10.4. Summary

Topic Progress:

10.4. Summary

Kali Linux scales beyond the desktop to medium or large scale deployments and even to the enterprise level. In this chapter, we covered how to centralize management of multiple Kali installations with SaltStack, allowing you to quickly deploy highly secure Kali systems preconfigured for your specific needs. We also revealed how you can keep them synchronized thanks to Kali's (semi-automatic) installation of package updates.

We discussed package forking, which allows you to create your own customized distributable source packages.

In summary, let's review the major steps required to establish Salt masters and minions, which allow you remote control and configuration of remote hosts.

Summary Tips:

  • Boot machine from the network with PXE, with at least a TFTP file server, a DHCP/BOOTP server (and a web server for debconf preseeding). dnsmasq handles both DHCP and TFTP, and the apache2 web server comes pre-installed (but disabled) on Kali.

  • The Debian installation manual covers the setup of isc-dhcp-server and tftpd-hpa for PXE booting:


  • dnsmasq is configured through /etc/dnsmasq.conf. A basic configuration consists of only a few key lines:

    # Network interface to handle
    # DHCP options
    # IP range to allocate
    # Gateway to announce to clients
    # DNS servers to announce to clients
    # Boot file to announce to clients
    # TFTP options
    # Directory hosting files to serve
  • Unpack 32-bit (i386), 64-bit (amd64), standard or graphical (gtk) installation boot files from the Kali archive into /tftpboot/. The archives can be found here:





    # mkdir /tftpboot
    # cd /tftpboot
    # wget http://http.kali.org/dists/kali-rolling/main/installer-amd64/current/images/netboot/netboot.tar.gz
    # tar xf netboot.tar.gz
  • Optionally modify txt.cfg to preseed parameters or custom timeouts. See Section 4.3, "Unattended Installations". Next, you can leverage configuration management tools to manage machines or configure remote computers to any desired state.

  • SaltStack is a centralized configuration management service: a Salt master manages many Salt minions. Install the salt-master package on a reachable server and salt-minion on managed hosts.

  • Edit the /etc/salt/minion YAML-formatted config file and set the master key to the DNS name (or IP address) of the Salt master.

  • Set minion's unique identifier in /etc/salt/minion_id:

    minion# echo kali-scratch >/etc/salt/minion_id
    minion# systemctl enable salt-minion
    minion# systemctl start salt-minion
  • Key exchange will follow. On the master, accept minion's identification key. Subsequent connections will be automatic:

    master# systemctl enable salt-master
    master# systemctl start salt-master
    master# salt-key --list all
    Accepted Keys:
    Denied Keys:
    Unaccepted Keys:
    Rejected Keys:
    master# salt-key --accept kali-scratch
    The following keys are going to be accepted:
    Unaccepted Keys:
    Proceed? [n/Y] y
    Key for minion kali-scratch accepted.
  • Once minions are connected, you can execute commands on them from the master. Examples:

    master# salt '*' test.ping
    master# salt kali-scratch cmd.shell 'uptime; uname -a'
    master# salt kali-scratch sys.doc'
    master# salt '*' service.enable ssh
    master# salt '*' service.start ssh
    master# salt '*' pkg.refresh_db
    master# salt '*' pkg.upgrade dist_upgrade=True
    server# salt '*' cmd.shell 'pkill -f dnmap_client'
  • The full list of execution modules can be found at https://docs.saltstack.com/en/latest/ref/modules/all/index.html.

  • Use Salt state files (re-usable configuration templates) to schedule actions, collect data, orchestrate sequences of operations on multiple minions, provision cloud systems and bring them under management, and more. Save time with pre-defined Salt formulas:


  • When it comes time to fork a package, first decide if it is a task that you need to tackle. There are significant advantages and disadvantages. Review them carefully. The kali-meta, desktop-base, and kali-menu packages are interesting, probable choices. The process of forking a package can be daunting and is difficult to summarize.

Now that we have covered all the bases in terms of installation, configuration, customization, and deployment of Kali Linux, let's turn towards the role of Kali Linux in the field of Information Security.