diff --git a/docs/admin/install.rst b/docs/admin/install.rst index 16648ff..cd495a6 100644 --- a/docs/admin/install.rst +++ b/docs/admin/install.rst @@ -400,28 +400,6 @@ To remove the permission, use: These policy changes take effect immediately. -Reviewing and exporting logs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -SecureDrop Workstation aggregates system logs from all its VMs in the ``sd-log`` VM, in the folder ``~/QubesIncomingLogs``, with one subfolder for each VM. While details about submissions are not logged, the logs may contain sensitive information, such as timing data, the two-word designation for a given source, or revelatory errors. For this reason, the ``sd-log`` VM is networkless, and you cannot copy files from ``sd-log`` to other VMs by default. - -If you want to selectively enable copying logs to a target VM such as ``work``, you can use a command like the following in ``dom0``: - -.. code-block:: sh - - qvm-tags work add sd-receive-logs - -To remove the permission, use this command in ``dom0``: - -.. code-block:: sh - - qvm-tags work del sd-receive-logs - -You can add and remove the permission just before each copying operation; the change will take effect immediately. With the permission in effect, you can use the command ``qvm-copy`` in a terminal in ``sd-log`` to copy individual files to the target VM. - -.. note:: - - Before copying logs to a networked VM, we recommend carefully inspecting them for information that may be sensitive. - Troubleshooting installation errors ----------------------------------- diff --git a/docs/admin/reviewing_logs.rst b/docs/admin/reviewing_logs.rst new file mode 100644 index 0000000..e929964 --- /dev/null +++ b/docs/admin/reviewing_logs.rst @@ -0,0 +1,36 @@ +Reviewing and exporting logs +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +SecureDrop Workstation aggregates system logs from all its VMs in the ``sd-log`` VM, in the folder ``~/QubesIncomingLogs``, with one subfolder for each VM. Please note that while the logs do not include original filenames or message contents, they do contain sensitive information, e.g.: + +- timing and usage information related to SecureDrop access +- the two-word designation for a given source +- metadata about submissions and replies +- error messages that disclose further details + +For this reason, the ``sd-log`` VM is networkless, and you cannot copy files from ``sd-log`` to other VMs by default. + +If you want to selectively enable copying logs to a single VM, you can use tags, similar to the method used for :doc:`managing clipboard access `. You can add and remove the permission just before each copying operation; the change will take effect immediately. + +.. important:: + + Before copying logs to a networked VM, we recommend carefully inspecting them for sensitive information, and potentially redacting them + +To enable copying logs to a target VM, you can use a command like the following in ``dom0``, substituting ```` with the name of the target VM (e.g., ``work``): + +.. code-block:: sh + + qvm-tags add sd-receive-logs + +We recommend verifying that the tag was successfully applied: + +.. code-block:: sh + + qvm-tags ls sd-receive-logs + +To remove the permission, use this command in ``dom0``: + +.. code-block:: sh + + qvm-tags del sd-receive-logs + +With the permission in effect, you can use the command ``qvm-copy`` in a terminal in ``sd-log`` to copy individual files to the target VM. diff --git a/docs/index.rst b/docs/index.rst index a9df615..bb22682 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -34,6 +34,7 @@ against malware and other security risks. It is built on Qubes OS and requires a admin/install admin/securing_workstation admin/managing_clipboard + admin/reviewing_logs admin/troubleshooting_connection admin/provisioning_usb admin/known_issues