Home › Forums › FABRIC General Questions and Discussion › Installing Kali Linux for security tests
- This topic has 9 replies, 2 voices, and was last updated 5 months, 4 weeks ago by Nirmala Shenoy.
-
AuthorPosts
-
June 18, 2024 at 12:03 pm #7132
Hello,
We would like to conduct some security tests on networks running BGP and our custom DCN protocol. For this purpose, we wanted to install Kali Linux that has several attack tools. Fabric does not support Kali Linux (not yet) so we tried to install Kali on Debian using The Best Solution for Converting Debian to Kali Linux (eldernode.com). However, we faced repeated download and installation errors for several files and had to abort our attempts.
Is there a way to resolve this?
thanks
Nirmala
June 19, 2024 at 3:29 pm #7138We will check, try how this works and get back on this.
In the mean time, it can be helpful to know on which sites you tried (and/or some details about the errors if you still have available).
Also, due to ongoing work for the general maintenance that we are preparing for as well as summer schedules, turn around may be slower than usual.
June 20, 2024 at 9:44 am #7141I’m not sure specifically what errors you were getting, I will outline some info from my test slice.
On my trial (on an IPv6-based FABRIC node (PSC)), one mirror (mirrors.jevincanders.net) was causing download problems (their IPv6 address seemed not working). There may be some workarounds with pointing the IPv4 address of the mirror site to a NAT64 address in /etc/hosts. In order to overcome this problem, using an IPv4-based FABRIC node (eg. FIU) can be convenient. I could not find out if Debian 10 or Debian 11 should have been used for this conversion, I tried with Debian 11 on FABRIC-FIU and it worked fine with some issues. (I used kali-linux-default instead of kali-linux-everything, there was a conflict about a package that I did not have time to check further)
┏━(Message from Kali developers) ┃ ┃ This is a cloud installation of Kali Linux. Learn more about ┃ the specificities of the various cloud images: ┃ ⇒ https://www.kali.org/docs/troubleshooting/common-cloud-setup/ ┃ ┗━(Run: “touch ~/.hushlogin” to hide this message) debian@Node2:~$ cat /etc/os-release PRETTY_NAME="Kali GNU/Linux Rolling" NAME="Kali GNU/Linux" VERSION_ID="2024.2" VERSION="2024.2" VERSION_CODENAME=kali-rolling ID=kali ID_LIKE=debian HOME_URL="https://www.kali.org/" SUPPORT_URL="https://forums.kali.org/" BUG_REPORT_URL="https://bugs.kali.org/" ANSI_COLOR="1;31"
1 user thanked author for this post.
June 20, 2024 at 9:54 am #7142Thanks Mert, I will check it out. I don’t remember using specifically IPv6 Fabric node. we used debian 11 and I tried to install kali-linux-everything. will check out with Kali-linux default. My friend from our security dept provided the link that we used. I am reaching out to him for more clarifications. They use Kali Linux for all the security labs.
June 20, 2024 at 10:28 am #7143Hello
how do I find out which sites support IPv4 and which one support IPv6 or both?
thanks
June 20, 2024 at 11:44 am #7147VM management networks of the FABRIC nodes (used for ssh’ing into the VMs and for external connectivity to the public internet) are either IPv4 or IPv6. I’m not sure how/if this information can be found out, so I’m just adding below a list.
- Sites with IPv4 management network: TACC (will be changed to IPv6 in July), UCSD, FIU, SRI, BRIST, TOKY
- Sites with IPv6 management network: STAR, MAX, MICH, MASS, UTAH, NCSA, WASH, DALL, SALT, GPN, CLEM, GATECH, LOSA, NEWY, KANS, ATLA, SEAT, PRIN, INDI, PSC, RUTG, CERN, AMST, HAWI, EDUKY
June 20, 2024 at 2:18 pm #7148Hello I tried adding the mirrors.jevincanders.net ipv4 and ipv6 address in /etc/hosts on an ipv6 Fabric node. I am still getting not able to connect even when using Kali-default. attaching a doc with errors.
When I tried with an IPV4 node and Kali-default it worked.
As most of the sites seem to operate on IPv6, so this will be a problem for us. Also the data center topology that we set up has many nodes, so I need sites that has that many resources.
June 21, 2024 at 11:25 am #7157IPv6 address of the specific mirror site is causing errors, they don’t have an operational web service on that IPv6 address, therefore IPv4 address of the service should be used. On an IPv6-based FABRIC node, this can be possible by putting an entry for the NAT64 converted address. Specifically as follows (this is against FABRIC’s NAT64 service, similar address should be possible against nat64.net’s space):
echo "2600:2701:5000:5001::ac5d:9e3c mirrors.jevincanders.net" >> /etc/hosts
Another problem came out a “non-free” package within kali-linux-everything, sources.list had to be modified. I’m adding below the complete set of steps. Also I added your ssh public slice/sliver key to the VM, so that you should be able to login with the following if needed for review.
ssh -F <path to SSH config file> -i <path to private sliver key> debian@2001:5e8:ff00:ffff:f816:3eff:fe43:4688
<hr />
root@Node2:~# uname -a Linux Node2 5.10.0-27-cloud-amd64 #1 SMP Debian 5.10.205-2 (2023-12-31) x86_64 GNU/Linux root@Node2:~# cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 11 (bullseye)" NAME="Debian GNU/Linux" VERSION_ID="11" VERSION="11 (bullseye)" VERSION_CODENAME=bullseye ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" root@Node2:~# echo "2600:2701:5000:5001::ac5d:9e3c mirrors.jevincanders.net" >> /etc/hosts root@Node2:~# apt update root@Node2:~# apt dist-upgrade -y root@Node2:~# apt install gnupg dirmngr root@Node2:~# wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import root@Node2:~# echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" > /etc/apt/sources.list.d/kali.list root@Node2:~# gpg --export ED444FF07D8D0BF6 > /etc/apt/trusted.gpg.d/kali-rolling.gpg root@Node2:~# apt update root@Node2:~# apt -y upgrade root@Node2:~# apt -y dist-upgrade root@Node2:~# apt -y autoremove --purge # # Customize - START # root@Node2:~# apt -y install kali-linux-everything Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: Unsatisfied dependencies: hak5-wifi-coconut : Depends: firmware-misc-nonfree but it is not installable Error: Unable to correct problems, you have held broken packages. root@Node2:~# cat /etc/apt/sources.list deb http://deb.debian.org/debian bullseye main deb-src http://deb.debian.org/debian bullseye main deb http://security.debian.org/debian-security bullseye-security main deb-src http://security.debian.org/debian-security bullseye-security main deb http://deb.debian.org/debian bullseye-updates main deb-src http://deb.debian.org/debian bullseye-updates main deb http://deb.debian.org/debian bullseye-backports main deb-src http://deb.debian.org/debian bullseye-backports main root@Node2:~# cp /etc/apt/sources.list ~/sources.list.backup root@Node2:~# vim /etc/apt/sources.list root@Node2:~# cat /etc/apt/sources.list deb http://deb.debian.org/debian bullseye main non-free deb-src http://deb.debian.org/debian bullseye main deb http://security.debian.org/debian-security bullseye-security main non-free deb-src http://security.debian.org/debian-security bullseye-security main deb http://deb.debian.org/debian bullseye-updates main non-free deb-src http://deb.debian.org/debian bullseye-updates main deb http://deb.debian.org/debian bullseye-backports main non-free deb-src http://deb.debian.org/debian bullseye-backports main # # Customize - END # root@Node2:~# apt update root@Node2:~# apt -y install kali-linux-everything # There are several prompts during installation. It took >15 minutes to complete root@Node2:~# cat /etc/os-release PRETTY_NAME="Kali GNU/Linux Rolling" NAME="Kali GNU/Linux" VERSION_ID="2024.2" VERSION="2024.2" VERSION_CODENAME=kali-rolling ID=kali ID_LIKE=debian HOME_URL="https://www.kali.org/" SUPPORT_URL="https://forums.kali.org/" BUG_REPORT_URL="https://bugs.kali.org/" ANSI_COLOR="1;31"
# Reboot
Warning: Permanently added 'bastion.fabric-testbed.net' (ED25519) to the list of known hosts. Warning: Permanently added '2001:5e8:ff00:ffff:f816:3eff:fe43:4688' (ED25519) to the list of known hosts. Linux kali 6.8.11-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.8.11-1kali2 (2024-05-30) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Fri Jun 21 14:51:17 2024 from 2600:2701:5000:a902::c /usr/bin/xauth: file /home/debian/.Xauthority does not exist ┏━(Message from Kali developers) ┃ ┃ This is a cloud installation of Kali Linux. Learn more about ┃ the specificities of the various cloud images: ┃ ⇒ https://www.kali.org/docs/troubleshooting/common-cloud-setup/ ┃ ┗━(Run: “touch ~/.hushlogin” to hide this message) debian@kali:~$
- This reply was modified 6 months ago by Mert Cevik.
1 user thanked author for this post.
June 21, 2024 at 11:37 am #7159thanks Mert.
will check it out
June 27, 2024 at 9:58 am #7191Thanks Mert. The proposed approach works. Was able to install Kali-linux-everything on an Ipv6 machine and was able to conduct some tests
-
AuthorPosts
- You must be logged in to reply to this topic.