Install Kicksecure ™ inside Debian
Introduction[edit]
This is a pre-release. (What does that mean?)
An existing Debian version 11
(codename: bullseye
) installation can be converted into Kicksecure ™ by installing the Kicksecure ™ deb package. This procedure is also called distro-morphing.
There is no downloadable iso yet but it will be available in the future. In the meantime install Debian on the host or inside a VM, then install Kicksecure ™ on top.
To increase the chances of success, it is best to start with a minimal installation without GUI (or Xfce if there must be a GUI) and then install a meta package (cli or xfce). It is easiest to set the Linux user account name to user
during the installation of Debian bullseye
.
Prerequisites[edit]
- Debian
bullseye
installed. - User account
user
exists.
Become root. [1]
Install sudo
and adduser package.
1. Update the package lists.
2. Upgrade the system.
3. Install sudo
and adduser package.
The following commands need to be run either by root or use sudo
. [2]
Create group console
.
Add user user
to group console
.
Add user user
to group sudo
.
Reboot.
Installation[edit]
Add the Kicksecure ™ Signing Key[edit]
Complete the following steps to add the Kicksecure ™ Signing Key to the system's APT keyring.
Open a terminal.
Package curl
needs to be installed.
Install curl
.
1. Update the package lists.
2. Upgrade the system.
3. Install the curl
package.
Using apt
command line parameter --no-install-recommends
is in most cases optional.
The procedure of installing curl
is complete.
Download Kicksecure ™ Signing Key. [3]
If you are using Debian, run.
If you are using a Qubes Debian Template, run.
Users can check Kicksecure ™ Signing Key for better security.
Add Kicksecure ™ signing key to APT trusted keys.
The procedure of adding Kicksecure ™ signing key is now complete.
Add the Kicksecure ™ Repository[edit]
Add Kicksecure ™ Repository.
Choose either: Option A, Option B OR Option C.
Option A: Add Kicksecure ™ Onion Repository.
To add Kicksecure ™ Repository over Onion please press on expand on the right.
Install apt-transport-tor from the Debian repository.
Add Kicksecure ™ APT repository for default Kicksecure ™ using Debian stable. At the time of writing this was bullseye
.
Option B: Add Kicksecure ™ Clearnet Repository over Tor.
To add Kicksecure ™ Repository over torified clearnet please press on expand on the right.
Install apt-transport-tor
from the Debian repository.
Add Kicksecure ™ APT repository for default Kicksecure ™ using Debian stable. At the time of writing this was bullseye
.
Option C: Add Kicksecure Clearnet Repository over clearnet.
To add Kicksecure ™ Repository over clearnet please press on expand on the right.
Add Kicksecure ™ APT repository for default Kicksecure ™ using Debian stable. At the time of writing this was bullseye
.
Install the Kicksecure ™ Package[edit]
1. Pick a Kicksecure ™ package.
kicksecure-cli
: command line interface (CLI) version only. This does not modify the graphical desktop environment. This package provides better kernel hardening, improved entropy, and other security features.kicksecure-xfce
: this is the same askicksecure-cli
but it installs the Xfce graphical desktop environment and default applications. This is useful if Debian was installed without a graphical desktop environment and the Kicksecure ™ graphical desktop environment (Xfce) is desired.- Qubes users:
kicksecure-qubes-cli
kicksecure-qubes-gui
2. Install a Kicksecure ™ package such as kicksecure-cli
.
Install kicksecure-cli
.
1. Update the package lists.
2. Upgrade the system.
3. Install the kicksecure-cli
package.
Using apt
command line parameter --no-install-recommends
is in most cases optional.
The procedure of installing kicksecure-cli
is complete.
3. Check APT sources.
Check if some APT sources in /etc/apt/sources.list
should be kept.
Move the original /etc/apt/sources.list
file out of the way (or delete it) because it is replaced by Kicksecure ™'s /etc/apt/sources.list.d/debian.list
.
4. Create an empty /etc/apt/sources.list
file.
5. Done.
The Kicksecure ™ installation is complete.
Footnotes[edit]
- ↑ One way or another.
- ↑
Required to use full path to
addgroup
,adduser
,reboot
because when usingsu
thePATH
environment variable is not adjusted for use with root rights. Seeecho "$PATH"
. user rightsPATH
:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
root rights
PATH
:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
When using
sudo
using /full/path/to/application is not required. - ↑
See Secure Downloads to understand why
curl
and the parameters--tlsv1.3 --proto =https
are used instead ofwget
.
Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.