"Document Installation and Setup of the New Security-focused Hardened Debian Linux Distribution" selected by Whonix for Season of Docs 2019

Hi everyone!

I’m 0brand,

My project proposal “Document Installation and Setup of the New Security-focused Hardened Debian Linux Distributionwas selected by Whonix for the Season of Docs 2019. The following represents the basic outline of the work I intend to complete between September 2, 2019 - November 29, 2019 which is the Season of Docs documentation development phase. Any feedback (critiques, constructive criticism, ideas etc) would be appreciated.

Project summary

Project length:

Standard length (3 months)

Project description

Hardened Debian is a new security-focused Linux distribution under active development by Whonix developers. This project documents the installation and setup of Hardened Debian inside Windows/VirtualBox from the ground up, with a focus on educating first time Linux users with the skills they need to stand on their own two feet when using a Linux distribution.
Project Goals

  1. Create Core Documentation

The beginning phase of this project will focus on the core documentation for Hardened Debian. This will be comprised of an Comprehensive Project Overview, Tutorials to install and set up Hardened Debian and post installation advice and tips.

  1. Create Learning Areas for New Linux Users

Teaching new Linux users is not about writing a few man pages and calling it an educational area. Many beginners are unaccustomed to interacting with command prompts and troubleshooting their own problems. These pages will focus on Cli skills, practical problem solving and troubleshooting best practices.

  1. Clearly Segregate Hardened Debian from Whonix (Anonymity OS) Documentation:

While Whonix.org will be home to both Whonix and Hardened Debian each OS has very different use cases which could lead to serious consequences if a user confused one for the other. For example, Whonix is well known for anonymity but a new user that is unfamiliar with Whonix might setup the Hardened Debian and presume they were surfing the Web anonymously. To prevent these types of mistakes, Hardened Debian documentation will be confined to an separate area of Whonix.org using a new book-like formatting style that is distinct from the Whonix OS documentation formatting style. Warnings will also be included in key areas such as the Hardened Debian download page to prevent users from making these mistakes.

  1. User Friendly Documentation

The installation and set up of a Linux distributions can be challenging even for experienced users. While an easy to use and intuitive UI can enhance the user experience, just as important is writing clear and easy to follow – User Friendly – documentation. Since the Hardened Debian user base ranges from beginners to advanced Linux users, care must be taken the documentation is not written based solely on the technical expertise and understanding of the technical writer. Instead Hardened Debian will be documented from the perspective of a Linux beginner that may have difficulty performing tasks experienced users find simple and easily completed.

  1. Re-name Hardened Debain OS

While this operating system is based on Hardened Debian, a new name must be found to avoid trademark infringement violations. To achieve this goal the Whonix community will be encouraged to submit catchy names from which the Whonix developers can choose. Although, still in brainstorming mode, my top two choice are ““Sentient Linux”” and ““Sentinel Linux””.

Project Timeline

The time-line for this project will be broken up into 7 mini-milestones which can be used to gauge progress and allow for adjustment to be made to ensure each section is completed on time. If difficulties arise at any point during Season of Docs, I will notify my mentor immediately so a plan of action can be formulated to solve the problem.

Sep 02 ( Start Season of Docs Project)

Hardened Debian Home Page

The home page with provide an overview of Hardened Debian detailing key points of the OS.

The initial documentation will consist of installation of Hardened Debian in Windows/VirtualBox. This will limit the initial scope the this chapter. However, community members will be encouraged to test Hardened Debian in Linux hosts as well as KVM hypervisor and document their finding.

Table Detailing Supported Host operating

Table detailing hardware requirements.

  • Minimum requirements
  • Recommended
  • For best performance

Content will consist of an overview detailing the developmental goals and uses of Hardened Debian followed by a table outlining the individual component.

Hardened Debian Goals.

  • Security focused Linux distribution
  • Free and open-source
  • User configurable
  • Hardened by default

Table of the components that make up Hardened Debian.

  • VirtualBox hypervisor
  • Windows
  • Hardened Debian based OS
  • Terminology (host, virtual machine, guest OS etc.)

Hardened Debian is configured with many advanced security features by default. This alleviates the need for users to fumble with often complicated configurations. All security enhancement will be detailed in a table with an brief explanation of benefits.

  • Haveged installed by default for better entropy.
  • Secure Distributed Network Time Synchronization (sdwdate) is used rather than insure NTP.
  • Deactivates previews in Dolphin, Nautilus.
  • Deactivates TCP timestamps and Netfilter’s connection tracking helper.
  • open-link-confirmation.
  • Apparmor enabled by default with profiles.
  • Security hardened Browser (Tor Browser without Tor)
  • Improved Linux kernel
  • Desktop environment; KDE (Available in Cli only).
  • Other …

Milestone Sep 15 (Complete System Requirements, Features and Advantages, Designs and Goals )


FAQ page will be used for answering questions that are commonly asked by community members. Content will be added as needed throughout the duration of the project.

Hardened Debian Installation

Download and installation of Hardened Debian will consist of the following.

  • Download table which houses the Hardened Debian image, OpenGPG signature, sha512 hash and developers GPG singing key.
  • Verify developers signing key and operating system image (tutorial).
  • Download and verification of VirtualBox hypervisor (tutorial).
  • Import Hardened Debian in VirtualBox (tutorial)
  • Start Hardened Debian

Milestone Sept 29 (Complete Download and Verify Debian Images, Debian Installation)

First Steps

Users may be unfamiliar with the steps needed to customize the desktop environment and allocate system resources. Quick configuration"" tips will be documented for each of the following.

  • Changing keyboard Layout
  • Allocating additional system resources (RAM)
  • Change screen resolution
  • Desktop shortcuts
  • Window style manager

Bugs / Issues

Bugs and issues found during testing of the OS and tutorials will be clearly documented along with workarounds and/or fixes. This page will also include issues that are common when running operating systems in hypervisors.

  • Low RAM issues
  • BIOS misconfiguration (Intel VT-d, AMD-V)
  • Connectivity issues

Milestone Oct 6 (Complete First steps, Hardened Debian Bugs)

Learning Areas, Man Pages

New users may be unfamiliar with Linux terminals/Cli. If the information they need is not easy to find or accessible they will end up opening a support request without even trying to find an solution. This section will document commonly used commands and practical command syntax. Each man will give a brief outline of the command, how to use it along with practical examples. It takes a while for users to remember the commands they have to use for different tasks. Through repetition users will remember command syntax over time.

  • Terminal/CLI
  • sudo
  • Text editors
  • Directory structure
  • File system navigation
  • File permissions
  • Man pages
  • Create files/directories
  • Miscellaneous (ls, cat, less)

Milestone Oct 22 (Complete Learning Area, man pages)

Practical Problem Solving

Capable/experienced Linux users have good problem solving skills that they acquire over time. When a problem arises they automatically start searching for a solution, and keep searching until they find an answer or all possible resources have been exhausted. When a new Linux user encounters a problem they automatically open a support request. Its vital that good practices are reinforced from the very beginning.

Problem solving template : Users are more likely to be successful when troubleshooting if they follow step by step instructions. This will focus on how to gather relevant information and how to use that information to find a solution to their problem. This will be similar.

  • Monitoring log files: Location of system logs (what each one is used for) and commands needed to narrow down the Cli output. (journalctl, dmesg etc…)

  • systemd: status, starting and stopping services.

  • Troubleshooting Common issues: Connection issues, broken software packages etc.

  • Bug and/or issues reporting guidelines.

Milestone Nov 05 (Complete Learning Area, Problem Solving)

Refactor Whonix Docs for Hardened Debian / Hardened Debian Quality Review

The remainder of Summer of Docs will be focused on refactoring Whonix documentation for Hardened Debian, and quality control.

Refactor Whonix Docs for use with Hardened Debian

  • Install Software Safely.
  • Operating System Updates.
  • Other… as time allows.

Milestone Nov 25 ( Complete Season of Docs Project)


1 Like

My idea for this.

SecOS=“Security-focused Hardened Debian based distribution” :slight_smile:

Create xxxs://www.whonix.org/wiki/Documentation/SecOS

This SecOS (TOC) page will contain links to SecOS documentation and will be similar in structure (book like formatting) to https://tails.boum.org/doc/index.en.html. All documentation will branch off from this page.

Warings will have to be added so users don’t confuse Whonix with SecOS.


1 Like

I am very slow and picky about name selection. Reasons:

A bad name can turn a lot of effort into nothingness. Like driving with the break on.

In case of Whonix, I never manage to simply spell it to fellow Germans. When I speak “Whonix” they understand “unix”. Something that doesn’t pass the phone transmission test will be limited in popularity. Transmission in English verbal language isn’t much better.

More important nowadays with search engines manipulation, shadow banning, and whatnot. Therefore I would like to follow all the best practices on naming.

SecOS: that’s cool in principle, but I don’t want to compete with existing projects already using that term over the nr. 1 search result. With “Whonix”, we have at least that. No ambiguity.

Also we don’t know where things are going. “SecBrowser” and/or “SecOS” might become popular projects. So I would like to choose project names which can at the same time be registered using first class domain names (".com" or at least “.org”) in case we gain contributors/funding/traction to move these to their own domain names.

1 Like

I’ll have to remove SecOS from the SecBrowser Welcome page. Its was temporary at the time since space was limited and its looked crappy to add a link to “Hardended Debian Security-focused Linux Distribution”. (bottom right) It wouldn’t fit on one line.


1 Like
1 Like

Maybe move Kicksecure to a more visible spot on Welcome page.

Kicksecure is catchy. Easy to remember. Whonix is based on Kicksecure adds weight to the OS.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]