Hi everyone!
I’m 0brand,
My project proposal “_Document Installation and Setup of the New Security-focused Hardened Debian Linux Distribution” was selected by Whonix for the Season of Docs 2019. The following represents the basic outline of the work I intend to complete between September 2, 2019 - November 29, 2019 which is the Season of Docs documentation development phase. Any feedback (critiques, constructive criticism, ideas etc) would be appreciated.
Project summary
Project length:
Standard length (3 months)
Project description
Kicksecure is a new security-focused Linux distribution under active development by Whonix developers. This project documents the installation and setup of Kicksecure inside Windows/VirtualBox from the ground up, with a focus on educating first time Linux users with the skills they need to stand on their own two feet when using a Linux distribution.
Project Goals
- Create Core Documentation
The beginning phase of this project will focus on the core documentation for Kicksecure. This will be comprised of an Comprehensive Project Overview, Tutorials to install and set up Kicksecure and post installation advice and tips.
- Create Learning Areas for New Linux Users
Teaching new Linux users is not about writing a few man pages and calling it an educational area. Many beginners are unaccustomed to interacting with command prompts and troubleshooting their own problems. These pages will focus on Cli skills, practical problem solving and troubleshooting best practices.
- Clearly Segregate Kicksecure from Whonix (Anonymity OS) Documentation:
While Whonix.org will be home to both Whonix and Kicksecure each OS has very different use cases which could lead to serious consequences if a user confused one for the other. For example, Whonix is well known for anonymity but a new user that is unfamiliar with Whonix might setup the Kicksecure and presume they were surfing the Web anonymously. To prevent these types of mistakes, Kicksecure documentation will be confined to an separate area of Whonix.org using a new book-like formatting style that is distinct from the Whonix OS documentation formatting style. Warnings will also be included in key areas such as the Kicksecure download page to prevent users from making these mistakes.
- User Friendly Documentation
The installation and set up of a Linux distributions can be challenging even for experienced users. While an easy to use and intuitive UI can enhance the user experience, just as important is writing clear and easy to follow – User Friendly – documentation. Since the Kicksecure user base ranges from beginners to advanced Linux users, care must be taken the documentation is not written based solely on the technical expertise and understanding of the technical writer. Instead Kicksecure will be documented from the perspective of a Linux beginner that may have difficulty performing tasks experienced users find simple and easily completed.
- Re-name Kicksecure OS
While this operating system is based on Kicksecure, a new name must be found to avoid trademark infringement violations. To achieve this goal the Whonix community will be encouraged to submit catchy names from which the Whonix developers can choose. Although, still in brainstorming mode, my top two choice are ““Sentient Linux”” and ““Sentinel Linux””.
Project Timeline
The time-line for this project will be broken up into 7 mini-milestones which can be used to gauge progress and allow for adjustment to be made to ensure each section is completed on time. If difficulties arise at any point during Season of Docs, I will notify my mentor immediately so a plan of action can be formulated to solve the problem.
Sep 02 ( Start Season of Docs Project)
Kicksecure Home Page
The home page with provide an overview of Kicksecure detailing key points of the OS.
The initial documentation will consist of installation of Kicksecure in Windows/VirtualBox. This will limit the initial scope the this chapter. However, community members will be encouraged to test Kicksecure in Linux hosts as well as KVM hypervisor and document their finding.
Table Detailing Supported Host operating
Table detailing hardware requirements.
- Minimum requirements
- Recommended
- For best performance
Content will consist of an overview detailing the developmental goals and uses of Kicksecure followed by a table outlining the individual component.
Kicksecure Goals.
- Security focused Linux distribution
- Free and open-source
- User configurable
- Hardened by default
Table of the components that make up Kicksecure.
- VirtualBox hypervisor
- Windows
- Kicksecure based OS
- Terminology (host, virtual machine, guest OS etc.)
Kicksecure is configured with many advanced security features by default. This alleviates the need for users to fumble with often complicated configurations. All security enhancement will be detailed in a table with an brief explanation of benefits.
- Haveged installed by default for better entropy.
- Secure Distributed Network Time Synchronization (sdwdate) is used rather than insure NTP.
- Deactivates previews in Dolphin, Nautilus.
- Deactivates TCP timestamps and Netfilter’s connection tracking helper.
- open-link-confirmation.
- Apparmor enabled by default with profiles.
- Security hardened Browser (Tor Browser without Tor)
- Improved Linux kernel
- Desktop environment; KDE (Available in Cli only).
- Other …
Milestone Sep 15 (Complete System Requirements, Features and Advantages, Designs and Goals )
FAQ
FAQ page will be used for answering questions that are commonly asked by community members. Content will be added as needed throughout the duration of the project.
Kicksecure Installation
Download and installation of Kicksecure will consist of the following.
- Download table which houses the Kicksecure image, OpenGPG signature, sha512 hash and developers GPG singing key.
- Verify developers signing key and operating system image (tutorial).
- Download and verification of VirtualBox hypervisor (tutorial).
- Import Kicksecure in VirtualBox (tutorial)
- Start Kicksecure
Milestone Sept 29 (Complete Download and Verify Debian Images, Debian Installation)
First Steps
Users may be unfamiliar with the steps needed to customize the desktop environment and allocate system resources. Quick configuration"" tips will be documented for each of the following.
- Changing keyboard Layout
- Allocating additional system resources (RAM)
- Change screen resolution
- Desktop shortcuts
- Window style manager
Bugs / Issues
Bugs and issues found during testing of the OS and tutorials will be clearly documented along with workarounds and/or fixes. This page will also include issues that are common when running operating systems in hypervisors.
- Low RAM issues
- BIOS misconfiguration (Intel VT-d, AMD-V)
- Connectivity issues
Milestone Oct 6 (Complete First steps, Kicksecure Bugs)
Learning Areas, Man Pages
New users may be unfamiliar with Linux terminals/Cli. If the information they need is not easy to find or accessible they will end up opening a support request without even trying to find an solution. This section will document commonly used commands and practical command syntax. Each man will give a brief outline of the command, how to use it along with practical examples. It takes a while for users to remember the commands they have to use for different tasks. Through repetition users will remember command syntax over time.
- Terminal/CLI
- sudo
- Text editors
- Directory structure
- File system navigation
- File permissions
- Man pages
- Create files/directories
- Miscellaneous (ls, cat, less)
Milestone Oct 22 (Complete Learning Area, man pages)
Practical Problem Solving
Capable/experienced Linux users have good problem solving skills that they acquire over time. When a problem arises they automatically start searching for a solution, and keep searching until they find an answer or all possible resources have been exhausted. When a new Linux user encounters a problem they automatically open a support request. Its vital that good practices are reinforced from the very beginning.
Problem solving template : Users are more likely to be successful when troubleshooting if they follow step by step instructions. This will focus on how to gather relevant information and how to use that information to find a solution to their problem. This will be similar.
-
Monitoring log files: Location of system logs (what each one is used for) and commands needed to narrow down the Cli output. (journalctl, dmesg etc…)
-
systemd: status, starting and stopping services.
-
Troubleshooting Common issues: Connection issues, broken software packages etc.
-
Bug and/or issues reporting guidelines.
Milestone Nov 05 (Complete Learning Area, Problem Solving)
Refactor Whonix Docs for Kicksecure / Kicksecure Quality Review
The remainder of Summer of Docs will be focused on refactoring Whonix documentation for Kicksecure, and quality control.
Refactor Whonix Docs for use with Kicksecure
- Install Software Safely.
- Operating System Updates.
- Other… as time allows.
Milestone Nov 25 ( Complete Season of Docs Project)
Related:
- https://www.whonix.org/wiki/Design/Google_Season_of_Docs_2019
- http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/hardened-debian-security-focused-linux-distribution-based-on-debian-in-development-feedback-wanted/5943
- http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/document-hardened-debian-setup/7078
Edit by Patrick:
-
Hardened Debian→Kicksecure
