Installing KALI in container

Giang L. Nguyen

March 21, 2020

Installing KALI in container

KALI is a popular name in the world of IT, where it is used for penetration and security testing. It contains a massive packages of tools gathered into KALI.

There is multiple ways to install an operating system, and I would like to add this as a virtual host on my server. As KALI linux is Debian based, I’m going to install it on an LXC host on my ProxMox server.

Template debian 9.7

ProxMox is easy to install and use, it is fast and got a lot of features that even ESXi servers can’t compare against. ProxMox can create host as VM or LXC, the LXC is nice, as we can save resources when adding linux-hosts. It also do support console, QEMU and KVM through the web-based interface, so you will be able to use or test applications with GUI without needing to setup any remote connections.

Overview

Creating DEBIAN in LXC

Creating the LXC is simple, you start by clicking the Create LXC on the top right and type in the hostname, password and ticks off that it is an unprivileged container. You are then going to set what template, how large the root disk going to be, reserving CPU and memory, setting up the NIC and sets the DNS.

I’ll follow the guide from the course by adding 2xNIC. 2GB of RAM(and 1.5GB of swap, just in case..) and a 50GB disk.

LXC setup

After I’ve added the extra NIC after creating the LXC-host, I ran into trouble to logon, that’s because root user are not allowed to logon remotely. I’ll then need to logon to my LXC through the proxmox and add a new user. Renember, you need to have root access to do it this way, but you could also use the console through the web-interface.

vi3t@ticaprox:~$ lxc-attach 103
lxc-attach: 103: tools/lxc_attach.c: main: 313 You lack access to /home/vi3t/.local/share/lxc
vi3t@ticaprox:~$ sudo lxc-attach 103
[sudo] password for vi3t:
root@ticali:/#
root@ticali:/# adduser vi3t
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
        LANGUAGE = (unset),
        LC_ALL = (unset),
        LANG = "en_US.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
Adding user `vi3t' ...
Adding new group `vi3t' (1000) ...
Adding new user `vi3t' (1000) with group `vi3t' ...
Creating home directory `/home/vi3t' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for vi3t
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] Y
root@ticali:/#

When the user is added, you should be adding the user to the sudo group. The command sudo is used to gain root access with the specific command you are running.

*sudo* (/ˈsuːduː/ or /ˈsuːdoʊ/) is a program for Unix-like computer operating systems
that allows users to run programs with the security privileges of another user, by 
default the superuser. It originally stood for "superuser do" as the older versions 
of *sudo* were designed to run commands only as the superuser.

This Debian template didn’t have the sudo preinstalled, so we will be updating the system, upgrade and install the sudo. After that, we will be adding user to the sudo group.

TL;DR

apt update && apt -y upgrade && apt install sudo
usermod -aG sudo vi3t

Confirm with these commands.

root@ticali:~# usermod -aG sudo vi3t
root@ticali:~# id vi3t
uid=1000(vi3t) gid=1000(vi3t) groups=1000(vi3t),27(sudo)

SSH to the host and test the sudo command.

vi3t@ticali:~$ sudo uname -a

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for vi3t:
Linux ticali 5.3.18-2-pve #1 SMP PVE 5.3.18-2 (Sat, 15 Feb 2020 15:11:52 +0100) x86_64 GNU/Linux
vi3t@ticali:~$

Installing KALI

KALI is not an operating system in itself, but it is a collection of tools that is gathered/bundled in under one operating system. We can use other OS then Debian to install these tools in, but since Kali have been using debian Kernel from a while ago, I feel more convenient to use Debian.

To install these tools, KALI have their own REPO, linked at http://http.kali.org/kali. We will be adding this to aptitude to be able to install packages from this REPO.

vi3t@ticali:~$ echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" | sudo tee -a /etc/apt/sources.list 
vi3t@ticali:~$ sudo apt -y update
...

If you are getting GPG or dirmngr error, you need to install the key(remember to change the key to the one in the error) or application first. If you got dirmngr, install this before adding GPG, as it depends on dirmngr.

W: GPG error: http://kali.download/kali kali-rolling InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ED444FF07D8D0BF6

gpg: keyserver receive failed: No dirmngr

vi3t@ticali:~$ sudo apt install dirmngr
...

vi3t@ticali:~$ gpg --keyserver pgpkeys.mit.edu --recv-key  ED444FF07D8D0BF6
gpg: key ED444FF07D8D0BF6: 3 duplicate signatures removed
gpg: key ED444FF07D8D0BF6: 189 signatures not checked due to missing keys
gpg: /home/vi3t/.gnupg/trustdb.gpg: trustdb created
gpg: key ED444FF07D8D0BF6: public key "Kali Linux Repository <devel@kali.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

vi3t@ticali:~$ gpg -a --export ED444FF07D8D0BF6 | sudo apt-key add -
OK

Searching through the REPO, you got different packages for your purpose. I’ll be installing the kali-linux-all since I want a full system with all KALI tools. If you are going with the default setup, offering in the ISO-image, you can use kali-linux-full. You can check on KALI METAPACKAGES for further details.

Before installing the packages, we need to fully update and upgrade the system toward the KALI REPO and make a reboot to use the new kernel. In the update, there is some interactive for user to give inputs.

vi3t@ticali:~$ apt update && apt -y upgrade
vi3t@ticali:~$ reboot

After reboot, you will see that we are now using kali-rolling.

vi3t@ticali:~$ cat /etc/debian_version
kali-rolling

vi3t@ticali:~$ apt-cache search kali-linux
kali-linux - Transitional package for kali-linux-core
kali-linux-all - Transitional package for kali-linux-everything
kali-linux-arm - Kali Linux ARM system
kali-linux-core - Kali Linux base system
kali-linux-default - Kali Linux default system
kali-linux-everything - Everything in Kali Linux
kali-linux-forensics - Transitional package for kali-tools-forensics
kali-linux-full - Transitional package for kali-linux-large
kali-linux-gpu - Transitional package for kali-tools-gpu
kali-linux-large - Kali Linux large system
kali-linux-light - Kali Linux light tools
kali-linux-nethunter - Kali Linux NetHunter tools
kali-linux-pwtools - Transitional package for kali-tools-passwords
kali-linux-rfid - Transitional package for kali-tools-rfid
kali-linux-sdr - Transitional package for kali-tools-sdr
kali-linux-top10 - Transitional package for kali-tools-top10
kali-linux-voip - Transitional package for kali-tools-voip
kali-linux-web - Transitional package for kali-tools-web
kali-linux-wireless - Transitional package for kali-tools-wireless

vi3t@ticali:~$ sudo apt -y install kali-linux-all
...

Depends on the REPO and your capacity, the installation will take approx 2,5 hours. It is adviceable to have the terminal on in case of interactions, or install with screen/tmux to get back to it if needed.

Extras

Under installation, I got through some issues with wrong set of locale and a sudo bug.

TL;DR for setting the locale

 sudo vim /etc/locale.gen # Add your language, I've added en_US.UTF8
 sudo locale-gen # adding to the locale
 sudo vim /etc/default/locale # add as default for all logins

Sudo bug

Error message: sudo: setrlimit(RLIMIT_CORE): Operation not permitted

This bug has been reported to github on sudo page, reference #42

Release 1.8.31p1 solved this issue.

What's new in Sudo 1.8.31p1

 * Sudo once again ignores a failure to restore the RLIMIT_CORE
   resource limit, as it did prior to version 1.8.29.  Linux
   containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
   if we set the limit to zero, even for root, which resulted in a
   warning from sudo.

According to the bug on Redhat, you could ignore the message as a workaround, since the sudo still works.

vi3t@ticali:~$ cat /etc/sudo.conf
set disable_coredump false

Containering bug

By updating the systems, the debian version files was set as kali-rolling. It seems to me that the ProxMox doesn’t support the operating system version that is set. In advisor from their forum, we need to set the version in /etc/debian_version. This solved the problem by setting the version till 9.7.

Error message:

Job for pve-container@103.service failed because the control process exited with error code.
See "systemctl status pve-container@103.service" and "journalctl -xe" for details.
TASK ERROR: command 'systemctl start pve-container@103' failed: exit code 1

Troubleshooting

Accessing the journal, it only shows that the container didn’t start because of some error. Starting the container from the CLI as foreground process and logging all the error, I get the following log with command root@ticaprox:~# lxc-start -o lxc-start.log -lDEBUG -F -n 103

Output of lxc-start.log
lxc-start 103 20200321111437.718 INFO     conf - conf.c:run_script_argv:372 - Executing script "/usr/share/lxc/hooks/lxc-pve-prestart-hook" for container "103", config section "lxc"
lxc-start 103 20200321111438.366 DEBUG    conf - conf.c:run_buffer:340 - Script exec /usr/share/lxc/hooks/lxc-pve-prestart-hook 103 lxc pre-start produced output: unable to parse version info 'kali-rolling'

lxc-start 103 20200321111438.433 ERROR    conf - conf.c:run_buffer:352 - Script exited with status 25
lxc-start 103 20200321111438.434 ERROR    start - start.c:lxc_init:897 - Failed to run lxc.hook.pre-start for container "103"
lxc-start 103 20200321111438.434 ERROR    start - start.c:__lxc_start:2032 - Failed to initialize container "103"
Output of debian_version
root@ticaprox:/pvezfs/subvol-103-disk-0/etc# cat debian_version
kali-rolling

Debian version check

vi3t@ticali:~$ cat /etc/os-release
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2020.1"
VERSION_ID="2020.1"
VERSION_CODENAME="kali-rolling"
ID_LIKE=debian
ANSI_COLOR="1;31"
HOME_URL="https://www.kali.org/"
SUPPORT_URL="https://forums.kali.org/"
BUG_REPORT_URL="https://bugs.kali.org/"
vi3t@ticali:~$ hostnamectl
   Static hostname: ticali
         Icon name: computer-container
           Chassis: container
        Machine ID: cf74d7eb2f3249c3bf2fcd3ee04c2b09
           Boot ID: 685e0bb01c2e4b5090192584b710f06c
    Virtualization: lxc
  Operating System: Kali GNU/Linux Rolling
            Kernel: Linux 5.3.18-2-pve
      Architecture: x86-64
vi3t@ticali:~$ cat /etc/debian_version
9.7
vi3t@ticali:~$ uname -a
Linux ticali 5.3.18-2-pve #1 SMP PVE 5.3.18-2 (Sat, 15 Feb 2020 15:11:52 +0100) x86_64 GNU/Linux