Original post: https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad[.]onion/post/b3372fc2919e2afe2235
User Post Credit: /u/devilish https://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad[.]onion/u/devilish
This is a 1:1 copy from the Dread post.
"This guide is about installing Whonix, both Gateway and Workstation on a blank Debian machine, be it 11, 12 or 13 - although I'd recommend 12 or 13 for your own safety and longer term security support. If this guide goes well, I will create one to secure Debian as well to create a neat, safe system for the dark web in the absence of Qubes.
Not every user needs Qubes, and not every user wants Qubes, or is able to run Qubes. A hardened Debian system with Whonix in QEMU and KVM is the closest security you can get to that, and I will explain part of it in this guide and part in another upcoming one.
The first set of commands are from the wiki, and will be strictly related to setting up your system to be able to run QEMU and KVM.
sudo apt update && sudo apt install --no-install-recommends qemu-kvm qemu-system-x86 libvirt-daemon-system libvirt-clients virt-manager gir1.2-spiceclientgtk-3.0 dnsmasq-base qemu-utils iptables safe-rm xz-utils spice* && sudo adduser "$(whoami)" libvirt && sudo adduser "$(whoami)" kvm && sudo systemctl restart libvirtd && sudo virsh -c qemu:///system net-autostart default && sudo virsh -c qemu:///system net-start defaultAfter you've done that, you will have QEMU installed successfully. I recommend not touching anything inside of it yet. Let's move on to download and install Whonix. Reboot before proceeding. I will assume you already downloaded and verified the images from Whonix. The wiki is clear on this. Move to the directory where you downloaded Whonix.
tar -xvf Whonix*.libvirt.xz && touch WHONIX_BINARY_LICENSE_AGREEMENT_accepted && sudo virsh net-define Whonix_external*.xml && sudo virsh net-define Whonix_internal*.xml && sudo virsh define Whonix-Gateway*.xml && sudo virsh define Whonix-Workstation*.xml && sudo mv Whonix-Gateway*.qcow2 /var/lib/libvirt/images/Whonix-Gateway.qcow2 && sudo mv Whonix-Workstation*.qcow2 /var/lib/libvirt/images/Whonix-Workstation.qcow2 && sudo virsh net-start default && sudo virsh net-start Whonix-External && sudo virsh net-start Whonix-InternalYour machines are now ready. I recommend modifying the default settings inside Virtual Machine Manager, as follows.
• RAM for Workstation, minimum 4GB.
• RAM for Gateway, minimum 2GB for GUI access which you need, to rotate Tor circuits and identities with ease.
• Increase vCPU count for better performance.
• Enable XML editing in settings.
• Enable copy pasting by changing <clipboard copypaste="no"/> to <clipboard copypaste="yes"/> in the XML details of each machine.
• If you don’t have a dedicated GPU, do not mess with 3D acceleration and it will be messy and laggy.
Now that that's done, boot up the Gateway in the maintainance mode and follow my lead.
• Change all user passwords and disable auto-login.
• Update and upgrade system packages.
• Reboot in normal mode, you're done.
Now to finish up, boot up the Workstation in the maintainance mode and once again follow me.
• Change all user passwords and disable auto-login.
• Update and upgrade system packages.
• Install the Monero GUI wallet monero-gui package.
• Install Gajim for XMPP gajim package.
• Install Kleopatra for PGP kleopatra package.
• Update and upgrade system packages.
• Reboot in normal mode, and configure Tor Browser to maximum security settings and disable JS.
This is the basis of QEMU and KVM for Whonix, on Debian. If you want a second part to this that will harden Debian into a secure and safe fortress to host your dark web QEMU boxes, show some love here and I’ll take it into consideration."
