reworked the linux / internet segmentation / hypervisor tutorials

opsec/hypervisorsetup/index.html

@@ -112,19 +112,19 @@ apt update ; apt full-upgrade ; apt install --no-install-recommends sudo adduser
 
 usermod -aG sudo nihilist
 
-nihilist@debian:~$ sudo apt update -y ; sudo apt full-upgrade -y 
+[user ~]%:~$ sudo apt update -y ; sudo apt full-upgrade -y 
 	
 </code></pre>
 <p>Next, we make sure that unattended upgrades are activated so that minor package updates are automatically carried out by the system.</p>
 <pre><code class="nim">
-nihilist@debian:~$ sudo apt install unattended-upgrades apt-listchanges -y
-nihilist@debian:~$ sudo dpkg-reconfigure -plow unattended-upgrades
+[user ~]%:~$ sudo apt install unattended-upgrades apt-listchanges -y
+[user ~]%:~$ sudo dpkg-reconfigure -plow unattended-upgrades
 	
 </code></pre>
 <img src="9.png" class="imgRz">
 <p>Next, we're going to trim out what we don't need from our Host OS. First and foremost, let's get rid of all the logs (both system and kernel logs) on the system. </p>
 <pre><code class="nim">
-nihilist@debian:~$ su -
+[user ~]%:~$ su -
 root@debian:~# crontab -e # run it as the root user!
 
 * * * * * echo "" > /var/log/*.log /var/log/*/*.log /var/log/*/*/*.log  ; dmesg -c ; dmesg -n 1 ; dmesg -c 
@@ -142,25 +142,25 @@ kernel.printk = 3 4 1 3
           <h2><b>Virtualisation setup</b></h2> </br> </br>
 <p>Next <b>we do not virtualize anything using closed-source software</b> like VMWare Workstation or else. <b>We use QEMU/KVM with virt-manager, which is an open source hypervisor</b>:</p>
 <pre><code class="nim">
-nihilist@debian:~# sudo apt install libvirt0 virt-manager dnsmasq bridge-utils
+[user ~]%:~# sudo apt install libvirt0 virt-manager dnsmasq bridge-utils
 
 sudo systemctl enable --now libvirtd
 
-nihilist@debian:~# sudo usermod -a -G libvirt nihilist
-nihilist@debian:~# sudo usermod -a -G kvm nihilist
+[user ~]%:~# sudo usermod -a -G libvirt user
+[user ~]%:~# sudo usermod -a -G kvm user
 
-nihilist@debian:~# sudo vim /etc/libvirt/libvirtd.conf 
-nihilist@debian:~# cat /etc/libvirt/libvirtd.conf  | grep sock_group
+[user ~]%:~# sudo vim /etc/libvirt/libvirtd.conf 
+[user ~]%:~# cat /etc/libvirt/libvirtd.conf  | grep sock_group
 unix_sock_group = "libvirt"
 unix_sock_rw_perms = "0770"
 
-nihilist@debian:~#  cat /etc/libvirt/qemu.conf
+[user ~]%:~#  cat /etc/libvirt/qemu.conf
 group = "libvirt"
-user = "nihilist"
+user = "user"
 
-nihilist@debian:~# systemctl restart libvirtd.service
+[user ~]%:~# systemctl restart libvirtd.service
 
-nihilist@debian:~# virt-manager
+[user ~]%:~# virt-manager
 	
 </code></pre>
 <p>Next just make sure that the NAT network is created, and that the ISOs and VMs folders are with the correct permissions:</p>
@@ -169,14 +169,14 @@ nihilist@debian:~# virt-manager
 <img src="50.png" class="imgRz">
 <p>That way, the adversary that can normally see what's going on in the network attached to the Windows VM can no longer see as it is being put in a different network altogether. </p>
 <pre><code class="nim">
-nihilist@debian:~$ mkdir ISOs
-nihilist@debian:~$ mkdir VMs
+[user ~]%:~$ mkdir ISOs
+[user ~]%:~$ mkdir VMs
 
-nihilist@debian:~$ sudo chmod 770 -R VMs  
-nihilist@debian:~$ sudo chmod 770 -R ISOs  
+[user ~]%:~$ sudo chmod 770 -R VMs  
+[user ~]%:~$ sudo chmod 770 -R ISOs  
 	
-nihilist@debian:~$ sudo chown nihilist:libvirt -R VMs
-nihilist@debian:~$ sudo chown nihilist:libvirt -R ISOs
+[user ~]%:~$ sudo chown nihilist:libvirt -R VMs
+[user ~]%:~$ sudo chown nihilist:libvirt -R ISOs
 </code></pre>
 
 <p>Then you can add the file directories in virt-manager like so:</p>
@@ -197,7 +197,7 @@ nihilist@debian:~$ sudo chown nihilist:libvirt -R ISOs
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
-          <h2><b>How to setup Vms for Public and Private use</b></h2> </br> </br>
+          <h2><b>How to setup the Public use VM</b></h2> </br> </br>
 <p>Next, Bob needs to use VMs for 2 basic needs: Public internet usage, and Private internet usage. He first needs to download the <a href="https://www.microsoft.com/en-us/software-download/windows10ISO">Windows ISO</a> file, and the <a href="https://www.debian.org/distrib/netinst">debian iso</a> file too:</p>
 <p>First he creates the windows VM like so:</p>
 <img src="23.png" class="imgRz">
@@ -215,17 +215,52 @@ nihilist@debian:~$ sudo chown nihilist:libvirt -R ISOs
 <img src="31.png" class="imgRz">
 <img src="32.png" class="imgRz">
 <img src="33.png" class="imgRz">
-<p>Then he creates the debian VM like so:</p>
-<img src="34.png" class="imgRz">
-<img src="35.png" class="imgRz">
-<p>Then in both VMs he installs the OS on the virtual disk:</p>
+<p>Then in the windows VM he installs the OS on the virtual disk:</p>
 <img src="36.png" class="imgRz">
 <img src="37.png" class="imgRz">
-<p>Then Bob can launch both VMs (make sure that the VM boots onto the disk instead of the iso in the boot settings):</p>
+<p>Then Bob can launch the windows VM (make sure that the VM boots onto the disk instead of the iso in the boot settings):</p>
 <img src="38.png" class="imgRz">
 <img src="39.png" class="imgRz">
-<p>Then Bob can use the windows VM for his public usage (such as KYC services, and closed-source software), and use the debian VM for his private usage (any personal matter, with only open source software)</p>
-<p>From inside the Debian VM, you can run the following from a terminal to be able to copy and paste from inside the VM out, and from outside the VM in:</p>
+<p>Then Bob can use the windows VM for his public usage (such as KYC services, and closed-source software). <b>Keep in mind that the windows VM is the place where the big eye of sauron can see what you are doing. NEVER do anything sensitive from this VM, because you will never have any privacy in it.</b></p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
+  <!-- +++++ Second Post +++++ -->
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>How to setup the Private use VM</b></h2> </br> </br>
+<p>To setup the Private use VM, we'll download the Kicksecure ISO just like we previously did in the host OS tutorial, except this time we'll directly attach it to a new VM:</p>
+<img src="100.png" class="imgRz">
+<img src="101.png" class="imgRz">
+<img src="102.png" class="imgRz">
+<img src="103.png" class="imgRz">
+<img src="104.png" class="imgRz">
+<img src="105.png" class="imgRz">
+<img src="106.png" class="imgRz">
+<p>From there you can repeat the steps that we took <a href="../linux/index.html">to install kicksecure on the host OS</a>, to install it:</p>
+
+<img src="../linux/23.png" class="imgRz">
+<img src="../linux/24.png" class="imgRz">
+<img src="../linux/25.png" class="imgRz">
+<img src="../linux/26.png" class="imgRz">
+<img src="../linux/28.png" class="imgRz">
+<p>Once here, we reboot the VM, and upon rebooting we unlock the encrypted system drive:</p>
+<img src="../linux/52.png" class="imgRz">
+<img src="../linux/53.png" class="imgRz">
+
+
+
+
+<p> And from here we have our private VM setup! <b>Warning: You only have privacy in this VM, as long as you do not install any closed-source software (ex: no discord, no google chrome, etc) in it!</b> Make sure that you ONLY install FOSS software in the private VM. <b>Any closed-source software you want to install needs to be installed in the Public VM instead.</b></p>
+<img src="107.png" class="imgRz">
+
+<!--<p>From inside the Kicksecure VM, you can run the following from a terminal to be able to copy and paste from inside the VM out, and from outside the VM in:</p>
 <pre><code class="nim">
 su -
 apt update -y
@@ -233,8 +268,8 @@ apt install spice-vdagent -y
 reboot now
 
 </pre></code>
-<p>Do not do the same for the windows VM, otherwise you'd be allowing the Windows VM to spy on what your clipboard contains, from outside the VM. Make sure it is kept isolated as it is by default here.</p>
-<p>Next, Bob can setup a  <a href="../vpn/index.html">VPN</a> by default into his debian VM to prevent his ISP from spying on what he is doing.</p>
+<p>Do not do the same for the windows VM, otherwise you'd be allowing the Windows VM to spy on what your clipboard contains, from outside the VM. Make sure it is kept isolated as it is by default here.</p>-->
+<p>Next, Bob can setup a  <a href="../vpn/index.html">VPN</a> by default into his kicksecure VM to prevent his ISP from spying on what he is doing.</p>
 
 
 				</div>

opsec/index.html

@@ -116,7 +116,7 @@
         </ol>
 <p>💻 Getting started</p>
 <ol>
-                <li><a href="http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/76">✅</a><a href="linux/index.html"> How to have Privacy on your Computer (Linux) ⭐</a><img src="logos/tr0.png" class="logo"><img src="logos/linux.png" class="logo"></li>
+                <li><a href="http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/76">✅</a><a href="linux/index.html"> How to have Privacy on your Computer (Kicksecure) ⭐</a><img src="logos/tr0.png" class="logo"><img src="logos/linux.png" class="logo"></li>
                 <li><a href="http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/78">✅</a><a href="graphene/index.html"> How to have Privacy on your Phone (GrapheneOS)</a><img src="logos/tr0.png" class="logo"><img src="logos/grapheneos.png" class="logo"></li>
                 <li><a href="http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/161">❌ How to have Privacy on your Router (Openwrt)</a><img src="logos/tr0.png" class="logo"><img src="logos/openwrt.png" class="logo"></li>
 				<li><a href="http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/61">🚧</a><a href="privatesimplex/index.html"> Easy Private Chats - SimpleX</a><img src="logos/tr0.png" class="logo"><img src="logos/simplex.png" class="logo"></li>

opsec/linux/index.html

@@ -63,7 +63,7 @@
   					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-06-16</ba></p>
 <h1>How to have Privacy on your Computer (Linux)  </h1>
 <img src="0.png" style="width:250px">
-<p>In this tutorial, we're going to look at the first and foremost thing anyone can do to remove surveillance from their digital lives, by installing a free and open source software (FOSS) host operating system: Linux, in this case we're going to setup the latest Debian.</p>
+<p>In this tutorial, we're going to look at the first and foremost thing anyone can do to remove surveillance from their digital lives, by installing a free and open source software (FOSS) host operating system: Linux, in this case we're going to setup the latest Kicksecure host OS, since it is a secure-by-default linux distribution.</p>
 <p><h2><u>OPSEC Recommendations:</u></h2></p>
 <ol>
     <li><p>Hardware : (Personal Computer / Laptop)</p></li>
@@ -105,33 +105,29 @@
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
-          <h2><b>How to create a Debian USB installer from Windows?</b></h2> </br> </br>
-<p>First Bob, goes on the web to find a Linux distribution he likes, that is Open Source:</p>
+          <h2><b>How to create a Linux USB installer from Windows?</b></h2> </br> </br>
+<p>First step is to go on the web to find a secure linux distribution such as Kicksecure:</p>
 <img src="3.png" class="imgRz">
-<p>He sees there are many options like Linux Mint, Ubuntu, etc</p>
 <img src="4.png" class="imgRz">
-<p>But he settles on <a href="https://www.debian.org/download">Debian</a>. <b>(Disclaimer: if you use closed-source hardware, like 99.9999999999% of people out there, you will invariably have to use non-free firmware too</b> <a href="https://www.debian.org/vote/2022/vote_003">[1]</a> <a href="https://forums.debian.net/viewtopic.php?t=158876">[2]</a> <a href="https://forums.debian.net/viewtopic.php?t=154837">[3])</a>. If you want a purely FOSS host OS, and you are willing to not have firmware for your CPU, GPU, Motherboard, Ethernet/wifi, check out the OSes recommended by the Free Software Foundation <a href="https://www.gnu.org/distros/free-distros.en.html">[4]</a> (but it will be at the expense of having your peripherals not working <a href="https://forums.puri.sm/t/non-free-firmware-for-pureos/20053">[5]</a>). <b>The status of Open source Hardware is not even competitive in this closed-source hardware domination of the market.</b>, hopefully this will change in the future, but for now that's how it is. <u>TLDR:</u> If you don't want to install proprietary firmware, check out <a href="https://pureos.net/download/">PureOS</a> instead of debian.</p>
+<p>So we're going to install <a href="https://www.kicksecure.com/wiki/download">Kicksecure</a>. <b>(Disclaimer: if you use closed-source hardware, like 99.9999999999% of people out there, you will invariably have to use non-free firmware too</b> <a href="https://www.kicksecure.org/vote/2022/vote_003">[1]</a> <a href="https://forums.kicksecure.net/viewtopic.php?t=158876">[2]</a> <a href="https://forums.debian.net/viewtopic.php?t=154837">[3])</a>. If you want a purely FOSS host OS, and you are willing to not have firmware for your CPU, GPU, Motherboard, Ethernet/wifi, check out the OSes recommended by the Free Software Foundation <a href="https://www.gnu.org/distros/free-distros.en.html">[4]</a> (but it will be at the expense of having your peripherals not working <a href="https://forums.puri.sm/t/non-free-firmware-for-pureos/20053">[5]</a>). <b>The status of Open source Hardware is not even competitive in this closed-source hardware domination of the market.</b>, hopefully this will change in the future, but for now that's how it is. <u>TLDR:</u> If you don't want to install proprietary firmware, check out <a href="https://pureos.net/download/">PureOS</a> instead of Kicksecure.</p>
 <img src="5.png" class="imgRz">
-<p>Now Bob has the Debian ISO image.</p>
+<p>Let it download and then we have the Kicksecure ISO image.</p>
 <img src="6.png" class="imgRz">
-<p>But now he needs to put that ISO image on a USB stick. To do so he can use <a href="https://rufus.ie/en/">Rufus</a> or <a href="https://etcher.balena.io/#download-etcher">Balena Etcher</a>:</p>
+<p>But now we need to put that ISO image on a USB stick. To do so we can use <a href="https://rufus.ie/en/">Rufus</a>:</p>
 <img src="7.png" class="imgRz">
 <img src="8.png" class="imgRz">
-<p>So Bob installs BalenaEtcher:</p>
+<p>next we install Rufus and plug in a usb stick in the computer <b>(Warning: the usb stick should be at least 2 GB big)</b>:</p>
 <img src="9.png" class="imgRz">
+<p>And once the kicksecure iso image finishes downloading, we use it from inside rufus by clicking the "select" button:</p>
 <img src="10.png" class="imgRz">
-<p>Once installed, he selects the ISO image in balenaetcher:</p>
+<p>And lastly we click "start" to </p>
 <img src="11.png" class="imgRz">
-<p>Then, Bob plugs in his USB stick in his computer, to be able to put the ISO image into it:</p>
+<img src="11.1.png" class="imgRz">
+<img src="11.2.png" class="imgRz">
 <img src="12.png" class="imgRz">
-<p>Then, Bob selects his USB stick from balenaetcher:</p>
+<p>Then we wait a few minutes, and now we have a USB stick with the latest Kicksecure OS on it:</p>
 <img src="13.png" class="imgRz">
-<p>Then he clicks "Flash", that way Balenaetecher will put the ISO image on the USB stick.</p>
-<img src="14.png" class="imgRz">
-<img src="15.png" class="imgRz">
-<p>Bob waits a few minutes, and now he has a USB stick with the latest Debian OS on it.</p>
-<img src="16.png" class="imgRz">
-<p>Bob will now be able <b> to use it to install Linux and replace Windows with it.</b></p>
+<p>And now we will be able <b> to use it to install Linux and replace Windows with it.</b></p>
 
 				</div>
 			</div><!-- /row -->
@@ -144,16 +140,16 @@
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
-          <h2><b>How to use the Debian USB stick to overwrite Windows ?</b></h2> </br> </br>
+          <h2><b>How to use the kicksecure USB stick to overwrite Windows ?</b></h2> </br> </br>
 <p>This is where it gets a bit technical for Bob. But here are the steps he needs to do:</p>
 <ol>
 	<li><p>He needs to plug his USB stick in his computer</p></li>
 	<li><p>He needs to restart his computer</p></li>
 	<li><p>As his computer restarts, <b>he needs to repeatedly press the F1 or F2 or DEL or F10 key in order to enter his computer's BIOS</b> (depending on which brand his computer is)</p></li>
-	<li><p>once he is in the BIOS, he then needs to boot on his USB stick that has the Debian image</p></li>
-	<li><p>Then once he boots on his USB stick, he can install debian on his computer</p></li>
+	<li><p>once he is in the BIOS, he then needs to boot on his USB stick that has the kicksecure image</p></li>
+	<li><p>Then once he boots on his USB stick, he can install kicksecure on his computer</p></li>
 </ol>
-<p>The key that Bob needs to press to enter his computer's BIOS depends on what brand his computer is (see <a href="https://www.tenorshare.com/faq/bios-settings-for-windows-boot.html">this blogpost</a> for examples).</p>
+<p>The key that we need to press to enter his computer's BIOS depends on what brand his computer is (see <a href="https://www.tenorshare.com/faq/bios-settings-for-windows-boot.html">this blogpost</a> for examples).</p>
 <p>Now Bob restarts his computer:</p>
 <img src="17.png" class="imgRz">
 <p>And now, as he has an ASUS motherboard, <b>he repeatedly presses the F2 key</b> to enter his computer's BIOS:</p>
@@ -165,52 +161,22 @@
 <img src="20.png" class="imgRz">
 <p>Boot device Selection > <b>his USB stick</b></p>
 <img src="21.png" class="imgRz">
-<p>Once he selects his USB Stick, Bob can now boot from it, and he is greeted by Debian's welcome screen:</p>
+<p>Once we selects his USB Stick, Bob can now boot from it, and he is greeted by kicksecure's welcome screen:</p>
 <img src="22.png" class="imgRz">
 <p>And from there, Bob installs linux as per his needs:</p>
 <img src="23.png" class="imgRz">
 <img src="24.png" class="imgRz">
 <img src="25.png" class="imgRz">
 <img src="26.png" class="imgRz">
-<img src="27.png" class="imgRz">
 <img src="28.png" class="imgRz">
-<img src="29.png" class="imgRz">
-<img src="30.png" class="imgRz">
-<img src="31.png" class="imgRz">
-<p>Here Bob decides that he wants to encrypt his whole harddrive too. That way, if someone were to steal his computer, without knowing his password, they would have no way to access Bob's local data. (but be warned that for sensitive use, one shouldn't need to encrypt the system drive at all (<a href="../livemode/index.html">more details</a>).</p>
-<img src="32.png" class="imgRz">
-<img src="33.png" class="imgRz">
-<img src="34.png" class="imgRz">
-<img src="35.png" class="imgRz">
-<img src="36.png" class="imgRz">
-<img src="37.png" class="imgRz">
-<img src="38.png" class="imgRz">
-<img src="39.png" class="imgRz">
-<img src="40.png" class="imgRz">
-<img src="41.png" class="imgRz">
-<img src="42.png" class="imgRz">
-<img src="43.png" class="imgRz">
-<img src="44.png" class="imgRz">
-<img src="45.png" class="imgRz">
-<img src="46.png" class="imgRz">
-<p>Here Bob can select his window manager. Gnome is the default option, but he chooses Cinnamon to keep the feel similar to how it was on windows.</p>
-<img src="47.png" class="imgRz">
-<img src="48.png" class="imgRz">
-<img src="49.png" class="imgRz">
-<img src="50.png" class="imgRz">
-<img src="51.png" class="imgRz">
-<p>And there, Bob finished the Debian installation, he can unplug his USB stick, and click Continue to reboot his computer:</p>
+<p>And there, we finished the kicksecure installation, we can unplug the USB stick, and click done to reboot the computer, into the newly installed kicksecure Host OS:</p>
 <img src="52.png" class="imgRz">
-<p>As he reboots his computer, he is greeted by the Debian boot screen, and he then types his password to unlock his harddrive encryption:</p>
+<p>As we reboot the computer, we're greeted by the kicksecure boot screen, and then we type the password to unlock the encrypted system drive:</p>
 <img src="53.png" class="imgRz">
-<img src="54.png" class="imgRz">
-<p>Then he logs in using the password he set earlier:</p>
-<img src="55.png" class="imgRz">
-<p>And now that Bob is logged in, he is greeted by the Cinnamon window manager, the feel of his OS remains similar to what he previously had on Windows, but now it's all open source! </p>
+<p>And now that we are logged, we're in our brand new kicksecure operating system, with the XFCE window manager, You now have a secure-by-default linux host OS, and now it's all open source! <b>This means that you no longer have windows's countless cameras spying on what you were doing. You now have privacy on your computer.</b></p>
 <img src="56.png" class="imgRz">
 <p>And that's it! Bob has managed to get privacy from Microsoft's constant surveillance by replacing Windows with a Linux distribution.</p>
 <img src="2.png" class="imgRz">
-<p>From there, Bob can update his linux distribution and install new packages, following this tutorial <a href="../linuxprograms/index.html">here</a>. </p>
 
 				</div>
 			</div><!-- /row -->