Kali Linux is enterprise-ready security auditing Linux distribution based on Debian GNU/Linux. Kali is aimed at security professionals and IT administrators, enabling them to conduct advanced penetration testing, forensic analysis, and security auditing. Many peeps
WHAT IS A LINUX DISTRIBUTION?
Although it is commonly used as a name for the entire operating system, Linux is just the name of the kernel, a piece of software that handles interactions between the hardware and end-user applications. The expression Linux distribution, on the other hand, refers to a complete operating system built on top of the Linux kernel, usually including an installation program and many applications, which are either pre-installed or packaged in an easily installable way. Debian GNU/Linux2 is a leading generic Linux distribution, known for its quality and stability. Kali Linux builds on the work of the Debian project and adds over 300 special purpose packages of its own, all related to information security, particularly the field of penetration testing.
The Kali Linux project began quietly in 2012, when Offensive Security decided that they wanted to replace their venerable BackTrack Linux project, which was manually maintained, with something that could become a genuine Debian derivative3, complete with all of the required infrastructure and improved packaging techniques. The decision was made to build Kali on top of the Debian distribution because it is well known for its quality, stability, and a wide selection of available software.
GNOME is Kali Linux’s Default Desktop Environment A desktop environment is a collection of graphical applications that share a common graphical toolkit and that are meant to be used together on user workstations. Desktop environments are generally not used in servers. They usually provide an application launcher, a file manager, a web browser, an email client, an office suite, etc. GNOME4 is one of the most popular desktop environments (together with KDE5, Xfce6, LXDE7, MATE8 ) and is installed on the main ISO images provided by Kali Linux. If you dislike GNOME, it is easy to build a custom ISO image with the desktop environment of your choosing.
MAIN KALI LINUX FEATURES
Kali Linux is a Linux distribution that contains its own collection of hundreds of software tools specifically tailored for their target users—penetration testers and other security professionals. It also comes with an installation program to completely setup Kali Linux as the main operating system on any computer. This is pretty much like all other existing Linux distributions but other features differentiate Kali Linux, many of which are tailored to the specific needs of penetration testers. Let’s have a look at some of those features.
A LIVE SYSTEM
Contrary to most Linux distributions, the main ISO image that you download is not simply dedicated to installing the operating system; it can also be used as a bootable live system. In other words, you can use Kali Linux without installing it, just by booting the ISO image (usually after having copied the image onto a USB key). The live system contains the tools most commonly used by penetration testers so even if your day-to-day system is not Kali Linux, you can simply insert the disk or USB key and reboot to run Kali. However, keep in mind that the default configuration will not preserve changes between reboots. If you configure persistence with a USB key then you can tweak the system to your liking (modify config files, save reports, upgrade software, and install additional packages, for example), and the changes will be retained across reboots.
In general, when doing forensic work on a system, you want to avoid any activity that would alter the data on the analyzed system in any way. Unfortunately, modern desktop environments tend to interfere with this objective by trying to auto-mount any disk(s) they detect. To avoid this behavior, Kali Linux has a forensics mode that can be enabled from the boot menu: it will disable all such features. The live system is particularly useful for forensics purposes because it is possible to reboot any computer into a Kali Linux system without accessing or modifying its hard disks.
A CUSTOM LINUX KERNEL
Kali Linux always provides a customized recent Linux kernel, based on the version in Debian Unstable. This ensures solid hardware support, especially for a wide range of wireless devices. The kernel is patched for wireless injection support since many wireless security assessment tools rely on this feature. Since many hardware devices require up-to-date firmware files (found in /lib/firmware/), Kali installs them all by default—including the firmware available in Debian’s non-free section. Those are not installed by default in Debian, because they are closed-source and thus not part of Debian proper.
Kali Linux is built by penetration testers for penetration testers but we understand that not everyone will agree with our design decisions or choice of tools to include by default. With this in mind, we always ensure that Kali Linux is easy to customize based on your own needs and preferences. To this end, we publish the live-build configuration used to build the official Kali images so you can customize it to your liking. It is very easy to start from this published configuration and implement various changes based on your needs thanks to the versatility of live-build. Live-build includes many features to modify the installed system, install supplementary files, install additional packages, run arbitrary commands, and change the values pre-seeded to debconf
A TRUSTABLE OPERATING SYSTEM
Users of a security distribution rightfully want to know that it can be trusted and that it has been developed in plain sight, allowing anyone to inspect the source code. Kali Linux is developed by a small team of knowledgeable developers working transparently and following the best security practices: they upload signed source packages, which are then built on dedicated build daemons. The packages are then checksummed and distributed as part of a signed repository. The work done on the packages can be fully reviewed through the packaging Git repositories14 (which contain signed tags) that are used to build the Kali source packages.
USABLE ON A WIDE RANGE OF ARM DEVICE
s Kali Linux provides binary packages for the armel, armhf, and arm64 ARM architectures. Thanks to the easily installable images provided by Offensive Security, Kali Linux can be deployed on many interesting devices, from smartphones and tablets to Wi-Fi routers and computers of various shapes and sizes.
KALI LINUX POLICIES
While Kali Linux strives to follow the Debian policy whenever possible, there are some areas where we made significantly different design choices due to the particular needs of security professionals.
SINGLE ROOT USER BY DEFAULT
Most Linux distributions encourage, quite sensibly, the use of a non-privileged account while running the system and the use of a utility like sudo when administrative privileges are needed. This is sound security advice, providing an extra layer of protection between the user and any potentially disruptive or destructive operating system commands or operations. This is especially true for multiple user systems, where user privilege separation is a requirement—misbehavior by one user can disrupt or destroy the work of many users. Since many tools included in Kali Linux can only be executed with root privileges, this is the default Kali user account. Unlike other Linux distributions, you will not be prompted to create a non-privileged user when installing Kali. This particular policy is a major deviation from most Linux systems and tends to be very confusing for less experienced users. Beginners should be especially careful when using Kali since most destructive mistakes occur when operating with root privileges.
NETWORK SERVICES DISABLED BY DEFAULT
In contrast to Debian, Kali Linux disables any installed service that would listen on a public network interface by default, such as HTTP and SSH. The rationale behind this decision is to minimize exposure during a penetration test when it is detrimental to announce your presence and risk detection because of unexpected network interactions. You can still manually enable any services of your choosing by running systemctl enable service.
A CURATED COLLECTION OF APPLICATIONS
Debian aims to be the universal operating system and puts very few limits on what gets packaged, provided that each package has a maintainer. By way of contrast, Kali Linux does not package every penetration testing tool available. Instead, we aim to provide only the best freely-licensed tools covering most tasks that a penetration tester might want to perform. Kali developers working as penetration testers drive the selection process and we leverage their experience and expertise to make enlightened choices. In some cases, this is a matter of fact, but other, more difficult choices simply come down to personal preference. Here are some of the points considered when a new application gets evaluated:
- The usefulness of the application in a penetration testing context
- The unique functionality of the application’s features
- The application’s license
- The application’s resource requirements