Questions about Further Hardening and the Harden Kernel Package


I am an individual seeking to further harden the security of their laptop.

I found this guide on ansible: Ansible CIS Hardening Debian | Setup Tutorial

I wanted to know if ansible is incompatible with the Kicksecure project.

What if I don’t care about all the warnings on the wiki concerning the hardened kernel? How could I get the hardened kernel on my system as fast as possible? Should I download the source from and patch the kernel myself? Or is installing the hardened-kernel package sufficient? Does it do the thing regardless of the current limitations of the project?

Also I used an auditing tool called lynis on a fresh Debian install. The score was 60 for Debian, but after distro morphing to kick secure the score was 67! That’s pretty impressive to me.

Thank you for all your hard work. Do support recurring donations?

These numbers are not meaningful as these tools have many bugs, false-positives. A deep understanding of the context and threat model about each message is required to determine if it’s something valid (applicable security could be improve), invalid (false-positive) or plain wrong (more secure setting already in use and suggestion counter-productive).

Here’s an example for Whonix (a Kicksecure based Linux distribution) with STIG:

See also:

Thank you.

Answered here at in this post at very bottom:
What are the Biggest Do's and Don'ts of Kicksecure - #2 by Patrick