Maximum anonymity & OPSEC hardening guide for Qubes OS environments β CySecKev
- Secure VM isolation & workflow
- Network hardening with VPN/TOR chains
- Firewall & AppVM configuration scripts
- OPSEC best practices & anonymized workflows
- docs/ β Step-by-step guides
- scripts/ β Security audit scripts
- README.md β This file
- LICENCE β MIT-Licence
Purpose:
Enhances Qubes OS operational security by automatically randomizing MAC addresses, disabling IPv6, and dynamically setting DNS to the currently active NetVM.
Only applies to VMs with labels blue, red, yellow, violet, and runs silently at each VM start.
Features:
- MAC address randomization with collision avoidance
- IPv6 disabled for network privacy
- Dynamic DNS based on active NetVM IP
- Label-based selective execution
- Fully silent and error-resistant
- Designed for automatic execution at VM startup
bash scripts/security_audit.sh
## π Notes
- Continuous updates recommended
- Designed for research & personal security
- Not for commercial use
**ultimate_opsec.sh**
# 1οΈβ£ Place the script in dom0
chmod +x scripts/ultimate_opsec.sh
# 2οΈβ£ Run manually on a specific VM:
sudo ./scripts/ultimate_opsec.sh <VM_NAME>
# 3οΈβ£ Automatic execution at VM startup:
# Create autostart hook in dom0
sudo nano /etc/qubes-rpc/qubes.StartVM/10-ultimate_opsec.sh
Contents of 10-ultimate_opsec.sh:
#!/bin/bash
# Run Ultimate OPSEC script for every user VM at startup
for VM in $(qvm-ls --raw-list | grep -v '^sys-' | grep -v '^dom0'); do
/path/to/scripts/ultimate_opsec.sh "$VM"
done
# Make the hook executable
sudo chmod +x /etc/qubes-rpc/qubes.StartVM/10-ultimate_opsec.sh