Installing Kali over the Network

So far, we have seen that Kali is an extremely capable and secure Debian derivative providing industrial-strength security and encryption features, advanced package management, multi-platform capability, and (what it is most-known for) an arsenal of world-class tools for the security professional. What might not be obvious is how Kali scales beyond the desktop to medium or large scale deployments and even to the enterprise level. In this chapter, we will show you how well Kali can scale beyond the desktop, providing centralized management and enterprise-level control over multiple Kali Linux installations. In short, after reading this chapter you will be able to quickly deploy highly secure Kali systems preconfigured for your specific needs and keep them synchronized thanks to Kali's (semi-automatic) installation of package updates.

This level of scale requires several steps, including initiating a PXE network boot, use of an advanced configuration management tool (SaltStack), the ability to fork and customize packages, and the deployment of a package repository. We will cover each step in detail, show you how to get the "heavy lifting" out of the way, and deploy, manage, and maintain multitudes of custom Kali Linux installations with relative ease. As if that were not enough, we will throw in a crowd of minions to assist you in running your empire.

10.1. Installing Kali Linux Over the Network (PXE Boot)

As we have seen in previous chapters, the basic Kali Linux installation process is straightforward once you know your way around. But if you have to install Kali on multiple machines, the standard setup can be quite tedious. Thankfully, you can start the Kali installation procedure by booting a computer over the network. This allows you to install Kali quickly and easily on many machines at a time.

First, you will need to boot your target machine from the network. This is facilitated by the Preboot eXecution Environment (PXE), a client/server interface designed to boot any networked machine from the network even if it does not have an operating system installed. Setting up PXE network boot requires that you configure at least a trivial file transfer protocol (TFTP) server and a DHCP/BOOTP server. You will also need a web server if you want to host a debconf preseeding file that will be automatically used in the installation process.

Fortunately, dnsmasq handles both DHCP and TFTP so that you can rely on a single service to set up everything you need. And the Apache web server is installed (but not enabled) by default on Kali systems.

Separate DHCP and TFTP daemons

For more complex setups, dnsmasq's feature set might be too limited or you might want to enable PXE booting on your main network that already runs a DHCP daemon. In both cases, you will then have to configure separate DHCP and TFTP daemons.

The Debian installation manual covers the setup of isc-dhcp-server and tftpd-hpa for PXE booting.

In order to set up dnsmasq, you must first configure it through /etc/dnsmasq.conf. A basic configuration consists of only a few key lines:

With /etc/dnsmasq.conf configured, you will need to place the installation boot files in the /tftpboot/directory. Kali Linux provides a file archive dedicated to this purpose that can be directly unpacked into /tftpboot/. Simply select between 32-bit (i386) and 64-bit (amd64) and standard or graphical (gtk) install methods for your target machine and choose the appropriate archive:

Once you have selected the archive, create /tftpboot/, download the archive, and unpack it into that directory:

The unpacked files include the pxelinux bootloader, which uses the same configuration files as syslinux and isolinux. Because of this, you can tweak the boot files in debian-installer/amd64/boot-screens/ as you would when generating custom Kali Linux Live ISO images.

For example, assuming that you have picked the textual installer, you can add boot parameters to preseed the language, country, keymap, hostname, and domainname values. You can also point the installer to an external preseed URL and configure the timeout so that the boot happens automatically if no key is pressed within 5 seconds. To accomplish this, you would first modify the debian-installer/amd64/txt.cfg file:

Then, you would modify the debian-installer/amd64/syslinux.cfg file to adjust the timeout:

Armed with the ability to boot any machine from the network via PXE, you can take advantage of all the features outlined in Section 4.3, "Unattended Installations", enabling you to do full booting, preseeding, and unattended installation on multiple computers without physical boot media. Also, don't forget the flexibility of the boot parameter preseed/url=http://server/preseed.cfg (nor the use of the url alias), which allows you to set a network-based preseed file.