Installing Kali over the Network

Topic Progress:

10.1. Installing Kali Linux Over the Network (PXE Boot)

As we have seen in previous chapters, the basic Kali Linux installation process is straightforward once you know your way around. But if you have to install Kali on multiple machines, the standard setup can be quite tedious. Thankfully, you can start the Kali installation procedure by booting a computer over the network. This allows you to install Kali quickly and easily on many machines at a time.

First, you will need to boot your target machine from the network. This is facilitated by the Preboot eXecution Environment (PXE), a client/server interface designed to boot any networked machine from the network even if it does not have an operating system installed. Setting up PXE network boot requires that you configure at least a trivial file transfer protocol (TFTP) server and a DHCP/BOOTP server. You will also need a web server if you want to host a debconf preseeding file that will be automatically used in the installation process.

Fortunately, dnsmasq handles both DHCP and TFTP so that you can rely on a single service to set up everything you need. And the Apache web server is installed (but not enabled) by default on Kali systems.

Separate DHCP and TFTP daemons


For more complex setups, dnsmasq‘s feature set might be too limited or you might want to enable PXE booting on your main network that already runs a DHCP daemon. In both cases, you will then have to configure separate DHCP and TFTP daemons.

The Debian installation manual covers the setup of isc-dhcp-server and tftpd-hpa for PXE booting.

https://www.debian.org/releases/stable/amd64/ch04s05.html

In order to set up dnsmasq, you must first configure it through /etc/dnsmasq.conf. A basic configuration consists of only a few key lines:

With /etc/dnsmasq.conf configured, you will need to place the installation boot files in the /tftpboot/directory. Kali Linux provides a file archive dedicated to this purpose that can be directly unpacked into /tftpboot/. Simply select between 32-bit (i386) and 64-bit (amd64) and standard or graphical (gtk) install methods for your target machine and choose the appropriate archive:

http://http.kali.org/dists/kali-rolling/main/installer-amd64/current/images/netboot/gtk/netboot.tar.gz

http://http.kali.org/dists/kali-rolling/main/installer-amd64/current/images/netboot/netboot.tar.gz

http://http.kali.org/dists/kali-rolling/main/installer-i386/current/images/netboot/gtk/netboot.tar.gz

http://http.kali.org/dists/kali-rolling/main/installer-i386/current/images/netboot/netboot.tar.gz

Once you have selected the archive, create /tftpboot/, download the archive, and unpack it into that directory:

The unpacked files include the pxelinux bootloader, which uses the same configuration files as syslinux and isolinux. Because of this, you can tweak the boot files in debian-installer/amd64/boot-screens/ as you would when generating custom Kali Linux Live ISO images.

For example, assuming that you have picked the textual installer, you can add boot parameters to preseed the language, country, keymap, hostname, and domainname values. You can also point the installer to an external preseed URL and configure the timeout so that the boot happens automatically if no key is pressed within 5 seconds. To accomplish this, you would first modify the debian-installer/amd64/txt.cfg file:

Then, you would modify the debian-installer/amd64/syslinux.cfg file to adjust the timeout:

Armed with the ability to boot any machine from the network via PXE, you can take advantage of all the features outlined in Section 4.3, “Unattended Installations”, enabling you to do full booting, preseeding, and unattended installation on multiple computers without physical boot media. Also, don’t forget the flexibility of the boot parameter preseed/url=http://server/preseed.cfg (nor the use of the url alias), which allows you to set a network-based preseed file.