Difference between revisions of "Setup - Kali Linux"
(→Get Basic Packages) |
(→LDAP) |
||
Line 91: | Line 91: | ||
== LDAP == | == LDAP == | ||
+ | |||
+ | === ldap directory access === | ||
Copy the cacerts from SOE (firedance in example) | Copy the cacerts from SOE (firedance in example) | ||
Line 97: | Line 99: | ||
sed -s/openldap/ldap/g /etc/ldap/ldap.conf.soe >/etc/ldap/ldap.conf | sed -s/openldap/ldap/g /etc/ldap/ldap.conf.soe >/etc/ldap/ldap.conf | ||
− | + | ||
+ | Now you should be able to execute the following command. | ||
+ | |||
+ | ldapsearch -x LLL | ||
+ | |||
+ | |||
+ | === pam === | ||
+ | |||
+ | Use default options of this two packages | ||
+ | apt install libnss-ldap libpam-ldap | ||
+ | |||
+ | Edit /etc/nsswitch.conf to have ldap | ||
+ | passwd: files systemd ldap | ||
+ | group: files systemd ldap | ||
+ | shadow: files ldap |
Revision as of 01:48, 6 February 2020
Contents
Create Install Setup
Create a bootable USB from Kali linux
https://www.kali.org/docs/usb/kali-linux-live-usb-install/
Use default partition (single partition and swap around same as memory)
GUI install works fine. Default options
Account Setup
Create a local account that does not match in name the SOE LDAP. E.g: jrenau vs renau
Basic Setup
SSH Server (not for laptop, just desktop and servers)
apt-get install openssh-server systemctl enable ssh.service systemctl start ssh.service
Get the time in sync with NTP
systemctl enable ntp.service systemctl start ntp.service
Firewall Setup
Setup the firewall:
apt-get install ufw ufw default deny ufw reject auth ufw limit ssh/tcp ufw logging off
The next line is only needed the first time you install the package.
ufw enable
Follow it by enabling ufw with systemctl.
systemctl enable ufw.service
Finally, query the rules being applied via the status command.
ufw status
Determinism for QEMU/ESESC/LiveHD/....
mmap problem for qemu, enable perf monitoring for everyone, no randomization (determinism)
echo "vm.mmap_min_addr = 4096" >>/etc/sysctl.d/10-masc.conf echo "fs.inotify.max_user_watches = 65535" >>/etc/sysctl.d/10-masc.conf echo "kernel.randomize_va_space = 0" >>/etc/sysctl.d/10-masc.conf echo "kernel.perf_event_paranoid = -1" >>/etc/sysctl.d/10-masc.conf
restart sysctl or wait for reboot
systemctl restart systemd-sysctl.service
Get Atom/Bazel repos
Get Atom package
curl -L https://packagecloud.io/AtomEditor/atom/gpgkey | apt-key add - echo "deb [arch=amd64] https://packagecloud.io/AtomEditor/atom/any/ any main" > /etc/apt/sources.list.d/atom.list apt update apt install atom
Get Bazel package
curl https://bazel.build/bazel-release.pub.gpg | sudo apt-key add - echo "deb [arch=amd64] https://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel.list apt update apt install bazel
Get Basic Packages
Go to a Kali Linux machine (mada4?), dump the packages installed
dpkg --get-selections | grep -v deinstall > installed_packages.txt
Go to your new machine, and install the missing packages
cut -f 1 installed_packages.txt | xargs apt-get install -y
NOTE: There may be some conflicts with the older kali machine. My suggestion is to upgrade to the latest version before. At the end, there may be also issues for packages like atom
LDAP
ldap directory access
Copy the cacerts from SOE (firedance in example)
scp -r renau@firedance:/etc/openldap/cacerts /etc/ldap/ scp -r renau@firedance:/etc/openldap/ldap.conf /etc/ldap/ldap.conf.soe sed -s/openldap/ldap/g /etc/ldap/ldap.conf.soe >/etc/ldap/ldap.conf
Now you should be able to execute the following command.
ldapsearch -x LLL
pam
Use default options of this two packages
apt install libnss-ldap libpam-ldap
Edit /etc/nsswitch.conf to have ldap
passwd: files systemd ldap group: files systemd ldap shadow: files ldap