LKRG & security-misc questions

Can i apply security-misc on my debian 10 host and then install Whonix on it?

Can “Linux Kernel Runtime Guard” be safely applied on Ubuntu host and then install Whonix on top of it?

Yes. I use security-misc on ParrotOS which is a Debian based distribution and it runs with no problems. The experimental options might introduce some minor issues like not being able to re-log in after logging out. security-misc can be installed as explained here security-misc: Enhance Miscellaneous Security Settings. LKRG can be installed in Ubuntu as explained here Linux Kernel Runtime Guard (LKRG) for Debian, Whonix, Qubes, Kicksecure ™. Be aware that in my ParrotOS that uses the latest Stable Linux Kernel LKRG won’t run. I haven’t looked into it so I don’t know why. Also having LKRG installed on your host OS and trying to run Whonix or other VMs in Virtualbox may lead to this bug lkrg-users - bug: LKRG kills VirtualBox host VMs. It will run in VMs though. If you mean Whonix as host OS not atm. Look here Whonix-Host Operating System Live ISO, Whonix-Host Installer and Whonix host operating system
Also check this to see what packages are safe to be installed on Debian hosts Whonix ™ Packages for Debian Hosts and Whonix ™ Host Enhancements

1 Like

@disrupt_the_flow Any plans to ship it in ParrotOS? It would be great to have it widely tested to uncover any problems quickly.

I have mentioned it lots of times. Me and another feller. The other team members don’t give a shit about security or anonymity. I stopped wasting time on that project.

Thx for your answers. I’ve been thinking about installing ParrotOS as my host os, is Home version hardened by default and is it more secure than Debian 10 buster?

Excuse my question, I was out of the loop.

No to both questions.

Nah its OK. :wink:

Is it possible to apply security-misc on ubuntu based host?

Unsupported at time of writing.

Should that change, package description will be updated.

Do i have to activate security-,misc after i install it or its enough to install it and thats it?

Stable features are activated after installation or at latest after reboot. That is because security-misc is a collection of configuration files, scripts and systemd units. Perhaps browse the package source code to see what files it ships.

Testers-only (and experimental) features are opt-in.

Which features are what (stable or testers-only) and how to opt-in testers-only features, see: