1
0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2024-11-25 16:58:38 +00:00

Merge pull request #452 from jwpconsulting/cosmetic-fixes

Add instructions how to run NixOS YubiKey live image with QEMU
This commit is contained in:
drduh 2024-07-21 21:01:10 +00:00 committed by GitHub
commit 82366dfcd8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -225,6 +225,19 @@ sudo cp -v result/iso/yubikeyLive.iso /dev/sdc ; sync
Skip steps to create a temporary working directory and a hardened configuration, as they are already part of the image. Skip steps to create a temporary working directory and a hardened configuration, as they are already part of the image.
If you want to test your build before copying it into a USB stick, you can try it out on your machine using a tool like QEMU.
Please keep in mind that a virtualized environment does not provide the same amount of security as an ephemeral system (see *Prepare environment* above).
Here is an example QEMU invocation after placing `yubikeyLive` in `result/iso` using the above `nix build` command:
```console
# Launch with 4G memory, 2 CPUs and KVM enabled
qemu-system-x86_64 \
-enable-kvm \
-m 4G \
-smp 2 \
-drive readonly=on,media=cdrom,format=raw,file=result/iso/yubikeyLive.iso
```
**Arch** **Arch**
```console ```console
@ -2019,7 +2032,7 @@ sudo nft -f ./nftables.conf
**Review the System State** **Review the System State**
`NetworkManager` should be the only listening service on port 68/udp to obtain a DHCP lease (and 58/icmp6 if you have IPv6). `NetworkManager` should be the only listening service on port 68/udp to obtain a DHCP lease (and 58/icmp6 if you have IPv6).
If you want to look at every process's command line arguments you can use `ps axjf`. This prints a process tree which may have a large number of lines but should be easy to read on a live image or fresh install. If you want to look at every process's command line arguments you can use `ps axjf`. This prints a process tree which may have a large number of lines but should be easy to read on a live image or fresh install.
@ -2029,7 +2042,7 @@ ps axjf # List all processes in a process tree
ps aux # BSD syntax, list all processes but no process tree ps aux # BSD syntax, list all processes but no process tree
``` ```
If you find any additional processes listening on the network that aren't needed, take note and disable them with one of the following: If you find any additional processes listening on the network that aren't needed, take note and disable them with one of the following:
```bash ```bash
sudo systemctl stop <process-name> # Stops services managed by systemctl sudo systemctl stop <process-name> # Stops services managed by systemctl