mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-12-28 00:39:30 -05:00
updated instructions for Qubes 3.2
This commit is contained in:
parent
abf353688a
commit
811b091687
@ -9,37 +9,36 @@ How to Create a Kali Linux VM
|
||||
|
||||
This guide will explain how to create your own [Kali] Linux VM as a VM
|
||||
template. The basic idea is to personalize the template with the tools you need
|
||||
and then spin up isolated appVMs based on the template.
|
||||
and then spin up isolated AppVMs based on the template.
|
||||
|
||||
This has been tested on Qubes OS 3.2.
|
||||
|
||||
The steps can be summarised as:
|
||||
|
||||
1. Customize a Debian template with the Kali sources
|
||||
3. Install the Kali tools
|
||||
1. Install Qubes' Debian 8.0 (Jessie) template
|
||||
2. Upgrade the template to Debian 9.0 (Stretch)
|
||||
3. Install kali through the ``kali-linux-full`` package
|
||||
4. Use the template to build appVM so that you can maintain isolation between
|
||||
e.g. pentesting jobs
|
||||
|
||||
|
||||
**IMPORTANT NOTE** Following the instructions below and in particular installing kali-linux-full will **BREAK YOUR VM**. Don't do it. It needs further investigation. The problem is:
|
||||
|
||||
* Pinning down xorg doesn't allow installing kali-desktop (or something) which prevents kali-*
|
||||
|
||||
|
||||
Steps to build a Kali template
|
||||
------------------------------
|
||||
|
||||
|
||||
### Get the GPG key
|
||||
|
||||
1. You'll need to fetch the Kali GPG key from a dispVM as the template you'll
|
||||
build won't have direct internet connectivity unless you enable it from the
|
||||
firewall:
|
||||
|
||||
# in the dispVM
|
||||
# in a dispVM
|
||||
gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
|
||||
gpg --list-keys --with-fingerprint 7D8D0BF6
|
||||
gpg --export --armor 7D8D0BF6 > kali.asc
|
||||
|
||||
2. Make sure the key ID is the valid one listed on the [Kali website]. Ideally,
|
||||
2. **DO NOT TURN OFF** the dispVM
|
||||
|
||||
3. Make sure the key ID is the valid one listed on the [Kali website]. Ideally,
|
||||
verify the fingerprint through other channels.
|
||||
|
||||
Once you have the key, keep the dispVM on as you'll need to copy the key over
|
||||
@ -51,80 +50,65 @@ to the Kali template.
|
||||
|
||||
2. Clone the debian template and start a terminal in it:
|
||||
|
||||
# from dom0:
|
||||
qvm-clone debian-8 kali
|
||||
# in dom0:
|
||||
qvm-clone debian-8 debian-9
|
||||
qvm-run -a debian-9 gnome-terminal
|
||||
|
||||
3. Add this line to the `/etc/apt/sources.list` file in the template:
|
||||
# in the debian-9 template terminal:
|
||||
# substitute jessie for stretch in
|
||||
sensible-editor /etc/apt/sources.list
|
||||
sensible-editor /etc/apt/sources.list.d/qubes-r3.list
|
||||
apt-get update && apt-get dist-upgrade
|
||||
# (hat tip: [the Debian wiki])
|
||||
|
||||
# in the 'kali' template
|
||||
Restart the template when done and make sure you can open a terminal.
|
||||
|
||||
3. Prepare the kali template:
|
||||
|
||||
# in dom0:
|
||||
qvm-shutdown debian-9
|
||||
qvm-clone debian-9 kali-tpl
|
||||
qvm-run -a kali-tpl gnome-terminal
|
||||
|
||||
3. Add the sources to install Kali linux to the `kali-tpl` template:
|
||||
|
||||
# in kali-tpl:
|
||||
sudo -s
|
||||
echo 'deb http://http.kali.org/kali kali-rolling main non-free contrib' >> /etc/apt/sources.list
|
||||
|
||||
4. Copy the Kali key from the dispVM into the template:
|
||||
|
||||
# in the dispVM
|
||||
qvm-copy-to-vm kali kali.asc
|
||||
# in the dispVM:
|
||||
qvm-copy-to-vm kali-tpl kali.asc
|
||||
|
||||
# in the kali template:
|
||||
sudo -s
|
||||
cat /home/user/QubesIncoming/kali/kali-key.asc | apt-key add -
|
||||
# in kali-tpl:
|
||||
cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add -
|
||||
|
||||
The last command should return `OK` on a line by itself.
|
||||
|
||||
5. **Pin the X server** into the preferences file: this prevents Kali to installing
|
||||
a new X.org server, for which there would be no qubes-tools available:
|
||||
|
||||
# add the following lines to /etc/apt/preferences (you might have to
|
||||
create it)
|
||||
|
||||
Package: xserver-xorg*
|
||||
Pin: release a=jessie
|
||||
Pin-Priority: 900
|
||||
|
||||
Package: xorg*
|
||||
Pin: release a=jessie
|
||||
Pin-Priority: 900
|
||||
|
||||
5. Update the system:
|
||||
|
||||
# in kali-tpl:
|
||||
sudo apt-get update
|
||||
sudo apt-get upgrade
|
||||
sudo apt-get dist-upgrade
|
||||
|
||||
6. Now is a good time to stop the template, clone it and see if restarting it
|
||||
allows you to run a terminal:
|
||||
6. Shut down the `kali-tpl` template:
|
||||
|
||||
# from dom0
|
||||
qvm-clone kali kali-tools
|
||||
# in dom0:
|
||||
qvm-shutdown kali-tpl
|
||||
|
||||
### Install the Kali tools
|
||||
|
||||
At this point you should have a working template and you can install the tools you need.
|
||||
|
||||
Don't forget to [resize the template] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10Gb to at least 20Gb.
|
||||
1. [resize the template] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10Gb to at least 20Gb.
|
||||
|
||||
1. Install your tools of choice, for example:
|
||||
1. Install Kali linux:
|
||||
|
||||
# in the kali-tools template
|
||||
# in kali-tpl:
|
||||
sudo apt-get install kali-linux-full
|
||||
|
||||
2. If the update process went well, give it a try: shut down the `kali-tools`
|
||||
template and create an appVM from it.
|
||||
|
||||
3. When you are happy you can probably remove the `kali` template and its
|
||||
backup copies; then use only `kali-tools` as a template.
|
||||
|
||||
|
||||
Don't forget to back up your appVMs as [audio CDs].
|
||||
|
||||
|
||||
Troubleshooting
|
||||
---------------
|
||||
|
||||
If the template doesn't start, give it a peek with the console:
|
||||
|
||||
# from dom0
|
||||
sudo xl console kali
|
||||
2. Enjoy and don't forget to back up your appVMs as [audio CDs].
|
||||
|
||||
|
||||
Installing via third-party scripts: Katoolin
|
||||
@ -146,12 +130,7 @@ Alternative Options to Kali
|
||||
Notes
|
||||
-----
|
||||
|
||||
Various things tried:
|
||||
|
||||
* Forget about pinning: just dist-upgrade, then download qubes-core-agent, then BACKEND_VMM=xen dpkg-buildpackage -b -uc -us
|
||||
* Also download requirements for debian bootstrapping from https://wiki.debian.org/BuildingTutorial
|
||||
* And qubes-kernel-vm-support for vchan (I think)
|
||||
|
||||
Thanks to the people in [the discussion thread].
|
||||
|
||||
|
||||
[kali]: https://www.kali.org/
|
||||
@ -161,3 +140,5 @@ Various things tried:
|
||||
[PTF]: https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/
|
||||
[audio CDs]: https://www.reddit.com/r/Nirvana/comments/3hmra1/the_main_character_in_the_tv_show_mr_robot_has_a/
|
||||
[resize the template]: https://www.qubes-os.org/doc/resize-disk-image/
|
||||
[the Debian wiki]: https://wiki.debian.org/Qubes#Install_Debian_Templates
|
||||
[the discussion thread]: https://github.com/QubesOS/qubes-issues/issues/1981
|
||||
|
Loading…
Reference in New Issue
Block a user