mirror of
https://github.com/drduh/YubiKey-Guide.git
synced 2024-11-25 16:58:38 +00:00
Merge pull request #452 from jwpconsulting/cosmetic-fixes
Add instructions how to run NixOS YubiKey live image with QEMU
This commit is contained in:
commit
82366dfcd8
17
README.md
17
README.md
@ -225,6 +225,19 @@ sudo cp -v result/iso/yubikeyLive.iso /dev/sdc ; sync
|
|||||||
|
|
||||||
Skip steps to create a temporary working directory and a hardened configuration, as they are already part of the image.
|
Skip steps to create a temporary working directory and a hardened configuration, as they are already part of the image.
|
||||||
|
|
||||||
|
If you want to test your build before copying it into a USB stick, you can try it out on your machine using a tool like QEMU.
|
||||||
|
Please keep in mind that a virtualized environment does not provide the same amount of security as an ephemeral system (see *Prepare environment* above).
|
||||||
|
Here is an example QEMU invocation after placing `yubikeyLive` in `result/iso` using the above `nix build` command:
|
||||||
|
|
||||||
|
```console
|
||||||
|
# Launch with 4G memory, 2 CPUs and KVM enabled
|
||||||
|
qemu-system-x86_64 \
|
||||||
|
-enable-kvm \
|
||||||
|
-m 4G \
|
||||||
|
-smp 2 \
|
||||||
|
-drive readonly=on,media=cdrom,format=raw,file=result/iso/yubikeyLive.iso
|
||||||
|
```
|
||||||
|
|
||||||
**Arch**
|
**Arch**
|
||||||
|
|
||||||
```console
|
```console
|
||||||
@ -2019,7 +2032,7 @@ sudo nft -f ./nftables.conf
|
|||||||
|
|
||||||
**Review the System State**
|
**Review the System State**
|
||||||
|
|
||||||
`NetworkManager` should be the only listening service on port 68/udp to obtain a DHCP lease (and 58/icmp6 if you have IPv6).
|
`NetworkManager` should be the only listening service on port 68/udp to obtain a DHCP lease (and 58/icmp6 if you have IPv6).
|
||||||
|
|
||||||
If you want to look at every process's command line arguments you can use `ps axjf`. This prints a process tree which may have a large number of lines but should be easy to read on a live image or fresh install.
|
If you want to look at every process's command line arguments you can use `ps axjf`. This prints a process tree which may have a large number of lines but should be easy to read on a live image or fresh install.
|
||||||
|
|
||||||
@ -2029,7 +2042,7 @@ ps axjf # List all processes in a process tree
|
|||||||
ps aux # BSD syntax, list all processes but no process tree
|
ps aux # BSD syntax, list all processes but no process tree
|
||||||
```
|
```
|
||||||
|
|
||||||
If you find any additional processes listening on the network that aren't needed, take note and disable them with one of the following:
|
If you find any additional processes listening on the network that aren't needed, take note and disable them with one of the following:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo systemctl stop <process-name> # Stops services managed by systemctl
|
sudo systemctl stop <process-name> # Stops services managed by systemctl
|
||||||
|
Loading…
Reference in New Issue
Block a user