I’m excited to announce the availability of Kali Linux distribution on Oracle Cloud Marketplace for Oracle Cloud Infrastructure (OCI). A big thank you goes to the creator of this virtual machine (VM) image, Amrita Mukherjee.
Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. Kali Linux contains several hundred tools geared toward various information security tasks, such as penetration testing, security research, computer forensics, and reverse engineering. Offensive Security maintains and funds the system. This OCI-compatible Kali Linux image has 600 preinstalled penetration testing programs. The original version of Kali Linux, derived from BackTrack, was designed for kernel editing and audits, leading to Kernel Auditing Linux.
This OCI image contains the kali-linux-default system. To log in for the first instance, use the username and password “debian” using a secure shell (SSH) over the remote console. To check if Kali was instantiated properly, run any of the tools included in the kali-linux-default set, such as dnscheck. You can provision this image on any VM or bare metal shape. For security purposes, SSH is disabled during boot.
To establish a remote serial connection for logging into the system, follow the Oracle Cloud documentation steps. To enable SSH, follow these instructions. You can find the complete list of security testing tools in the Kali Linux Tools Listing.
Kali Linux is used for blue or red team-specific security and vulnerability discovery, exploits, forensics, and remediation. So, it’s of utmost importance that the installation is secured. Let’s discuss how you can protect the Kali Linux security toolset using the following steps.
To quote Bruce Schneier, security is a process, not a product. Even if a security policy has been initially perfectly designed and implemented, the risk components continuously evolve, and the responses to that risk must evolve accordingly. So, defining and maintaining a security policy is essential. The policy must address at least three factors: what to protect, what to prevent, and who can make it happen.
If you enable SSH access, ensure that every user uses their unique private and public key pairs. Using sudo privilege requires unique, strong passwords. We recommend installing fail2ban, which makes it harder to break passwords by running brute-force attacks over the network.
Install fail2ban with apt update, followed by apt install fail2ban.
Protect any web services with TLS. Oracle Cloud data at rest is encrypted by default. Enable in-transit encryption for data movement between Oracle Cloud storage and the Oracle Cloud Compute instance.
It’s a good practice to disable services that aren’t in use. By default, Kali disables most network services. As you enable required services, many services run as root user with full administrator privileges. When they start, they might have a default username and password.
Check the Readme.Debian file of the respective packages, docs.kali.org, and tolls.kali.org to see if you need to change the default settings.
There’s no firewall at the OS level enabled by default. The Linux kernel embeds the net filter firewall. You can configure the firewall and control from the user space with the iptables and ip6tables commands.
Netfilter uses four distinct tables, which store rules regulating three kinds of operations on packets.
Filter: Concerns filtering rules: accept, refusing, or ignoring a packet
Nat: Concerns translation of source or destination addresses and ports of packets
Mangle: Concerns other changes to the IP packets, including the type of service, filed, and options
Raw: Allows other manual modifications on packets before they reach the connection tracking system
We recommend using the firewall service to protect the OS. Use both security lists and network security groups features of the Oracle Cloud Security services.
As an administrator and security practitioner, ensure that everything works as expected, because the availability of services is important. Extra monitoring and logging software services provide insight into what’s happening on the system and the network. We recommend using Oracle Cloud Monitoring services.
The following links describe various policies and frequently asked questions around the OCI Security testing: