Kali Top 10 Post Install Tips

Kali Linux 2.0 Top 10 Post Install Tips

Kali Linux

With Kali 2.0 now released, we wanted to share a few post-install procedures we find ourselves repeating over and over, in the hopes that you will find them useful as well. We’ve also slapped in some answers to common questions we’ve been getting. Here is our top 10 list:

Enable or Disable the Intelligent Sidebar Option

Some people love it, some people hate it. In smaller resolutions, it can be annoying. We’re talking about the disappearing sidebar on the left of the screen. Here’s a short video showing how to change this behaviour.

Add Your SSH Public Key to Kali 2.0

Kali Linux 2.0 takes on the Debian SSH configuration option, the default since Jessie, which disallows root logins without a key.

root@kali:~# grep Root /etc/ssh/sshd_config
PermitRootLogin without-password

The less preferred alternative is to change the PermitRootLogin parameter to “yes” and restart the SSH server, which will allow remote password root logins. For safer remote root SSH access, add your public key to the /root/.ssh/authorized_keys file.

Install NVIDIA Drivers if You Need Them

If you have a NVIDIA graphics card, you should follow these instructions to get the NVIDIA drivers installed in Kali 2.0.

Install VMware or VirtualBox Guest Tools if You Need Them

Our instructions for installing virtual guest tools haven’t changed much and work well on the latest version of VMware (Workstation and Fusion), as well as VirtualBox.

Disable the Screen Lock Gnome Feature

We missed disabling this feature in our official builds but will do so in an upcoming update and future ISO releases. This is the fastest way to disable the Gnome screen lock feature:

Don’t Add Extra Repositories to Your Kali 2.0 Install

If for some reason you chose “no” when asked “use a network mirror” during your Kali installation, you may be missing some entries in your sources.list file. If this is the case, check the official repository list for the entries that should be in that file. Despite what many unofficial guides instruct you to do, avoid adding extra repositories to your sources.list file. Don’t add kali-dev, kali-rolling, or any other Kali repositories unless you have a specific reason to – which usually, you won’t. If you *must* add additional repositories, drop a new sources file in /etc/apt/sources.list.d/ instead.

Add a Non-root User if You’re Not Comfortable Running as root

We see many people leery of using Kali due to the fact that the main OS user is root. This often confuses us, as adding a non-root user to Kali is trivial and can be done by simply issuing commands similar to the following (just change the “muts” username to your own):

root@kali:~# useradd -m muts -G sudo -s /bin/bash
root@kali:~# passwd muts
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@kali:~#

Avoid Installing Flash Player

Just don’t.

Keep the Kali System Up to Date

We pull upstream updates from Debian 4 times a day. This ensures that security updates are implemented in Kali on an ongoing basis. You should keep your system up to date by regularly running the following commands:

apt-get update
apt-get dist-upgrade

Avoid Manual Installations of Tools in FHS Defined Directories

There are several ways you can use Kali – either as a “throw away pentesting machine” or as a “long term use OS“. The “throw away” method entails setting up Kali for a one-off engagement or short term use and then killing off the OS when done (this usually happens in virtual environments). The “long term use” use-case describes people who want to use Kali on an ongoing basis for day-to-day use. Both methods are perfectly valid but require different treatment. If you plan to use Kali on a day-to-day basis, you should avoid manual installs of programs in FHS defined directories as this would conflict with the existing apt package manager.

Previous Post
Kali 2.0 Dojo Black Hat / DEF CON USA 2015
Next Post
Kali Linux Rolling Virtual & ARM Images

Related Posts

Menu
X Close

 

Certified Pentesting
Professional

OSCP
course starting at
$800 USD

Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCP

Certified Pentesting
Expert

OSCE
course starting at
$1200 USD

Take Cracking the Perimeter to take your penetration testing skills to expert levels and earn your OSCE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCE

 

Certified Pentesting
Web Expert

OSWE
course starting at
$1400 USD

Take Advanced Web Attacks and Exploitation, to deep dive into web apps to earn your OSWE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWE

Certified Pentesting
Wireless Professional

OSWP
course starting at
$450 USD

Take Offensive Security Wireless Attacks to acquire knowledge about Wi-Fi attacks and earn your OSWP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWP

Certified Exploitation
Expert

OSEE
course starting at
See
Live Schedule

Take Advanced Windows Exploitation to develop exploits for Windows systems and earn your OSEE.

  • Live training course
  • Includes certification exam fee
  • Maximum instructor interaction
  • Highly challenging
  • Become an OSEE