{"id":26129224,"url":"https://github.com/dgac/inseca","last_synced_at":"2025-04-13T18:36:00.914Z","repository":{"id":39567096,"uuid":"460894696","full_name":"DGAC/inseca","owner":"DGAC","description":"INSECA is a set of tools to build and manage very secure live Linux based endpoint systems.","archived":false,"fork":false,"pushed_at":"2024-11-08T12:38:00.000Z","size":24591,"stargazers_count":21,"open_issues_count":0,"forks_count":2,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-27T09:13:24.585Z","etag":null,"topics":["cybersecurity","debian","endpoint","linux","linux-desktop","live-linux","security","workstations"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DGAC.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-18T14:58:12.000Z","updated_at":"2024-11-08T12:38:05.000Z","dependencies_parsed_at":"2023-11-13T15:26:10.536Z","dependency_job_id":"b4d10f00-2f13-47a6-90ee-598fa4e692d4","html_url":"https://github.com/DGAC/inseca","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DGAC%2Finseca","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DGAC%2Finseca/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DGAC%2Finseca/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DGAC%2Finseca/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DGAC","download_url":"https://codeload.github.com/DGAC/inseca/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248761492,"owners_count":21157570,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","debian","endpoint","linux","linux-desktop","live-linux","security","workstations"],"created_at":"2025-03-10T19:40:03.456Z","updated_at":"2025-04-13T18:36:00.892Z","avatar_url":"https://github.com/DGAC.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# INSECA\n\nINSECA is a set of tools to build and manage very secure live Linux based endpoint systems.\n\nIt builds on top of Debian's livebuild technology and adds many security oriented features to ensure a high level of security while keeping the overall usage as simple as any system.\n\nMain features of the resulting systems include:\n- possibility to be installed on any mass storage device (which will be made bootable), internal PC hard disk or VM's disk\n- all non yet public data (i.e. what is not already present on the Internet) is encrypted, data is most of the time digitally signed as well\n- encrypted partitions dedicated to store system and end-user data, which access is only possible after the end user authenticated _and_ if the device has not been altered\n- and more\n\nFor more infos, refer the documentation in the `doc/` directory.\n\n\n## Introdution\nINSECA operates from several configuration files, all grouped in one single global configuration directory, pointed by the `$INSECA_ROOT` environment variable or using the `--root` command line argument of the `inseca` tool.\n\nThese configuration files define sets of objects which main ones are:\n- **build configurations** describing the contents of a live Linux to be built, ranging from packages, configuration scripts and the like to cryptographic keys used to protect data;\n- **install configurations** describing how a live Linux build will be installed (cryptographic keys and secrets and various other parameters)\n- **domain configurations** listing a coherent set of install configurations all bubdled in a **domain** which can be seen as a business need\n\nThe global settings are described in the `$INSECA_ROOT/inseca.json` file.\n\n**WARNING**\nThis program is useable but still _rough_, at least regarding areas such as:\n- language: most is in English, with some strings still in French (gettext has started to be used)\n- the documentation, which is only on French\n- error reporting, especially in the configuration files handling where one is prone to make mistakes\n- installation: there is no installation procedure, just download and run\n- some components are not yet complete, some features don't yet work as expected\n- expect some bugs\n\n\n## Quick start\nWhat follows should work out of the box on any Linux distribution but has only been tested using Debian and Fedora. YMMV.\n\n### Installation\n#### Manual installation\n- install the dependencies :\n  - rclone: https://rclone.org/downloads/\n  - borgbackup: https://www.borgbackup.org/\n  - python3 and python3-pacparser (python 3 with the pacparser)\n  - git: https://git-scm.com/\n  - dbus\n  - make\n  - requests (already included with Python3)\n  - sqlite3 modules (already included with Python3)\n  - libgtk-3-dev (GTK3 libraries)\n  - the Docker engine : https://docs.docker.com/engine/install/\n\n- download INSECA in dedicated directory (refered to as `$SRCDIR` afterwards)\n- create the required Docker images: run `make` from the `$SRCDIR/docker-images/grub-bios/` and the `$SRCDIR/docker-images/livebuild/` directories\n- download VeraCrypt as a DEB file from https://www.veracrypt.fr/en/Downloads.html in the `$SRCDIR/components/veracrypt/packages.deb/` directory\n\nOne the installation is finished, check that the `$SRCDIR/inseca` program can be run: `inseca -h` should display the help.\n\n#### Scripted installation\n\n- download INSECA in dedicated directory (refered to as `$SRCDIR` afterwards)\n- run the `setup-debian.sh` or `setup-fedora.sh` from the `$SRCDIR` directory\n\n\n### First configuration\nTo create a global configuration:\n- set the local environment variables: `cd $SRCDIR/tools \u0026\u0026 source ./set-env.sh`\n  (where SRCDIR points to the directory where inseca has been installed) if you are using bash\n- create a dedicated directory and define the `$INSECA_ROOT` environment variable to point to it\n- initialize the configuration's structure, run: `inseca init`\n- create a default build configuration: `inseca config-create build \"My first INSECA build\"`\n- build the associated live Linux: `inseca build \"My first INSECA build\"`\n\nThese steps, if sucessfull, ensure that INSECA is operational, from that point, refer to the documentation and build your own ecosystem.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdgac%2Finseca","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdgac%2Finseca","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdgac%2Finseca/lists"}