X

The latest cloud infrastructure announcements, technical solutions, and enterprise cloud insights.

Announcing availability of Kali Linux VM on Oracle Cloud Marketplace

Sanjay Basu
Director, Emerging Technologies

I’m excited to announce the availability of Kali Linux distribution on Oracle Cloud Marketplace for Oracle Cloud Infrastructure (OCI). A big thank you goes to the creator of this virtual machine (VM) image, Amrita Mukherjee.

Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. Kali Linux contains several hundred tools geared toward various information security tasks, such as penetration testing, security research, computer forensics, and reverse engineering. Offensive Security maintains and funds the system. This OCI-compatible Kali Linux image has 600 preinstalled penetration testing programs. The original version of Kali Linux, derived from BackTrack, was designed for kernel editing and audits, leading to Kernel Auditing Linux.

This OCI image contains the kali-linux-default system. To log in for the first instance, use the username and password “debian” using a secure shell (SSH) over the remote console. To check if Kali was instantiated properly, run any of the tools included in the kali-linux-default set, such as dnscheck. You can provision this image on any VM or bare metal shape. For security purposes, SSH is disabled during boot.

To establish a remote serial connection for logging into the system, follow the Oracle Cloud documentation steps. To enable SSH, follow these instructions. You can find the complete list of security testing tools in the Kali Linux Tools Listing.

Kali Linux is used for blue or red team-specific security and vulnerability discovery, exploits, forensics, and remediation. So, it’s of utmost importance that the installation is secured. Let’s discuss how you can protect the Kali Linux security toolset using the following steps.

Define and maintain security policy

To quote Bruce Schneier, security is a process, not a product. Even if a security policy has been initially perfectly designed and implemented, the risk components continuously evolve, and the responses to that risk must evolve accordingly. So, defining and maintaining a security policy is essential. The policy must address at least three factors: what to protect, what to prevent, and who can make it happen.

Possible security measures

If you enable SSH access, ensure that every user uses their unique private and public key pairs. Using sudo privilege requires unique, strong passwords. We recommend installing fail2ban, which makes it harder to break passwords by running brute-force attacks over the network.

Install fail2ban with apt update, followed by apt install fail2ban.

Protect any web services with TLS. Oracle Cloud data at rest is encrypted by default. Enable in-transit encryption for data movement between Oracle Cloud storage and the Oracle Cloud Compute instance.

Securing network services

It’s a good practice to disable services that aren’t in use. By default, Kali disables most network services. As you enable required services, many services run as root user with full administrator privileges. When they start, they might have a default username and password.

Check the Readme.Debian file of the respective packages, docs.kali.org, and tolls.kali.org to see if you need to change the default settings.

Firewall or packet filtering

There’s no firewall at the OS level enabled by default. The Linux kernel embeds the net filter firewall. You can configure the firewall and control from the user space with the iptables and ip6tables commands.

Netfilter uses four distinct tables, which store rules regulating three kinds of operations on packets.

  • Filter: Concerns filtering rules: accept, refusing, or ignoring a packet

  • Nat: Concerns translation of source or destination addresses and ports of packets

  • Mangle: Concerns other changes to the IP packets, including the type of service, filed, and options

  • Raw: Allows other manual modifications on packets before they reach the connection tracking system

We recommend using the firewall service to protect the OS. Use both security lists and network security groups features of the Oracle Cloud Security services.

Monitoring and logging

As an administrator and security practitioner, ensure that everything works as expected, because the availability of services is important. Extra monitoring and logging software services provide insight into what’s happening on the system and the network. We recommend using Oracle Cloud Monitoring services.

Want to know more?

The following links describe various policies and frequently asked questions around the OCI Security testing:

You can find more blogs related to Oracle security and compliance on our blog. Happy threat-hunting using Kali Linux on Oracle Cloud Infrastructure!

Join the discussion

Comments ( 1 )
  • Sanjay Basu Friday, January 29, 2021
    There was a security setting issue which inadvertently denied the serial console connection with user/password - debian/debian

    The issue has been fixed and thoroughly tested.
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha