[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

"Document Installation and Setup of the New Security-focused Hardened Debian Linux Distribution" selected by Whonix for Season of Docs 2019

Hi everyone!

I’m 0brand,

My project proposal “_Document Installation and Setup of the New Security-focused Hardened Debian Linux Distribution” was selected by Whonix for the Season of Docs 2019. The following represents the basic outline of the work I intend to complete between September 2, 2019 - November 29, 2019 which is the Season of Docs documentation development phase. Any feedback (critiques, constructive criticism, ideas etc) would be appreciated.

Project summary

Project length:

Standard length (3 months)

Project description

Kicksecure is a new security-focused Linux distribution under active development by Whonix developers. This project documents the installation and setup of Kicksecure inside Windows/VirtualBox from the ground up, with a focus on educating first time Linux users with the skills they need to stand on their own two feet when using a Linux distribution.

Project Goals

  1. Create Core Documentation

The beginning phase of this project will focus on the core documentation for Kicksecure. This will be comprised of an Comprehensive Project Overview, Tutorials to install and set up Kicksecure and post installation advice and tips.

  1. Create Learning Areas for New Linux Users

Teaching new Linux users is not about writing a few man pages and calling it an educational area. Many beginners are unaccustomed to interacting with command prompts and troubleshooting their own problems. These pages will focus on Cli skills, practical problem solving and troubleshooting best practices.

  1. Clearly Segregate Kicksecure from Whonix (Anonymity OS) Documentation:

While Whonix.org will be home to both Whonix and Kicksecure each OS has very different use cases which could lead to serious consequences if a user confused one for the other. For example, Whonix is well known for anonymity but a new user that is unfamiliar with Whonix might setup the Kicksecure and presume they were surfing the Web anonymously. To prevent these types of mistakes, Kicksecure documentation will be confined to an separate area of Whonix.org using a new book-like formatting style that is distinct from the Whonix OS documentation formatting style. Warnings will also be included in key areas such as the Kicksecure download page to prevent users from making these mistakes.

  1. User Friendly Documentation

The installation and set up of a Linux distributions can be challenging even for experienced users. While an easy to use and intuitive UI can enhance the user experience, just as important is writing clear and easy to follow – User Friendly – documentation. Since the Kicksecure user base ranges from beginners to advanced Linux users, care must be taken the documentation is not written based solely on the technical expertise and understanding of the technical writer. Instead Kicksecure will be documented from the perspective of a Linux beginner that may have difficulty performing tasks experienced users find simple and easily completed.

  1. Re-name Kicksecure OS

While this operating system is based on Kicksecure, a new name must be found to avoid trademark infringement violations. To achieve this goal the Whonix community will be encouraged to submit catchy names from which the Whonix developers can choose. Although, still in brainstorming mode, my top two choice are ““Sentient Linux”” and ““Sentinel Linux””.

Project Timeline

The time-line for this project will be broken up into 7 mini-milestones which can be used to gauge progress and allow for adjustment to be made to ensure each section is completed on time. If difficulties arise at any point during Season of Docs, I will notify my mentor immediately so a plan of action can be formulated to solve the problem.

Sep 02 ( Start Season of Docs Project)

Kicksecure Home Page

The home page with provide an overview of Kicksecure detailing key points of the OS.

The initial documentation will consist of installation of Kicksecure in Windows/VirtualBox. This will limit the initial scope the this chapter. However, community members will be encouraged to test Kicksecure in Linux hosts as well as KVM hypervisor and document their finding.

Table Detailing Supported Host operating

Table detailing hardware requirements.

  • Minimum requirements
  • Recommended
  • For best performance

Content will consist of an overview detailing the developmental goals and uses of Kicksecure followed by a table outlining the individual component.

Kicksecure Goals.

  • Security focused Linux distribution
  • Free and open-source
  • User configurable
  • Hardened by default

Table of the components that make up Kicksecure.

  • VirtualBox hypervisor
  • Windows
  • Kicksecure based OS
  • Terminology (host, virtual machine, guest OS etc.)

Kicksecure is configured with many advanced security features by default. This alleviates the need for users to fumble with often complicated configurations. All security enhancement will be detailed in a table with an brief explanation of benefits.

  • Haveged installed by default for better entropy.
  • Secure Distributed Network Time Synchronization (sdwdate) is used rather than insure NTP.
  • Deactivates previews in Dolphin, Nautilus.
  • Deactivates TCP timestamps and Netfilter’s connection tracking helper.
  • open-link-confirmation.
  • Apparmor enabled by default with profiles.
  • Security hardened Browser (Tor Browser without Tor)
  • Improved Linux kernel
  • Desktop environment; KDE (Available in Cli only).
  • Other …

Milestone Sep 15 (Complete System Requirements, Features and Advantages, Designs and Goals )

FAQ

FAQ page will be used for answering questions that are commonly asked by community members. Content will be added as needed throughout the duration of the project.

Kicksecure Installation

Download and installation of Kicksecure will consist of the following.

  • Download table which houses the Kicksecure image, OpenGPG signature, sha512 hash and developers GPG singing key.
  • Verify developers signing key and operating system image (tutorial).
  • Download and verification of VirtualBox hypervisor (tutorial).
  • Import Kicksecure in VirtualBox (tutorial)
  • Start Kicksecure

Milestone Sept 29 (Complete Download and Verify Debian Images, Debian Installation)

First Steps

Users may be unfamiliar with the steps needed to customize the desktop environment and allocate system resources. Quick configuration"" tips will be documented for each of the following.

  • Changing keyboard Layout
  • Allocating additional system resources (RAM)
  • Change screen resolution
  • Desktop shortcuts
  • Window style manager

Bugs / Issues

Bugs and issues found during testing of the OS and tutorials will be clearly documented along with workarounds and/or fixes. This page will also include issues that are common when running operating systems in hypervisors.

  • Low RAM issues
  • BIOS misconfiguration (Intel VT-d, AMD-V)
  • Connectivity issues

Milestone Oct 6 (Complete First steps, Kicksecure Bugs)

Learning Areas, Man Pages

New users may be unfamiliar with Linux terminals/Cli. If the information they need is not easy to find or accessible they will end up opening a support request without even trying to find an solution. This section will document commonly used commands and practical command syntax. Each man will give a brief outline of the command, how to use it along with practical examples. It takes a while for users to remember the commands they have to use for different tasks. Through repetition users will remember command syntax over time.

  • Terminal/CLI
  • sudo
  • Text editors
  • Directory structure
  • File system navigation
  • File permissions
  • Man pages
  • Create files/directories
  • Miscellaneous (ls, cat, less)

Milestone Oct 22 (Complete Learning Area, man pages)

Practical Problem Solving

Capable/experienced Linux users have good problem solving skills that they acquire over time. When a problem arises they automatically start searching for a solution, and keep searching until they find an answer or all possible resources have been exhausted. When a new Linux user encounters a problem they automatically open a support request. Its vital that good practices are reinforced from the very beginning.

Problem solving template : Users are more likely to be successful when troubleshooting if they follow step by step instructions. This will focus on how to gather relevant information and how to use that information to find a solution to their problem. This will be similar.

  • Monitoring log files: Location of system logs (what each one is used for) and commands needed to narrow down the Cli output. (journalctl, dmesg etc…)

  • systemd: status, starting and stopping services.

  • Troubleshooting Common issues: Connection issues, broken software packages etc.

  • Bug and/or issues reporting guidelines.

Milestone Nov 05 (Complete Learning Area, Problem Solving)

Refactor Whonix Docs for Kicksecure / Kicksecure Quality Review

The remainder of Summer of Docs will be focused on refactoring Whonix documentation for Kicksecure, and quality control.

Refactor Whonix Docs for use with Kicksecure

  • Install Software Safely.
  • Operating System Updates.
  • Other… as time allows.

Milestone Nov 25 ( Complete Season of Docs Project)

Related:

Edit by Patrick:

  • Hardened Debian -> Kicksecure
1 Like

My idea for this.

SecOS=“Security-focused Hardened Debian based distribution” :slight_smile:

Create xxxs://www.whonix.org/wiki/Documentation/SecOS

This SecOS (TOC) page will contain links to SecOS documentation and will be similar in structure (book like formatting) to https://tails.boum.org/doc/index.en.html. All documentation will branch off from this page.

Warings will have to be added so users don’t confuse Whonix with SecOS.

.

1 Like

I am very slow and picky about name selection. Reasons:

A bad name can turn a lot of effort into nothingness. Like driving with the break on.

In case of Whonix, I never manage to simply spell it to fellow Germans. When I speak “Whonix” they understand “unix”. Something that doesn’t pass the phone transmission test will be limited in popularity. Transmission in English verbal language isn’t much better.

More important nowadays with search engines manipulation, shadow banning, and whatnot. Therefore I would like to follow all the best practices on naming.

SecOS: that’s cool in principle, but I don’t want to compete with existing projects already using that term over the nr. 1 search result. With “Whonix”, we have at least that. No ambiguity.

Also we don’t know where things are going. “SecBrowser” and/or “SecOS” might become popular projects. So I would like to choose project names which can at the same time be registered using first class domain names (".com" or at least “.org”) in case we gain contributors/funding/traction to move these to their own domain names.

1 Like

I’ll have to remove SecOS from the SecBrowser Welcome page. Its was temporary at the time since space was limited and its looked crappy to add a link to “Hardended Debian Security-focused Linux Distribution”. (bottom right) It wouldn’t fit on one line.

http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/secbrowser-welcome-page/7635/8

1 Like
1 Like

Maybe move Kicksecure to a more visible spot on Welcome page.

Kicksecure is catchy. Easy to remember. Whonix is based on Kicksecure adds weight to the OS.

1 Like

Kicksecure landing page

Kicksecure will need a landing page completed before a call for testers can be made (ideally) If its ok with my mentor I see no reason this couldn’t be added to my GSoD project.


Kicksecure Home page

The Tails Home page is very basic and structured very well. I would like to go for something somewhat similar. Also, could we change to color of the link text? Tails uses green. (maybe even change the header color to?) This would help differentiate the Whonix docs from Kicksecure. Not sure how to do this just yet but I would think its not to difficult. If agreeable any preferences?

Kicksecure “About” page

Note: The “about page” is not mentioned in my project idea but the information that will be added to this page is mentioned in my project proposal. Even if it wasn’t, the project can be modified at mine and my mentors discretion.

The About Kicksecure page can give a brief overview and will be used for a spring board for the main pages that we think users should read before getting started. Also similar to Tails About page.

Note: I use the term “similar” because the Kicksure will use a book like documentation formating style.

Can we please stay organized

I expect this thread to get very long over time. Its going to be difficult to keep track of all suggestions / ideas from the community. I if you would like something added to the documention could anyone please add to the designated both here (this thread) and the Kicksecure documentation issue tracker https://phabricator.whonix.org/T900 . If anyone that needs an phabricator account please sign up and your account can be approved as per this thread:

https://forums.whonix/t/phabricator-account-sign-ups-now-needs-manual-confirmation/4668/16


More to come…

1 Like

Sounds all good!

https://www.mediawiki.org/wiki/Topic:Qol72c5t0jsf4rs0

If you’re not an admin (and can’t edit common.css) you can also do things like

[[foo|<span style="color:green">foo</span>]] to give you foo.

Tested:

[[internal_link_foo|<span style="color:green">some text foo</span>]]

Creates: (green link) “some text foo”

OR

[external-link-foo<span style="color:green">some text foo</span>]

Creates: (green link) “some text foo”

1 Like

Btw if you like, you could get access to edit common.css too.

In that case, let me know. Might have to add you interface administrator to be able to edit that page.

Security precautions against bricking the wiki:

https://www.whonix.org/wiki/Dev/CSS

Let me know if that makes sense.

Also an option. We likely could use wiki templates for that. Let me know if you like help with that.

Yes please. That would be very helpful.

Very well understood. :slight_smile:

That would be great. We could use a template or maybe change make changes per page. Not sure if we want to change the theme per page though (a little to extreme) , we just want little tweaks.

https://www.mediawiki.org/wiki/Extension:Theme

The Theme extension allows loading of themes (preset CSS to change the appearance of a skin). Users can determine their preferred theme by configuring this in their preferences. The $wgDefaultTheme variable can be used to control what theme is being used site-wide, and the usetheme=X parameter is accepted on a request to change the theme on a per-pageload basis.

1 Like

Will see about the wiki templates in a day or so.

Done. Added interface administrator and widget editor while at it (equally sensitive).

I would go with what you like to work on.

If you like to have https://www.mediawiki.org/wiki/Extension:Theme - that looks easy - can install. Just let me know.

1 Like

Thanks

Was looking at https://www.whonix.org/wiki/Dev/About_Infrastructure#backend . This would be a good opportunity to test out some new themes and/or skins for the wiki. Could we please try installing https://www.mediawiki.org/wiki/Extension:Theme

1 Like

Will work on it. While I am at it…

Extension:Theme allows to change the mediawiki skin.

So at the same time, we need to install another skin(s). Here is a link to a post where I post links to other mediawiki skins:

There might be other skins too to be found on search engines too. Needs to be Freedom Software.

Skins we have currently installed are listed here:
https://www.whonix.org/wiki/Special:Version

Having a different skin per page may provide sufficient visual difference for Whonix vs Kicksecure.

Extension:Theme however does not look like an extension that provides multiple MediaWiki:Common.css. Customization may or may not be limited and/or difficult.

Is that what you suggest?

Patrick via Whonix Forum:

Will work on it. While I am at it…

Extension:Theme allows to change the mediawiki skin.

So at the same time, we need to install another skin(s). Here is a link to a post where I post links to other mediawiki skins:

mediawiki skins

Thanks.

There might be other skins too to be found on search engines too. Needs to be Freedom Software.

I’ve been looking at all the different skins available. It seems hard to
tell if they would work (look good) on whonix.org just by seeing a few
pics. From what I’ve seen lighter colors would look best. Not many
people would go like the darker (black, brown) colors.

Color scheme will be important to choose. Anyone have any colors that
they would prefer? Or any websites that would be good examples?

Skins we have currently installed are listed here:
https://www.whonix.org/wiki/Special:Version

Having a different skin per page may provide sufficient visual difference for Whonix vs Kicksecure.

I agree. Plus it might take to much time to customize the the page
manually.

Extension:Theme however does not look like an extension that provides multiple MediaWiki:Common.css. Customization may or may not be limited and/or difficult.

Is that what you suggest?

Lets go with Extension:Theme. (no customization) Better to go use work
thats already been completed for use. Looks like a lot of time when into
making many of those skins “just” right.

1 Like

From this point on marks the start of Work performed for Google Season of Docs 2019.

I’m planning on working closely with the Kicksecure developers for documentaion develepment. I’d greatly value any feedback.

//cc @Patrick
//cc @HulaHoop
//cc @madaidan

4 Likes

There are two additions to my project that I believe require separate threads to make it easier to follow issues.

2 Likes

Awesome. Ping me for feedback on any specific pages you are working on.

1 Like

I’m trying to use smaller bit size paragraphs for the about page and introduction similar to https://tails.boum.org/about/index.en.html

For example:

Kicksecure is an security focused (non-anonymous) Linux distrition that aims to provide an advance and highly secure computing environment in its default configuration. Numersous enhancements have been pre-built into the the codbase which provides defenese in depth while maintaining usabililty.

Kicksecure is an complete desktop operating system which is designed to be run ontop of your operating system using a hypervisor. This configuration further hardens the OS while also allowing cross-platform compatibilty with popular operating systems.

1 Like

Writing the Kicksecure About page: Why use kicksecure over say; hardened debian or any other OS. What features do we what to focus on. Obviously we want to mention debian, We don’t want to overload the reader with to much info. Similar in structure to https://tails.boum.org/about/index.en.html

Note: I find pages such as https://whonix.org/wiki/Main_Page very well writen and very informative but it seems like to much information. Almost like we are trying to “sell” Whonix a little to hard to beginners who will likely have no idea what much of that language means.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]