Post-installation Security Advice
Donate
This page provides security advice, steps that can be applied after installation of Kicksecure for better security.
Introduction[edit]
Kicksecure comes with many security features
. Kicksecure is Security Hardened by default and also provides extensive Documentation including a System Hardening Checklist. The more you know, the safer you can be.
This page provides security advice, including steps that can be applied after installation of Kicksecure for better security.
On Kicksecure[edit]
Increase Virtual Machine RAM[edit]
If using a Kicksecure VM...
Kicksecure for Qubes users can skip this section. [1]
If enough host RAM is available, ideally the virtual RAM setting of Kicksecure should be increased to 2048 MB RAM. [2] If it is infeasible to increase the virtual RAM setting, Kicksecure will still function properly. [3]
If it is unknown how much RAM is available, follow these steps on the host: [4] [5] [6]
- Windows 10:
Task Manager in More details view→Click/tap on the Performance tab→Click/tap on Memory; orOpen a command prompt→Runwmic MemoryChip get /format:list - macOS:
Apple menu→About This Mac - Linux:
Open a terminal→Runfree -h[7]
Related:
VirtualBox[edit]
- To add RAM in VirtualBox the VM must first be powered down.
Virtual machine→Menu→Settings→AdjustMemory slider→Hit: OK
KVM[edit]
1. Shutdown the virtual machine(s).
virsh -c qemu:///system shutdown <vm_name>
2. Increase the maximum memory.
virsh setmaxmem <vm_name> <memsize> --config
3. Set the actual memory.
virsh setmem <vm_name> <memsize> --config
4. Restart the virtual machine(s).
virsh -c qemu:///system start <vm_name>
Change Keyboard Layout[edit]
Kicksecure-Qubes users can skip this section. [8]
If you are using a keyboard layout other than qwerty (US), consider changing the keyboard layout. Refer to the dedicated Keyboard Layout entry for further details.
Test Keyboard Layout[edit]
Kicksecure-Qubes users can skip this section.
Start menu→Accessories→Mousepad; or- Open file
~/testfilein a text editor of your choice as a regular, non-root user.
If you are using a graphical environment, run. mousepad ~/testfile
If you are using a terminal, run. nano ~/testfile
Try typing the words user, changeme and qwerty. Try typing further words to ensure the desired keyboard layout is functional.
Change Password[edit]
Kicksecure-Qubes users can skip this section. [9] [10]
The user can set or change the password for the user user account in Kicksecure, if this is useful for the user's threat model based on this default passwords information.
1. Change Keyboard Layout if necessary.
2. Review Test Keyboard Layout before proceeding further.
3. Open a terminal (such as Xfce Terminal Emulator).
Start menu → Applications → System → Terminal
4. Run a test command as root by using sudo.
Run. [11]
sudo systemd-detect-virt
5. Read the note below regarding the username and password.
- Default username: user
- Default password: No password required. (Passwordless login.) [12]
6. Read the note below regarding the password change procedure.
When typing the password it will not appear on the screen, nor will the asterisk sign (*) be visible. It is necessary to type blindly and trust the procedure.
7. Change the user (and sudo) password.
- To change the
user(Kicksecure default user account) password, run the following command. [11] - This will also be the password when running
sudofrom Linux user accountuser. [13] - Using pwchange. [14]
sudo pwchange
pwchange will prompt.
What user's password do you want to change?
Type user and then press <Enter>.
8. Root password.
No changes required. Optional, for details, see root account in Kicksecure.
9. Done.
The procedure of changing passwords is complete.
If issues appear when gaining root, consider using dsudo.
Another option is to boot into recovery mode and change passwords there.
Security Updates[edit]
Regularly check for security updates and apply them in a timely fashion; see Operating System Updates.
Appendix[edit]
How do I Check the Current Kicksecure Version?[edit]
See /etc/*_version.
Open a terminal.
If you are using Kicksecure inside Qubes, complete the following steps.
Qubes App Launcher (blue/grey "Q") → Kicksecure ProxyVM (commonly named kicksecure) → Xfce Terminal
If you are using a graphical Whonix with Xfce, run.
Start Menu → Xfce Terminal
cat /etc/*_version
Should show.
12.1
17
The first line shows the version of the major and minor version of Debian. The second line shows the version of the derivative (Kicksecure).
Footnotes[edit]
- ↑ Qubes has dynamic RAM assignment.
- ↑
This provides higher performance during upgrades and lowers the likelihood of issues.
- ↑
Although non-ideal, swap-file-creator will create an encrypted swap file and the system is configured to swap as little as possible.
- ↑ https://www.tenforums.com/tutorials/66809-determine-system-memory-size-speed-type-windows-10-a.html
- ↑ https://vitux.com/how-to-check-installed-ram-on-debian/
- ↑ https://support.apple.com/en-us/HT201191
- ↑ This command works in Red Hat, CentOS, Suse, Ubuntu, Fedora, Debian and other distributions. Alternative commands include:
cat /proc/meminfo |grep MemTotal,top, andvmstat -s. - ↑
By default, Qubes VMs use the same keyboard layout as Qubes
dom0. - ↑ By default, Qubes does not require a password for superuser access.
- ↑
https://www.qubes-os.org/doc/vm-sudo/
- ↑ 11.0 11.1
Type the command in the terminal and press
<Enter>. - ↑
Rationale for Change from Default Password changeme to Empty Default Password
- ↑
- This is the usual Debian / sudo default and Unspecific to Kicksecure.
- ↑
/usr/sbin/pwchange source code.- Alternatively, Debian standard command: sudo passwd user
A secure by default operating system with the latest security research in place.
At
Kicksecure we value freedom and trust, supporting Open Source and Freedom Software
2012-
2024 ENCRYPTED SUPPORT LP
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!