Installing to Hard Drive

4.2. Step by Step Installation on a Hard Drive

In this section, we assume that you have a bootable USB drive or DVD (see Section 2.1.4, "Copying the Image on a DVD-ROM or USB Key" for details on how to prepare such a drive) and that you booted from it to start the installation process.

4.2.1. Plain Installation

First, we will take a look at a standard Kali installation, with an unencrypted file system. Booting and Starting the Installer

Once the BIOS has begun booting from the USB drive or DVD-ROM, the Isolinux boot loader menu appears, as shown in Figure 4.1, "Boot Screen". At this stage, the Linux kernel is not yet loaded; this menu allows you to choose the kernel to boot and enter optional parameters to be transferred to it in the process.

For a standard installation, you only need to choose Install or Graphical Install (with the arrow keys), then press the Enter key to initiate the remainder of the installation process.

Each menu entry hides a specific boot command line, which can be configured as needed by pressing the Tab key before validating the entry and booting.

Figure 4.1. Boot Screen

Once booted, the installation program guides you step-by-step through the process. We will take a look at each of these steps in detail. We will cover installation from a standard Kali Linux DVD-ROM; installations from a mini.iso may look slightly different. We will also address graphical mode installation, but the only difference from classic text-mode installation is the appearance. The versions pose identical questions and present identical options. Selecting the Language

As shown in Figure 4.2, "Selecting the Language", the installation program begins in English but the first step allows you to choose the language that will be used for the rest of the installation process. This language choice is also used to define more relevant default choices in subsequent stages (notably the keyboard layout).

Navigating with the Keyboard

Some steps in the installation process require you to enter information. These screens have several areas that may gain focus (text entry area, checkboxes, list of choices, OK and Cancel buttons), and the Tab key allows you to move from one to another.

In graphical installation mode, you can use the mouse as you would normally on an installed graphical desktop.

Figure 4.2. Selecting the Language Selecting the Country

The second step (Figure 4.3, "Selecting the Country") consists in choosing your country. Combined with the language, this information enables the installation program to offer the most appropriate keyboard layout. This will also influence the configuration of the time zone. In the United States, a standard QWERTY keyboard is suggested and the installer presents a choice of appropriate time zones.

Figure 4.3. Selecting the Country Selecting the Keyboard Layout

The proposed American English keyboard corresponds to the usual QWERTY layout as shown in Figure 4.4, "Choice of Keyboard".

Figure 4.4. Choice of Keyboard Detecting Hardware

In the vast majority of cases, the hardware detection step is completely automatic. The installer detects your hardware and tries to identify the boot device used in order to access its content. It loads the modules corresponding to the various hardware components detected and then mounts the boot device in order to read it. The previous steps were completely contained in the boot image included on the boot device, a file of limited size and loaded into memory by the bootloader when booting from the boot device. Loading Components

With the contents of the boot device now available, the installer loads all the files necessary to continue with its work. This includes additional drivers for the remaining hardware (especially the network card), as well as all the components of the installation program. Detecting Network Hardware

In this step, the installer will try to automatically identify the network card and load the corresponding module. If automatic detection fails, you can manually select the module to load. If all else fails, you can load a specific module from a removable device. This last solution is usually only needed if the appropriate driver is not included in the standard Linux kernel, but available elsewhere, such as the manufacturer's website.

This step must absolutely be successful for network installations (such as those done when booting from a mini.iso), since the Debian packages must be loaded from the network. Configuring the Network

In order to automate the process as much as possible, the installer attempts an automatic network configuration using dynamic host configuration protocol (DHCP) (for IPv4 and IPv6) and ICMPv6's Neighbor Discovery Protocol (for IPv6), as shown in Figure 4.5, "Network Autoconfiguration".

Figure 4.5. Network Autoconfiguration

If the automatic configuration fails, the installer offers more choices: try again with a normal DHCP configuration, attempt DHCP configuration by declaring the name of the machine, or set up a static network configuration.

This last option requires an IP address, a subnet mask, an IP address for a potential gateway, a machine name, and a domain name.

Configuration without DHCP

If the local network is equipped with a DHCP server that you do not wish to use because you prefer to define a static IP address for the machine during installation, you can add the netcfg/use_dhcp=false option when booting. You just need to edit the desired menu entry by pressing the Tab key and adding the desired option before pressing the Enter key. Root Password

The installer prompts for a password (Figure 4.6, "Root Password") since it automatically creates a super-user root account. The installer also asks for a confirmation of the password to prevent any input error which would later be difficult to adjust.

Figure 4.6. Root Password

The Administrator Password

The root user's password should be long (eight characters or more) and impossible to guess, since attackers target Internet-connected computers and servers with automated tools, attempting to log in with obvious passwords. Sometimes attackers leverage dictionary attacks, using many combinations of words and numbers as passwords. Avoid using the names of children or parents and dates of birth, because these are easily guessed.

These remarks are equally applicable to other user passwords but the consequences of a compromised account are less drastic for users without administrative rights.

If you are lacking inspiration, don't hesitate to use a password generator, such as pwgen (found in the package of the same name, which is already included in the base Kali installation). Configuring the Clock

If the network is available, the system's internal clock will be updated from a network time protocol (NTP) server. This is beneficial because it ensures timestamps on logs will be correct from the first boot.

If your country spans multiple timezones, you will be asked to select the timezone that you want to use, as shown in Figure 4.7, "Timezone Selection".

Figure 4.7. Timezone Selection Detecting Disks and Other Devices

This step automatically detects the hard drives on which Kali may be installed, each of which will be presented in the next step: partitioning. Partitioning

Partitioning is an indispensable step in installation, which consists of dividing the available space on the hard drives into discrete sections (partitions) according to the intended function of the computer and those partitions. Partitioning also involves choosing the file systems to be used. All of these decisions will have an influence on performance, data security, and server administration.

The partitioning step is traditionally difficult for new users. However, the Linux file systems and partitions, including virtual memory (or swap partitions) must be defined as they form the foundation of the system. This task can become complicated if you have already installed another operating system on the machine and you want the two to coexist. In this case, you must make sure not to alter its partitions, or if need be, resize them without causing damage.

To accommodate more common (and simpler) partition schemes, most users will prefer the Guided mode that recommends partition configurations and provides suggestions each step of the way. More advanced users will appreciate the Manual mode, which allows for more advanced configurations. Each mode shares certain capabilities. Guided Partitioning

The first screen in the partitioning tool (Figure 4.8, "Choice of Partitioning Mode") presents entry points for the guided and manual partitioning modes. "Guided - use entire disk" is the simplest and most common partition scheme, which will allocate an entire disk to Kali Linux.

The next two selections use Logical Volume Manager (LVM) to set up logical (instead of physical), optionally encrypted, partitions. We will discuss LVM and encryption later in this chapter.

Finally, the last choice initiates manual partitioning, which allows for more advanced partitioning schemes, such as installing Kali Linux alongside other operating systems. We will discuss manual mode in the next section.

In this example, we will allocate an entire hard disk to Kali, so we select "Guided - use entire disk" to proceed to the next step.

Figure 4.8. Choice of Partitioning Mode

The next screen (shown in Figure 4.9, "Disk to Use for Guided Partitioning") allows you to choose the disk where Kali will be installed by selecting the corresponding entry (for example, "Virtual disk 1 (vda) - 32.2 GB Virtio Block Device"). Once selected, guided partitioning will continue. This option will erase all of the data on this disk, so choose wisely.

Figure 4.9. Disk to Use for Guided Partitioning

Next, the guided partitioning tool offers three partitioning methods, which correspond to different usages, as shown in Figure 4.10, "Guided Partition Allocation".

Figure 4.10. Guided Partition Allocation

The first method is called "All files in one partition." The entire Linux system tree is stored in a single file system, corresponding to the root ("/") directory. This simple and robust partitioning scheme works perfectly well for personal or single-user systems. Despite the name, two partitions will actually be created: the first will house the complete system, the second the virtual memory (or "swap").

The second method, "Separate /home/ partition," is similar, but splits the file hierarchy in two: one partition contains the Linux system (/), and the second contains "home directories" (meaning user data, in files and subdirectories available under /home/). One benefit to this method is that it is easy to preserve the users' data if you have to reinstall the system.

The last partitioning method, called "Separate /home, /var, and /tmp partitions," is appropriate for servers and multi-user systems. It divides the file tree into many partitions: in addition to the root (/) and user accounts (/home/) partitions, it also has partitions for server software data (/var/), and temporary files (/tmp/). One benefit to this method is that end users cannot lock up the server by consuming all available hard drive space (they can only fill up /tmp/ and /home/). At the same time, daemon data (especially logs) can no longer clog up the rest of the system.

After choosing the type of partition, the installer presents a summary of your selections on the screen as a partition map (Figure 4.11, "Validating Partitioning"). You can modify each partition individually by selecting a partition. For example, you could choose another file system if the standard (ext4) isn't appropriate. In most cases, however, the proposed partitioning is reasonable and you can accept it by selecting "Finish partitioning and write changes to disk." It may go without saying, but choose wisely as this will erase the contents of the selected disk.

Figure 4.11. Validating Partitioning Manual Partitioning

Selecting Manual at the main "Partition disks" screen (Figure 4.8, "Choice of Partitioning Mode") permits greater flexibility, allowing you to choose more advanced configurations and specifically dictate the purpose and size of each partition. For example, this mode allows you to install Kali alongside other operating systems, enable a software-based redundant array of independent disks (RAID) to protect data from hard disk failures, and safely resize existing partitions without losing data, among other things.

If you are a less experienced user working on a system with existing data, please be very careful with this setup method as it is very easy to make mistakes that could lead to data loss.

Shrinking a Windows Partition

To install Kali Linux alongside an existing operating system (Windows or other), you will need available, unused hard drive space for the partitions dedicated to Kali. In most cases, this means shrinking an existing partition and reusing the freed space.

If you are using the manual partitioning mode, the installer can shrink a Windows partition quite easily. You only need to choose the Windows partition and enter its new size (this works the same with both FAT and NTFS partitions).

The first screen in the manual installer is actually the same as the one shown in Figure 4.11, "Validating Partitioning", except that it doesn't include any new partitions to create. It is up to you to add those.

First, you will see an option to enter "Guided partitioning" followed by several configuration options. Next, the installer will show the available disks, their partitions, and any possible free space that has not yet been partitioned. You can select each displayed element and press the Enter key to interact with it, as usual.

If the disk is entirely new, you might have to create a partition table. You can do this by selecting the disk. Once done, you should see free space available within the disk.

To make use of this free space, you should select it and the installer will offer you two ways to create partitions in that space.

Figure 4.12. Creating Partitions in the Free Space

The first entry will create a single partition with the characteristics (including the size) of your choice. The second entry will use all the free space and will create multiple partitions in it with the help of the guided partitioning wizard (see Section, "Guided Partitioning"). This option is particularly interesting when you want to install Kali alongside another operating system but when you don't want to micro-manage the partition layout. The last entry will show the cylinder/head/sector numbers of the start and of the end of the free space.

When you select to "Create a new partition," you will enter into the meat of the manual partitioning sequence. After selecting this option, you will be prompted for a partition size. If the disk uses an MSDOS partition table, you will be given the option to create a primary or logical partition. (Things to know: You can only have four primary partitions but many more logical partitions. The partition containing /boot, and thus the kernel, must be a primary one, logical partitions reside in an extended partition, which consumes one of the four primary partitions.) Then you should see the generic partition configuration screen:

Figure 4.13. Partition Configuration Screen

To summarize this step of manual partitioning, let's take a look at what you can do with the new partition. You can:

  • Format it and include it in the file tree by choosing a mount point. The mount point is the directory that will house the contents of the file system on the selected partition. Thus, a partition mounted at /home/ is traditionally intended to contain user data, while "/" is known as the root of the file tree, and therefore the root of the partition that will actually host the Kali system.

  • Use it as a swap partition. When the Linux kernel lacks sufficient free memory, it will store inactive parts of RAM in a special swap partition on the hard disk. The virtual memory subsystem makes this transparent to applications. To simulate the additional memory, Windows uses a swap (paging) file that is directly contained in a file system. Conversely, Linux uses a partition dedicated to this purpose, hence the term swap partition.
  • Make it into a "physical volume for encryption" to protect the confidentiality of data on certain partitions. This case is automated in the guided partitioning. See Section 4.2.2, "Installation on a Fully Encrypted File System"for more information.
  • Make it a "physical volume for LVM" (not covered in this book). Note that this feature is used by the guided partitioning when you set up encrypted partitions.
  • Use it as a RAID device (not covered in this book).
  • Choose not to use the partition, and leave it unchanged.

When finished, you can either back out of manual partitioning by selecting "Undo changes to partitions" or write your changes to the disk by selecting "Finish partitioning and write changes to disk" from the manual installer screen (Figure 4.11, "Validating Partitioning"). Copying the Live Image

This next step, which doesn't require any user interaction, copies the contents of the live image to the target file system, as shown in Figure 4.14, "Copying the Data from the Live Image".

Figure 4.14. Copying the Data from the Live Image Configuring the Package Manager (apt)

In order to be able to install additional software, APT needs to be configured and told where to find Debian packages. In Kali, this step is mostly non-interactive as we force the mirror to be You just have to confirm whether you want to use this mirror (Figure 4.15, "Use a Network Mirror?"). If you don't use it, you won't be able to install supplementary packages with apt unless you configure a package repository later.

Figure 4.15. Use a Network Mirror?

If you want to use a local mirror instead of, you can pass its name on the kernel command line (at boot-time) with a syntax like this: mirror/http/hostname=my.own.mirror.

Finally, the program proposes to use an HTTP proxy as shown in Figure 4.16, "Use an HTTP Proxy". An HTTP proxy is a server that forwards HTTP requests for network users. It sometimes helps to speed up downloads by keeping a copy of files that have been transferred through it (we then speak of a caching proxy). In some cases, it is the only means of accessing an external web server; in such cases the installer will only be able to download the Debian packages if you properly fill in this field during installation. If you do not provide a proxy address, the installer will attempt to connect directly to the Internet.

Figure 4.16. Use an HTTP Proxy

Next, the Packages.xz and Sources.xz files will be automatically downloaded to update the list of packages recognized by APT. Installing the GRUB Boot Loader

The boot loader is the first program started by the BIOS. This program loads the Linux kernel into memory and then executes it. The boot loader often offers a menu that allows you to choose the kernel to load or the operating system to boot.

Due to its technical superiority, GRUB is the default boot loader installed by Debian: it works with most file systems and therefore doesn't require an update after each installation of a new kernel, since it reads its configuration during boot and finds the exact position of the new kernel.

You should install GRUB to the Master Boot Record (MBR) unless you already have another Linux system installed that knows how to boot Kali Linux. As noted in Figure 4.17, "Install the GRUB Boot Loader on a Hard Disk", modifying the MBR will make unrecognized operating systems that depend on it unbootable until you fix GRUB's configuration.

Figure 4.17. Install the GRUB Boot Loader on a Hard Disk

In this step (Figure 4.18, "Device for Boot Loader Installation"), you must select which device GRUB will be installed on. This should be your current boot drive.

Figure 4.18. Device for Boot Loader Installation

By default, the boot menu proposed by GRUB shows all the installed Linux kernels, as well as any other operating systems that were detected. This is why you should accept the offer to install it in the Master Boot Record. Keeping older kernel versions preserves the ability to boot the system if the most recently installed kernel is defective or poorly adapted to the hardware. We thus recommend that you keep a few older kernel versions installed.

Beware: The Boot Loader and Dual Boot

This phase in the installation process detects the operating systems that are already installed on the computer and will automatically add corresponding entries in the boot menu. However, not all installation programs do this.

In particular, if you install (or reinstall) Windows thereafter, the boot loader will be erased. Kali will still be on the hard drive, but will no longer be accessible from the boot menu. You would then have to start the Kali installer with the rescue/enable=true parameter on the kernel command line to reinstall the boot loader. This operation is described in detail in the Debian installation manual. Finishing the Installation and Rebooting

Now that installation is complete, the program asks you to remove the DVD-ROM from the reader (or unplug your USB drive) so that your computer can boot into your new Kali system after the installer restarts the system (Figure 4.19, "Installation Complete").

Finally, the installer will do some cleanup work, like removing packages that are specific to creating the live environment.

Figure 4.19. Installation Complete

4.2.2. Installation on a Fully Encrypted File System

To guarantee the confidentiality of your data, you can set up encrypted partitions. This will protect your data if your laptop or hard drive is lost or stolen. The partitioning tool can help you in this process, both in guided and manual mode.

The guided partitioning mode will combine the use of two technologies: Linux Unified Key Setup (LUKS) for encrypting partitions and Logical Volume Management (LVM) for managing storage dynamically. Both features can also be set up and configured through manual partitioning mode. Introduction to LVM

Let's discuss LVM first. Using LVM terminology, a virtual partition is a logical volume, which is part of a volume group, or an association of several physical volumes. Physical volumes are real partitions (or virtual partitions exported by other abstractions, such as a software RAID device or an encrypted partition).

With its lack of distinction between "physical" and "logical" partitions, LVM allows you to create "virtual" partitions that span several disks. The benefits are twofold: the size of the partitions is no longer limited by individual disks but by their cumulative volume, and you can resize existing partitions at any time, such as after adding an additional disk.

This technique works in a very simple way: each volume, whether physical or logical, is split into blocks of the same size, which LVM correlates. The addition of a new disk will cause the creation of a new physical volume providing new blocks that can be associated to any volume group. All of the partitions in the volume group can then take full advantage of the additional allocated space. Introduction to LUKS

To protect your data, you can add an encryption layer underneath your file system of choice. Linux (and more particularly the dm-crypt driver) uses the device mapper to create the virtual partition (whose contents are protected) based on an underlying partition that will store the data in an encrypted form (thanks to LUKS). LUKS standardizes the storage of the encrypted data as well as meta-information that indicates the encryption algorithms used.

Encrypted Swap Partition

When an encrypted partition is used, the encryption key is stored in memory (RAM), and when hibernating, a laptop will copy the key, along with other contents of RAM, to the hard disk's swap partition. Since anyone with access to the swap file (including a technician or a thief) could extract the key and decrypt your data, the swap file must be protected with encryption.

Because of this, the installer will warn you if you try to use an encrypted partition alongside an unencrypted swap partition. Setting Up Encrypted Partitions

The installation process for encrypted LVM is the same as a standard installation except for the partitioning step (Figure 4.20, "Guided Partitioning with Encrypted LVM") where you will instead select "Guided - use entire disk and set up encrypted LVM." The net result will be a system that cannot be booted or accessed until the encryption passphrase is provided. This will encrypt and protect the data on your disk.

Figure 4.20. Guided Partitioning with Encrypted LVM

The guided partitioning installer will automatically assign a physical partition for the storage of encrypted data, as shown in Figure 4.21, "Confirm Changes to the Partition Table". At this point, the installer will confirm the changes before they are written on the disk.

Figure 4.21. Confirm Changes to the Partition Table

This new partition is then initialized with random data, as shown in Figure 4.22, "Erasing Data on Encrypted Partition". This makes the areas that contain data indistinguishable from the unused areas, making it more difficult to detect, and subsequently attack, the encrypted data.

Figure 4.22. Erasing Data on Encrypted Partition

Next, the installer asks you to enter an encryption passphrase (Figure 4.23, "Enter Your Encryption Passphrase"). In order to view the contents of the encrypted partition, you will need to enter this passphrase every time you reboot the system. Note the warning in the installer: your encrypted system will only be as strong as this passphrase.

Figure 4.23. Enter Your Encryption Passphrase

The partitioning tool now has access to a new virtual partition whose contents are stored encrypted in the underlying physical partition. Since LVM uses this new partition as a physical volume, it can protect several partitions (or LVM logical volumes) with the same encryption key, including the swap partition (see sidebar Encrypted Swap Partition). Here, LVM is not used to make it easy to extend the storage size, but just for the convenience of the indirection allowing to split a single encrypted partition into multiple logical volumes. End of the Guided Partitioning with Encrypted LVM

Next, the resulting partitioning scheme is displayed (Figure 4.24, "Validating Partitioning for Encrypted LVM Installation") so you can tweak settings as needed.

Figure 4.24. Validating Partitioning for Encrypted LVM Installation

Finally, after validating the partition setup, the tool asks for confirmation to write the changes on the disks, as shown in Figure 4.25, "Confirm Partitions to be Formatted".

Figure 4.25. Confirm Partitions to be Formatted

Finally, the installation process continues as usual as documented in Section, "Configuring the Package Manager (apt)".