CF Image Host 1.65 – CSRF VulnerabilityNovember 18, 2015
NetHunter 1.2 – Lollipop & Nexus 6/9November 18, 2015
With Kali 2.0 now released, we wanted to share a few post-install procedures we find ourselves repeating over and over, in the hopes that you will find them useful as well. We’ve also slapped in some answers to common questions we’ve been getting.
Here is our top 10 list:
Enable or Disable the Intelligent Sidebar Option
Some people love it, some people hate it. In smaller resolutions, it can be annoying. We’re talking about the disappearing sidebar on the left of the screen. Here’s a short video showing how to change this behaviour.
Add Your SSH Public Key to Kali 2.0
Kali Linux 2.0 takes on the Debian SSH configuration option, the default since Jessie, which disallows root logins without a key.
The less preferred alternative is to change the PermitRootLogin parameter to “yes” and restart the SSH server, which will allow remote password root logins. For safer remote root SSH access, add your public key to the/root/.ssh/authorized_keys file.
Install NVIDIA Drivers if You Need Them
If you have a NVIDIA graphics card, you should follow these instructions to get the NVIDIA drivers installed in Kali 2.0.
Install VMware or VirtualBox Guest Tools if You Need Them
Disable the Screen Lock Gnome Feature
We missed disabling this feature in our official builds but will do so in an upcoming update and future ISO releases. This is the fastest way to disable the Gnome screen lock feature:
Don’t Add Extra Repositories to Your Kali 2.0 Install
If for some reason you chose “no” when asked “use a network mirror” during your Kali installation, you may be missing some entries in your sources.list file. If this is the case, check the official repository list for the entries that should be in that file. Despite what many unofficial guides instruct you to do, avoid adding extra repositories to your sources.list file. Don’t add kali-dev, kali-rolling, or any other Kali repositories unless you have a specific reason to – which usually, you won’t. If you *must* add additional repositories, drop a new sources file in/etc/apt/sources.list.d/ instead.
Add a Non-root User if You’re Not Comfortable Running as root
We see many people leery of using Kali due to the fact that the main OS user is root. This often confuses us, as adding a non-root user to Kali is trivial and can be done by simply issuing commands similar to the following (just change the “muts” username to your own):
root@kali:~# passwd muts
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Avoid Installing Flash Player
Keep the Kali System Up to Date
We pull upstream updates from Debian 4 times a day. This ensures that security updates are implemented in Kali on an ongoing basis. You should keep your system up to date by regularly running the following commands:
Avoid Manual Installations of Tools in FSH Defined Directories
There are several ways you can use Kali – either as a “throw away pentesting machine” or as a “long term use OS“. The “throw away” method entails setting up Kali for a one-off engagement or short term use and then killing off the OS when done (this usually happens in virtual environments). The “long term use” use-case describes people who want to use Kali on an ongoing basis for day-to-day use. Both methods are perfectly valid but require different treatment. If you plan to use Kali on a day-to-day basis, you should avoid manual installs of programs in FSH defined directories as this would conflict with the existing apt package manager.