Install Kicksecure ™ inside Debian

From Kicksecure
Jump to navigation Jump to search



Introduction[edit]

notice This is a pre-release. (What does that mean?)

An existing Debian version 11 (codename: bullseye) installation can be converted into Kicksecure ™ by installing the Kicksecure ™ deb package. This procedure is also called distro-morphing.

There is no downloadable iso yet but it will be available in the future. In the meantime install Debian on the host or inside a VM, then install Kicksecure ™ on top.

To increase the chances of success, it is best to start with a minimal installation without GUI (or Xfce if there must be a GUI) and then install a meta package (cli or xfce). It is easiest to set the Linux user account name to user during the installation of Debian bullseye.

Prerequisites[edit]

  • Debian bullseye installed.
  • User account user exists.

Become root. [1]

su

Install sudo and adduser package.

1. Update the package lists.

apt update

2. Upgrade the system.

apt dist-upgrade

3. Install sudo and adduser package.

apt install --no-install-recommends sudo adduser

The following commands need to be run either by root or use sudo. [2]

Create group console.

/usr/sbin/addgroup --system console

Add user user to group console.

/usr/sbin/adduser user console

Add user user to group sudo.

/usr/sbin/adduser user sudo

Reboot.

/sbin/reboot

Installation[edit]

Add the Kicksecure ™ Signing Key[edit]

Complete the following steps to add the Kicksecure ™ Signing Key to the system's APT keyring.

Open a terminal.

Package curl needs to be installed.

Install curl.

1. Update the package lists.

sudo apt update

2. Upgrade the system.

sudo apt full-upgrade

3. Install the curl package.

Using apt command line parameter --no-install-recommends is in most cases optional.

sudo apt install --no-install-recommends curl

The procedure of installing curl is complete.

Download Kicksecure ™ Signing Key. [3]

If you are using Debian, run.

curl --tlsv1.3 --proto =https --max-time 180 --output ~/derivative.asc https://www.kicksecure.com/derivative.asc

If you are using a Qubes Debian TemplateVM, run.

curl --proxy http://127.0.0.1:8082/ --tlsv1.3 --proto =https --max-time 180 --output ~/derivative.asc https://www.kicksecure.com/derivative.asc

Users can check Kicksecure ™ Signing Key for better security.

Add Kicksecure ™ signing key to APT trusted keys.

sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc

The procedure of adding Kicksecure ™ signing key is now complete.

Add the Kicksecure ™ Repository[edit]

Add Kicksecure ™ Repository.

Choose either: Option A, Option B OR Option C.

Option A: Add Kicksecure ™ Onion Repository.

To add Kicksecure ™ Repository over Onion please press on expand on the right.

Install apt-transport-tor from the Debian repository.

sudo apt install apt-transport-tor

Add Kicksecure ™ APT repository for default Kicksecure ™ using Debian stable. At the time of writing this was bullseye.

echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list

Option B: Add Kicksecure ™ Clearnet Repository over Tor.

To add Kicksecure ™ Repository over torified clearnet please press on expand on the right.

Install apt-transport-tor from the Debian repository.

sudo apt install apt-transport-tor

Add Kicksecure ™ APT repository for default Kicksecure ™ using Debian stable. At the time of writing this was bullseye.

echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+https://deb.kicksecure.com bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list

Option C: Add Kicksecure Clearnet Repository over clearnet.

To add Kicksecure ™ Repository over clearnet please press on expand on the right.

Add Kicksecure ™ APT repository for default Kicksecure ™ using Debian stable. At the time of writing this was bullseye.

echo "deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.kicksecure.com bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list

Install the Kicksecure ™ Package[edit]

1. Pick a Kicksecure ™ package.

  • kicksecure-cli: command line interface (CLI) version only. This does not modify the graphical desktop environment. This package provides better kernel hardening, improved entropy, and other security features.
  • kicksecure-xfce: this is the same as kicksecure-cli but it installs the Xfce graphical desktop environment and default applications. This is useful if Debian was installed without a graphical desktop environment and the Kicksecure ™ graphical desktop environment (Xfce) is desired.
  • Qubes users:
    • kicksecure-qubes-cli
    • kicksecure-qubes-gui

2. Install a Kicksecure ™ package such as kicksecure-cli.

Install kicksecure-cli.

1. Update the package lists.

sudo apt update

2. Upgrade the system.

sudo apt full-upgrade

3. Install the kicksecure-cli package.

Using apt command line parameter --no-install-recommends is in most cases optional.

sudo apt install --no-install-recommends kicksecure-cli

The procedure of installing kicksecure-cli is complete.

3. Check APT sources.

Check if some APT sources in /etc/apt/sources.list should be kept.

Move the original /etc/apt/sources.list file out of the way (or delete it) because it is replaced by Kicksecure ™'s /etc/apt/sources.list.d/debian.list.

sudo mv /etc/apt/sources.list ~/

4. Create an empty /etc/apt/sources.list file.

sudo touch /etc/apt/sources.list

5. Done.

The Kicksecure ™ installation is complete.

Footnotes[edit]

  1. One way or another.
  2. Required to use full path to addgroup, adduser, reboot because when using su the PATH environment variable is not adjusted for use with root rights. See echo "$PATH". user rights PATH:
    /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
    

    root rights PATH:

    /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    

    When using sudo using /full/path/to/application is not required.

  3. See Secure Downloads to understand why curl and the parameters --tlsv1.3 --proto =https are used instead of wget.

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.


Your Advertisement Here | Investors


Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Kicksecure ™ Wiki


Follow: 1024px-Telegram 2019 Logo.svg.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Kicksecure donate bitcoin.png Monero donate Kicksecure.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png

We are looking for contributors and developers.

https link onion link Priority Support | Investors | Professional Support

Kicksecure | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Kicksecure ™ project do not represent the project as a whole.