Kicksecure ™: A Security-hardened, Non-anonymous Linux Distribution
(Redirected from Hardened Debian)
Whonix ™ is based on Kicksecure ™. Kicksecure ™ is a derivative of Debian. Kicksecure ™ was formally called Hardened Debian.
hardening by default
- security-misc (kernel hardening, strong linux user account separation, misc security settings)
- SecBrowser ™: A Security-hardened, Non-anonymous Browser
- install haveged / jitterentropy-rng by default for better entropy
- sdwdate rather than insecure NTP
- install apparmor, firejail and Hardened Malloc by default (but not use for everything)
- available apparmor profiles
- use DSNCrypt by default
usability by default
- "sudo apt-get install kicksecure-cli" will be possible on bare metal Debian hosts, in other words installations of Debian can be easily converted into Kicksecure ™ by installing the kicksecure-cli or other Kicksecure ™ debian package. This is called also distro-morophing.
- maybe later available as ISO for installation on hardware depending on community interest and support
- multiple boot modes for better security: persistent + root | persistent + noroot | live + root | live + noroot
- Disable SUID Binaries
- (re-)mount home (and other?) with noexec (and nosuid (among other useful mount options)) for better security
- deactivate malware after reboot from non-root compromise
- walled garden, firewall whitelisting, application whitelisting, sudo lockdown, superuser mode, protected mode
- Hardened Kernel
- Verified Boot
- signify signed releases
- Post-Quantum Cryptography (PQCrypto) resistant signing of releases
- Untrusted Root User
- Computer security community is larger than computer anonymity community. Through Kicksecure ™ we can work on our shared interest in computer security.
- Apply as many security settings by default without breaking usability too much.
- Kicksecure ™ is already the base for Whonix - Anonymous Operating System.
- This project might migrate to its own domain name kicksecure.com. Depends on community interest and available resources.
- Anyone wants to create an installer ISO?
- Kicksecure ™ will hopefully be available as a TemplateVM for Qubes OS.
- looking for new webmaster
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)