In this chapter, we learned about modifying Kali source packages, which are the basic building blocks of all applications shipped in Kali. We also discovered how to customize and install the Kali kernel. Then we discussed the live-build environment and discussed how to build a customized Kali Linux ISO. We also demonstrated how to create both encrypted and unencrypted Kali USB installs.
Modifying Kali packages is usually a task for Kali contributors and developers, but you might have specific needs not fulfilled by the official packages and knowing how to build a modified package can be very valuable, especially if you want to share your changes, deploy them internally, or cleanly roll the software back to a previous state.
When you need to modify a piece of software, it might be tempting to download the source, make the changes, and use the modified software. However, if your application requires a system-wide setup (e.g. with a make install step), then it will pollute your file system with files unknown to dpkg and will soon create problems that cannot be caught by package dependencies. In addition, this type of software modification is more tedious to share.
When creating a modified package, the general process is always the same: grab the source package, extract it, make your changes, and then build the package. For each step, there are often multiple tools that can handle each task.
To start rebuilding a Kali package, first download the source package, which is composed of a *.dsc (Debian Source Control) file and of additional files referenced from that control file.
Source packages are stored on HTTP-accessible mirrors. The most efficient way to obtain them is with apt source source-package-name, which requires that you add a deb-src line to the /etc/apt/sources.list file and update the index files with apt update.
Additionally, you can use dget (from the devscripts package) to download a .dsc file directly together with its accompanying files. For Kali-specific packages whose sources are hosted in a Git repository on gitlab.com/kalilinux/packages, you can retrieve the sources with git clone https://gitlab.com/kalilinux/packages/source-package.git.
After downloading sources, install the packages listed in the source package's build dependencies with sudo apt build-dep ./. This command must be run from the package's source directory.
Updates to a source package consist of a combination of some of the following steps:
The required first step is changing the version number to distinguish your package from the original with dch --local version-identifier, or modify other package details with dch.
Applying a patch with patch -p1 <patch-file or modifying quilt's patch series.
Tweaking build options, usually found in the package's debian/rules file, or other files in the debian/ directory.
After modifying a source package, you can build the binary package with dpkg-buildpackage -us -uc -b from the source directory, which will generate an unsigned binary package. The package can then be installed with dpkg -i package-name_version_arch.deb.
As an advanced user, you may wish to recompile the Kali kernel. You may want to slim down the standard Kali kernel, which is loaded with many features and drivers, add non-standard drivers or features, or apply kernel patches. Beware though: a misconfigured kernel may destabilize your system and you must be prepared to accept that Kali cannot ensure security updates for your custom kernel.
For most kernel modifications, you will need to install a few packages with apt install build-essential libncurses5-dev fakeroot.
The command apt-cache search ^linux-source should list the latest kernel version packaged by Kali, and apt install linux-source-version-number installs a compressed archive of the kernel source into /usr/src.
The source files should be extracted with tar -xaf into a directory other than /usr/src (such as ~/kernel).
When the time comes to configure your kernel, keep these points in mind:
Unless you are an advanced user, you should first populate a kernel configuration file. The preferred method is to borrow Kali's standard configuration by copying /boot/config-version-string to ~/kernel/linux-source-version-number/.config. Alternatively, you can use make architecture_defconfig to get a reasonable configuration for the given architecture.
The text-based make menuconfig kernel configuration tool will read the .config file and present you all the configuration items in a huge menu that you can navigate. Selecting an item shows you its documentation, its possible values, and permits you to enter a new value.
When run from your kernel source directory, make clean will remove previously-compiled files and make deb-pkg will generate up to five Debian packages. The linux-image-version .deb file contains the kernel image and the associated modules.
To actually use the built kernel, install the required packages with dpkg -i file.deb. The "linux-image" package is required; you only have to install the "linux-headers" package if you have some external kernel modules to build, which is the case if you have some "*-dkms" packages installed (check with dpkg -l "*-dkms" | grep ^ii). The other packages are generally not needed (unless you know why you need them!).
Official Kali ISO images are built with live-build, which is a set of scripts that allows for the complete automation and customization of all facets of ISO image creation.
Your Kali system must be completely up-to-date before using live-build.
The Kali live-build configuration can be retrieved from Kali's Git repositories with two commands: apt install curl git live-build followed by git clone https://gitlab.com/kalilinux/build-scripts/live-build-config.git
To generate an updated but unmodified Kali live ISO image, simply run ./build.sh --verbose. The build will take a long time to complete as it will download all the packages to include. When finished, you will find the new ISO image in the images directory. If you add --variant variant to the command line, it will build the given variant of the Kali ISO image. The various variants are defined by their configuration directories kali-config/variant-*. The main image is the Xfce variant.
There are several ways to customize your ISO by modifying live-build's configuration directory:
- Packages can be added to (or removed from) a live ISO by modifying package-lists/*.list.chroot files.
- Custom packages can be included in the live image by placing the .deb files in a packages.chroot directory. Their installation can be preseeded with preseed/*.cfg files.
- You can add files to the live filesystem by putting them at their expected location below the includes.chroot config directory.
- You can execute scripts during the live system's chroot setup process by installing them as hooks/live/*.chroot files. You can also execute scripts at boot time of the generated live image: you must arrange for them to be installed in /usr/lib/live/config/XXXX-name, for example by relying on the includes.chroot config directory.
- The Debian Live Systems Manual is an excellent reference for live-build configuration and testing.
Setting up encrypted and unencrypted persistence on a USB key: it's fairly simple to create a standard Kali Live USB installation. Although the process may seem syntactically complex, it is relatively straight-forward to add both encrypted and unencrypted persistence to your portable installation to significantly extend its functionality.
In the next chapter (Chapter 10, Kali Linux in the Enterprise), we will discuss how Kali scales to the enterprise. We will discuss configuration management and show you how to extend and customize Kali Linux in a way that is easy to deploy whether you have a pair of machines, or several thousand.