قالب وردپرس درنا توس
Home / Tips and Tricks / How to Install and Lock Kali Linux for Secure Desktop Use «Null Byte :: WonderHowTo

How to Install and Lock Kali Linux for Secure Desktop Use «Null Byte :: WonderHowTo



Kali Linux is well established as a starter system for penetration testing, but in the standard configuration it is not ideal for regular desktop usage. While in many scenarios a live boot or a virtual environment can solve these problems, a complete installation is better in some situations. On a Kali Linux desktop, some simple changes can be made to make using it safer in this environment.

Unlike other Linux distributions, Kali was designed only as a penetration test toolkit. This means that while desktop-focused tools such as office suites and games are not neglected, they are not the focus of developers. The distro is primarily configured for temporary use because it is by default set to a single-user mode, which speaks against the best practices for desktop-oriented distribution security. There are a few other common ways to use Kali besides installing a traditional operating system.

VirtualBox is a popular cross-platform virtualization tool.

The most convenient way to use Kali is when you run it in a virtual machine. Tools such as VirtualBox allow you to use other operating systems in a sandbox environment on a Windows, MacOS, Linux, or BSD host operating system. The limitations of a virtual machine include potentially difficult configurations, increased memory utilization, slower performance, and network hardware issues. Some of these issues can be resolved by running Kali as a live boot.

If you are using Kali as a live boot, you must create a bootable image on an external drive and boot from that device instead of the operating system installed on the hard disk. This provides direct access to the system and network hardware because the additional layer of a host operating system used for virtualization can be bypassed. Kali also offers persistent and encrypted live image options, which means that any work done in a live setup can be saved to the same drive. While this persistence makes Kali very useful as a live system, system performance and disk space can be a problem.

If neither can be used, Kali can also run as a Windows subsystem, if you want to continue using Windows without the need for even a reboot, nor a complete virtual machine environment.

Kali is by no means recommended or ideal for primary desktop use. To quote the Kali Linux documentation:

The fact is, Kali is a Linux distribution designed specifically for professional penetration testers and security specialists, and given its unique nature, it is NOT a recommended distribution if you are Unfamiliar with Linux, or looking for a universal Linux desktop distribution for development, web design, games, and more.

If you're just looking for an operating system that performs both regular tasks and pen testing, you should consider that almost all tools included in Kali can also be compiled or installed on other platforms.

However, if you want to install Kali Linux, there are a few steps that you can take to make it more practical to use regular desktop and Penetration Testing. This can be useful on longer projects, creating documentation or reports, or limiting the number of operating systems and partitions needed on a given system.

Step 1: Installing Kali

creates an installation media, such as a. For example, a CD or USB drive from which you boot to the device where you want to install Kali. When the boot menu is displayed, use the arrow keys and Enter to select the "Graphical Installation" option instead of installing "Live" or Text.

The installation of Kali should be familiar to anyone who has ever installed a different Linux distribution. The graphical installer is well run and easy to understand. When installing Kali, there are two special installation steps that you should pay particular attention to. The first of these is the "Setting up users and passwords" page.

The root password for the system can be defined on this page. This is used to manage the installation after it finishes, and it is also used for all commands that require superuser privileges. Keep in mind that this password can be a significant security consideration, so make sure it's strong, but keep in mind that you may need to enter it relatively frequently.

Step 2: Configure user accounts

In the standard potassium configuration, the operating system is a single user. This user account is the root account or superuser account, which on most systems is designed to break permissions so that only one user account can perform certain tasks. At Kali, this is convenient for most users because there is no need to switch users.

For a regular desktop-focused Linux distribution, these permissions are lost for security reasons. If you are running as a non-privileged user, any tasks that you run or tools installed must receive these permissions each time they are used. This severely restricts the possibility of abuse or abuse.

If you plan to use Kali as something other than a pure penetration testing toolkit, it may be worthwhile configuring a separate nonprivileged user account. If you run whoami on a standard potash installation, you will see that you are running as the root user.

  root @ kali: ~ # whoami
root
root @ kali: ~ # _ 

Although running as root is not a good security for a desktop distribution, it will simplify the process of creating a new user. To start creating a new account, run the following command and replace "username" with the name of the new user you want to create.

  adduser -m username 

This creates a new user account for creating a new home directory for the user. We can confirm the existence of this new directory by running ls /home/.

root@kali:~# useradd -m nullbyte
root @ kali: ~ # ls / home /
Nullbyte
root @ kali: ~ # _ 

Next, we can set a password for this newly created user account. This password should be different from your root password. Execute the following command by replacing "username" with the username of the previously created account.

  passwd username 

After you run this command, you will be asked to enter and reenter your new password] root @ kali: ~ # passwd nullbyte
Enter a new UNIX password:
Enter the new UNIX password again:
passwd: Password has been updated successfully
root @ kali: ~ # _

Once a user account and password have been created, we can set permissions for the new account. The most important change we will make is to add the user to the user group "sudoers". This group allows each user to use sudo, allowing them to execute commands like other users. The name of the tool was originally meant to be "superuser do" but is now generally extended to "substitute user do" because it allows you to execute commands other than root as well as other users. In the case of Kali, sudo is generally used to execute commands that require root privileges while running as a nonprivileged user.

To add the newly created user to the sudo user group, run the following command and replace "username" with the user name of the user you want to add.

  usermod -aG sudo username 

As you can see below, I do this for my nullbyte user.

  root @ kali: ~ # usermod -aG sudo nullbyte
root @ kali: ~ # _ 

After this user is created, you can log out of the main Kali login screen and log back into the user account. Simply enter the user name of the new user, not the one of the root user.

After logging in, a new terminal window can be opened and when running whoami see the username of the new user account. In this new terminal window, it can also be noted that the shell used differs slightly from the root user shell. This is because the shell has not yet been set to BASH for the new user. Run the following command by replacing "username" with your account name.

  chsh -s / bin / bash username 

For example, here's what the terminal should look like for my nullbyte user:

  $ Whoami
Nullbyte
$ chsh -s / bin / bash nullbyte
Password:
$ _ 

Now that a new user account and shell have been configured, the account is ready to use! Commands that you want to run as root can be sudoed if they are run as default users and get the security and isolation of the permissions provided by most standard Linux desktops.

Step 3: Modifying the Network Service Policies

As previously mentioned In the Kali Documentation "Kali Linux handles network services in a very different way than typical Linux distributions." Specifically, Kali does not enable external listening services by default The goal is to minimize exposure in the default state. "These changes mean that Kali" prevents network services from passing by default on reboots. "

This means that certain network services that you want to install work first, but then mysteriously fail during a restart. Although it is possible to manually start these services using Systemd's systemctl component, if you want a service to persist through restarts, you must edit the whitelist.

To edit this file with Nano, you can run the following command.

  sudo nano /usr/sbin/update-rc.d

While the beginning of the file looks more like a Perl script than a whitelist, scrolling further into the file, you can see a section dedicated to the Whitelist and blacklist.

If you want to add a service to the whitelist, first make sure that it does not contain the blacklist section of the file. If so, remove the line before proceeding. To add a new entry, simply enter the name of the service followed by enabled in a line within the whitelist.

After you If you edit this file, you can save your changes by pressing Ctrl + O and ending with Ctrl + X . Any changes made to initialization startup services should take effect on the next reboot.

Step 4: Enabling Kali Rolling

After installing Kali, you should check your repository sources to make sure the correct address is set. Run the following command to edit the file in Nano.

  sudo nano /etc/apt/sources.list

Make sure the file contains the following line and that it is not commented out with a # sign at the beginning

  deb http: // http. kali.org/kali kali- rolling main non-free contrib 

After ensuring that this line exists or is added to the file, press Ctrl + O and then press Ctrl + X to save changes.

After this file has been updated, you can update or select the system to improve it. First run the command apt-get to update the repositories.

  sudo apt-get update 

If you are performing a full system upgrade and want to install the latest version of the installed software, you can also run the following command:

  sudo apt-get upgrade 

Once your Repositories are updated and the system is up-to-date, you can install additional software to further configure your Kali installation. 19659028] nullbyte @ kali: ~ $ sudo nano /etc/apt/sources.list
nullbyte @ kali: ~ $ sudo apt-get update
Getting: 1 http://mirrors.ocf.berkley.edu/kali kali-rolling InRelease [30.5 kB] Ign: 1 http://mirrors.ocf.berkley.edu/kali kali-rolling InRelease
Get: 2 http://mirrors.ocf.berkley.edu/kali kali- rolling / main amd64 packages [16.0 MB] 15% [2 Packages 22.9 kB/16.0 MB 0%] _

Step 5: Customizing the Desktop Interface

One way you can choose is to change the desktop environment to your own taste. This may be a purely visual decision, a performance-based, or a workflow decision, such as selecting a stacking or tiling window manager.

The Kali "Rolling" repositories offer a range of packages with standard desktop interfaces and window managers. For an example, we install XFCE. First, run the following command to install the XFCE4 metapackage with the main components of the desktop environment.

  sudo apt-get install xfce4 

After installing XFCE, it will be available for use after rebooting. After entering your username on the login screen, press the gear icon below the password field and select the desktop environment, in this case "Xfce Session".

After booting, the system now loads the desktop selected in the login manager.

In addition to some additional configuration options In some situations, a new desktop environment will also inherit Kali's extensive menu of Penetration Tools, as shown in the following figure.

With countless desktop environments and windows such as GNOME, KDE, XFCE, LXDE, OpenBox, i3 and others, the ways to improve the operating system Workflows on any Linux platform, including Kali, virtually unlimited. Although Kali was not originally intended for the desktop, it can easily be adapted to a variety of situations due to the support and cross-compatibility of the free software community.

Thank you for reading! If you have questions, you can leave a comment or on Twitter at @tahkion .

Miss: How To Set Up A Headless Raspberry Pi Hacking Platform Running Kali Linux

Cover Picture by StockSnap / Pixabay (Original); Screenshots of Takhion / Null Byte




Source link