mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-01-01 02:36:30 -05:00
Update doc to more QubesOS version agnostic one
This commit is contained in:
parent
32f1c9775a
commit
295b62921a
@ -12,7 +12,10 @@ redirect_from:
|
|||||||
|
|
||||||
- Adding additional repositories or tools for installing software extends your trust to those tool providers.
|
- Adding additional repositories or tools for installing software extends your trust to those tool providers.
|
||||||
|
|
||||||
Please keep in mind that using such a VM or VM's based on the template for security and privacy critical tasks is not recommended.
|
- Please keep in mind that using such a VM or VM's based on the template for security and privacy critical tasks is not recommended.
|
||||||
|
|
||||||
|
- Kali Linux distribution is a rolling ditribution based constantly on Debian testing release, so it always will have newer software base than available in Qubes OS debian template.
|
||||||
|
Keep in mind that it may result in problems (especially in regard to package dependency) not covered by this tutorial.
|
||||||
|
|
||||||
How to Create a Kali Linux VM
|
How to Create a Kali Linux VM
|
||||||
=============================
|
=============================
|
||||||
@ -24,10 +27,9 @@ Kali Linux is the most widely used penetration testing Linux distribution.
|
|||||||
There are multiple ways to create a Kali Linux VM:
|
There are multiple ways to create a Kali Linux VM:
|
||||||
|
|
||||||
1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm).
|
1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm).
|
||||||
2. Clone the Qubes OS Debian image and turn it into a Kali Linux distribution using [katoolin]. Explained [here](#katoolin).
|
2. Clone the Qubes OS latest Debian template image and turn it into a Kali Linux distribution:
|
||||||
3. Clone the Qubes OS 'jessie' Debian template, upgrade it to 'stretch'
|
- using [katoolin]. Explained [here](#katoolin).
|
||||||
(Debian 9.0) and turn it into a Kali linux template. Explained
|
- manually. Explained [here](#templatevm-from-debian).
|
||||||
[here](#templatevm-from-debian).
|
|
||||||
|
|
||||||
Kali Linux HVM <a name="hvm"/>
|
Kali Linux HVM <a name="hvm"/>
|
||||||
--------------
|
--------------
|
||||||
@ -38,21 +40,27 @@ Kali Linux HVM <a name="hvm"/>
|
|||||||
|
|
||||||
3. Start the HVM with attached CD/DVD
|
3. Start the HVM with attached CD/DVD
|
||||||
|
|
||||||
qvm-start <hvm-name> --cdrom <vm-name>:/home/user/Downloads/<iso-name>.iso
|
[user@dom0 ~]$ qvm-start <hvm-name> --cdrom <vm-name>:/home/user/Downloads/<iso-name>.iso
|
||||||
|
|
||||||
Debian based Kali Template with Katoolin <a name="katoolin"/>
|
Debian based Kali Template with Katoolin <a name="katoolin"/>
|
||||||
----------------------------------------
|
----------------------------------------
|
||||||
|
|
||||||
Katoolin is a script (written in Python) which helps you to install Kali tools.
|
**Note:** The prompt on each line indicates where each command should be entered (`@dom0`, `@debian-<X>` or `@kali`).
|
||||||
|
|
||||||
1. (Optional) Install `debian-8` template (if not already installed)
|
1. (Optional) Check for latest Debian stable template and install it (if not already done)
|
||||||
|
|
||||||
2. Update your `debian-8` template
|
[user@dom0 ~]$ sudo qubes-dom0-update --action="search all" qubes-template-debian
|
||||||
|
[user@dom0 ~]$ sudo qubes-dom0-update <latest Debian template>
|
||||||
|
|
||||||
sudo apt-get update
|
2. Start and update your latest Debian template
|
||||||
sudo apt-get dist-upgrade
|
|
||||||
|
|
||||||
3. Clone `debian-8` template (two options)
|
[user@dom0 ~]$ qvm-start debian-<X>
|
||||||
|
[user@dom0 ~]$ qvm-run -a debian-<X> gnome-terminal
|
||||||
|
[user@debian-<X> ~]$ sudo apt-get update
|
||||||
|
[user@debian-<X> ~]$ sudo apt-get upgrade
|
||||||
|
[user@dom0 ~]$ qvm-shutdown debian-<X>
|
||||||
|
|
||||||
|
3. Clone `debian-X` template (two options)
|
||||||
|
|
||||||
1. Via Qubes VM Manager
|
1. Via Qubes VM Manager
|
||||||
|
|
||||||
@ -60,31 +68,42 @@ Katoolin is a script (written in Python) which helps you to install Kali tools.
|
|||||||
|
|
||||||
2. Via command line
|
2. Via command line
|
||||||
|
|
||||||
qvm-clone debian-8 kali
|
[user@dom0 ~]$ qvm-clone debian-<X> kali
|
||||||
|
|
||||||
4. Start and upgrade the `kali` Template from Debian 8 to Debian 9
|
4. Check name of testing [Debian-releases][Debian release] and update repository list to reflect current state
|
||||||
|
|
||||||
sudo sed -i 's/jessie/stretch/g' /etc/apt/sources.list
|
[user@kali ~]$ sudo sed -i 's/<current stable>/<current testing>/g' /etc/apt/sources.list
|
||||||
sudo sed -i 's/jessie/stretch/g' /etc/apt/sources.list.d/qubes-r3.list
|
[user@kali ~]$ sudo sed -i 's/<current stable>/<current testing>/g' /etc/apt/sources.list.d/qubes-r<X>.list
|
||||||
sudo apt-get update
|
|
||||||
sudo apt-get dist-upgrade
|
|
||||||
sudo apt-get autoremove
|
|
||||||
|
|
||||||
5. Install Katoolin and add Kali Linux repositories
|
e.g. in this example we update `stretch` stable repository to `buster` testing respository
|
||||||
|
|
||||||
|
[user@kali ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list
|
||||||
|
[user@kali ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/qubes-r<X>.list
|
||||||
|
|
||||||
|
5. Upgrade `kali` template to latest Debian testing release
|
||||||
|
|
||||||
|
[user@kali ~]$ sudo apt-get update
|
||||||
|
[user@kali ~]$ sudo apt-get dist-upgrade
|
||||||
|
[user@kali ~]$ sudo apt-get autoremove
|
||||||
|
|
||||||
|
**Note:** During execution of a `dist-upgrade` command read carefully list of packages to be removed.
|
||||||
|
If it contains `qubes-*` packages, terminate operation and try to resolve `qubes-*` packages missing dependencies first.
|
||||||
|
|
||||||
|
6. Install Katoolin and add Kali Linux repositories
|
||||||
|
|
||||||
1. Install Katoolin
|
1. Install Katoolin
|
||||||
|
|
||||||
sudo apt-get install git
|
[user@kali ~]$ sudo apt-get install git
|
||||||
git clone https://github.com/LionSec/katoolin.git
|
[user@kali ~]$ git clone https://github.com/LionSec/katoolin.git
|
||||||
sudo cp katoolin/katoolin.py /usr/bin/katoolin
|
[user@kali ~]$ sudo cp katoolin/katoolin.py /usr/bin/katoolin
|
||||||
sudo chmod +x /usr/bin/katoolin
|
[user@kali ~]$ sudo chmod +x /usr/bin/katoolin
|
||||||
rm -rf katoolin
|
[user@kali ~]$ rm -rf katoolin
|
||||||
|
|
||||||
2. Add Kali Linux repositories
|
2. Add Kali Linux repositories
|
||||||
|
|
||||||
- start katoolin
|
- start katoolin
|
||||||
|
|
||||||
sudo katoolin
|
[user@kali ~]$ sudo katoolin
|
||||||
|
|
||||||
- select 'Add Kali repositories & Update'
|
- select 'Add Kali repositories & Update'
|
||||||
|
|
||||||
@ -123,30 +142,34 @@ Katoolin is a script (written in Python) which helps you to install Kali tools.
|
|||||||
|
|
||||||
What do you want to do ?> ^CShutdown requested...Goodbye...
|
What do you want to do ?> ^CShutdown requested...Goodbye...
|
||||||
|
|
||||||
6. Clean up and update `kali` template
|
7. Clean up and update `kali` template
|
||||||
|
|
||||||
sudo apt-get dist-upgrade
|
[user@kali ~]$ sudo apt-get dist-upgrade
|
||||||
sudo apt-get autoremove
|
[user@kali ~]$ sudo apt-get autoremove
|
||||||
|
|
||||||
7. Shutdown and trim `kali` template
|
8. Shutdown and trim `kali` template
|
||||||
|
|
||||||
- Shutdown `kali` template
|
- Shutdown `kali` template
|
||||||
|
|
||||||
sudo shutdown -h now
|
[user@kali ~]$ sudo shutdown -h now
|
||||||
|
|
||||||
- In `dom0` console:
|
- In `dom0` console:
|
||||||
|
|
||||||
qvm-trim-template kali
|
[user@dom0 ~]$ qvm-trim-template kali
|
||||||
|
|
||||||
8. Start image
|
9. Start image
|
||||||
|
|
||||||
9. Install tools
|
[user@dom0 ~]$ qvm-start kali
|
||||||
|
|
||||||
|
10. Install tools
|
||||||
|
|
||||||
|
**Note** [Resize the template disk image][qubes-resize-disk-image] to at least 20GB if you plan on installing all packages from Kali distribution.
|
||||||
|
|
||||||
1. View Categories
|
1. View Categories
|
||||||
|
|
||||||
- start katoolin
|
- start katoolin
|
||||||
|
|
||||||
sudo katoolin
|
[user@kali ~]$ sudo katoolin
|
||||||
|
|
||||||
- select `2) View Categories`
|
- select `2) View Categories`
|
||||||
|
|
||||||
@ -156,7 +179,7 @@ Katoolin is a script (written in Python) which helps you to install Kali tools.
|
|||||||
|
|
||||||
- **Note:** The `all` option does not work for `Information Gathering`, `Web Apps`, `Forensic Tools`, `Reverse Engineering` and `Extra`.
|
- **Note:** The `all` option does not work for `Information Gathering`, `Web Apps`, `Forensic Tools`, `Reverse Engineering` and `Extra`.
|
||||||
|
|
||||||
10. Create a AppVMs based on the `kali` template
|
11. Create a AppVMs based on the `kali` template
|
||||||
|
|
||||||
- (Optional) Attach necessary devices
|
- (Optional) Attach necessary devices
|
||||||
|
|
||||||
@ -164,16 +187,14 @@ Kali Linux TemplateVM from a Debian template <a name="debian-upgrade"/><a name=
|
|||||||
--------------------------------------------
|
--------------------------------------------
|
||||||
|
|
||||||
This section will explain how to create your own [Kali] Linux TemplateVM based
|
This section will explain how to create your own [Kali] Linux TemplateVM based
|
||||||
on a Debian 9.0 (Stretch) TemplateVM. The basic idea is to personalize the
|
on a current stable Debian TemplateVM. The basic idea is to personalize the
|
||||||
template with all the tools needed, and then spin up isolated AppVMs based on
|
template with all the tools needed, and then spin up isolated AppVMs based on
|
||||||
the template.
|
the template.
|
||||||
|
|
||||||
This has been tested on Qubes OS 3.2.
|
|
||||||
|
|
||||||
The steps can be summarised as:
|
The steps can be summarised as:
|
||||||
|
|
||||||
1. Install Qubes' Debian 8.0 (Jessie) template
|
1. Install Qubes stable Debian template
|
||||||
2. Upgrade the template to Debian 9.0 (Stretch)
|
2. Upgrade the template to Debian testing release
|
||||||
3. Install Kali Linux through the ``kali-linux-full`` package
|
3. Install Kali Linux through the ``kali-linux-full`` package
|
||||||
4. Use the template to build AppVM so that you can maintain isolation between
|
4. Use the template to build AppVM so that you can maintain isolation between
|
||||||
e.g. pentesting jobs
|
e.g. pentesting jobs
|
||||||
@ -188,6 +209,9 @@ This step is required since by (security) default a TemplateVM do not have a
|
|||||||
direct Internet connectivity. Users understanding the risks of enabling such
|
direct Internet connectivity. Users understanding the risks of enabling such
|
||||||
access can change this configuration in firewall settings for the TemplateVM.
|
access can change this configuration in firewall settings for the TemplateVM.
|
||||||
|
|
||||||
|
**Note:** The prompt on each line indicates where each command should be entered
|
||||||
|
(`@dom0`, `@kali-rolling`, `@xxxx-dvm` or `@debian-<X>`).
|
||||||
|
|
||||||
1. Retrive the Kali Linux GPG key using a DispVM.
|
1. Retrive the Kali Linux GPG key using a DispVM.
|
||||||
|
|
||||||
[user@xxxx-dvm ~]$ gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
|
[user@xxxx-dvm ~]$ gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
|
||||||
@ -202,33 +226,56 @@ access can change this configuration in firewall settings for the TemplateVM.
|
|||||||
|
|
||||||
### Create a Kali Linux (rolling) template ###
|
### Create a Kali Linux (rolling) template ###
|
||||||
|
|
||||||
These instructions will show you how to upgrade a Debian 9 TemplateVM to Kali Linux.
|
These instructions will show you how to upgrade a Debian TemplateVM to Kali Linux.
|
||||||
|
|
||||||
**Note:** The prompt on each line indicates where each command should be entered
|
1. (Optional) Check for latest Debian stable template and install it (if not already done)
|
||||||
(`@dom0`, `@kali-rolling` or `@xxxx-dvm`).
|
|
||||||
|
|
||||||
1. Ensure the base template is not running.
|
[user@dom0 ~]$ sudo qubes-dom0-update --action="search all" qubes-template-debian
|
||||||
|
[user@dom0 ~]$ sudo qubes-dom0-update <latest Debian template>
|
||||||
|
|
||||||
[user@dom0 ~]$ qvm-shutdown debian-9
|
2. Start and update and close your latest Debian template
|
||||||
|
|
||||||
2. Clone the base template and start a terminal in the new template.
|
[user@dom0 ~]$ qvm-start debian-<X>
|
||||||
|
[user@dom0 ~]$ qvm-run -a debian-<X> gnome-terminal
|
||||||
|
[user@debian-<X> ~]$ sudo apt-get update
|
||||||
|
[user@debian-<X> ~]$ sudo apt-get upgrade
|
||||||
|
[user@dom0 ~]$ qvm-shutdown debian-<X>
|
||||||
|
|
||||||
[user@dom0 ~]$ qvm-clone debian-9 kali-rolling
|
3. Clone `debian-X` template
|
||||||
[user@dom0 ~]$ qvm-run -a kali-rolling gnome-terminal
|
|
||||||
|
|
||||||
3. Copy the Kali GPG key from the DispVM to the new template:
|
[user@dom0 ~]$ qvm-clone debian-<X> kali-rolling
|
||||||
|
|
||||||
|
4. Check name of testing [Debian-releases][Debian release] and update repository list to reflect current state
|
||||||
|
|
||||||
|
[user@kali-rolling ~]$ sudo sed -i 's/<current stable>/<current testing>/g' /etc/apt/sources.list
|
||||||
|
[user@kali-rolling ~]$ sudo sed -i 's/<current stable>/<current testing>/g' /etc/apt/sources.list.d/qubes-r<X>.list
|
||||||
|
|
||||||
|
e.g. in this example we update `stretch` stable repository to `buster` testing respository
|
||||||
|
|
||||||
|
[user@kali-rolling ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list
|
||||||
|
[user@kali-rolling ~]$ sudo sed -i 's/stretch/buster/g' /etc/apt/sources.list.d/qubes-r<X>.list
|
||||||
|
|
||||||
|
5. Upgrade `kali-rolling` template to latest Debian testing release
|
||||||
|
|
||||||
|
[user@kali-rolling ~]$ sudo apt-get update
|
||||||
|
[user@kali-rolling ~]$ sudo apt-get dist-upgrade
|
||||||
|
[user@kali-rolling ~]$ sudo apt-get autoremove
|
||||||
|
|
||||||
|
**Note:** During execution of a `dist-upgrade` command read carefully list of packages to be removed. If it contains `qubes-*` packages, terminate operation and try to resolve `qubes-*` packages missing dependencies first.
|
||||||
|
|
||||||
|
6. Copy the Kali GPG key from the DispVM to the new template:
|
||||||
|
|
||||||
[user@xxxx-dvm ~]$ qvm-copy-to-vm kali-rolling kali-key.asc
|
[user@xxxx-dvm ~]$ qvm-copy-to-vm kali-rolling kali-key.asc
|
||||||
|
|
||||||
The DispVM can now be turned off.
|
The DispVM can now be turned off.
|
||||||
|
|
||||||
4. Add the Kali GPG key to the list of keys trusted to authenticate packages:
|
7. Add the Kali GPG key to the list of keys trusted to authenticate packages:
|
||||||
|
|
||||||
[user@kali-rolling ~]$ cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add -
|
[user@kali-rolling ~]$ cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add -
|
||||||
|
|
||||||
This command should return `OK` on a line by itself.
|
This command should return `OK` on a line by itself.
|
||||||
|
|
||||||
5. Attempt the upgrade process in the new template.
|
8. Attempt the upgrade process in the new template.
|
||||||
|
|
||||||
[user@kali-rolling ~]$ sudo cat <<EOF > /etc/apt/sources.list.d/kali.list
|
[user@kali-rolling ~]$ sudo cat <<EOF > /etc/apt/sources.list.d/kali.list
|
||||||
# Kali Linux repository
|
# Kali Linux repository
|
||||||
@ -238,12 +285,12 @@ These instructions will show you how to upgrade a Debian 9 TemplateVM to Kali Li
|
|||||||
[user@kali-rolling ~]$ sudo apt-get dist-upgrade
|
[user@kali-rolling ~]$ sudo apt-get dist-upgrade
|
||||||
[user@kali-rolling ~]$ sudo apt-get autoremove
|
[user@kali-rolling ~]$ sudo apt-get autoremove
|
||||||
|
|
||||||
6. Shut down and trim the new template.
|
9. Shut down and trim the new template.
|
||||||
|
|
||||||
[user@dom0 ~]$ qvm-shutdown kali-rolling
|
[user@dom0 ~]$ qvm-shutdown kali-rolling
|
||||||
[user@dom0 ~]$ qvm-trim-template kali-rolling
|
[user@dom0 ~]$ qvm-trim-template kali-rolling
|
||||||
|
|
||||||
7. Ensure a terminal can be opened in the new template.
|
10. Ensure a terminal can be opened in the new template.
|
||||||
|
|
||||||
[user@dom0 ~]$ qvm-run -a kali-rolling gnome-terminal
|
[user@dom0 ~]$ qvm-run -a kali-rolling gnome-terminal
|
||||||
|
|
||||||
@ -251,7 +298,8 @@ These instructions will show you how to upgrade a Debian 9 TemplateVM to Kali Li
|
|||||||
|
|
||||||
At this point you should have a working template and you can install the tools you need.
|
At this point you should have a working template and you can install the tools you need.
|
||||||
|
|
||||||
1. [resize the template disk image][qubes-resize-disk-image] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10GB to at least 20GB.
|
1. [Resize the template disk image][qubes-resize-disk-image] if you plan on installing the full Kali distribution.
|
||||||
|
For example to install `kali-linux-full` you must **grow** the size of the VM system from 10GB to at least 20GB.
|
||||||
|
|
||||||
2. Install Kali Linux tools:
|
2. Install Kali Linux tools:
|
||||||
|
|
||||||
@ -293,3 +341,5 @@ Thanks to the people in [the discussion thread](https://github.com/QubesOS/qubes
|
|||||||
|
|
||||||
[katoolin]: https://github.com/LionSec/katoolin
|
[katoolin]: https://github.com/LionSec/katoolin
|
||||||
[katoolin-howto]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/
|
[katoolin-howto]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/
|
||||||
|
|
||||||
|
[Debian-releases]: https://www.debian.org/releases/
|
||||||
|
Loading…
Reference in New Issue
Block a user