Kali Top 10 Post Install Tips

Kali Linux 2.0 Top 10 Post Install Tips

With Kali 2.0 now released, we wanted to share a few post-install procedures we find ourselves repeating over and over, in the hopes that you will find them useful as well. We’ve also slapped in some answers to common questions we’ve been getting. Here is our top 10 list:

Enable or Disable the Intelligent Sidebar Option

Some people love it, some people hate it. In smaller resolutions, it can be annoying. We’re talking about the disappearing sidebar on the left of the screen. Here’s a short video showing how to change this behaviour.

Add Your SSH Public Key to Kali 2.0

Kali Linux 2.0 takes on the Debian SSH configuration option, the default since Jessie, which disallows root logins without a key.

root@kali:~# grep Root /etc/ssh/sshd_config
PermitRootLogin without-password

The less preferred alternative is to change the PermitRootLogin parameter to “yes” and restart the SSH server, which will allow remote password root logins. For safer remote root SSH access, add your public key to the /root/.ssh/authorized_keys file.

Install NVIDIA Drivers if You Need Them

If you have a NVIDIA graphics card, you should follow these instructions to get the NVIDIA drivers installed in Kali 2.0.

Install VMware or VirtualBox Guest Tools if You Need Them

Our instructions for installing virtual guest tools haven’t changed much and work well on the latest version of VMware (Workstation and Fusion), as well as VirtualBox.

Disable the Screen Lock Gnome Feature

We missed disabling this feature in our official builds but will do so in an upcoming update and future ISO releases. This is the fastest way to disable the Gnome screen lock feature:

Don’t Add Extra Repositories to Your Kali 2.0 Install

If for some reason you chose “no” when asked “use a network mirror” during your Kali installation, you may be missing some entries in your sources.list file. If this is the case, check the official repository list for the entries that should be in that file. Despite what many unofficial guides instruct you to do, avoid adding extra repositories to your sources.list file. Don’t add kali-dev, kali-rolling, or any other Kali repositories unless you have a specific reason to – which usually, you won’t. If you *must* add additional repositories, drop a new sources file in /etc/apt/sources.list.d/ instead.

Add a Non-root User if You’re Not Comfortable Running as root

We see many people leery of using Kali due to the fact that the main OS user is root. This often confuses us, as adding a non-root user to Kali is trivial and can be done by simply issuing commands similar to the following (just change the “muts” username to your own):

root@kali:~# useradd -m muts -G sudo -s /bin/bash
root@kali:~# passwd muts
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@kali:~#

Avoid Installing Flash Player

Just don’t.

Keep the Kali System Up to Date

We pull upstream updates from Debian 4 times a day. This ensures that security updates are implemented in Kali on an ongoing basis. You should keep your system up to date by regularly running the following commands:

apt-get update
apt-get dist-upgrade

Avoid Manual Installations of Tools in FHS Defined Directories

There are several ways you can use Kali – either as a “throw away pentesting machine” or as a “long term use OS“. The “throw away” method entails setting up Kali for a one-off engagement or short term use and then killing off the OS when done (this usually happens in virtual environments). The “long term use” use-case describes people who want to use Kali on an ongoing basis for day-to-day use. Both methods are perfectly valid but require different treatment. If you plan to use Kali on a day-to-day basis, you should avoid manual installs of programs in FHS defined directories as this would conflict with the existing apt package manager.

NEW!

Advanced Web Attacks and Exploitation (AWAE)

NOW AVAILABLE ONLINE! Advanced Web Attacks and Exploitation (AWAE).

You can now take OffSec’s most popular in-person training as an online course.

Earn your OSWE

FOLLOW US ON TWITTER:

@offsectraining

@kalilinux

@exploitdb