Kicksecure for KVM with Xfce
About this KVM Page Contributor maintained wiki page. | |
---|---|
Support Status | stable |
Difficulty | medium |
Contributor | HulaHoop |
Support | Community support only! |
This is the KVM flavor of the Kicksecure project - a hardened and security centric version of Debian optimized for virtualized environments and clearnet usage.
Introduction[edit]
Much of the warnings and use case instructions from the Kicksecure edition, such as running the OS headlessly or using shared folders, are applicable.
For more details about Kicksecure, check Kicksecure pages.
Support tickets should be forwarded to the KVM subforum.
Build from Scratch[edit]
Advanced users are encouraged to build Kicksecure images for high security assurance.
Download Kicksecure[edit]
GUI
- Kicksecure with Xfce graphical user interface (GUI).
- This version of Kicksecure is designed to run inside KVM.
Optional: Digital signature verification.
Version: 17.2.8.0
- Digital signatures are a tool enhancing download security. They are commonly used across the internet and nothing special to worry about.
- Optional, not required: Digital signatures are optional and not mandatory for using Kicksecure, but an extra security measure for advanced users. If you've never used them before, it might be overwhelming to look into them at this stage. Just ignore them for now.
- Learn more: Curious? If you are interested in becoming more familiar with advanced computer security concepts, you can learn more about digital signatures here digital software signatures.
CLI
- Kicksecure with command line interface (CLI).
- This version of Kicksecure is designed to run inside KVM.
- Kicksecure with CLI is a version suited for advanced users -- those who want Kicksecure without a graphical user interface (GUI).
Optional: Digital signature verification.
Version: 17.2.8.0
- Digital signatures are a tool enhancing download security. They are commonly used across the internet and nothing special to worry about.
- Optional, not required: Digital signatures are optional and not mandatory for using Kicksecure, but an extra security measure for advanced users. If you've never used them before, it might be overwhelming to look into them at this stage. Just ignore them for now.
- Learn more: Curious? If you are interested in becoming more familiar with advanced computer security concepts, you can learn more about digital signatures here digital software signatures.
Decompress[edit]
Use tar to decompress the archive.
tar -xvf Kicksecure*.libvirt.xz
Do not use unxz! Extract the images using tar.
Importing Kicksecure VM Template[edit]
The supplied XML files serve as a description for libvirt and define the properties of a Kicksecure VM and the networking it should have.
1. Kicksecure works with the network named default out of the box.
2. Import the Kicksecure image.
virsh -c qemu:///system define Kicksecure*.xml
Moving the Kicksecure Image File[edit]
The XML files are configured to point to the default storage location of /var/lib/libvirt/images
. The following steps move the images there so the machines can boot.
Note: Changing the default location may cause conflicts with SELinux, which will prevent the machines from booting.
It is recommended to move the image file instead of copying it.
sudo mv Kicksecure*.qcow2 /var/lib/libvirt/images/Kicksecure.qcow2
Footnotes[edit]
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!