DEV Community

Cover image for Kicksecure: Hardening Your Linux System’s Security (Debian Morph)
Rafael Mori
Rafael Mori

Posted on

Kicksecure: Hardening Your Linux System’s Security (Debian Morph)

Enhancing Digital Security with Kicksecure: How to Install and Why You Should Use It

In today's digital age, data security is more important than ever. Kicksecure is a security-focused Linux distribution designed to protect your data and privacy. In this article, we will show you how to install Kicksecure and explain why it is an excellent choice for users who want to strengthen their system's security.

What is Kicksecure?

Kicksecure is a security-focused Linux distribution based on Debian. It is designed to be secure by default, incorporating a series of security enhancements that help protect the system from various cyber threats. One of Kicksecure’s key features is kernel hardening.

What is Kernel Hardening?

The kernel is the core of the operating system, responsible for managing system resources and enabling communication between hardware and software. Kernel hardening refers to applying various techniques to increase the security of the kernel, making it more resistant to attacks.

Some of the techniques used in kernel hardening include:

  • Access restrictions: Limiting the privileges of users and processes.
  • Memory protection: Preventing unauthorized access to system memory.
  • Secure code execution: Blocking the execution of unauthorized code.

These measures make the system less vulnerable to attacks that exploit kernel flaws.

Why Install Kicksecure?

There are many reasons to choose Kicksecure, but here are the top three in my opinion:

  1. Security by Default: Kicksecure comes pre-configured with security enhancements, making it secure from the start.
  2. Enhanced Privacy: It protects your data and communications, preventing information leaks.
  3. Ease of Use: Despite being highly secure, Kicksecure is designed to be user-friendly, even for those with less experience.

Before Installing Kicksecure

To increase the chances of a successful installation, it is best to start with a minimal Debian installation. You can choose to install either:

  • A) Debian with a graphical user interface (GUI) (Xfce)
  • B) Debian with a command-line interface (CLI)

Once the base installation is complete, you can install the Kicksecure meta package as outlined below.

Tip: It's easiest to set the user account name as "user" during the installation of Debian Bookworm.

Considerations for the Distro-Morphing Process

When performing Distro-Morphing, the user should be aware of the following:

  • No user account creation: The process does not create user or admin accounts. You can continue using your existing user accounts.
  • No password changes: No passwords for any existing user accounts will be modified. This means passwords for Full Disk Encryption (pre-boot authentication), sudo, su, login, etc., will remain the same.
  • No root account locking: The password for the root account will not be locked. If desired, the user can manually disable the root account for better security.
  • Autologin: The usability-misc package will set up auto-login for the "user" account on LightDM, Kicksecure's default login manager at the time of writing. Auto-login can be disabled by following the documentation for disabling autologin.

Installing Kicksecure (Distro-Morphing Method)

Let’s start with the installation process. First, you'll need to become the root user.

To do this, run the following command in your terminal:

su
Enter fullscreen mode Exit fullscreen mode

If running su alone doesn’t work (depending on how Debian was installed), try:

sudo su
Enter fullscreen mode Exit fullscreen mode

Next, ensure the following basic tools are installed on your system before proceeding. Here is the full list:

  • adduser
  • console
  • console-data
  • console-common
  • kbd
  • keyboard-configuration
  • extrepo

Now that you have the basics covered, let's walk through the installation process step by step.

1. Update the Package Lists

To begin, update your package lists to ensure your system is aware of the latest available software:

apt update
Enter fullscreen mode Exit fullscreen mode

2. Upgrade the System

Next, upgrade your system to make sure all your installed packages are up to date:

apt full-upgrade
Enter fullscreen mode Exit fullscreen mode

3. Install Essential Packages

Install sudo and adduser packages, which are necessary for configuring user permissions:

apt install --no-install-recommends sudo adduser
Enter fullscreen mode Exit fullscreen mode

4. Sudo Configuration (Optional)

If you'd like to allow the user to run sudo commands without entering a password, follow one of these methods:

adduser Method:

  1. Add your user to the sudo group:
/usr/sbin/adduser user sudo
Enter fullscreen mode Exit fullscreen mode
  1. Reboot your system:
/sbin/reboot
Enter fullscreen mode Exit fullscreen mode

file Method:

  1. Securely create the file /etc/sudoers.d/user.conf using visudo:
echo "user ALL=(ALL:ALL) NOPASSWD:ALL" | EDITOR=tee visudo -f /etc/sudoers.d/nopassword >/dev/null
Enter fullscreen mode Exit fullscreen mode

5. Create the Console Group

Create a system group named console:

/usr/sbin/addgroup --system console
Enter fullscreen mode Exit fullscreen mode

6. Add User to Console Group

Add your user to the console group (replace "user" with your actual username):

/usr/sbin/adduser user console
Enter fullscreen mode Exit fullscreen mode

7. Install Console-Related Packages

Install the necessary console-related packages. This step may also remove the unsupported plymouth, which is a positive outcome for security purposes:

sudo apt install console-data console-common kbd keyboard-configuration
Enter fullscreen mode Exit fullscreen mode

8. Install the extrepo Package

Install the extrepo package to enable external repositories:

sudo apt install extrepo
Enter fullscreen mode Exit fullscreen mode

9. Enable the Kicksecure APT Repository

Enable the stable Kicksecure APT repository using the following command:

sudo extrepo enable kicksecure
Enter fullscreen mode Exit fullscreen mode

10. Install Kicksecure Packages

Finally, install the Kicksecure package for your desktop environment. For this guide, we will use the Xfce environment, which is known for its lightweight nature and low resource consumption. To install the Kicksecure Xfce Host package, use the following command:

sudo apt install --no-install-recommends kicksecure-xfce-host
Enter fullscreen mode Exit fullscreen mode

11. Update and Upgrade Again

It’s always a good practice to run an update and full-upgrade after adding new repositories and packages:

sudo apt update && sudo apt full-upgrade
Enter fullscreen mode Exit fullscreen mode

Why Kicksecure is an Excellent Choice

Kicksecure is a fantastic option for anyone looking to bolster their system's security with hardening techniques and enjoy a secure workspace. Here are some key reasons why it stands out:

  1. Hardening Made Easy: Kicksecure offers a pre-configured, secure-by-default environment that is specifically designed for those who value security. It’s one of the most robust distributions for those looking to minimize vulnerabilities and ensure their system is hardened against cyber threats.

  2. Xfce4: Lightweight and Efficient: One of the most notable aspects of Kicksecure is that it uses Xfce4, a highly lightweight desktop environment. Xfce4 is known for its low resource usage, making it a great choice for users who want a fast and responsive system without sacrificing performance. It’s an ideal environment for both experienced users and newcomers alike, ensuring smooth operation even on older hardware.

  3. Security Without Compromise: Kicksecure focuses on providing a secure operating environment without sacrificing usability. Its hardened kernel, combined with a simple yet powerful desktop experience, makes it an excellent choice for those who need enhanced security but also want a comfortable

Top comments (0)