security-misc - Enhances Miscellaneous Security Settings
From Whonix
Stable Features[edit]
Testing Features[edit]
Restrict Hardware Information to Root[edit]
See Restrict Hardware Information to Root.
https://forums.whonix.org/t/restrict-hardware-information-to-root-testers-wanted/8618 [archive]
SUID Disabler and Permission Hardener[edit]
See SUID Disabler and Permission Hardener.
hidepid[edit]
TODO: document
Experimental Features[edit]
Unreleased. (Developers only.) Will flow into other repositories as per usual.
Remount Secure[edit]
Feature not ready!
- https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/27 [archive]
- https://github.com/Whonix/security-misc/blob/master/lib/systemd/system/remount-secure.service [archive]
- https://github.com/Whonix/security-misc/blob/master/usr/lib/security-misc/remount-secure [archive]
sudo touch /etc/noexec
Installation of security-misc[edit]
This chapter is only required for users which aren't users of Whonix or Kicksecure. That is because security-misc is installed by default in Whonix and Kicksecure.
Prerequisites:
- Debian
buster
installed. - User account
user
exists.
Become root. [1]
su
Install sudo and adduser.
Install sudo adduser
.
1. Update the package lists.
sudo apt-get update
2. Upgrade the system.
sudo apt-get dist-upgrade
3. Install the sudo adduser
package.
Using apt-get
command line parameter --no-install-recommends
is in most cases optional.
sudo apt-get install --no-install-recommends sudo adduser
The procedure of installing sudo adduser
is complete.
The following commands need to be run either by root or use sudo
.
Create group console
.
addgroup --system console
Add user user
to group console
.
adduser user console
Add user user
to group sudo
.
adduser user sudo
Reboot.
reboot
Add Whonix ™ Repository.
Choose either: Option A, Option B OR Option C.
Option A: Add Whonix ™ Onion Repository.
To add Whonix ™ Repository over Onion please press on expand on the right.
Install apt-transport-tor from the Debian repository.
sudo apt-get install apt-transport-tor
Add Whonix's APT repository for default Whonix using Debian stable. At the time of writing this was buster
.
echo "deb tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion buster main contrib non-free" | sudo tee /etc/apt/sources.list.d/whonix.list
Option B: Add Whonix ™ Clearnet Repository over Tor.
To add Whonix ™ Repository over torified clearnet please press on expand on the right.
Install apt-transport-tor from the Debian repository.
sudo apt-get install apt-transport-tor
Add Whonix's APT repository for default Whonix using Debian stable. At the time of writing this was buster
.
echo "deb tor+https://deb.Whonix.org buster main contrib non-free" | sudo tee /etc/apt/sources.list.d/whonix.list
Option C: Add Whonix Clearnet Repository over clearnet.
To add Whonix ™ Repository over clearnet please press on expand on the right.
Add Whonix's APT repository for default Whonix using Debian stable. At the time of writing this was buster
.
echo "deb https://deb.Whonix.org buster main contrib non-free" | sudo tee /etc/apt/sources.list.d/whonix.list
Install security-misc
.
Install security-misc
.
1. Update the package lists.
sudo apt-get update
2. Upgrade the system.
sudo apt-get dist-upgrade
3. Install the security-misc
package.
Using apt-get
command line parameter --no-install-recommends
is in most cases optional.
sudo apt-get install --no-install-recommends security-misc
The procedure of installing security-misc
is complete.
References[edit]
- ↑ One way or another.
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
Are you proficient with iptables? Want to contribute? Check out possible improvements to iptables. Please come and introduce yourself in the development forum.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.