Previous Page

nihilist@mainpc - 2024-06-14

Tails OS QEMU VM for Temporary Anonymity

In this tutorial we're going to look at how you can run Tails OS (The Amnesic Incognito Linux System) in a QEMU VM, following the official documentation here.

OPSEC Recommendations:

  1. Hardware : (Personal Computer / Laptop)

  2. Host OS: Linux

  3. Hypervisor: libvirtd QEMU/KVM

  4. Application: Host-based VPN (if your ISP doesn't allow Tor traffic)

I recommend using this setup into one of the above mentionned VMs, for Anonymous use, as per the 4 basic OPSEC levels.

TODO: force a VPN through Tor

Tails Setup

First we download Tails OS as a USB image here:

Then we resize the image size to be able to contain persistant storage (in this case, i'll make it 8Gbs):


[ nowhere ] [ /dev/pts/8 ] [nihilist/VAULT/Isos]
→ ls tails-amd64-6.3.img -lash
1.4G -rw-r--r-- 1 nihilist nihilist 1.4G Jun 14 10:15 tails-amd64-6.3.img

[ nowhere ] [ /dev/pts/8 ] [nihilist/VAULT/Isos]
→ truncate -s 8192M tails-amd64-6.3.img 	

And now we can create the VM in virt-manager like so:

Then press enter to launch tails:

(wait a few seconds for it to load)

Once in there, depending on your use, you can select to have an admin password and a persistant storage if you need it. Otherwise everything you do in the VM will be wiped clean upon shutdown (hence the word amnesic).

Then we select connect to tor automatically:

And here we click start the Tor browser to browse the web anonymously, and if you're curious and want to see the tor Circuits you can view them also:

Persistant Storage Setup



Next, if you want to enable the persistant storage go there:

make sure you enter a strong password that can't be bruteforced easily:

then hit "create persistant storage" and wait a bit for the operation to complete:

Then adjust the settings as per your liking, if you want the persistant storage to store more than it does by default:

Then if you want to install additional software you can launch a terminal:

Then from there you can use sudo because you enabled the administrator password, and install software:


amnesia@amnesia:~$ sudo apt update -y ; sudo apt install neofetch -y 
[sudo] password for amnesia:          
Get:1 tor+https://cdn-fastly.deb.debian.org/debian bookworm InRelease [151 kB] 
Get:2 tor+http://apow7mjfryruh65chtdydfmqfpj5btws7nbocgtaovhvezgccyjazpqd.onion/torproject.org bookworm InRelease [3,526 B]
Get:3 tor+https://cdn-fastly.deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]

[...]

Then once the software installed, you have the possibility to store it in the persistant storage aswell, so that it can be available when you launch tails again:


amnesia@amnesia:~$ neofetch
      ``                        amnesia@amnesia 
  ./yhNh                        --------------- 
syy/Nshh         `:o/           OS: Tails x86_64 
N:dsNshh  \u2588   `ohNMMd           Host: KVM/QEMU (Standard PC (Q35 + ICH9, 2009) pc-q35-9.0) 
N-/+Nshh      `yMMMMd           Kernel: 6.1.0-21-amd64 
N-yhMshh       yMMMMd           Uptime: 13 mins 
N-s:hshh  \u2588    yMMMMd so//.     Packages: 1854 (dpkg) 
N-oyNsyh       yMMMMd d  Mms.   Shell: bash 5.2.15 
N:hohhhd:.     yMMMMd  syMMM+   Resolution: 1280x800 
Nsyh+-..+y+-   yMMMMd   :mMM+   DE: GNOME 43.9 
+hy-      -ss/`yMMMM     `+d+   WM: Mutter 
  :sy/.     ./yNMMMMm      ``   WM Theme: Adwaita 
    .+ys- `:+hNMMMMMMy/`        Theme: Adwaita [GTK2/3] 
      `hNmmMMMMMMMMMMMMdo.      Icons: Adwaita [GTK2/3] 
       dMMMMMMMMMMMMMMMMMNh:    Terminal: gnome-terminal 
       +hMMMMMMMMMMMMMMMMMmy.   CPU: 11th Gen Intel i7-11700K (2) @ 3.600GHz 
         -oNMMMMMMMMMMmy+.`     GPU: 00:01.0 Red Hat, Inc. Virtio 1.0 GPU 
           `:yNMMMds/.`         Memory: 1313MiB / 3915MiB 
              .//`
                                                        

And that's it! We managed to run tails OS from a QEMU VM and install some software into the persistant storage.

Nihilism

Until there is Nothing left.

About nihilist

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)