Difference between revisions of "Setup - Kali Linux"

From Vlsiwiki
Jump to: navigation, search
(Get Basic Packages)
(LDAP)
Line 91: Line 91:
  
 
== LDAP ==
 
== LDAP ==
 +
 +
=== ldap directory access ===
  
 
Copy the cacerts from SOE (firedance in example)
 
Copy the cacerts from SOE (firedance in example)
Line 97: Line 99:
 
  sed -s/openldap/ldap/g /etc/ldap/ldap.conf.soe >/etc/ldap/ldap.conf
 
  sed -s/openldap/ldap/g /etc/ldap/ldap.conf.soe >/etc/ldap/ldap.conf
  
Edit the ldap.conf to replace openldap to ldap
+
 
 +
Now you should be able to execute the following command.
 +
 
 +
ldapsearch -x LLL
 +
 
 +
 
 +
=== pam ===
 +
 
 +
Use default options of this two packages
 +
apt install libnss-ldap libpam-ldap
 +
 
 +
Edit /etc/nsswitch.conf to have ldap
 +
passwd:        files systemd ldap
 +
group:          files systemd ldap
 +
shadow:        files ldap

Revision as of 01:48, 6 February 2020

Create Install Setup

Create a bootable USB from Kali linux

https://www.kali.org/docs/usb/kali-linux-live-usb-install/

Use default partition (single partition and swap around same as memory)

GUI install works fine. Default options

Account Setup

Create a local account that does not match in name the SOE LDAP. E.g: jrenau vs renau


Basic Setup

SSH Server (not for laptop, just desktop and servers)

apt-get install openssh-server
systemctl enable ssh.service
systemctl start  ssh.service

Get the time in sync with NTP

systemctl enable ntp.service
systemctl start  ntp.service

Firewall Setup

Setup the firewall:

apt-get install ufw
ufw default deny
ufw reject auth
ufw limit ssh/tcp
ufw logging off

The next line is only needed the first time you install the package.

ufw enable

Follow it by enabling ufw with systemctl.

systemctl enable ufw.service

Finally, query the rules being applied via the status command.

ufw status

Determinism for QEMU/ESESC/LiveHD/....

mmap problem for qemu, enable perf monitoring for everyone, no randomization (determinism)

echo "vm.mmap_min_addr = 4096"             >>/etc/sysctl.d/10-masc.conf
echo "fs.inotify.max_user_watches = 65535" >>/etc/sysctl.d/10-masc.conf
echo "kernel.randomize_va_space = 0"       >>/etc/sysctl.d/10-masc.conf
echo "kernel.perf_event_paranoid = -1"     >>/etc/sysctl.d/10-masc.conf


restart sysctl or wait for reboot

systemctl restart systemd-sysctl.service

Get Atom/Bazel repos

Get Atom package

curl -L https://packagecloud.io/AtomEditor/atom/gpgkey | apt-key add -
echo "deb [arch=amd64] https://packagecloud.io/AtomEditor/atom/any/ any main" > /etc/apt/sources.list.d/atom.list
apt update
apt install atom


Get Bazel package

curl https://bazel.build/bazel-release.pub.gpg | sudo apt-key add -
echo "deb [arch=amd64] https://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel.list
apt update
apt install bazel


Get Basic Packages

Go to a Kali Linux machine (mada4?), dump the packages installed

dpkg --get-selections | grep -v deinstall > installed_packages.txt

Go to your new machine, and install the missing packages

cut -f 1 installed_packages.txt | xargs apt-get install -y

NOTE: There may be some conflicts with the older kali machine. My suggestion is to upgrade to the latest version before. At the end, there may be also issues for packages like atom

LDAP

ldap directory access

Copy the cacerts from SOE (firedance in example)

scp -r renau@firedance:/etc/openldap/cacerts /etc/ldap/
scp -r renau@firedance:/etc/openldap/ldap.conf /etc/ldap/ldap.conf.soe
sed -s/openldap/ldap/g /etc/ldap/ldap.conf.soe >/etc/ldap/ldap.conf


Now you should be able to execute the following command.

ldapsearch -x LLL


pam

Use default options of this two packages

apt install libnss-ldap libpam-ldap

Edit /etc/nsswitch.conf to have ldap

passwd:         files systemd ldap
group:          files systemd ldap
shadow:         files ldap