Kicksecure, Wireguard & CIS Debian hardening

Hello to the Whonix community,

I have been looking for a solution to harden a Debian-based distro then Debian 11, and this is how I found out about Kicksecure. Not a Linux expert, using it for a bit more than a year and a half.

My question is what about Kicksecure interactions with Wireguard? My Linux VPN provider is based on Wireguard and it worked fine with Debian 11, launching at startup. After installing Kicksecure, things seem to have worked fine for a number of days, but now the Wireguard service doesn’t start during start up (message in red Failed during the start up display of operations).

As things didn’t happened immediately after Kicksecure installation, I believe it should not be the issue but just in case, could anyone say if there are any incompatibilities between Kicksecure & Wireguard?

At startup, I also noted that there is a failed (red) message about Kernel modules that can’t be loaded, but is it right to assume that this is normal as Kicksecure reduces the attack surface in Kernel?

As a bonus, wondering if anyone is also using CIS Benchmark hardening in addition to Kicksecure ?

Many thanks,


None known.

Then it seems unlikely caused by it.

System Logs + Information Booster might be Available!

No, we’d avoid failing systemd units even if reducing attack surface. No matter what hardening, should always be possible to avoid any failing systemd units.

1 Like

Many thanks Patrick for looking at my message and responding to it, extremely pleased :smile:

I looked at the links you mentioned and explored these topics: in the journal, I found a number of items in yellow, and a small number in red. The issue in the kernel seems related to the msr module, will have to dig into that.

At this occasion, many thanks for this cool solution (can’t imagine how much work is behind that yet!), I will also try full Whonix on a VM soon and Kicksecure is a great project too (will check if there are ways to contribute maybe).

Have a great day!

1 Like