Kicksecure ™

Download

On Computer USB Installation Debian morph to Kicksecure Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Forum Best Practices Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print VersionDebug Helper Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

systemcheck attack surface reduction.

Rationale Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Rationale Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Systemcheck_Hardening#Rationale|Rationale]]
Copy as Wikitext Click = Copy Copied to clipboard! [Rationale](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Rationale)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Rationale](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Rationale)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Rationale]Rationale[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Although systemcheck already has AppArmor and systemd hardening, some marginal security benefits are gained by reducing: the number of network connections, the amount of code running, and unnecessary functionality. This is not the default configuration, since that would come at the cost of decreased usability for the entire Kicksecure population.

Hardening Steps Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Hardening_Steps Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Systemcheck_Hardening#Hardening_Steps|Hardening Steps]]
Copy as Wikitext Click = Copy Copied to clipboard! [Hardening Steps](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Hardening_Steps)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Hardening Steps](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Hardening_Steps)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Hardening_Steps]Hardening Steps[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Prevent Autostart Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Autostart Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Systemcheck_Hardening#Prevent_Autostart|Prevent Autostart]]
Copy as Wikitext Click = Copy Copied to clipboard! [Prevent Autostart](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Autostart)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Prevent Autostart](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Autostart)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Autostart]Prevent Autostart[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

To prevent systemcheck from automatically starting, run.

Click = Copy Copied to clipboard! sudo systemctl mask systemcheck

Prevent Kicksecure Warrant Canary Check and User Census Counting Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Kicksecure_Warrant_Canary_Check_and_User_Census_Counting Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Systemcheck_Hardening#Prevent_Kicksecure_Warrant_Canary_Check_and_User_Census_Counting|Prevent Kicksecure Warrant Canary Check and User Census Counting]]
Copy as Wikitext Click = Copy Copied to clipboard! [Prevent Kicksecure Warrant Canary Check and User Census Counting](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Kicksecure_Warrant_Canary_Check_and_User_Census_Counting)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Prevent Kicksecure Warrant Canary Check and User Census Counting](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Kicksecure_Warrant_Canary_Check_and_User_Census_Counting)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Kicksecure_Warrant_Canary_Check_and_User_Census_Counting]Prevent Kicksecure Warrant Canary Check and User Census Counting[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Refer to the following systemcheck chapters:

• Warrant Canary Check; and
• Disable Warrant Canary Check.

Prevent Polluting TransPort Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Polluting_TransPort Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Systemcheck_Hardening#Prevent_Polluting_TransPort|Prevent Polluting TransPort]]
Copy as Wikitext Click = Copy Copied to clipboard! [Prevent Polluting TransPort](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Polluting_TransPort)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Prevent Polluting TransPort](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Polluting_TransPort)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Polluting_TransPort]Prevent Polluting TransPort[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Deactivate the TransPort Test for better Stream Isolation.

Open file /etc/systemcheck.d/50_user.conf in an editor with root rights.

Add the following content.

Click = Copy Copied to clipboard! SYSTEMCHECK_DISABLE_TRANS_PORT_TEST="1"

Save.

Prevent Running APT Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Running_APT Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Systemcheck_Hardening#Prevent_Running_APT|Prevent Running APT]]
Copy as Wikitext Click = Copy Copied to clipboard! [Prevent Running APT](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Running_APT)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Prevent Running APT](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Running_APT)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_Running_APT]Prevent Running APT[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

This prevents the running of APT by systemcheck.

Open file /etc/systemcheck.d/50_user.conf in an editor with root rights.

Add the following content.

Click = Copy Copied to clipboard! systemcheck_skip_functions+=" check_operating_system "

Prevent torproject.org Connections Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_torproject.org_Connections Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Systemcheck_Hardening#Prevent_torproject.org_Connections|Prevent torproject.org Connections]]
Copy as Wikitext Click = Copy Copied to clipboard! [Prevent torproject.org Connections](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_torproject.org_Connections)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Prevent torproject.org Connections](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_torproject.org_Connections)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Prevent_torproject.org_Connections]Prevent torproject.org Connections[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Connections to The Tor Project are prevented by default, therefore no action is required.

systemcheck only connects to torproject.org if the command systemcheck --leak-tests is manually run.

Footnotes Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Footnotes Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Systemcheck_Hardening#Footnotes|Footnotes]]
Copy as Wikitext Click = Copy Copied to clipboard! [Footnotes](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Footnotes)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Footnotes](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Footnotes)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084#Footnotes]Footnotes[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Kicksecure A secure by default operating system with the latest security research in place. Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084 Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Systemcheck_Hardening|systemcheck Hardening]]
Copy as Wikitext Click = Copy Copied to clipboard! [systemcheck Hardening](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [systemcheck Hardening](https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Systemcheck_Hardening?direction=prev&oldid=88084]systemcheck Hardening[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!