Introduction[edit]

This is a pre-release. (What does that mean?)

An existing Debian version 11 (codename: bullseye) installation can be converted into Kicksecure ™ by installing the Kicksecure ™ deb package. This procedure is also called distro-morphing.

There is no downloadable iso yet but it will be available in the future. In the meantime install Debian on the host or inside a VM, then install Kicksecure ™ on top.

To increase the chances of success, it is best to start with a minimal installation without GUI (or Xfce if there must be a GUI) and then install a meta package (cli or xfce). It is easiest to set the Linux user account name to user during the installation of Debian bullseye.

Prerequisites[edit]

Debian bullseye installed.
User account user exists.

Become root. ^[1]

su

Install sudo and adduser package.

1. Update the package lists.

apt update

2. Upgrade the system.

apt full-upgrade

3. Install sudo and adduser package.

apt install --no-install-recommends sudo adduser

The following commands need to be run either by root or use sudo. ^[2]

Create group console.

/usr/sbin/addgroup --system console

Add user user to group console.

/usr/sbin/adduser user console

Add user user to group sudo.

/usr/sbin/adduser user sudo

Reboot.

/sbin/reboot

Installation[edit]

Add the Kicksecure ™ Signing Key[edit]

Complete the following steps to add the Kicksecure ™ Signing Key to the system's APT keyring.

Open a terminal.

Package curl needs to be installed.

Install curl.

1. Update the package lists.

sudo apt update

2. Upgrade the system.

sudo apt full-upgrade

3. Install the curl package.

Using apt command line parameter --no-install-recommends is in most cases optional.

sudo apt install --no-install-recommends curl

The procedure of installing curl is complete.

Download Kicksecure ™ Signing Key. ^[3]

If you are using Debian, run.

curl --tlsv1.3 --proto =https --max-time 180 --output ~/derivative.asc https://www.kicksecure.com/derivative.asc

If you are using a Qubes Debian Template, run.

curl --proxy http://127.0.0.1:8082/ --tlsv1.3 --proto =https --max-time 180 --output ~/derivative.asc https://www.kicksecure.com/derivative.asc

Users can check Kicksecure ™ Signing Key for better security.

Add Kicksecure ™ signing key to APT trusted keys.

sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc

The procedure of adding Kicksecure ™ signing key is now complete.

Add the Kicksecure ™ Repository[edit]

Add Kicksecure ™ Repository.

Choose either: Option A, Option B OR Option C.

Option A: Add Kicksecure ™ Onion Repository.

To add Kicksecure ™ Repository over Onion please press on expand on the right.

Install apt-transport-tor from the Debian repository.

sudo apt install apt-transport-tor

Add Kicksecure ™ APT repository for default Kicksecure ™ using Debian stable. At the time of writing this was bullseye.

echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list

Option B: Add Kicksecure ™ Clearnet Repository over Tor.

To add Kicksecure ™ Repository over torified clearnet please press on expand on the right.

Install apt-transport-tor from the Debian repository.

sudo apt install apt-transport-tor

Add Kicksecure ™ APT repository for default Kicksecure ™ using Debian stable. At the time of writing this was bullseye.

echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+https://deb.kicksecure.com bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list

Option C: Add Kicksecure Clearnet Repository over clearnet.

To add Kicksecure ™ Repository over clearnet please press on expand on the right.

Add Kicksecure ™ APT repository for default Kicksecure ™ using Debian stable. At the time of writing this was bullseye.

echo "deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.kicksecure.com bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list

Install the Kicksecure ™ Package[edit]

1. Pick a Kicksecure ™ package.

kicksecure-cli: command line interface (CLI) version only. This does not modify the graphical desktop environment. This package provides better kernel hardening, improved entropy, and other security features.
kicksecure-xfce: this is the same as kicksecure-cli but it installs the Xfce graphical desktop environment and default applications. This is useful if Debian was installed without a graphical desktop environment and the Kicksecure ™ graphical desktop environment (Xfce) is desired.
Qubes users:
- kicksecure-qubes-cli
- kicksecure-qubes-gui

2. Install a Kicksecure ™ package such as kicksecure-cli.

Install kicksecure-cli.

1. Update the package lists.

sudo apt update

2. Upgrade the system.

sudo apt full-upgrade

3. Install the kicksecure-cli package.

Using apt command line parameter --no-install-recommends is in most cases optional.

sudo apt install --no-install-recommends kicksecure-cli

The procedure of installing kicksecure-cli is complete.

3. Check APT sources.

Check if some APT sources in /etc/apt/sources.list should be kept.

Move the original /etc/apt/sources.list file out of the way (or delete it) because it is replaced by Kicksecure ™'s /etc/apt/sources.list.d/debian.list.

sudo mv /etc/apt/sources.list ~/

4. Create an empty /etc/apt/sources.list file.

sudo touch /etc/apt/sources.list

5. Done.

The Kicksecure ™ installation is complete.

Footnotes[edit]

↑ One way or another.
↑
Required to use full path to addgroup, adduser, reboot because when using su the PATH environment variable is not adjusted for use with root rights. See echo "$PATH". user rights PATH:
```
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
```
root rights PATH:
```
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
```
When using sudo using /full/path/to/application is not required.
↑ See Secure Downloads to understand why curl and the parameters --tlsv1.3 --proto =https are used instead of wget.

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

Kicksecure ™ ...

Donate

FREE · PLUS · PREMIUM Support

At Kicksecure we believe in freedom and trust. That's why we fully support Open Source and Freedom Software. Learn more.

Kicksecure ™ is supported by Evolution Host DDoS Protected VPS.

Kicksecure ...

The personal opinions of moderators or contributors to the Kicksecure ™ project do not represent the project as a whole. By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service , Privacy Policy , Cookie Policy , E-Sign Consent , DMCA , Imprint Kicksecure ™ © ENCRYPTED SUPPORT LP, 2022

Did you know that anyone can edit the Kicksecure wiki to improve it?

[1] One way or another.

[2] Required to use full path to addgroup, adduser, reboot because when using su the PATH environment variable is not adjusted for use with root rights. See echo "$PATH". user rights PATH:
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

root rights PATH:

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

When using sudo using /full/path/to/application is not required.

[3] See Secure Downloads to understand why curl and the parameters --tlsv1.3 --proto =https are used instead of wget.

[1]

[2]

[3]

Install Kicksecure ™ inside Debian

Contents

Introduction[edit]

Prerequisites[edit]

Installation[edit]

Add the Kicksecure ™ Signing Key[edit]

Add the Kicksecure ™ Repository[edit]

Install the Kicksecure ™ Package[edit]

Footnotes[edit]

Navigation menu