As we have seen in previous chapters, the basic Kali Linux installation process is straightforward once you know your way around. But if you have to install Kali on multiple machines, the standard setup can be quite tedious. Thankfully, you can start the Kali installation procedure by booting a computer over the network. This allows you to install Kali quickly and easily on many machines at a time.
First, you will need to boot your target machine from the network. This is facilitated by the Preboot eXecution Environment (PXE), a client/server interface designed to boot any networked machine from the network even if it does not have an operating system installed. Setting up PXE network boot requires that you configure at least a trivial file transfer protocol (TFTP) server and a DHCP/BOOTP server. You will also need a web server if you want to host a debconf preseeding file that will be automatically used in the installation process.
Fortunately, dnsmasq handles both DHCP and TFTP so that you can rely on a single service to set up everything you need. And the Apache web server is installed (but not enabled) by default on Kali systems.
In order to set up dnsmasq, you must first configure it through /etc/dnsmasq.conf. A basic configuration consists of only a few key lines:
# Network interface to handle interface=eth0 # DHCP options # IP range to allocate dhcp-range=192.168.101.100,192.168.101.200,12h # Gateway to announce to clients dhcp-option=option:router,192.168.101.1 # DNS servers to announce to clients dhcp-option=option:dns-server,184.108.40.206,220.127.116.11 # Boot file to announce to clients dhcp-boot=pxelinux.0 # TFTP options enable-tftp # Directory hosting files to serve tftp-root=/tftpboot/
With /etc/dnsmasq.conf configured, you will need to place the installation boot files in the /tftpboot/ directory. Kali Linux provides a file archive dedicated to this purpose that can be directly unpacked into /tftpboot/. Simply select between 32-bit (i386) and 64-bit (amd64) and standard or graphical (gtk) install methods for your target machine and choose the appropriate archive:
Once you have selected the archive, create /tftpboot/, download the archive, and unpack it into that directory:
# mkdir /tftpboot # cd /tftpboot # wget http://http.kali.org/dists/kali-rolling/main/installer-amd64/current/images/netboot/netboot.tar.gz # tar xf netboot.tar.gz # ls -l total 25896 drwxrwxr-x 3 root root 4096 May 6 04:43 debian-installer lrwxrwxrwx 1 root root 47 May 6 04:43 ldlinux.c32 -> debian-installer/amd64/boot-screens/ldlinux.c32 -rw-r--r-- 1 root root 26507247 May 6 04:43 netboot.tar.gz lrwxrwxrwx 1 root root 33 May 6 04:43 pxelinux.0 -> debian-installer/amd64/pxelinux.0 lrwxrwxrwx 1 root root 35 May 6 04:43 pxelinux.cfg -> debian-installer/amd64/pxelinux.cfg -rw-rw-r-- 1 root root 71 May 6 04:43 version.info
The unpacked files include the pxelinux bootloader, which uses the same configuration files as syslinux and isolinux. Because of this, you can tweak the boot files in debian-installer/amd64/boot-screens/ as you would when generating custom Kali Linux Live ISO images.
For example, assuming that you have picked the textual installer, you can add boot parameters to preseed the language, country, keymap, hostname, and domain name values. You can also point the installer to an external preseed URL and configure the timeout so that the boot happens automatically if no key is pressed within 5 seconds. To accomplish this, you would first modify the debian-installer/amd64/txt.cfg file:
label install menu label ^Install kernel debian-installer/amd64/linux append vga=788 initrd=debian-installer/amd64/initrd.gz --- quiet language=en country=US keymap=us hostname=kali domain= url=http://192.168.101.1/preseed.cfg
Then, you would modify the debian-installer/amd64/syslinux.cfg file to adjust the timeout:
# # D-I config version 2.0 # search path for the c32 support libraries (libcom32, libutil etc.) path debian-installer/amd64/boot-screens/ include debian-installer/amd64/boot-screens/menu.cfg default debian-installer/amd64/boot-screens/vesamenu.c32 prompt 0 timeout 50
Armed with the ability to boot any machine from the network via PXE, you can take advantage of all the features outlined in Section 4.3, "Unattended Installations", enabling you to do full booting, preseeding, and unattended installation on multiple computers without physical boot media. Also, don't forget the flexibility of the boot parameter preseed/url=http://server/preseed.cfg (nor the use of the url alias), which allows you to set a network-based preseed file.