Configuring Kali Linux

After you have Kali Linux up and running, there are a few more steps that you need to perform.

If you did a manual install of Kali Linux, you will be prompted to provide a username and password for the root account. Alternatively, if you are using a prebuilt virtual machine, then the default username is root and the password is toor. In order to change your password, you can use the passwd utility, as shown in Figure 13:

Most of the tools within Kali Linux require root-level privileges in order to run. However, there are risks to using a root-level account all the time; for example, consider that you are browsing the internet for exploits and happen to land on a malicious website. This malicious website could contain a dropper that drops a remote shell onto Kali Linux. Since the account used is a root-level account, the attacker will have a remote shell with root privileges on your system.

In order to provide an additional layer of security, you will need to create a normal account that does not have root-level privileges. This can be done by performing the following steps:

1. Use the adduser [username] command.
2. Follow the prompts to complete the user's details, as shown in Figure 14:

If you do not add the user to the correct group, then the newly created user will not be able to elevate to root-level privileges, as shown in Figure 15:

1. In order to add the user to the correct group, you will need to enter the following command:

usermod -a -G sudo [username]

Here, -a means append, and -G specifies the group.

1. Once you add the user to the sudo group, you need to allow the user to leverage the bash shell. This is done using the following command:

chsh -s /bin/bash [username]

The chsh command is used to change the login shell, while the -s switch is used to specify the shell.

Once the user is added to the sudo group and the login shell has changed, the user can be elevated to root-level privileges, as shown in the following screenshot (Figure 16):

Next, we need to ensure that we are able to update Kali Linux. The first thing we need to check is the sources.list file; this file can be found at /etc/apt/sources.list.

There are a few repositories that you can use; the standard one that is defined on Kali Linux's website is as follows: 

deb http://http.kali.org/kali kali-rolling main non-free contrib

You can confirm that your repository is not commented out by running the more /etc/apt/source.list or cat /etc/apt/sources.list commands, as shown in the following screenshot (Figure 17):

If you need to edit the sources.list file, then you can do so by using Leafpad, Nano, or your favorite text editor.

Additionally, you will need to perform updates on Kali Linux to ensure that you have the latest version of tools and system files.

The command to perform an update is apt update, and the command to perform an upgrade is apt upgrade. These commands can be issued together to save time; the combined command is apt update && apt upgrade. Additionally, you can also use apt update && apt full-upgrade to include a distribution upgrade, as shown in the following screenshot (Figure 18):

By default, there are services that do not start automatically when Kali Linux boots up. Kali Linux contains services such as ssh, http, and more. If these services are set to automatically start up, they will expose ports, which will lead to Kali Linux being exposed and vulnerable. 

If you want to enable specific services, you will need to use the systemctl start [service name]. For example, if you want to enable the ssh server, you could use the systemctl command to start ssh. On the other hand, if you want it to automatically start during boot, you can use the systemctl command to enable ssh.

The following screenshot (Figure 19) shows that the ssh service is not started by default and demonstrates how to enable it:

Now that we have Kali Linux installed and updated, let's move on to some of its basic commands.