Split Linux is a general operating system optimized for safely navigating hostile environments like the Internet and physical check points.
"musl, privacy, security, encryption, and unbeatable network setup. A++"
-- sysdfree Blog
Split Linux builds on tools that follow the UNIX philosophy and is based on the fast and independent Void Linux.
Read The Split Way to learn about its benefits and philosophy.
When booting the Split Linux live CD/ISO:
crypto_LUKS
-type partition./var/lib/lxc
.Containers can be any Linux distribution of your choice while VM's can be a wide range of operating systems, including Linux.
The decoy OS could be your current operating system resized to make space for the encrypted part, simply something small and innocent-looking or be left out altogether.
Split Linux launches a dockerized Tor router at boot. Containers connect through this router to the Internet in one of two fashions:
In the recommended isolated configuration a container does not have a default gateway configured. Each application has to be told to use the Tor router as proxy. This way, the connections of various applications cannot be related to one another. Measures are in place to make sure that each application uses a completely separate Tor circuit.
Isolated should be the default as it provides the highest level of anonymity.
The transparent setup is not recommended. The Tor router is defined as default gateway in the container and any application can access the Internet without additional configuration. The Tor circuits still differ from those of other containers, avoiding them to be related to each other, but the activity of one application may be correlated to that of another. It is still possible to configure applications to use separate circuits though.
Transparent might be used in the beginning until you know how to connect your applications.
The user may opt to circumvent the use of Tor altogether, ditching anonymity for containers where Internet connection speed is more important than stealth. As a middle ground, traffic may still be routed through a VPN.
Download split-live-x86_64-musl-current.iso.
Then verify checksum and flash:
sha256sum split-live-x86_64-musl-current.iso | grep 1e4be74189b98570f471de21fc9c46bece6b3ca9dc298fdf502acbde95dcf624 && dd status=progress oflag=direct bs=2M \ if=split-live-x86_64-musl-current.iso \ of=/dev/disk/by-id/<DEVICE>
Replace <DEVICE>
with the path to your pendrive. For added certainty cross-check the SHA256-sum shown here with the one published on Reddit.
Expect releases once to twice a year. You'll be working from containers which you can update according to your needs.
1e4be74189b98570f471de21fc9c46bece6b3ca9dc298fdf502acbde95dcf624
splt
establishes an extensible interface to frequently used actions
create
, info
, start
, attach
, route
, vethup
and restart
are available.splt create void <arguments>
creates a new Void Linux container.splt route
permanently switches containers between the established Split Linux networking styles "isolated", "leaky" and "exposed".splt vethup
enables the virtual networking interfaces of active containers.veth-<CONTAINER_NAME>
lxc.net.0.veth.pair = veth-<CONTAINER_NAME>
to their config file./var/lib/lxc/_host/
3152791b9f0f055390bb24ca7dced624edc31b0f8040dfb3ab10ac70ead1a257
<something>.auth_private
and owned by group 9001
have to be placed into /_host/override/tor_client_auth/
.splitlinux-tor-router
service has to be restarted for changes to take effect.172.17.0.2
through UDP port 53.26bd661e10921fd2b9d17a7a8da1571067948424f985c08922e53559c5609566
split-swap
" are now automatically used as suchsysctl.conf
, rc.local
and limits.conf
as required.7161f6ac83e2796b79e6d4369b749ce414aec5f4a25ba09d02e645a229ec623a
split*
" are preferred for decryption at bootformat_for_splitlinux
labels newly created devices accordingly
cryptsetup config --label split <DEVICE>
.create_voidlinux_container
should now be fastera6cadc3677bcf704639a90a35aa694d5ff47b2ad4eabcd56d88aa25b3933c2f8
172.17.0.2:9050..9054
for identities in "exposed"172.18.0.2:9050..9054
for identities in "isolated"172.20.0.2:9050..9054
for identities in "leaky"5b8992d429d3c0d866b2b98ea2e4c5d565294f0a4a9fc6b6d1da727342ca2d86
7088fd01b00eaf962c85ba11ed4f1fc934566049461d89144d3d492adf8255d6
format_for_splitlinux
automates hard disk preparation1ee709b2ab9c547105f73d3c47d417b9e2c2b6328717f598cdfc3539c762b231
0681621d58090567555fe7a73f791fbba769b435cd1c1793d7a106970c770d1a
create_voidlinux_container
simplifies creation of new identitiesaafc067e3e3f3b2e2567a1b2a1f52b9c269b9dc4959ed2b22549331cf9e73fcf
/_host/password
on the horde volume/etc
files will be overridden by files from /_host/override/etc/
of the horde volume; ideas:
wpa_supplicant/wpa_supplicant-<interface>.conf
to automatically connect wireless on boot.udev/rules.d/99-sound-for-containers.rules
to allow sound from containers.X11/xorg.d/70-synaptics.conf
to customize touchpad behaviour.ca3c88467520907f05f3e571f176a71f2ead0056e2f3fb68ed4bcc43aa54d17f
a6e925d3e0c5c1b91cba0a6d96924191664f8b9483b390396708f899e31a7cae
d6530d730f0fd11eb0230dded60b4f874213c3f4359ff27f9a5f445c9ce207b8
The Split Handbook (HTML, PDF)
Debugging: Customization Notes - Live CD
Link collection: Enter Crypto Currencies
Link collection: Live on Crypto
The Beast Desktop Environment - Changelog