diff --git a/opsec/hypervisorsetup/10_dev_list_over_onion.png b/opsec/hypervisorsetup/10_dev_list_over_onion.png new file mode 100644 index 0000000..e97a685 Binary files /dev/null and b/opsec/hypervisorsetup/10_dev_list_over_onion.png differ diff --git a/opsec/hypervisorsetup/index.html b/opsec/hypervisorsetup/index.html index bb566a6..166526e 100644 --- a/opsec/hypervisorsetup/index.html +++ b/opsec/hypervisorsetup/index.html @@ -239,6 +239,73 @@ reboot now +
+
+
+
+

How to harden your private VM by distro-morphing it into Kicksecure



+

What is Kicksecure? Kicksecure is a free and open-source Linux distribution designed to provide a highly secure computing environment. It is built on a hardened version of Debian, implementing a defense-in-depth security model that protects against various types of malware and attacks.

+

Reasons to use Kicksecure

+
    +
  • Enhanced Security Features:
    • +

    Kicksecure is designed with a strong focus on security, incorporating various hardening techniques such as kernel hardening, user account isolation, and application-specific restrictions.

    +
  • Privacy Protection:
    • +

    All updates and software installations are routed through the Tor network, ensuring that user identities and IP addresses remain anonymous.

    +
  • Lower Attack Surface:
    • +

    Kicksecure minimizes potential vulnerabilities by not having open server ports or unnecessary services running by default.

    +
  • User -Friendly Experience:
    • +

    The operating system is designed to be accessible, with many applications pre-installed and configured for immediate use.

    +
  • Compatibility with Virtualization:
    • +

    Kicksecure supports various virtualization options, allowing users to run it in a virtual machine.

    +
  • Free and Open Source:
    • +

    As an open-source project, Kicksecure allows users to review, modify, and redistribute the source code.

    +
+

+ Kicksecure is important in many scenarios. It is ideal for individuals handling sensitive data, such as personal or financial information, as its robust security features protect against data breaches and unauthorized access. Journalists, activists, and whistleblowers can maintain anonymity while communicating, safeguarding their identities from surveillance. Users accessing public Wi-Fi can rely on Kicksecure for secure browsing, reducing the risk of data interception. Running Kicksecure in a virtual machine helps contain potential malware threats, protecting the primary operating system. Additionally, developers and researchers can create a secure environment for security tools and cybersecurity research. Kicksecure also serves as an educational resource, offering documentation and community support for users looking to enhance their security knowledge. Its hardened configuration defends against brute force attacks, making it suitable for securing sensitive accounts. Overall, Kicksecure is essential for anyone prioritizing security, privacy, and anonymity in their digital activities.

+

Now let's setup Kicksecure. First,we need to create a new group called console. Then add the your user to the console group

+ + 
sudo addgroup --system console
+ + 
sudo adduser "your_username" console
+

After that,we need to install console related packages.

+ 
 sudo apt install console-data console-common kbd keyboard-configuration
+ +

Now, we will install extrepo to get the kicksecure APT repository. We will also enable the repository

+ 
  sudo apt install extrepo
+ 
  sudo extrepo enable kicksecure
+ +

Next step is to download the kicksecure packages. Note that this will install a desktop environment(Xfce) and other applications

+ 
sudo apt install kicksecure-xfce-host
+ +

Finally, we need to enable the Kicksecure APT derivative.list in /etc/apt/sources.list.d/derivative.list

+ 
sudo repository-dist --enable --repository onion
+

This command will generate derivative.list file.

+ +

Disable the extrepo kicksecure APT repository. This is to avoid a duplicate Kicksecure repository.

+ 
 sudo extrepo disable kicksecure
+ +

That's it! A quick reboot will apply all the new settings and configurations.

+

Changes after reboot

+

New GNU GRUB menu

+ +

sdwdate synchronizes the system clock with time servers over the Tor network.

+ +

System Integrity Checks

+ +

System updates over Tor

+ + + + + + +
+
+
+
@@ -271,7 +338,7 @@ reboot now - + diff --git a/opsec/hypervisorsetup/new_grub.png b/opsec/hypervisorsetup/new_grub.png new file mode 100644 index 0000000..1654f0b Binary files /dev/null and b/opsec/hypervisorsetup/new_grub.png differ diff --git a/opsec/hypervisorsetup/sdwdate.png b/opsec/hypervisorsetup/sdwdate.png new file mode 100644 index 0000000..28464af Binary files /dev/null and b/opsec/hypervisorsetup/sdwdate.png differ diff --git a/opsec/hypervisorsetup/sys_inter.png b/opsec/hypervisorsetup/sys_inter.png new file mode 100644 index 0000000..ca061f5 Binary files /dev/null and b/opsec/hypervisorsetup/sys_inter.png differ diff --git a/opsec/hypervisorsetup/tor.png b/opsec/hypervisorsetup/tor.png new file mode 100755 index 0000000..e150253 Binary files /dev/null and b/opsec/hypervisorsetup/tor.png differ