Virtualization

It is unrecommended to run Obscurix inside a Virtual Machine (VM). This is because it will depend on the security of your host OS, it may leave traces behind on your hard drive and some important features will not work such as MAC address spoofing.

If however, you secure your host operating system and configure it not to store any traces and account for the broken features, you may improve security by protecting against malware that embeds itself into firmware (this can also be solved by running a VM inside Obscurix). This should only be for advanced users and is highly unrecommended.

Hypervisors

Obscurix is only supported on Virtualbox. Any other hypervisor may be worse for security or may not work at all.

Virtualbox

You will need to install Virtualbox. Once it is installed, open it and click "New". For the name, type in "Obscurix" and make sure the type is "Linux" and the version, "Arch Linux". Click next and set the needed amount of RAM. 2048MB is recommended. Click next and do not create a virtual hard disk. Now click "Create" and "Continue".

Click on the VM at the left panel, click "Settings", go to the "Storage" section and click on the disk icon. Click the drop down menu on the right and select the Obscurix iso. Click the Live CD/DVD checkbox.

You can now click "Ok" and start the VM.

Extra Security

For extra security, you can configure the VM settings more to reduce attack surface and enable security features.

In General -> Advanced make sure the Shared Clipboard and Drag'n'Drop is disabled.

In System -> Motherboard set the Pointing Device to PS/2 Mouse (this is needed to disable the USB controller) and remove everything in the boot order except the optical drive.

In System -> Processor, enable PAE/NX. The NX bit is a security feature which marks certain areas of memory as non-executable.

In Display, make sure 3D Acceleration, 2D Acceleration, Remote Display and Recording are disabled.

In Audio, disable audio.

In Network, make sure Adapter 2, Adapter 3 and Adapter 4 are disabled.

In Serial Ports, disable them all.

In USB, disable the USB controller.

Don't create any shared folders or do GPU passthrough.

Configuring Your Host OS

This section is only for advanced users and only applies for Linux distros. For any other OS, you're on your own.

Disabling Swap

Swap can write parts of RAM to disk. This can leave traces of Obscurix on your hard drive. This can be disabled on your host by setting vm.swappiness=0 with sysctl, running swapoff -a and deleting any swap partitions or files.

Disabling Coredumps

Core dumps contain the recorded state of the working memory of a program at a specific time, usually when that program has crashed. These can leave traces of Obscurix on your hard drive so it is recommended to disable them. See this guide for instructions on how to disable them.

Running Obscurix inside a tmpfs

You can create a chroot jail inside a tmpfs, install virtualbox in it and run Obscurix in it to make it less likely that traces will be left.

Spoofing your MAC address

As Obscurix cannot spoof your host's MAC address, you will need to spoof it yourself. Install macchanger and find the list of your network interfaces by running ip a. Spoof the MAC addresses of those network interfaces by running

macchanger -e (interface)

Replace (interface) with the name of the network inteface.

Restricting Virtualbox

Consider enabling an AppArmor profile for Virtualbox along with sandboxing such as Firejail or Bubblewrap. If using libvirt, restrict it with AppArmor too.