Introduction:
You've already seen a ton of articles reviewing or explaining this famous distribution. From its inception to the present day, news about Kali Linux has been ubiquitous. The operating system itself, as you may recall, is designed for pentesting, and it's almost unrivaled in this area. But let's not forget that security is at the core of our work. And to achieve this, we must first start with ourselves. Therefore, in this article, I'll share a couple of tips and techniques that will make working with this operating system a little safer and more reliable.
Work Plan:
Before we begin, I recommend familiarizing yourself with the basics of Linux and its commands. If you have this knowledge, configuring system security will be straightforward. The configuration itself is basic, and I won't cover browser anonymization or installing Tor with a proxy. You can find articles on this topic on the forum. As for the plan, I'll tell you how to physically secure the operating system and force the system to ignore unnecessary packets. We'll install some kind of antivirus software in case of infection. We'll learn how to search for and log suspicious information, and we'll also get acquainted with browser extensions that will make your browsing more secure. Let's get started.
Perimeter Protection
. The first step is to take care of the physical protection of your device. No, I'm not talking about two-factor authentication or isolating your laptop in a protective case when you're done. Above all, set strong system passwords. If you plan to install Kali on your device, create a strong password during installation and remember/write it down so you don't lose it. In any other situation, when Linux has been running for a while and you're too lazy to uninstall the system, remember the basic passwd command. You can use it to change the password for a non-root account. This way, you'll protect yourself from brute-force attacks or manual selection of default passwords.
Network Security.
You probably know that to find out which machine is on the network, you should use the ping command. It works by sending an ICMP packet to the host, returning it, and then opening and reading it. Afterward, the delivery speed and other connection information are displayed. If you accidentally leaked your IP address, don't worry, as I'll show you how to force the system to ignore these types of packets.
To do this, open a terminal and enter the following command:
sudo open /etc/sysctl.conf
After this, a text editor will open and a warning will appear warning you that you may harm the system. Ignore it, go to the end of the file, and add the following line:
net.ipv4.icmp_echo_ignore_all = 1
To make the system respond to ICMP packets again, replace the "1" with a "0." Go back to the terminal and enter the following command to apply the changes:
sudo sysctl -p
Done! Check the results using the same ping command. To find your IP address, open a new window and enter ifconfig. Confirm and look at the numbers after inet.
Let's also not forget about the SSH protocol, which allows us to securely connect to our device. All distributions use a single public key during installation, and digging it up online shouldn't be too difficult. So let's fix the situation and generate new keys to prevent any hackers from connecting.
For this, we'll use the trusty terminal. Open it and navigate to the system directory:
cd /etc/ssh
Let's use superuser privileges and create a backup of our old keys. This is in case things don't go according to plan.
sudo mkdir backup
Now we move all the information and files to this directory:
sudo mv ssh_host_* backup
Just in case, let's cross ourselves, pray, and make a couple hundred copies of our operating system onto an external drive. Are you done? Go to a new window and carefully enter the following command:
sudo dpkg-reconfigure openssh-server
You can keep your hands away from the keyboard to avoid any mistakes, and as a result, you will receive fresh, newly generated public keys.
To find out which ports are currently in use and active on your device, use the following command:
sudo ss -tulwn | grep LISTEN
System Monitoring:
Beyond physical and network protection, let's not forget that our systems are still vulnerable to various viruses. For example, rootkits and bootkits can run even in Linux, which is one of the most dangerous types of malware because it's difficult to detect and all actions are performed with superuser privileges. You're probably already accustomed to managing processes using the Task Manager. So, to avoid digging through the system and log files, let's monitor all programs in the system. I've selected three utilities to help you with this.
xce4-taskmanager is an easy-to-use application for monitoring and managing running processes. It's supported on many Linux distributions (the package is preinstalled in the latest versions of Kali). It displays processes in a tree view and has a filtering function for all data.
top is a Linux command that works similarly to the task manager, with numerous flags and a simpler interface. You can also configure the interval for displaying process information. It can display only those programs that are using CPU resources.
Which dispatcher to use is up to you, but if you don't want to launch an extra program every time, let's look at the logcheck utility. Its main task is to monitor system log files for suspicious activity. It sends all information and alerts directly to your email. To use it, install the program using apt-get, and now let's look at our configuration:
grep ^[^#] /etc/logcheck/logcheck.conf
We configure everything to suit our needs, then reload the configuration with the reload command and launch it using the following code (don't forget to specify the files to be checked in the configuration):
nano -w /etc/cron.hourly/logcheck.cron
Now, if any suspicious activity occurs, the system will send you all the information via email. Also, to make protection more effective, we'll add an antivirus solution to our system, allowing you to scan files for suspicious activity.
chkrootkit is designed to scan for malicious code and other suspicious activity in the system. It has several modules and an expanded threat detection arsenal.
The chkwtmp and chklastlog modules attempt to detect deletions from the wtmp and lastlog system logs, but full detection of all changes to these files is not guaranteed.
The chkproc module checks /proc files to detect system calls hidden from the ps and readdir commands that may be associated with Trojanized LKM modules. You can use this command with the -v flag for a more detailed report.
Let's look at an example of this utility. To do this, open the terminal and try to track all applications that use sniffing:
chkrootkit ps ls sniffer
From the screenshot above, you might have noticed that on my system, sniffing is only performed by the network manager, so there's nothing to worry about. Otherwise, you can refer to the official documentation for a full list of features.
You've already seen a ton of articles reviewing or explaining this famous distribution. From its inception to the present day, news about Kali Linux has been ubiquitous. The operating system itself, as you may recall, is designed for pentesting, and it's almost unrivaled in this area. But let's not forget that security is at the core of our work. And to achieve this, we must first start with ourselves. Therefore, in this article, I'll share a couple of tips and techniques that will make working with this operating system a little safer and more reliable.
Work Plan:
Before we begin, I recommend familiarizing yourself with the basics of Linux and its commands. If you have this knowledge, configuring system security will be straightforward. The configuration itself is basic, and I won't cover browser anonymization or installing Tor with a proxy. You can find articles on this topic on the forum. As for the plan, I'll tell you how to physically secure the operating system and force the system to ignore unnecessary packets. We'll install some kind of antivirus software in case of infection. We'll learn how to search for and log suspicious information, and we'll also get acquainted with browser extensions that will make your browsing more secure. Let's get started.
Perimeter Protection
. The first step is to take care of the physical protection of your device. No, I'm not talking about two-factor authentication or isolating your laptop in a protective case when you're done. Above all, set strong system passwords. If you plan to install Kali on your device, create a strong password during installation and remember/write it down so you don't lose it. In any other situation, when Linux has been running for a while and you're too lazy to uninstall the system, remember the basic passwd command. You can use it to change the password for a non-root account. This way, you'll protect yourself from brute-force attacks or manual selection of default passwords.
Network Security.
You probably know that to find out which machine is on the network, you should use the ping command. It works by sending an ICMP packet to the host, returning it, and then opening and reading it. Afterward, the delivery speed and other connection information are displayed. If you accidentally leaked your IP address, don't worry, as I'll show you how to force the system to ignore these types of packets.
To do this, open a terminal and enter the following command:
sudo open /etc/sysctl.conf
After this, a text editor will open and a warning will appear warning you that you may harm the system. Ignore it, go to the end of the file, and add the following line:
net.ipv4.icmp_echo_ignore_all = 1
To make the system respond to ICMP packets again, replace the "1" with a "0." Go back to the terminal and enter the following command to apply the changes:
sudo sysctl -p
Done! Check the results using the same ping command. To find your IP address, open a new window and enter ifconfig. Confirm and look at the numbers after inet.
Let's also not forget about the SSH protocol, which allows us to securely connect to our device. All distributions use a single public key during installation, and digging it up online shouldn't be too difficult. So let's fix the situation and generate new keys to prevent any hackers from connecting.
For this, we'll use the trusty terminal. Open it and navigate to the system directory:
cd /etc/ssh
Let's use superuser privileges and create a backup of our old keys. This is in case things don't go according to plan.
sudo mkdir backup
Now we move all the information and files to this directory:
sudo mv ssh_host_* backup
Just in case, let's cross ourselves, pray, and make a couple hundred copies of our operating system onto an external drive. Are you done? Go to a new window and carefully enter the following command:
sudo dpkg-reconfigure openssh-server
You can keep your hands away from the keyboard to avoid any mistakes, and as a result, you will receive fresh, newly generated public keys.
To find out which ports are currently in use and active on your device, use the following command:
sudo ss -tulwn | grep LISTEN
- Show only TCP sockets on Linux (-t)
- Show only UDP sockets (-u)
- Show listening sockets (-l)
- Do not resolve service names (-n)
System Monitoring:
Beyond physical and network protection, let's not forget that our systems are still vulnerable to various viruses. For example, rootkits and bootkits can run even in Linux, which is one of the most dangerous types of malware because it's difficult to detect and all actions are performed with superuser privileges. You're probably already accustomed to managing processes using the Task Manager. So, to avoid digging through the system and log files, let's monitor all programs in the system. I've selected three utilities to help you with this.
xce4-taskmanager is an easy-to-use application for monitoring and managing running processes. It's supported on many Linux distributions (the package is preinstalled in the latest versions of Kali). It displays processes in a tree view and has a filtering function for all data.
top is a Linux command that works similarly to the task manager, with numerous flags and a simpler interface. You can also configure the interval for displaying process information. It can display only those programs that are using CPU resources.
Which dispatcher to use is up to you, but if you don't want to launch an extra program every time, let's look at the logcheck utility. Its main task is to monitor system log files for suspicious activity. It sends all information and alerts directly to your email. To use it, install the program using apt-get, and now let's look at our configuration:
grep ^[^#] /etc/logcheck/logcheck.conf
- REPORTLEVEL - debug information level (workstation, server, paranoid). For performance testing purposes, it's recommended to set it to paranoid.
- SENDMAILTO - the field responsible for the address to which all active emails will be delivered.
- MAILASATTACH - parameter for sending messages using attachments.
- FQDN - whether or not to use the device's domain name in the email header (enable if there is more than one device on the network).
- TMP - alternative directory for temporary logcheck files.
We configure everything to suit our needs, then reload the configuration with the reload command and launch it using the following code (don't forget to specify the files to be checked in the configuration):
nano -w /etc/cron.hourly/logcheck.cron
Now, if any suspicious activity occurs, the system will send you all the information via email. Also, to make protection more effective, we'll add an antivirus solution to our system, allowing you to scan files for suspicious activity.
chkrootkit is designed to scan for malicious code and other suspicious activity in the system. It has several modules and an expanded threat detection arsenal.
The chkwtmp and chklastlog modules attempt to detect deletions from the wtmp and lastlog system logs, but full detection of all changes to these files is not guaranteed.
The chkproc module checks /proc files to detect system calls hidden from the ps and readdir commands that may be associated with Trojanized LKM modules. You can use this command with the -v flag for a more detailed report.
Let's look at an example of this utility. To do this, open the terminal and try to track all applications that use sniffing:
chkrootkit ps ls sniffer
From the screenshot above, you might have noticed that on my system, sniffing is only performed by the network manager, so there's nothing to worry about. Otherwise, you can refer to the official documentation for a full list of features.
