Some questions about Qubes (kali,blackarch,fedora security lab, coldkernel, ubuntu, torvm, bitmask)

[trule...@gmail.com]

Hello guys,
Could you please help with following questions:
HVM uses a lot of resources, is there any reason to use it on a notebook?
I'm only using integrated templates based on Debian and Arch Linux, and I create app vm's on categories from which traffic goes trough tor vm or vpm bitmask.

I'm not able to install black arch templates due dependency on pulse audio xorg, a few screenshots in the attachment - is this correct logic, or am I doing something wrong?

Bitmask net vm with whois works fine, but dns leak test shows my real IP, also in torify app vms there is no ping and application doesn't work properly. Can debian cold kernel be used as sys-net and sys-firewall templates?
What about pen test, can fedora security lab be used as template? (yum group install security lab)

Could you please explain how to make ubuntu template with more detail? (tried to use wiki qubes builder but unfortunately to no avail)

And is there any point malware detection on xen?

Thank you in advance for your assistance.

[Olivier Médoc]

On 01/29/2017 01:01 PM, trule...@gmail.com wrote:
> Hello guys,
> Could you please help with following questions:
> HVM uses a lot of resources, is there any reason to use it on a notebook?
> I'm only using integrated templates based on Debian and Arch Linux, and I create app vm's on categories from which traffic goes trough tor vm or vpm bitmask.
>
> I'm not able to install black arch templates due dependency on pulse audio xorg, a few screenshots in the attachment - is this correct logic, or am I doing something wrong?

Archlinux currently upgraded xorg and pulseaudio, however the integrated
archlinux gui agent must be build for strict versions of xorg-server and
pulseaudio. For this reason, you have to rebuild the agent using the
most recent qubes repository, or wait for binary agents to be available.

[trule...@gmail.com]

Thank you, Olivier.

[Unman]

Lots of questions here - Olivier has already dealt with the arch
issues.

HVM use - this would depend on your need to run qubes based on something
other than Linux, or your wish to run a live ISO. If you don't need to do
so don't bother with HVM.

If dnsleaktest is showing your real IP then (obviously) you aren't
routing through the VPN properly. There is extensive guidance in the
docs on this:
www.qubes-os.org/doc/vpn covers most issues, although it focusses on
openvpn, you should be able to get the hang of what's going on.
You need to make sure that the DNS traffic is routed down the tunnel
and also block the BitmaskVm from sending any traffic through clearnet.

You don't say which applications don't work properly through Tor, so I
cant help you much there.
On ping , it's got nothing to do with Qubes - Tor only transports TCP
packets, not ICMP.

There's been a recent thread on coldkernel in Debian - search the
mailing list. I think the answer is "sort of".

I'm not a Fedora users, so can't comment on security lab, other than to
suggest you give it a go in a cloned template. Whats to lose?

Ubuntu - the docs need an update. Trusty is now pretty difficult, but
the Xenial build should be relatively straightforward. I need to make a
minor change to config, I think, but it should then be as simple as
cloning the qubes-builder repository.
Run setup and choose Xenial.
make qubes-vm
make template
Copy the template to dom0 (you're given the command to use at the end of
the succesful build)
Install the template.

It's been a while since I checked this, so it may need some tweaking,
but shouldn't be anything major. I'll look at it today.

Is there any point malware detection on xen? There's no reason you
shouldn't have a dedicated qube given over to scanning or analysis. Or
you could build a classic "Internet inna box" from qubes with some iptables
modifications. Or you could monitor the traffic flow to catch any
unwanted output, or... whatever you want to do.

[trule...@gmail.com]

Thank you very much for your informative answer, Unman.