Post-installation Security Advice

From Kicksecure
Jump to navigation Jump to search

This page provides security advice, steps (such as changing passwords) that can be applied after installation of Kicksecure for better security.

Introduction[edit]

Kicksecure comes with many security featuresarchive.org iconarchive.today icon. Kicksecure is Security Hardened by default and also provides extensive Documentation including a System Hardening Checklist. The more you know, the safer you can be.

This page provides security advice, including steps that can be applied after installation of Kicksecure for better security.

On Kicksecure[edit]

Increase Virtual Machine RAM[edit]

If using a Kicksecure VM...

Kicksecure default password info box Kicksecure for Qubes users can skip this section. [1]

If enough host RAM is available, ideally the virtual RAM setting of Kicksecure should be increased to 2048 MB RAM. [2] If it is infeasible to increase the virtual RAM setting, Kicksecure will still function properly. [3]

If it is unknown how much RAM is available, follow these steps on the host: [4] [5] [6]

  • Windows 10: Task Manager in More details viewClick/tap on the Performance tabClick/tap on Memory; or Open a command promptRun wmic MemoryChip get /format:list
  • macOS: Apple menuAbout This Mac
  • Linux: Open a terminalRun free -h [7]

Related:

VirtualBox[edit]

  1. To add RAM in VirtualBox the VM must first be powered down.
  2. Virtual machineMenuSettingsAdjust Memory sliderHit: OK

KVM[edit]

1. Shutdown the virtual machine(s).

Click = Copy Copied to clipboard! virsh -c qemu:///system shutdown <vm_name>

2. Increase the maximum memory.

Click = Copy Copied to clipboard! virsh setmaxmem <vm_name> <memsize> --config

3. Set the actual memory.

Click = Copy Copied to clipboard! virsh setmem <vm_name> <memsize> --config

4. Restart the virtual machine(s).

Click = Copy Copied to clipboard! virsh -c qemu:///system start <vm_name>

Change Keyboard Layout[edit]

KicksecureChange Keyboard Layout info box Kicksecure-Qubes users can skip this section. [8]

If you are using a keyboard layout other than qwerty (US), consider changing the keyboard layout. Refer to the dedicated Keyboard Layout entry for further details.

Test Keyboard Layout[edit]

KicksecureTest Keyboard Layout info box Kicksecure-Qubes users can skip this section.

  • Start menuAccessoriesMousepad; or
  • Open file ~/testfile in a text editor of your choice as a regular, non-root user.

If you are using a graphical environment, run. Click = Copy Copied to clipboard! mousepad ~/testfile

If you are using a terminal, run. Click = Copy Copied to clipboard! nano ~/testfile

Try typing the words user, changeme and qwerty. Try typing further words to ensure the desired keyboard layout is functional.

Change Password[edit]

By default, the user and sysmaint accounts in Kicksecure do not have a password. Users can set or change the password for a user account in Kicksecure, if this aligns with their threat model, based on this default passwords information.

See configuring passwords for detailed information on changing user account passwords.

Auto Login[edit]

Depending on the threat model, users might want to disable autologin after changing their password.

Be aware that requiring a password for login might protect against unsophisticated, simple access. However, an attacker with physical access and basic Linux knowledge can easily change the password if full disk encryption is not used. See also Protection Against Physical Attacks.

It is strongly recommended to use full disk encryption (FDE) on the host operating system (OS); otherwise, the system can be easily accessed via chroot. [9]

Security Updates[edit]

Regularly check for security updates and apply them in a timely fashion; see Operating System Updates.

Appendix[edit]

How do I Check the Current Kicksecure Version?[edit]

See /etc/*_version.

Open a terminal.

If you are using Kicksecure inside Qubes, complete the following steps.

Qubes App Launcher (blue/grey "Q")Kicksecure ProxyVM (commonly named kicksecure)Xfce Terminal

If you are using a graphical Whonix with Xfce, run.

Start MenuXfce Terminal

Click = Copy Copied to clipboard! cat /etc/*_version

Should show.

12.1
17

The first line shows the version of the major and minor version of Debian. The second line shows the version of the derivative (Kicksecure).

Footnotes[edit]

  1. Qubes has dynamic RAM assignment.
  2. This provides higher performance during upgrades and lowers the likelihood of issuesarchive.org iconarchive.today icon.
  3. Although non-ideal, swap-file-creatorarchive.org iconarchive.today icon will create an encrypted swap file and the system is configured to swap as little as possiblearchive.org iconarchive.today icon.
  4. https://www.tenforums.com/tutorials/66809-determine-system-memory-size-speed-type-windows-10-a.htmlarchive.org iconarchive.today icon
  5. https://vitux.com/how-to-check-installed-ram-on-debian/archive.org iconarchive.today icon
  6. https://support.apple.com/en-us/HT201191archive.org iconarchive.today icon
  7. This command works in Red Hat, CentOS, Suse, Ubuntu, Fedora, Debian and other distributions. Alternative commands include: cat /proc/meminfo |grep MemTotal, top, and vmstat -s.
  8. By default, Qubes VMs use the same keyboard layout as Qubes dom0.
  9. https://wiki.debian.org/chrootarchive.org iconarchive.today icon
Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!

Retrieved from "https://www.kicksecure.com/w/index.php?title=Post_Install_Advice&oldid=92510"