{{Header}}
{{Title|title=
Post-installation Security Advice
}}
{{#seo:
|description=This page provides security advice, steps that can be applied after installation of {{project_name_long}} for better security.
|image=Ball-63527-640.jpg
}}
[[File:Ball-63527-640.jpg|thumb]]
{{intro|
This page provides security advice, steps that can be applied after installation of {{project_name_short}} for better security.
}}
= Introduction =
{{security_intro}}
This page provides security advice, including steps that can be applied after installation of {{project_name_short}} for better security.
= On {{project_name_gateway_long}} and {{project_name_workstation_long}} =
== Increase Virtual Machine RAM ==
{{mbox
| image = [[File:Ambox_notice.png|40px|alt={{project_name_short}} default password info box]]
| text = [[Qubes|{{q_project_name_long}}]] users can skip this section. [
Qubes has dynamic RAM assignment.
]
}}
* {{project_name_workstation_short}}: No changes are necessary for most users.
* {{project_name_gateway_short}}: If enough host RAM is available, ideally the virtual RAM setting of {{project_name_gateway_short}} should be increased to 2048 MB RAM. [
This provides higher performance during upgrades and lowers the likelihood of [https://forums.whonix.org/t/swap-swap-file-whonix-gateway-freezing-during-apt-get-dist-upgrade-encrypted-swap-file-creator/8317 issues].
] If it is infeasible to increase the virtual RAM setting, {{project_name_gateway_short}} will still function properly. [
Although non-ideal, [https://github.com/Whonix/swap-file-creator swap-file-creator] will create an encrypted swap file and the [https://forums.whonix.org/t/vm-swappiness-1-set-swapiness-to-lowest-setting-still-useful-swappiness-lowest/9278 system is configured to swap as little as possible].
]
If it is unknown how much RAM is available, follow these steps on the host: [https://www.tenforums.com/tutorials/66809-determine-system-memory-size-speed-type-windows-10-a.html] [https://vitux.com/how-to-check-installed-ram-on-debian/] [https://support.apple.com/en-us/HT201191]
* Windows 10: Task Manager in More details view → Click/tap on the Performance tab → Click/tap on Memory; or Open a command prompt → Run wmic MemoryChip get /format:list
* macOS: Apple menu → About This Mac
* Linux: Open a terminal → Run free -h [This command works in Red Hat, CentOS, Suse, Ubuntu, Fedora, Debian and other distributions. Alternative commands include: ]cat /proc/meminfo |grep MemTotal, top, and vmstat -s.
Related:
* [[Troubleshooting#Low_RAM_Issues|Low RAM Issues]]
* [[RAM|Advice for Systems with Low RAM]]
=== VirtualBox ===
# To add RAM in VirtualBox the VM must first be powered down.
# Virtual machine → Menu → Settings → Adjust Memory slider → Hit: OK
=== KVM ===
{{KVM_RAM}}
== Change Keyboard Layout ==
{{mbox
| image = [[File:Ambox_notice.png|40px|alt={{project_name_short}}Change Keyboard Layout info box]]
| text = [[Qubes|{{q_project_name_short}}]] users can skip this section. [
By default, Qubes VMs use the same keyboard layout as Qubes ]dom0.
}}
If you are using a keyboard layout other than qwerty (US), consider changing the keyboard layout. Refer to the dedicated [[Keyboard Layout]] entry for further details.
== Test Keyboard Layout ==
{{mbox
| image = [[File:Ambox_notice.png|40px|alt={{project_name_short}}Test Keyboard Layout info box]]
| text = [[Qubes|{{q_project_name_short}}]] users can skip this section.
}}
* Start menu → Accessories → Mousepad; or
* {{Open File
|filename=~/testfile
}}
Try typing the words user, changeme and qwerty. Try typing further words to ensure the desired keyboard layout is functional.
{{Anchor|Change Passwords}}
== Change Password ==
{{upstream_wiki}}
== Security Updates ==
Regularly check for security updates and apply them in a timely fashion; see [[Operating_System_Software_and_Updates#Updates|Operating System Updates]].
= Network Time Syncing =
This is a short summary of the [[Network Time Synchronization]] wiki page which is recommended reading.
{{Box|text=
'''1.''' Timezone information.
{{mbox
| image = [[File:Ambox_warning_pn.svg.png|40px]]
| text = '''Warning:''' The system clock inside {{project_name_short}} is set to UTC to prevent against [[timezone]] leaks. This means it may be a few hours ahead or behind the user's host system clock. It is strongly recommended not to change this setting.
}}
'''2.''' Check the host clock is reasonably accurate.
A reasonably accurate host clock is required for many general security properties because an inaccurate clock can lead to:
* Broken internet connectivity; and
* [[Time Attacks]].
Therefore, at all times ensure the host clock has an accuracy of up to ± 30 minutes.
'''3.''' Avoid pause / suspend / save / hibernate functions.
In simple terms, most users should avoid the pause / suspend / save / hibernate features. Although discouraged, see [[Network Time Synchronization]] for further details on when this is possible.
}}
= Better Security =
This chapter is aimed at newcomers and only provides a short and simple overview for basic protection. Anonymity and platform security can be improved by following recommendations outlined in the Security Guide and Advanced Security Guide sections, along with the [[Time Attacks]] and [[Network_Time_Synchronization|Network Time Synchronization]] page.
= Appendix =
== How do I Check the Current {{project_name_short}} Version? ==
See /etc/*_version.
{{Open_a__product_gw_terminal}}
{{CodeSelect|code=
cat /etc/*_version
}}
Should show.
{{Stable project version based on Debian version short}}.1
{{VersionShort}}
The first line shows the version of the major and minor version of Debian. The second line shows the version of the derivative ({{project_name_short}}).
= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]