Kicksecure as Server OS?

Ge8y63 · January 1, 2024, 5:34pm

Does Kicksecure include hardening for servers or just for Desktop? Thanks

Patrick · January 2, 2024, 6:27am

Also for servers.

Kicksecure - Secure by Default Operating System chapter security in Kicksecure wiki

Patrick · February 9, 2024, 11:00am

2 posts were split to a new topic: Hardened Malloc breaks PHP and lighttpd

mmap · October 28, 2024, 2:50pm

The ISO includes the XFCE environment and the installer seems to be only possible for when you boot using XFCE. Is there no headless installation? Without the use of a bloated DE?

Edit: found the “distro-morphing” method. Sorry for the ping.

mmap · October 28, 2024, 2:54pm

I had one more question tho, is installing kicksecure on an existing debian efficient? What about all the bloat that comes with debian?

mmap · October 28, 2024, 2:56pm

And are there any plans to migrate from debian to a more secure distro such as Alpine or Arch?

nurmagoz · October 28, 2024, 9:51pm

Thats what morphing is for.

Use CD version, which is very minimal or netinstall and install only what you want.

I reviewed Arch you find it here:

Alpine is just similar to arch, not user friendly installation, its smaller/simpler but doesnt mean more secure (something need to be deeply investigated)… so yeah i might give it another try in the future (first one failed to be installed on qubes).

mmap · October 29, 2024, 7:55am

Alpine is no way similar to arch. It has a different init system, uses musl instead of libc just to mention a few significant differences.

its smaller/simpler but doesnt mean more secure

It does imply that they heavily focus on minimalism which does show their commitment to keeping things secure. It’s just one factor.

mmap · October 29, 2024, 8:00am

And @roddhjav pointed out a lot of valid things regarding your review. Most of the things are fixed. Mentioning a 15 year old research paper on package managers is pointless. The UX should be irrelevant or atleast be an afterthought. Most of the people who use whonix and kicksecure are advanced users.

mmap · October 29, 2024, 8:03am

first one failed to be installed on qubes

What do you mean by that? I can install it just fine. Alpine is hardly ever used for desktop anyway.

nurmagoz · October 29, 2024, 5:57pm

post comments to the same topic of arch, and i pointed out many points not just those who you mentioned.

Patrick · October 29, 2024, 8:32pm

Thanks to @arraybolt3 in the next release of Kicksecure 17.2.3.9 and above, it will be possible to use D-I (Debian-Installer - Wikipedia, the “console looking” Debian installer) (not calamares!).

Would that help?

It supports preseed (Preseed - Wikipedia) (DebianInstaller/Preseed - Debian Wiki) and whatnot. These are features inherited from D-I.

Could we make D-I install only the kicksecure-cli(-host) meta package? Or would we require a separate headless ISO? Or an option in calamares?

1 question = 1 forum thread please. This is a much different question than Kicksecure for server.

Patrick · October 30, 2024, 6:57am

mmap · October 30, 2024, 8:02am

Could we make D-I install only the kicksecure-cli(-host) meta package?

We can add the kicksecure source list as a late_command or early_command in preseed config. Something like this:

d-i preseed/late_command string \ 
in-target sh -c 'echo "deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.kicksecure.com bookworm main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list';

And then install the package after update:

d-i preseed/late_command string \ 
    in-target apt-get update; \
    in-target apt-get install -y --no-install-recommends kicksecure-cli-host