Update doc to more QubesOS version agnostic one

This commit is contained in:
brofoobar 2018-08-05 15:39:01 +00:00 committed by GitHub
parent 32f1c9775a
commit 295b62921a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -12,7 +12,10 @@ redirect_from:
- Adding additional repositories or tools for installing software extends your trust to those tool providers. - Adding additional repositories or tools for installing software extends your trust to those tool providers.
Please keep in mind that using such a VM or VM's based on the template for security and privacy critical tasks is not recommended. - Please keep in mind that using such a VM or VM's based on the template for security and privacy critical tasks is not recommended.
- Kali Linux distribution is a rolling ditribution based constantly on Debian testing release, so it always will have newer software base than available in Qubes OS debian template.
Keep in mind that it may result in problems (especially in regard to package dependency) not covered by this tutorial.
How to Create a Kali Linux VM How to Create a Kali Linux VM
============================= =============================
@ -24,10 +27,9 @@ Kali Linux is the most widely used penetration testing Linux distribution.
There are multiple ways to create a Kali Linux VM: There are multiple ways to create a Kali Linux VM:
1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm). 1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm).
2. Clone the Qubes OS Debian image and turn it into a Kali Linux distribution using [katoolin]. Explained [here](#katoolin). 2. Clone the Qubes OS latest Debian template image and turn it into a Kali Linux distribution:
3. Clone the Qubes OS 'jessie' Debian template, upgrade it to 'stretch' - using [katoolin]. Explained [here](#katoolin).
(Debian 9.0) and turn it into a Kali linux template. Explained - manually. Explained [here](#templatevm-from-debian).
[here](#templatevm-from-debian).
Kali Linux HVM <a name="hvm"/> Kali Linux HVM <a name="hvm"/>
-------------- --------------
@ -38,21 +40,27 @@ Kali Linux HVM <a name="hvm"/>
3. Start the HVM with attached CD/DVD 3. Start the HVM with attached CD/DVD
qvm-start <hvm-name> --cdrom <vm-name>:/home/user/Downloads/<iso-name>.iso [user@dom0 ~]$ qvm-start <hvm-name> --cdrom <vm-name>:/home/user/Downloads/<iso-name>.iso
Debian based Kali Template with Katoolin <a name="katoolin"/> Debian based Kali Template with Katoolin <a name="katoolin"/>
---------------------------------------- ----------------------------------------
Katoolin is a script (written in Python) which helps you to install Kali tools. **Note:** The prompt on each line indicates where each command should be entered (`@dom0`, `@debian-<X>` or `@kali`).
1. (Optional) Install `debian-8` template (if not already installed) 1. (Optional) Check for latest Debian stable template and install it (if not already done)
2. Update your `debian-8` template [user@dom0 ~]$ sudo qubes-dom0-update --action="search all" qubes-template-debian
[user@dom0 ~]$ sudo qubes-dom0-update <latest Debian template>
sudo apt-get update 2. Start and update your latest Debian template
sudo apt-get dist-upgrade
3. Clone `debian-8` template (two options) [user@dom0 ~]$ qvm-start debian-<X>
[user@dom0 ~]$ qvm-run -a debian-<X> gnome-terminal
[user@debian-<X> ~]$ sudo apt-get update
[user@debian-<X> ~]$ sudo apt-get upgrade
[user@dom0 ~]$ qvm-shutdown debian-<X>
3. Clone `debian-X` template (two options)
1. Via Qubes VM Manager 1. Via Qubes VM Manager
@ -60,31 +68,42 @@ Katoolin is a script (written in Python) which helps you to install Kali tools.
2. Via command line 2. Via command line
qvm-clone debian-8 kali [user@dom0 ~]$ qvm-clone debian-<X> kali
4. Start and upgrade the `kali` Template from Debian 8 to Debian 9 4. Check name of testing [Debian-releases][Debian release] and update repository list to reflect current state
sudo sed -i 's/jessie/stretch/g' /etc/apt/sources.list [user@kali ~]$ sudo sed -i 's/<current stable>/<current testing>/g' /etc/apt/sources.list
sudo sed -i 's/jessie/stretch/g' /etc/apt/sources.list.d/qubes-r3.list [user@kali ~]$ sudo sed -i 's/<current stable>/<current testing>/g' /etc/apt/sources.list.d/qubes-r<X>.list
sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get autoremove
5. Install Katoolin and add Kali Linux repositories e.g. in this example we update `stretch` stable repository to `buster` testing respository
[user@kali ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list
[user@kali ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/qubes-r<X>.list
5. Upgrade `kali` template to latest Debian testing release
[user@kali ~]$ sudo apt-get update
[user@kali ~]$ sudo apt-get dist-upgrade
[user@kali ~]$ sudo apt-get autoremove
**Note:** During execution of a `dist-upgrade` command read carefully list of packages to be removed.
If it contains `qubes-*` packages, terminate operation and try to resolve `qubes-*` packages missing dependencies first.
6. Install Katoolin and add Kali Linux repositories
1. Install Katoolin 1. Install Katoolin
sudo apt-get install git [user@kali ~]$ sudo apt-get install git
git clone https://github.com/LionSec/katoolin.git [user@kali ~]$ git clone https://github.com/LionSec/katoolin.git
sudo cp katoolin/katoolin.py /usr/bin/katoolin [user@kali ~]$ sudo cp katoolin/katoolin.py /usr/bin/katoolin
sudo chmod +x /usr/bin/katoolin [user@kali ~]$ sudo chmod +x /usr/bin/katoolin
rm -rf katoolin [user@kali ~]$ rm -rf katoolin
2. Add Kali Linux repositories 2. Add Kali Linux repositories
- start katoolin - start katoolin
sudo katoolin [user@kali ~]$ sudo katoolin
- select 'Add Kali repositories & Update' - select 'Add Kali repositories & Update'
@ -123,30 +142,34 @@ Katoolin is a script (written in Python) which helps you to install Kali tools.
What do you want to do ?> ^CShutdown requested...Goodbye... What do you want to do ?> ^CShutdown requested...Goodbye...
6. Clean up and update `kali` template 7. Clean up and update `kali` template
sudo apt-get dist-upgrade [user@kali ~]$ sudo apt-get dist-upgrade
sudo apt-get autoremove [user@kali ~]$ sudo apt-get autoremove
7. Shutdown and trim `kali` template 8. Shutdown and trim `kali` template
- Shutdown `kali` template - Shutdown `kali` template
sudo shutdown -h now [user@kali ~]$ sudo shutdown -h now
- In `dom0` console: - In `dom0` console:
qvm-trim-template kali [user@dom0 ~]$ qvm-trim-template kali
8. Start image 9. Start image
9. Install tools [user@dom0 ~]$ qvm-start kali
10. Install tools
**Note** [Resize the template disk image][qubes-resize-disk-image] to at least 20GB if you plan on installing all packages from Kali distribution.
1. View Categories 1. View Categories
- start katoolin - start katoolin
sudo katoolin [user@kali ~]$ sudo katoolin
- select `2) View Categories` - select `2) View Categories`
@ -156,7 +179,7 @@ Katoolin is a script (written in Python) which helps you to install Kali tools.
- **Note:** The `all` option does not work for `Information Gathering`, `Web Apps`, `Forensic Tools`, `Reverse Engineering` and `Extra`. - **Note:** The `all` option does not work for `Information Gathering`, `Web Apps`, `Forensic Tools`, `Reverse Engineering` and `Extra`.
10. Create a AppVMs based on the `kali` template 11. Create a AppVMs based on the `kali` template
- (Optional) Attach necessary devices - (Optional) Attach necessary devices
@ -164,16 +187,14 @@ Kali Linux TemplateVM from a Debian template <a name="debian-upgrade"/><a name=
-------------------------------------------- --------------------------------------------
This section will explain how to create your own [Kali] Linux TemplateVM based This section will explain how to create your own [Kali] Linux TemplateVM based
on a Debian 9.0 (Stretch) TemplateVM. The basic idea is to personalize the on a current stable Debian TemplateVM. The basic idea is to personalize the
template with all the tools needed, and then spin up isolated AppVMs based on template with all the tools needed, and then spin up isolated AppVMs based on
the template. the template.
This has been tested on Qubes OS 3.2.
The steps can be summarised as: The steps can be summarised as:
1. Install Qubes' Debian 8.0 (Jessie) template 1. Install Qubes stable Debian template
2. Upgrade the template to Debian 9.0 (Stretch) 2. Upgrade the template to Debian testing release
3. Install Kali Linux through the ``kali-linux-full`` package 3. Install Kali Linux through the ``kali-linux-full`` package
4. Use the template to build AppVM so that you can maintain isolation between 4. Use the template to build AppVM so that you can maintain isolation between
e.g. pentesting jobs e.g. pentesting jobs
@ -188,6 +209,9 @@ This step is required since by (security) default a TemplateVM do not have a
direct Internet connectivity. Users understanding the risks of enabling such direct Internet connectivity. Users understanding the risks of enabling such
access can change this configuration in firewall settings for the TemplateVM. access can change this configuration in firewall settings for the TemplateVM.
**Note:** The prompt on each line indicates where each command should be entered
(`@dom0`, `@kali-rolling`, `@xxxx-dvm` or `@debian-<X>`).
1. Retrive the Kali Linux GPG key using a DispVM. 1. Retrive the Kali Linux GPG key using a DispVM.
[user@xxxx-dvm ~]$ gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 [user@xxxx-dvm ~]$ gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
@ -202,33 +226,56 @@ access can change this configuration in firewall settings for the TemplateVM.
### Create a Kali Linux (rolling) template ### ### Create a Kali Linux (rolling) template ###
These instructions will show you how to upgrade a Debian 9 TemplateVM to Kali Linux. These instructions will show you how to upgrade a Debian TemplateVM to Kali Linux.
**Note:** The prompt on each line indicates where each command should be entered 1. (Optional) Check for latest Debian stable template and install it (if not already done)
(`@dom0`, `@kali-rolling` or `@xxxx-dvm`).
1. Ensure the base template is not running. [user@dom0 ~]$ sudo qubes-dom0-update --action="search all" qubes-template-debian
[user@dom0 ~]$ sudo qubes-dom0-update <latest Debian template>
[user@dom0 ~]$ qvm-shutdown debian-9 2. Start and update and close your latest Debian template
2. Clone the base template and start a terminal in the new template. [user@dom0 ~]$ qvm-start debian-<X>
[user@dom0 ~]$ qvm-run -a debian-<X> gnome-terminal
[user@debian-<X> ~]$ sudo apt-get update
[user@debian-<X> ~]$ sudo apt-get upgrade
[user@dom0 ~]$ qvm-shutdown debian-<X>
[user@dom0 ~]$ qvm-clone debian-9 kali-rolling 3. Clone `debian-X` template
[user@dom0 ~]$ qvm-run -a kali-rolling gnome-terminal
3. Copy the Kali GPG key from the DispVM to the new template: [user@dom0 ~]$ qvm-clone debian-<X> kali-rolling
4. Check name of testing [Debian-releases][Debian release] and update repository list to reflect current state
[user@kali-rolling ~]$ sudo sed -i 's/<current stable>/<current testing>/g' /etc/apt/sources.list
[user@kali-rolling ~]$ sudo sed -i 's/<current stable>/<current testing>/g' /etc/apt/sources.list.d/qubes-r<X>.list
e.g. in this example we update `stretch` stable repository to `buster` testing respository
[user@kali-rolling ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list
[user@kali-rolling ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/qubes-r<X>.list
5. Upgrade `kali-rolling` template to latest Debian testing release
[user@kali-rolling ~]$ sudo apt-get update
[user@kali-rolling ~]$ sudo apt-get dist-upgrade
[user@kali-rolling ~]$ sudo apt-get autoremove
**Note:** During execution of a `dist-upgrade` command read carefully list of packages to be removed. If it contains `qubes-*` packages, terminate operation and try to resolve `qubes-*` packages missing dependencies first.
6. Copy the Kali GPG key from the DispVM to the new template:
[user@xxxx-dvm ~]$ qvm-copy-to-vm kali-rolling kali-key.asc [user@xxxx-dvm ~]$ qvm-copy-to-vm kali-rolling kali-key.asc
The DispVM can now be turned off. The DispVM can now be turned off.
4. Add the Kali GPG key to the list of keys trusted to authenticate packages: 7. Add the Kali GPG key to the list of keys trusted to authenticate packages:
[user@kali-rolling ~]$ cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add - [user@kali-rolling ~]$ cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add -
This command should return `OK` on a line by itself. This command should return `OK` on a line by itself.
5. Attempt the upgrade process in the new template. 8. Attempt the upgrade process in the new template.
[user@kali-rolling ~]$ sudo cat <<EOF > /etc/apt/sources.list.d/kali.list [user@kali-rolling ~]$ sudo cat <<EOF > /etc/apt/sources.list.d/kali.list
# Kali Linux repository # Kali Linux repository
@ -238,12 +285,12 @@ These instructions will show you how to upgrade a Debian 9 TemplateVM to Kali Li
[user@kali-rolling ~]$ sudo apt-get dist-upgrade [user@kali-rolling ~]$ sudo apt-get dist-upgrade
[user@kali-rolling ~]$ sudo apt-get autoremove [user@kali-rolling ~]$ sudo apt-get autoremove
6. Shut down and trim the new template. 9. Shut down and trim the new template.
[user@dom0 ~]$ qvm-shutdown kali-rolling [user@dom0 ~]$ qvm-shutdown kali-rolling
[user@dom0 ~]$ qvm-trim-template kali-rolling [user@dom0 ~]$ qvm-trim-template kali-rolling
7. Ensure a terminal can be opened in the new template. 10. Ensure a terminal can be opened in the new template.
[user@dom0 ~]$ qvm-run -a kali-rolling gnome-terminal [user@dom0 ~]$ qvm-run -a kali-rolling gnome-terminal
@ -251,7 +298,8 @@ These instructions will show you how to upgrade a Debian 9 TemplateVM to Kali Li
At this point you should have a working template and you can install the tools you need. At this point you should have a working template and you can install the tools you need.
1. [resize the template disk image][qubes-resize-disk-image] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10GB to at least 20GB. 1. [Resize the template disk image][qubes-resize-disk-image] if you plan on installing the full Kali distribution.
For example to install `kali-linux-full` you must **grow** the size of the VM system from 10GB to at least 20GB.
2. Install Kali Linux tools: 2. Install Kali Linux tools:
@ -293,3 +341,5 @@ Thanks to the people in [the discussion thread](https://github.com/QubesOS/qubes
[katoolin]: https://github.com/LionSec/katoolin [katoolin]: https://github.com/LionSec/katoolin
[katoolin-howto]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/ [katoolin-howto]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/
[Debian-releases]: https://www.debian.org/releases/