
  • The template creation is quite complicated with many scripts. We might be able to use Kiwi but first all the Qubes VM packages need to be packaged for openSUSE which I did not finish in time.
  • I have used rvm to setup a local Ruby environment which needed any additional steps after installation, it just worked.
  • Building Qubes OS is actually much easier than expected. The Qubes builder is easy to setup and automated. I did not build everything but just the templates like described here but building the rest should have only been a mater of time.

Looking for hackers with the skills:

saltstack security salt

This project is part of:

Hack Week 14

Activity

  • over 1 year ago: toe started this project.
  • over 1 year ago: toe liked this project.
  • over 5 years ago: thardeck left this project.
  • almost 6 years ago: mbrugger liked this project.
  • about 6 years ago: dsterba liked this project.
  • about 6 years ago: thardeck added keyword "salt" to this project.
  • about 6 years ago: gsanso liked this project.
  • about 6 years ago: thardeck removed keyword salt from this project.
  • about 6 years ago: thardeck started this project.
  • about 6 years ago: thardeck added keyword "saltstack" to this project.
  • about 6 years ago: thardeck added keyword "security" to this project.
  • about 6 years ago: thardeck added keyword "salt" to this project.
  • about 6 years ago: thardeck originated this project.

  • Comments

    Be the first to comment!

    Similar Projects

    Poking technologies for enrolling customer key to kernel trusted keyring by joeyli

    [comment]: # (Please use the project descriptio...


    Model checking the BPF verifier by shunghsiyu

    Project Description

    BPF verifier plays a ...


    Learn more about Application Security (AppSec) Open Source Tools and Testing Techniques by heidi.bronson

    [comment]: # (Please use the project descriptio...


    Project Verifree : internal key server(s) by mcaj

    Project description

    The project Verifree...


    FIDO2 emulation by mkoutny

    [comment]: # (Please use the project descriptio...


    Saline: Salt state appliement monitoring by vzhestkov

    Project Description

    In case of applying s...