Install Kicksecure ™ inside Debian

Most of the tutorial is self-explanatory.
There is an installed OS Debian Buster x64, DE - Gnome
Can I install Kicksecure XFCE?
What will be the result?
Will my system become Kicksecure XFCE? Where will DE - Gnome go? What will happen to the installed applications?
Or is there another way to do it from a simple Debian Buster -> Kicksecure XFCE or Gnome?

yes follow the instructions on the wiki

A hardened virtual version of Debian

No. The Kicksecure host OS is still being developed and isn’t available for a general release yet

If you can use an internet connection during installation, start from the minimal netiso. Otherwise, you can get good results with the xfce cd. Both are at Debian’s download page.

I see

What packages do I need to install from the Whonix repository to make my physical operating system look like Kicksecure?
In what order are these packages installed?

I already have a ready-made OS (DE Gnome) with installed applications. I want to make it more secure with Live-mode

Make sure that you have the Whonix repository enabled. Look for ‘grub-live’ and ‘grub-default-live’. :slight_smile: If you want all the packages that Kicksecure uses, you really should try everything from a fresh install as noted.

Of course Live -mode is not the most important thing))
I didn’t fully understand what would happen to my host system if I install from the repository:
$ sudo apt-get install --no-install-recommends kicksecure-cli # And it’s not clear how to install XFCE?


  1. Will my OS be upgraded to Kicksecure?
  2. Will you be able to boot in Kicksecure mode?

Which packages will bring my OS as close as possible to Kicksecure?

Short answer: you would probably break it.

Kicksecure ATM relies a process called distro-morphing. It is built with certain dependencies and packages in mind, and makes deeper changes to the OS than just installing programs.

If you apply those packages to your existing system (especially as Kicksecure uses XFCE as a base and some LXQT) who knows what would happen? Your system could become unusable. I suggest you follow HulaHoop’s advice about how to install Kicksecure and install to an unused drive.

If you still want to proceed, make a backup of your OS before installing anything. If it does break, you will be glad you did.

I would not want to break the working system))
Therefore, there are so many questions.
The main page of the site has a description:

  • Live Mode
  • Time Attack Defenses
  • Kernel Self Protection Settings
  • Advanced Firewall
  • anon-apps-config

The easy way is to install everything at once)) My opinion is Kicksecure
Setting up the system consists not only in installing packages, but also in configuring them correctly)))


You can learn more what the Kicksecure packages are actually doing.

After adding Kicksecure repository… and running sudo apt update


apt-cache show kicksecure-

then press the tab key. It will hopefully show a list of packages. At time of writing but recommended when reading later to create the list for yourself.

kicksecure-base-files                          kicksecure-desktop-environment-essential-xfce
kicksecure-cli                                 kicksecure-network-conf
kicksecure-cli-host                            kicksecure-network-conf-gui
kicksecure-cli-vm                              kicksecure-packages-dependencies-pre
kicksecure-dependencies-cli                    kicksecure-shared-host-xfce
kicksecure-desktop-applications-recommended    kicksecure-xfce
kicksecure-desktop-applications-xfce           kicksecure-xfce-host
kicksecure-desktop-environment-essential-gui   kicksecure-xfce-vm

Then run for example

apt-cache show kicksecure-xfce

Study the output. Look at the Depends:. Re-run that command for any dependencies to learn more. Follow the chain of dependencies as far as you like to learn.


What is the situation if you use Kicksecure with other desktop environments?

There is no wiki page for that yet but similar to what happens when you use Whonix with other desktop environments. See:

What happens if you’re using Gnome you distro morph to Kicksecure Xfce?

Well, explore the simplified question first instead. What happens if you are using Gnome and install Xfce? Usually that works quite well. Display managers allow to login into either desktop environments - which is a display manager - not Kicksecure - feature.

But did I really test exactly installing Gnome first and then Kicksecure Xfce? No. Time is limited and there are too many combinations. Hence unsupported.

A better option might be to install kicksecure-cli. What would you miss compared to kicksecure-xfce? See [1]. Miss anything critically security important? Probably not.

Is there any more clarification on this - Now that Secbrowser is defunct, when installed inside Debian I would think 1) the GUI (Xfce) install would install the Xfce apps that wold be included with the standard Kicksecure install? 2) The CLI install would include no apps at all, just make the necessary o/s adjustments / upgrades?

What advantage would there be to doing a clean Kicksecure install (vs install in Debain morphing) other than having a minimalist package without the bloat that may come witha other DE? If an install in Debian is done how do we check to see the proper o/s and system changes have been applied properly? Is there a command to system check?

Why is that required? Use [1].

Documented here just now:
Whonix ™ Installation from Whonix ™ APT Repository

Answered by creating a new wiki page for that just now: