suzanne.soy/qubes-doc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated instructions for Qubes 3.2

Browse Source
This commit is contained in:
Lorenzo G 2017-01-09 22:08:31 +00:00 committed by GitHub
parent abf353688a
commit 811b091687
1 changed files with 46 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
managing-os/kali.md
View File

@ -9,37 +9,36 @@ How to Create a Kali Linux VM
This guide will explain how to create your own [Kali] Linux VM as a VM This guide will explain how to create your own [Kali] Linux VM as a VM
template. The basic idea is to personalize the template with the tools you need template. The basic idea is to personalize the template with the tools you need
and then spin up isolated appVMs based on the template. and then spin up isolated AppVMs based on the template.
This has been tested on Qubes OS 3.2.
The steps can be summarised as: The steps can be summarised as:
1. Customize a Debian template with the Kali sources 1. Install Qubes' Debian 8.0 (Jessie) template
3. Install the Kali tools 2. Upgrade the template to Debian 9.0 (Stretch)
3. Install kali through the ``kali-linux-full`` package
4. Use the template to build appVM so that you can maintain isolation between 4. Use the template to build appVM so that you can maintain isolation between
e.g. pentesting jobs e.g. pentesting jobs
**IMPORTANT NOTE** Following the instructions below and in particular installing kali-linux-full will **BREAK YOUR VM**. Don't do it. It needs further investigation. The problem is:
* Pinning down xorg doesn't allow installing kali-desktop (or something) which prevents kali-*
Steps to build a Kali template Steps to build a Kali template
------------------------------ ------------------------------
### Get the GPG key ### Get the GPG key
1. You'll need to fetch the Kali GPG key from a dispVM as the template you'll 1. You'll need to fetch the Kali GPG key from a dispVM as the template you'll
build won't have direct internet connectivity unless you enable it from the build won't have direct internet connectivity unless you enable it from the
firewall: firewall:
# in the dispVM # in a dispVM
gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
gpg --list-keys --with-fingerprint 7D8D0BF6 gpg --list-keys --with-fingerprint 7D8D0BF6
gpg --export --armor 7D8D0BF6 > kali.asc gpg --export --armor 7D8D0BF6 > kali.asc
2. Make sure the key ID is the valid one listed on the [Kali website]. Ideally, 2. **DO NOT TURN OFF** the dispVM
3. Make sure the key ID is the valid one listed on the [Kali website]. Ideally,
verify the fingerprint through other channels. verify the fingerprint through other channels.
Once you have the key, keep the dispVM on as you'll need to copy the key over Once you have the key, keep the dispVM on as you'll need to copy the key over
@ -51,80 +50,65 @@ to the Kali template.
2. Clone the debian template and start a terminal in it: 2. Clone the debian template and start a terminal in it:
# from dom0: # in dom0:
qvm-clone debian-8 kali qvm-clone debian-8 debian-9
qvm-run -a debian-9 gnome-terminal
3. Add this line to the `/etc/apt/sources.list` file in the template: # in the debian-9 template terminal:
# substitute jessie for stretch in
sensible-editor /etc/apt/sources.list
sensible-editor /etc/apt/sources.list.d/qubes-r3.list
apt-get update && apt-get dist-upgrade
# (hat tip: [the Debian wiki])
# in the 'kali' template Restart the template when done and make sure you can open a terminal.
3. Prepare the kali template:
# in dom0:
qvm-shutdown debian-9
qvm-clone debian-9 kali-tpl
qvm-run -a kali-tpl gnome-terminal
3. Add the sources to install Kali linux to the `kali-tpl` template:
# in kali-tpl:
sudo -s sudo -s
echo 'deb http://http.kali.org/kali kali-rolling main non-free contrib' >> /etc/apt/sources.list echo 'deb http://http.kali.org/kali kali-rolling main non-free contrib' >> /etc/apt/sources.list
4. Copy the Kali key from the dispVM into the template: 4. Copy the Kali key from the dispVM into the template:
# in the dispVM # in the dispVM:
qvm-copy-to-vm kali kali.asc qvm-copy-to-vm kali-tpl kali.asc
# in the kali template: # in kali-tpl:
sudo -s cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add -
cat /home/user/QubesIncoming/kali/kali-key.asc | apt-key add -
The last command should return `OK` on a line by itself. The last command should return `OK` on a line by itself.
5. **Pin the X server** into the preferences file: this prevents Kali to installing
a new X.org server, for which there would be no qubes-tools available:
# add the following lines to /etc/apt/preferences (you might have to
create it)
Package: xserver-xorg*
Pin: release a=jessie
Pin-Priority: 900
Package: xorg*
Pin: release a=jessie
Pin-Priority: 900
5. Update the system: 5. Update the system:
# in kali-tpl:
sudo apt-get update sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade sudo apt-get dist-upgrade
6. Now is a good time to stop the template, clone it and see if restarting it 6. Shut down the `kali-tpl` template:
allows you to run a terminal:
# from dom0 # in dom0:
qvm-clone kali kali-tools qvm-shutdown kali-tpl
### Install the Kali tools ### Install the Kali tools
At this point you should have a working template and you can install the tools you need. At this point you should have a working template and you can install the tools you need.
Don't forget to [resize the template] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10Gb to at least 20Gb. 1. [resize the template] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10Gb to at least 20Gb.
1. Install your tools of choice, for example: 1. Install Kali linux:
# in the kali-tools template # in kali-tpl:
sudo apt-get install kali-linux-full sudo apt-get install kali-linux-full
2. If the update process went well, give it a try: shut down the `kali-tools` 2. Enjoy and don't forget to back up your appVMs as [audio CDs].
template and create an appVM from it.
3. When you are happy you can probably remove the `kali` template and its
backup copies; then use only `kali-tools` as a template.
Don't forget to back up your appVMs as [audio CDs].
Troubleshooting
---------------
If the template doesn't start, give it a peek with the console:
# from dom0
sudo xl console kali
Installing via third-party scripts: Katoolin Installing via third-party scripts: Katoolin
@ -146,12 +130,7 @@ Alternative Options to Kali
Notes Notes
----- -----
Various things tried: Thanks to the people in [the discussion thread].
* Forget about pinning: just dist-upgrade, then download qubes-core-agent, then BACKEND_VMM=xen dpkg-buildpackage -b -uc -us
* Also download requirements for debian bootstrapping from https://wiki.debian.org/BuildingTutorial
* And qubes-kernel-vm-support for vchan (I think)
[kali]: https://www.kali.org/ [kali]: https://www.kali.org/
@ -161,3 +140,5 @@ Various things tried:
[PTF]: https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/ [PTF]: https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/
[audio CDs]: https://www.reddit.com/r/Nirvana/comments/3hmra1/the_main_character_in_the_tv_show_mr_robot_has_a/ [audio CDs]: https://www.reddit.com/r/Nirvana/comments/3hmra1/the_main_character_in_the_tv_show_mr_robot_has_a/
[resize the template]: https://www.qubes-os.org/doc/resize-disk-image/ [resize the template]: https://www.qubes-os.org/doc/resize-disk-image/
[the Debian wiki]: https://wiki.debian.org/Qubes#Install_Debian_Templates
[the discussion thread]: https://github.com/QubesOS/qubes-issues/issues/1981