Split Linux - Just give me the light!

Split Linux is a general operating system optimized for safely navigating hostile environments like the Internet and physical check points.

Split Linux builds on tools that follow the UNIX philosophy and is based on the fast and independent Void Linux.

Read The Split Way to learn about its benefits and philosophy.


Hard disk interaction

Blockdevice Layout

When booting the Split Linux live CD/ISO:

  1. If present, the user is prompted ot unlock a crypto_LUKS-type partition.
  2. If a volume group named "split" is found, it is activated.
  3. If a logical volume named "horde" is found, it is mounted on /var/lib/lxc.
  4. When the user logs in with a name matching one of the available containers, they directly end up in a session within that container.
    • This will typically be an Xorg application like a window manager or desktop environment
  5. The user may launch additional containers in any other TTY and switch between them using Ctrl-Alt-Fx.

Containers can be any Linux distribution of your choice while VM's can be a wide range of operating systems, including Linux.

The decoy OS could be your current operating system resized to make space for the encrypted part, simply something small and innocent-looking or be left out altogether.


Networking in Split Linux Containers

Networking in Split Linux Containers

Split Linux launches a dockerized Tor router at boot. Containers connect through this router to the Internet in one of two fashions:

Isolated

In the recommended isolated configuration a container does not have a default gateway configured. Each application has to be told to use the Tor router as proxy. This way, the connections of various applications cannot be related to one another. Measures are in place to make sure that each application uses a completely separate Tor circuit.

Isolated should be the default as it provides the highest level of anonymity.

Transparent

The transparent setup is not recommended. The Tor router is defined as default gateway in the container and any application can access the Internet without additional configuration. The Tor circuits still differ from those of other containers, avoiding them to be related to each other, but the activity of one application may be correlated to that of another. It is still possible to configure applications to use separate circuits though.

Transparent might be used in the beginning until you know how to connect your applications.

Other modes

The user may opt to circumvent the use of Tor altogether, ditching anonymity for containers where Internet connection speed is more important than stealth. As a middle ground, traffic may still be routed through a VPN.


Download and Install

Download split-live-x86_64-musl-current.iso.

Then verify checksum and flash:

sha256sum split-live-x86_64-musl-current.iso |
  grep a6e925d3e0c5c1b91cba0a6d96924191664f8b9483b390396708f899e31a7cae &&
    dd status=progress oflag=direct bs=2M \
       if=split-live-x86_64-musl-current.iso \
       of=/dev/disk/by-id/<DEVICE>

Replace <DEVICE> with the path to your pendrive.


Release history


Notes

Configuration: Internet for Applications

Debugging: Customization Notes - Live CD

Installation: The Recommended Setup

Live on Crypto

The Split Way


Join the community


Logo