{{Header}}
{{#seo:
|description=deactivate malware after reboot from non-root compromise
}}
{{intro|
deactivate malware after reboot from non-root compromise
}}
similar to https://github.com/tasket/Qubes-VM-hardening but for any (Debian) Linux which is booted without root access

deactivate malware after reboot from non-root compromise

notes, scratch pad

features

* run at boot before mounting /home
* allow root to modify file and commit
* file same as /etc/skel (root location) is ok
* carantaine
* delete
* diff
* init
* commit
* show
* extra file
* changed file
* whitelisting of files such as for netvm
* file by tag
* qubes root compromise with protected root image /usr/local /rw
* move anything not skel
* after pam?
* what if dotfile does not exist -> note to log that it does not exist
* Don't bother with root protections in template or standalone.
* Don't bother when root.
* deploy
* duplicate files for later diff

Because Tor Browser in home folder:

* snapshot binaries with:
* find . -executable -type f
* upgrade mode to allow changing executables

command line interface:

* --path
** home folder can be in any location such as
** --path /home/user
** --path /rw/home/user
** --path /path/to/chroot/folder/home/user
* --simulate - do nothing but output what would be done
* --protect - remove(?) important files after reboot
* --unprotect - disable
* --immutable - make important files immutable (cannot be written to)
* --mutable
* --reset-to-skel - reset important files as if created from /etc/skel
* --skel /path/to/skel (default to /etc/skel)

considerations:

* first boot
* subsequent boot
* what if new file gets added to config?

status:

* rewrite started, stalled for now
** https://github.com/tasket/Qubes-VM-hardening/issues/33#issuecomment-522476132
** https://github.com/{{project_name_short}}/security-misc/blob/master/usr/libexec/security-misc/virusforget

{{Footer}}

[[Category: Design]]