{{Header}}
{{Title|title=
Post-installation Security Advice
}}
{{#seo:
|description=This page provides security advice, steps that can be applied after installation of {{project_name_long}} for better security such as changing passwords.
|image=Ball-63527-640.jpg
}}
[[File:Ball-63527-640.jpg|thumb]]
{{intro|
This page provides security advice, steps (such as changing passwords) that can be applied after installation of {{project_name_short}} for better security.
}}
= Introduction =

{{security_intro}}

This page provides security advice, including steps that can be applied after installation of {{project_name_short}} for better security.

= On {{project_name_gateway_long}} =
== Increase Virtual Machine RAM ==
If using a {{Project_name_long}} VM...

{{mbox
| image   = [[File:Ambox_notice.png|40px|alt={{project_name_short}} default password info box]]
| text    = [[Qubes|{{q_project_name_long}}]] users can skip this section. <ref>
Qubes has dynamic RAM assignment.
</ref>
}}
If enough host RAM is available, ideally the virtual RAM setting of {{project_name_short}} should be increased to <code>2048</code> MB RAM. <ref>
This provides higher performance during upgrades and lowers the likelihood of [https://forums.whonix.org/t/swap-swap-file-whonix-gateway-freezing-during-apt-get-dist-upgrade-encrypted-swap-file-creator/8317 issues].
</ref> If it is infeasible to increase the virtual RAM setting, {{project_name_gateway_short}} will still function properly. <ref>
Although non-ideal, [https://github.com/{{project_name_short}}/swap-file-creator swap-file-creator] will create an encrypted swap file and the [https://forums.whonix.org/t/vm-swappiness-1-set-swapiness-to-lowest-setting-still-useful-swappiness-lowest/9278 system is configured to swap as little as possible].
</ref>

If it is unknown how much RAM is available, follow these steps on the host: <ref>https://www.tenforums.com/tutorials/66809-determine-system-memory-size-speed-type-windows-10-a.html</ref> <ref>https://vitux.com/how-to-check-installed-ram-on-debian/</ref> <ref>https://support.apple.com/en-us/HT201191</ref>
* <u>Windows 10</u>: <code>Task Manager in More details view</code> &rarr; <code>Click/tap on the Performance tab</code> &rarr; <code>Click/tap on Memory</code>; or <code>Open a command prompt</code> &rarr; <code><i>Run</i></code> <code>wmic MemoryChip get /format:list</code>
* <u>macOS</u>: <code>Apple menu</code> &rarr; <code>About This Mac</code>
* <u>Linux</u>: <code>Open a terminal</code> &rarr; <code><i>Run</i></code> <code>free -h</code> <ref>This command works in Red Hat, CentOS, Suse, Ubuntu, Fedora, Debian and other distributions. Alternative commands include: <code>cat /proc/meminfo |grep MemTotal</code>, <code>top</code>, and <code>vmstat -s</code>.</ref>

Related:

* [[Troubleshooting#Low_RAM_Issues|Low RAM Issues]]
* [[RAM|Advice for Systems with Low RAM]]

=== VirtualBox ===
# To add RAM in VirtualBox the VM <u>must</u> first be powered down.
# <code>Virtual machine</code> &rarr; <code>Menu</code> &rarr; <code>Settings</code> &rarr; <code><i>Adjust</i></code> <code>Memory slider</code> &rarr; <code><i>Hit:</i> OK</code>

=== KVM ===
{{KVM_RAM}}

== Change Keyboard Layout ==
{{mbox
| image   = [[File:Ambox_notice.png|40px|alt={{project_name_short}}Change Keyboard Layout info box]]
| text    = [[Qubes|{{q_project_name_short}}]] users can skip this section. <ref>
By default, Qubes VMs use the same keyboard layout as Qubes <code>dom0</code>.
</ref>
}}

If you are using a keyboard layout other than <code>qwerty</code> (US), consider changing the keyboard layout. Refer to the dedicated [[Keyboard Layout]] entry for further details.

== Test Keyboard Layout ==
{{mbox
| image   = [[File:Ambox_notice.png|40px|alt={{project_name_short}}Test Keyboard Layout info box]]
| text    = [[Qubes|{{q_project_name_short}}]] users can skip this section.
}}

* <code>Start menu</code> &rarr; <code>Accessories</code> &rarr; <code>Mousepad</code>; or
* {{Open File
|filename=~/testfile
}}

Try typing the words <code>user</code>, <code>changeme</code> and <code>qwerty</code>. Try typing further words to ensure the desired keyboard layout is functional.

{{Anchor|Change Passwords}}
== Change Password ==
By default, the <code>user</code> and <code>sysmaint</code> accounts in {{project_name_short}} do not have a password. Users can set or change the password for a user account in {{project_name_gateway_short}}, if this aligns with their threat model, based on this [[Default_Passwords|default passwords information]].

See [[Login#Configuring_Passwords|configuring passwords]] for detailed information on changing user account passwords.

=== Auto Login ===

Depending on the threat model, users might want to [[Login#Configuring_GUI_Autologin|disable autologin]] after changing their password.

Be aware that requiring a password for [[login]] might protect against unsophisticated, simple access. However, an attacker with physical access and basic Linux knowledge can easily change the password if full disk encryption is not used. See also [[Protection Against Physical Attacks]].

It is strongly recommended to use [[Full Disk Encryption|full disk encryption (FDE)]] on the host {{os}}; otherwise, the system can be easily accessed via chroot. <ref>
https://wiki.debian.org/chroot
</ref>

== Security Updates ==

Regularly check for security updates and apply them in a timely fashion; see [[Operating_System_Software_and_Updates#Updates|Operating System Updates]].

= Appendix =

== How do I Check the Current {{project_name_short}} Version? ==

See <code>/etc/*_version</code>.

{{Open_a__product_gw_terminal}}

{{CodeSelect|code=
cat /etc/*_version
}}

Should show.

<code>{{Stable project version based on Debian version short}}.1<br />
{{VersionShort}}</code>

The first line shows the version of the major and minor version of Debian. The second line shows the version of the derivative ({{project_name_short}}).

= Footnotes =
{{reflist|close=1}}

{{Footer}}

[[Category:Documentation]]