6. Configuring Kali Linux

6.1.1. On the Desktop with NetworkManager

In a typical Kali Linux desktop installation, NetworkManager is pre-installed and provides comprehensive network management capabilities. It can be accessed and configured through:

• Xfce System Settings

• The top-right menu in the desktop environment.

Default Configuration

• The default setup uses DHCP to automatically obtain:

  • IP Address

  • DNS Server

  • Gateway

• You can modify this configuration using the gear icon in the network settings interface.

Customizing Network Settings

You can adjust various parameters through the settings interface:

1. MAC Address: Set a custom MAC address.

2. Static Configuration: Switch from DHCP to a static IP setup.

3. IPv6: Enable or disable IPv6.

4. Routes: Add additional routes for specific network paths.

Profiles and Wireless Networks

• Wired Networks:

  • Create and save multiple profiles for different wired configurations.

  • Easily switch between saved profiles when needed.

• Wireless Networks:

  • Configuration is tied to the SSID of the network.

  • Wireless profiles are automatically saved and reused when connecting to the same network.

Advanced Connection Types

NetworkManager supports additional types of network connections:

1. Mobile Broadband (WWAN):

   • Manage Wireless Wide Area Network connections.

2. Modem Connections (PPPoE):

   • Connect through modems using the Point-to-Point Protocol over Ethernet.

3. Virtual Private Networks (VPN):

   • Integration with a variety of VPN types through plugins:

     • SSH

     • OpenVPN

     • Cisco VPNC

     • PPTP

     • Strongswan

Installing VPN Plugins

Most VPN plugins are not installed by default. You can explore and install them from the network-manager-* package series to extend NetworkManager's functionality.

By leveraging NetworkManager, you can efficiently manage network configurations, switch between profiles, and access advanced connection types to meet diverse networking needs.

6.1.2. On the Command Line with Ifupdown

When a graphical desktop environment is unavailable, or if you prefer the command line, the ifupdown package offers tools to manage network configurations. The ifup and ifdown commands rely on the /etc/network/interfaces configuration file and are used during system initialization by the /etc/init.d/networking script to configure the network at boot.

Using sudo for Administrative Privileges

Many network configuration commands require administrative privileges:

• sudo: Allows privileged users to execute commands as the root user.

• To elevate to the root user, use:

  Copy

  $ sudo su --login
  [sudo] password for kali:
  root@kali:~#

Managing Network Devices

• Deconfigure a Network Device:

  Copy

  ifdown network-device

• Apply New Configuration: Modify /etc/network/interfaces, then reconfigure:

  Copy

  ifup network-device

Directives in /etc/network/interfaces

1. Auto Directive: Configures a network device automatically when it becomes available.

   Copy

   auto network-device

2. Iface Directive: Configures the interface with specific parameters:

   • DHCP Configuration:

     Copy

     auto lo
     iface lo inet loopback
     
     auto eth0
     iface eth0 inet dhcp

   • Static Configuration: Provide IP address details for a fixed setup:

     Copy

     auto eth0
     iface eth0 inet static
     address 192.168.0.3
     netmask 255.255.255.0
     broadcast 192.168.0.255
     network 192.168.0.0
     gateway 192.168.0.1

3. Wireless Configuration: For wireless networks, install the wpasupplicant package (default in Kali). Add options like:

   • SSID: Name of the wireless network.

   • PSK: Passphrase or key. Example:

   Copy

   iface wlan0 inet dhcp
   wpa-ssid MyNetWork
   wpa-psk plaintextsecret

   For detailed examples, refer to /usr/share/doc/wpasupplicant/README.Debian.gz.

Using ifupdown provides a robust and scriptable way to configure network interfaces, ensuring flexibility for both dynamic and static setups.

6.1.3. On the Command Line with systemd-networkd

While ifupdown remains the historical and default tool in Debian and Kali for minimal installations, systemd-networkd offers a modern alternative integrated with the systemd init system. It is lightweight, efficient, and relatively simple to configure, making it an attractive option for users who find NetworkManager too complex or bloated.

Why Use systemd-networkd?

• Integration with systemd: Simplifies network management by leveraging systemd's unit files.

• Small and Efficient: Designed to be minimalistic.

• Simple Syntax: Configuration through systemd unit files, which are straightforward once you understand systemd's syntax.

Configuration Files

Network configurations are defined through .network files placed in the /etc/systemd/network/ directory. Other directories used for specific scenarios include:

• /lib/systemd/network/: For packaged network configuration files.

• /run/systemd/network/: For runtime-generated files.

Basic Configuration Example:

1. Static IP Configuration: File: /etc/systemd/network/50-static.network

   Copy

   [Match]
   Name=enp2s0
   
   [Network]
   Address=192.168.0.15/24
   Gateway=192.168.0.1
   DNS=8.8.8.8

2. DHCP-based Configuration: File: /etc/systemd/network/80-dhcp.network

   Copy

   [Match]
   Name=en*
   
   [Network]
   DHCP=yes

The [Match] section specifies which network interfaces the configuration applies to (by MAC address, device type, or name). The [Network] section defines the network settings, such as static IP or DHCP.

Activating systemd-networkd

By default, systemd-networkd is disabled. To enable and start it, run the following commands:

systemctl enable systemd-networkd
systemctl enable systemd-resolved
systemctl start systemd-networkd
systemctl start systemd-resolved
ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

• systemd-resolved: Handles DNS resolution, and you need to symlink /etc/resolv.conf to /run/systemd/resolve/resolv.conf.

Limitations and Use Cases

• Limitations: Lacks integrated support for wireless networks. However, you can use an external wpa_supplicant configuration to manage wireless connections.

• Ideal for Containers and Virtual Machines: Originally developed for environments like containers where the network configuration depends on the host system's configuration. It also supports virtual network devices in such environments.

systemd-networkd is a versatile and streamlined tool for managing network configurations, especially suitable for lightweight, containerized, and virtualized environments.

6.2. Managing Unix Users and Unix Groups

The Unix user and group databases store information about system users and groups in specific files:

1. /etc/passwd: Contains user information (e.g., username, user ID, group ID).

2. /etc/shadow: Holds encrypted user passwords.

3. /etc/group: Lists groups on the system and their associated users.

4. /etc/gshadow: Contains encrypted group passwords.

These files can be edited manually, but higher-level tools are available for most operations, such as vipw and vigr for editing user and group information, respectively.

Key Terminology:

• getent: A command used to query system databases like users and groups. It interacts with the Name Service Switch (NSS) modules configured in /etc/nsswitch.conf.

• NSS (Name Service Switch): A mechanism that allows system services to query various databases (e.g., password, group, hosts).

• Database Entries: The /etc/passwd and /etc/group files store textual entries for users and groups.

• getent passwd: Command used to fetch user-related information. For example, getent passwd kaliuser1 retrieves information about the user kaliuser1.

Example output from getent passwd kaliuser1:

kaliuser1:x:1001:1001:Kali User,4444,123-867-5309,321-867-5309:/home/kaliuser1:/bin/bash

The fields represent:

• Username (kaliuser1)

• Password placeholder (x indicating encrypted password stored in /etc/shadow)

• User ID (1001)

• Group ID (1001)

• User info (Full name and contact details)

• Home directory (/home/kaliuser1)

• Shell (/bin/bash)

This command helps check user and group information efficiently by querying the relevant system databases.

6.2.1. Creating User Accounts

In Kali Linux, you can create user accounts using the adduser command. This command requires the username as an argument and prompts for additional information during the account creation process. The adduser command is straightforward and often used for creating non-privileged user accounts.

Key points:

• adduser: The command used to create a new user account in Linux. It also sets up the user’s home directory with default files from /etc/skel/, which includes standard directories and configuration files for the user.

• /etc/adduser.conf: A configuration file that defines various settings related to user creation, such as user ID ranges (UIDs), default shell, group management, etc.

• Home Directory: When a new user is created, the home directory is populated with content from /etc/skel/. This directory typically contains default configurations like .bashrc, .profile, etc.

• User Groups: Users can be added to additional groups to grant extra permissions. For example, adding a user to the docker group allows access to Docker commands and services.

Key Terminology:

• adduser: Command for adding a new user to the system.

• UID (User ID): A unique numerical identifier for a user.

• Home Directory: The directory where a user's personal files and configurations are stored, typically located under /home/username.

• /etc/skel/: A template directory for new user home directories containing default configuration files.

• Group Membership: Users can belong to multiple groups, which can grant them additional privileges, such as accessing specific services or commands (e.g., adding a user to the docker group).

This approach to creating users is common for maintaining organized, secure systems where users need varying levels of access.

6.2.2. Modifying an Existing Account or Password

The following commands allow modification of the information stored in specific fields of the user databases:

• passwd—permits a regular user to change their password, which in turn, updates the /etc/shadow file.

• chfn—(CHange Full Name), reserved for the super-user (root), modifies the GECOS, or "general information" field.

• chsh—(CHange SHell) changes the user's login shell. However, available choices will be limited to those listed in /etc/shells; the administrator, on the other hand, is not bound by this restriction and can set the shell to any program chosen.

• chage—(CHange AGE) allows the administrator to change the password expiration settings by passing the user name as an argument or list current settings using the -l user option. Alternatively, you can also force the expiration of a password using the passwd -e user command, which forces the user to change their password the next time they log in.

6.2.3. Disabling an Account

A disabled account means the user cannot login or gain access to the machine. The account remains intact on the machine and no files or data are deleted; it is simply inaccessible. This is accomplished by using the command passwd -l user (lock). Re-enabling the account is done in similar fashion, with the -u option (unlock).

6.2.4. Managing Unix Groups

Unix groups are used to organize users and control access to files and resources. Several commands are available to manage groups:

1. addgroup: Adds a new group.

2. delgroup: Deletes an existing group.

3. groupmod: Modifies a group’s information, such as its Group ID (GID).

4. gpasswd: Changes a group password.

5. gpasswd -r: Deletes the password of a group.

Working with Multiple Groups

Each user has a main group, typically created during the user setup. By default, files created by a user belong to both the user and their main group. However, in scenarios where a user needs to work with files in a different group, there are two key solutions:

• newgrp: Starts a new shell with a specified group as the user's active group.

• sg: Executes a single command using a different group without starting a new shell.

These commands can be used to join a group the user isn’t currently a member of. If the group is password-protected, the user must provide the correct password.

Another approach is to use the setgid bit on a directory, which ensures that files created within that directory belong to the directory’s group, not the user's main group. This approach is especially useful in shared workspaces.

Key Terminology:

• Group: A collection of users, typically created to manage file access and permissions.

• GID (Group ID): A unique numerical identifier assigned to each group.

• Main Group: A group automatically assigned to a user at creation, used for file ownership.

• newgrp: Command used to switch the current group for a new shell session.

• sg: Command that allows executing a command as a different group without switching shells.

• setgid bit: A permission setting that ensures files created in a directory belong to the group associated with the directory, not the user's main group.

• id: Command that displays a user's UID, GID, and the list of groups the user belongs to.

6.3. Configuring Services

In this section we will take a look at services (sometimes called daemons), or programs that run as a background process and perform various functions for the system.

Kali Linux's policy is to have any network services disabled by default.

6.3.1. Configuring a Specific Program

When configuring an unknown package, it's important to follow a structured approach to ensure you're making the right changes and using the correct configuration. Here are the stages to follow:

1. Read the Package Maintainer's Documentation:

   • Start by reading the /usr/share/doc/package/README.Debian file. This file often contains essential information about the package, including common issues, solutions, and specific configuration instructions tailored to the Debian system.

   • This step helps you avoid errors and time-consuming troubleshooting.

2. Consult the Official Software Documentation:

   • After reading the package-specific documentation, refer to the official documentation of the software. This can often be found online or included with the package.

   • To locate available documentation files and configuration files, use the dpkg -L package command, which lists the files installed by the package. Documentation is typically located in /usr/share/doc/package/.

   • You can also use dpkg -s package to get the package's meta-data. This includes a list of suggested or recommended packages, some of which may provide helpful utilities for configuring the software.

3. Examine Configuration Files:

   • Configuration files often include self-explanatory comments that help you understand possible settings. These comments can guide you in making adjustments to the configuration.

   • In some cases, you may only need to uncomment a line in the configuration file to get the software running.

   • The /usr/share/doc/package/examples/ directory may contain example configuration files. These can be useful templates for creating or modifying your own configuration files.

Key Terminology:

• dpkg -L package: Command to list all files installed by the specified package, helping you locate documentation and configuration files.

• dpkg -s package: Command to display meta-information about a package, including recommended or suggested packages that may assist in configuration.

• Configuration Files: Files, usually found in /etc/, that control how software operates. They often contain comments explaining their settings.

• Self-Documenting Configuration: Many configuration files include comments or example configurations to help guide you in setting up the software.

6.3.2. Configuring SSH for Remote Logins

SSH (Secure Shell) is a widely used tool for remotely logging into machines, transferring files, and executing commands securely. It consists of the ssh command (client) and the sshd service (server).

• OpenSSH Server: The openssh-server package is installed by default, but the SSH service is disabled at boot time. You can start the SSH service manually with systemctl start ssh or enable it to start at boot with systemctl enable ssh.

• Default Configuration: The SSH service comes with a default configuration file located at /etc/ssh/sshd_config. This file contains various settings that control how SSH operates, and all options are documented in the sshd_config(5) man page.

  • Password Authentication: By default, password-based logins are allowed. If you want to disable password logins and require SSH keys instead, set PasswordAuthentication to no. This requires generating an SSH key pair for authentication.

  • Port: SSH listens on port 22 by default, but this can be changed in the sshd_config file with the Port directive.

• Applying Changes: After making changes to the SSH configuration, apply them by running systemctl reload ssh to reload the service with the new settings.

Generating New SSH Host Keys

Each SSH server has its own unique cryptographic keys known as SSH host keys, which are stored in /etc/ssh/ssh_host_*. These keys ensure confidentiality and should not be shared between machines.

• If you're using a pre-configured disk image (e.g., ARM images) instead of a fresh install, it may contain pre-generated SSH host keys that should be replaced with new ones for security.

• To regenerate SSH host keys and reset the system's default user password, use the following commands:

  1. passwd – To change the default user password.

  2. rm /etc/ssh/ssh_host_* – To remove the old host keys.

  3. dpkg-reconfigure openssh-server – To generate new SSH host keys.

  4. systemctl restart ssh – To restart the SSH service with the new keys.

Key Terminology:

• sshd (SSH Daemon): The SSH server service that allows incoming SSH connections.

• /etc/ssh/sshd_config: The configuration file that defines settings for the SSH server, such as authentication methods, port, and allowed login types.

• SSH Host Keys: Unique cryptographic keys used to identify the SSH server. They are stored in /etc/ssh/ssh_host_*.

• PasswordAuthentication: A configuration option in sshd_config that controls whether password-based login is allowed.

• systemctl: A command used to manage services on a Linux system, including starting, stopping, and enabling services like SSH.

6.3.3. Configuring PostgreSQL Databases

PostgreSQL is a powerful, open-source relational database server often used by other services to store data. It requires running the PostgreSQL service, which can be started with the command systemctl start postgresql.

Multiple PostgreSQL Versions and Clusters

• Multiple Versions: PostgreSQL allows the installation of multiple versions of the database server on the same system. Each version can run in its own "cluster" (a collection of databases managed by the same PostgreSQL server). Each cluster has its configuration files stored in /etc/postgresql/version/cluster-name/.

• Clusters: When multiple clusters are running, each cluster typically listens on a different port (e.g., the second cluster might use port 5433). The postgresql.service file serves as a template to manage all clusters together, while individual clusters use unit files like postgresql@version-cluster.service.

Connection Types and Authentication

PostgreSQL supports two types of connections:

1. TCP Connection: By default, PostgreSQL listens on port 5432 for TCP connections and requires authentication via a PostgreSQL-managed username and password.

2. Unix Socket Connection: It also listens on a file-based socket at /var/run/postgresql/.s.PGSQL.5432. Connections through this socket typically use the Unix user account as the PostgreSQL user and may not require further authentication.

pg_hba.conf is the configuration file where you define which users can connect to which databases and how they should authenticate.

Creating Users and Databases

To create PostgreSQL users and databases:

• createuser: Creates a new user.

• createdb: Creates a new database.

Both commands require sufficient privileges. The easiest way to execute these commands is by using the postgres Unix account to connect over the file-based socket. Here’s an example:

1. Create a user with a password:

   Copy

   su - postgres
   createuser -P king_phisher

   This will prompt you to enter the password for the new user.

2. Create a database owned by the new user:

   Copy

   createdb -T template0 -E UTF-8 -O king_phisher king_phisher

   • -T template0: Specifies the database template.

   • -E UTF-8: Sets the character encoding to UTF-8.

   • -O king_phisher: Specifies the user who owns the database.

3. Test the connection:

   Copy

   psql -h localhost -U king_phisher king_phisher

Managing PostgreSQL Clusters

In Debian, a PostgreSQL cluster refers to a PostgreSQL instance running on a specific port. A cluster is essentially an individual database server, and Debian’s postgresql-common package includes tools for managing clusters:

• pg_createcluster: Creates a new cluster.

• pg_dropcluster: Deletes a cluster.

• pg_ctlcluster: Starts or stops a cluster.

• pg_upgradecluster: Upgrades a cluster to a new PostgreSQL version.

• pg_lsclusters: Lists all clusters and their status.

When you install a new major PostgreSQL version, a new cluster is created and listens on the next available port (e.g., 5433). To migrate databases to the new version:

• Use pg_upgradecluster old-version cluster-name to upgrade.

• You may need to remove the newly created empty cluster using pg_dropcluster before upgrading.

Key Terminology:

• PostgreSQL Cluster: A database server instance running on a specific port with its own set of databases.

• pg_hba.conf: Configuration file for client authentication, where you define connection and authentication rules.

• createuser and createdb: Commands to create users and databases in PostgreSQL.

• Unix Socket: A method for connecting to PostgreSQL that uses file-based communication rather than TCP/IP.

• pg_lsclusters: Command to list all PostgreSQL clusters on the system.

6.3.4. Configuring Apache

A typical Kali Linux installation includes the Apache web server, provided by the apache2 package. Being a network service, it is disabled by default. You can manually start it with systemctl start apache2.

Apache is a modular web server that supports dynamic configuration through modules. These modules enable or extend functionality, such as PHP for web application execution and SSL for HTTPS. Module management is handled using:

• a2enmod [module]: Enables a module by creating a symbolic link in /etc/apache2/mods-enabled/.

• a2dismod [module]: Disables a module by removing the link.

Key directories and configuration files:

• /etc/apache2/mods-available/: Contains available modules.

• /etc/apache2/mods-enabled/: Contains enabled modules.

• /etc/apache2/ports.conf: Defines the ports the server listens on (default is port 80).

• /var/www/html/: Default directory for serving web pages.

• /etc/apache2/sites-available/: Contains configuration files for virtual hosts.

• /etc/apache2/sites-enabled/: Contains enabled virtual host configurations.

Virtual Hosts

A Virtual Host allows Apache to host multiple websites on the same server. Key details:

• Virtual host files are stored in /etc/apache2/sites-available/ and named after the hostname with a .conf suffix.

• Enable a virtual host with a2ensite [site].

• A default virtual host (000-default.conf) serves requests for unknown hosts.

Example Virtual Host Configuration:

<VirtualHost *:80>
    ServerName www.example.com
    ServerAlias example.com
    DocumentRoot /srv/www.example.com/www
</VirtualHost>

Common Directives

Directives control server behavior and are placed in configuration files or <Directory> blocks. Common ones include:

• DirectoryIndex: Specifies default files to serve (e.g., index.php or index.html).

• Options: Configures server behavior. Examples:

  • ExecCGI: Allows execution of CGI scripts.

  • FollowSymLinks: Permits following symbolic links.

  • Indexes: Enables directory listing if no DirectoryIndex file exists.

  • MultiViews: Supports content negotiation, like language preferences.

.htaccess Files

.htaccess files apply directory-specific directives recursively. They are controlled by the AllowOverride directive to restrict which options users can configure. Example use: restrict CGI execution.

Authentication

Apache supports Basic Authentication for access restriction. Example .htaccess configuration:

Require valid-user
AuthName "Private directory"
AuthType Basic
AuthUserFile /etc/apache2/authfiles/htpasswd-private

Passwords are managed with the htpasswd command.

Restricting Access

The Require directive restricts access based on criteria such as IP address:

Require ip 192.168.0.0/16

Security Notes

• Basic Authentication: Passwords are sent in plain text (base64-encoded), which is insecure.

• SSL/TLS: Use the SSL module to encrypt sessions, ensuring secure communication.

Key Terminology

• Module: A feature or function add-on for Apache.

• Virtual Host: A configuration for hosting multiple websites on the same server.

• Directive: A configuration instruction in Apache.

• .htaccess: A directory-specific configuration file.

• SSL/TLS: Protocols for secure communication over HTTPS.

6.4. Managing Services

Kali Linux uses systemd as its init system, which manages system boot, services, and processes. The primary tool for interacting with systemd is systemctl, allowing users to query, control, and manage services.

Key Concepts and Commands

Units and Unit Files

• Unit: A systemd object representing a resource, service, or behavior (e.g., services, devices, sockets).

• Service Unit: Describes a service using configuration files located in:

  • /lib/systemd/system/ (default location).

  • /run/systemd/system/ (runtime overrides).

  • /etc/systemd/system/ (custom overrides, highest priority).

Example service file (/lib/systemd/system/ssh.service):

iniCopyEdit[Unit]
Description=OpenBSD Secure Shell server
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

[Service]
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
Restart=on-failure
Type=notify

[Install]
WantedBy=multi-user.target

Targets

• Target: Represents a desired state grouping multiple units (e.g., multi-user.target for multi-user mode).

• Default Target: The system reaches default.target during boot, often linked to graphical.target or multi-user.target.

Dependencies:

• Defined in the Wants directive or via symlinks in /etc/systemd/system/target-name.target.wants/.

Service Management Commands

• Enable a Service: systemctl enable [service] Creates a symlink for the service in the appropriate target's wants directory, adding it to boot dependencies.

• Disable a Service: systemctl disable [service] Removes the symlink, removing it from boot dependencies.

• Start/Stop a Service: systemctl start [service] systemctl stop [service]

• Reload/Restart a Service: systemctl reload [service] (reloads configuration without stopping). systemctl restart [service] (stops and restarts).

• Check Status: systemctl status [service] Displays whether the service is active, inactive, or failed, and shows the latest log entries.

Key Terminology

• systemctl: Command-line tool for managing systemd.

• Unit File: Text file describing a unit (e.g., service, target).

• Target: Group of units representing a state.

• Enable/Disable: Add/remove a service from boot sequence.

• Start/Stop: Manually activate/deactivate a service.

• Reload/Restart: Update or reset a running service.

Hacker's Mantra: Hacking is like chess; you have to think several moves ahead of your opponent. -- Tsutomu Shimomura