https://github.com/dgac/inseca

INSECA is a set of tools to build and manage very secure live Linux based endpoint systems.
https://github.com/dgac/inseca

cybersecurity debian endpoint linux linux-desktop live-linux security workstations

Last synced: about 2 months ago
JSON representation

INSECA is a set of tools to build and manage very secure live Linux based endpoint systems.

• Host: GitHub
• URL: https://github.com/dgac/inseca
• Owner: DGAC
• License: gpl-3.0
• Created: 2022-02-18T14:58:12.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2024-11-08T12:38:00.000Z (7 months ago)
• Last Synced: 2025-03-27T09:13:24.585Z (2 months ago)
• Topics: cybersecurity, debian, endpoint, linux, linux-desktop, live-linux, security, workstations
• Language: Python
• Homepage:
• Size: 23.5 MB
• Stars: 21
• Watchers: 4
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE
  • Authors: AUTHORS

Awesome Lists containing this project

README

        
# INSECA

INSECA is a set of tools to build and manage very secure live Linux based endpoint systems.

It builds on top of Debian's livebuild technology and adds many security oriented features to ensure a high level of security while keeping the overall usage as simple as any system.

Main features of the resulting systems include:

- possibility to be installed on any mass storage device (which will be made bootable), internal PC hard disk or VM's disk

- all non yet public data (i.e. what is not already present on the Internet) is encrypted, data is most of the time digitally signed as well

- encrypted partitions dedicated to store system and end-user data, which access is only possible after the end user authenticated _and_ if the device has not been altered

- and more

For more infos, refer the documentation in the `doc/` directory.

## Introdution

INSECA operates from several configuration files, all grouped in one single global configuration directory, pointed by the `$INSECA_ROOT` environment variable or using the `--root` command line argument of the `inseca` tool.

These configuration files define sets of objects which main ones are:

- **build configurations** describing the contents of a live Linux to be built, ranging from packages, configuration scripts and the like to cryptographic keys used to protect data;

- **install configurations** describing how a live Linux build will be installed (cryptographic keys and secrets and various other parameters)

- **domain configurations** listing a coherent set of install configurations all bubdled in a **domain** which can be seen as a business need

The global settings are described in the `$INSECA_ROOT/inseca.json` file.

**WARNING**

This program is useable but still _rough_, at least regarding areas such as:

- language: most is in English, with some strings still in French (gettext has started to be used)

- the documentation, which is only on French

- error reporting, especially in the configuration files handling where one is prone to make mistakes

- installation: there is no installation procedure, just download and run

- some components are not yet complete, some features don't yet work as expected

- expect some bugs

## Quick start

What follows should work out of the box on any Linux distribution but has only been tested using Debian and Fedora. YMMV.

### Installation

#### Manual installation

- install the dependencies :

  - rclone: https://rclone.org/downloads/

  - borgbackup: https://www.borgbackup.org/

  - python3 and python3-pacparser (python 3 with the pacparser)

  - git: https://git-scm.com/

  - dbus

  - make

  - requests (already included with Python3)

  - sqlite3 modules (already included with Python3)

  - libgtk-3-dev (GTK3 libraries)

  - the Docker engine : https://docs.docker.com/engine/install/

- download INSECA in dedicated directory (refered to as `$SRCDIR` afterwards)

- create the required Docker images: run `make` from the `$SRCDIR/docker-images/grub-bios/` and the `$SRCDIR/docker-images/livebuild/` directories

- download VeraCrypt as a DEB file from https://www.veracrypt.fr/en/Downloads.html in the `$SRCDIR/components/veracrypt/packages.deb/` directory

One the installation is finished, check that the `$SRCDIR/inseca` program can be run: `inseca -h` should display the help.

#### Scripted installation

- download INSECA in dedicated directory (refered to as `$SRCDIR` afterwards)

- run the `setup-debian.sh` or `setup-fedora.sh` from the `$SRCDIR` directory

### First configuration

To create a global configuration:

- set the local environment variables: `cd $SRCDIR/tools && source ./set-env.sh`

  (where SRCDIR points to the directory where inseca has been installed) if you are using bash

- create a dedicated directory and define the `$INSECA_ROOT` environment variable to point to it

- initialize the configuration's structure, run: `inseca init`

- create a default build configuration: `inseca config-create build "My first INSECA build"`

- build the associated live Linux: `inseca build "My first INSECA build"`

These steps, if sucessfull, ensure that INSECA is operational, from that point, refer to the documentation and build your own ecosystem.