VirtualBox 中 Kali Linux 的定制过程
$ VBoxManage createvm --name "Kali Dev" --register
$ VBoxManage list ostypes
$ VBoxManage modifyvm "Kali Dev" --ostype Debian_64 --memory 1024 --vram 36 --audio coreaudio --audiocontroller ac97 --acpi on --boot1 dvd --nic1 nat
$ VBoxManage createhd --filename "Kali Dev.vdi" --size 8192 --variant Standard $ VBoxManage storagectl "Kali Dev" --name "SATA" --add sata --controller IntelAHCI $ VBoxManage storageattach "Kali Dev" --storagectl "SATA" --port 0 --device 0 --type hdd --medium "Kali Dev.vdi"
这三条命令分别为客户机 Kali Dev 创建好了一个大小为 8 G的动态硬盘、将类型为 IntelAHCI 的 SATA 控制器关联到 Kali Dev 上、再将 8 G 的动态硬盘关联到了 Kali Dev 客户机。至此,客户机 Kali Dev 创建完成,可通过下述方式查看它的所有参数设定
$ VBoxManage showvminfo "Kali Dev"
$ cd ~/Downloads $ wget http://mirrors.163.com/fedora/releases/18/Live/x86_64/Fedora-18-x86_64-Live-Desktop.iso
$ VBoxManage storageattach "Kali Dev" --storagectl "SATA" --port 1 --device 0 --type dvddrive --medium ~/Downloads/Fedora-18-x86_64-Live-Desktop.iso
$ VBoxManage startvm "Kali Dev"
$ ping http://www.kali.org
$ su -
# fdisk -l # fdisk /dev/sda
#!/bin/bash VMDISK="/dev/sda" fdisk ${VMDISK} &> /dev/null <<EOF n p 1 +512M t 2 82 n p 2 w EOF
# chmod +x fdisk_vm.sh # ./fdisk_vm.sh
# mkswap /dev/sda1 # mke2fs -j /dev/sda2
# mkdir /mnt/kali # mount /dev/sda2 /mnt/kali
# swapon /dev/sda1
# cd ~/ # wget http://http.kali.org/kali/pool/main/d/debootstrap/debootstrap_1.0.48+kali1_all.deb
# ar -xf debootstrap_1.0.48+kali1_all.deb && tar zxvpf data.tar.gz -C /
# yum install binutils
# debootstrap --arch amd64 sid /mnt/kali http://http.kali.org/kali
# cp -L /etc/resolv.conf /mnt/kali/etc/resolv.conf
# mount -t proc none /mnt/kali/proc # mount -t sysfs none /mnt/kali/sys # mount -o bind /dev /mnt/kali/dev
# chroot /mnt/kali /bin/bash
# cat << EOF > /etc/apt/sources.list ## Kali Official Repositories deb http://http.kali.org/kali kali main non-free contrib deb-src http://http.kali.org/kali kali main non-free contrib ## Kali proposed updates deb http://http.kali.org/kali kali-proposed-updates main non-free contrib deb-src http://http.kali.org/kali kali-proposed-updates main non-free contrib ## Security updates deb http://security.kali.org/kali-security kali/updates main contrib non-free deb-src http://security.kali.org/kali-security kali/updates main contrib non-free EOF如果用户希望体验最新的软件,可选择 Kail 的开发版本(对应于 Debian 的 unstable 版):
# cat << EOF > /etc/apt/sources.list ## Kali Official Repositories deb http://http.kali.org/kali kali-dev main non-free contrib deb-src http://http.kali.org/kali kali-dev main non-free contrib EOF若想再激进一点,可以试试 Kali 的 Bleeding-edge 版本(对应于 Debian 的 experimental 版)
# cat << EOF > /etc/apt/sources.list ## Kali Official Repositories deb http://http.kali.org/kali kali-bleeding-edge main non-free contrib deb-src http://http.kali.org/kali kali-bleeding-edge main non-free contrib EOF稳妥一点的话,可以试试 Kali 的测试版(对应于 Debian 的 testing 版)
# cat << EOF > /etc/apt/sources.list ## Kali Official Repositories deb http://http.kali.org/kali kali-rolling main non-free contrib deb-src http://http.kali.org/kali kali-rolling main non-free contrib ## Security updates deb http://security.kali.org/kali-security kali-rolling/updates main contrib non-free deb-src http://security.kali.org/kali-security kali-rolling/updates main contrib non-free EOF另外要指出的是,若想让 Kali 的定制过程加快,不妨尝试加入 Debian 源(后果自负):
# echo "## Debian Offical Mirrors deb http://mirrors.163.com/debian sid main non-free contrib deb-src http://mirrors.163.com/debian sid main non-free contrib" >> /etc/apt/sources.list
# cat > /etc/apt/apt.conf.d/01apt << EOF APT::Default-Release "sid"; APT::Get::Show-Upgraded "true"; APT::Get::Purge "true"; APT::Get::Show-Versions "true"; APT::Cache::NamesOnly "true"; EOF
# apt-get update
# apt-get install netselect-apt # netselect-apt
W: GPG error: http://http.kali.org lucid Release: The following signatures were invalid: BADSIG 54422A4B98AB5139 Oracle Corporation (VirtualBox archive signing key)
# apt-key del 16126D3A3E5C1192 # apt-get update # apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 16126D3A3E5C1192
# apt-get clean # Remove cached packages # cd /var/lib/apt # mv lists lists.old # Backup mirror info # mkdir -p lists/partial # Recreate directory structure # apt-get clean # apt-get update # Fetch mirror info
# apt-get install tzdata
# dpkg-reconfigure tzdata
# nano -w /etc/timezone Asia/Shanghai
# rm /etc/localtime # cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# nano -w /etc/default/rcS
UTC=no
# apt-get install locales
# dpkg-reconfigure locales
# nano -w /etc/locale.gen en_US.UTF-8 UTF-8 zh_CN.UTF-8 UTF-8 zh_CN.GB18030 GB18030 zh_CN.GB2312 GB2312 zh_CN.GBK GBK
# locale-gen
# apt-get install keyboard-configuration
debconf 会自动提示用户设置键盘布局。如果以后想修改的话,可执行下述命令
# dpkg-reconfigure keyboard-configuration
# apt-cache search linux-image
# apt-get install linux-image-3.7-trunk-amd64
# apt-cache search linux-source # apt-get install linux-source-3.7
# apt-get source linux-3.7 # tar jxf linux-source-3.7.tar.bz2 -C /usr/src/
# nano -w /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.159.62 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255 gateway 192.168.159.1
# nano -w /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp
# nano -w /etc/network/interfaces auto lo iface lo inet loopback auto wlan0 iface wlan0 inet static address 192.168.159.62 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255 gateway 192.168.159.1 wpa-essid yourssid wpa-psk yourpassword
# nano -w /etc/network/interfaces auto lo iface lo inet loopback auto wlan0 iface wlan0 inet dhcp
# apt-get install iw wpasupplicant wireless-tools
根据需要调整域名解析服务配置,这里只给出一个例子:
# nano -w /etc/resolv.conf ## A simple example /etc/resolv.conf: nameserver 10.1.1.36 nameserver 192.168.9.100
# echo "KALI" > /etc/hostname
# echo "127.0.0.1 KALI" >> /etc/hosts
# invoke-rc.d networking restart
# passwd
# apt-get install sudo # nano -w /etc/sudoers
%sudo ALL=(ALL:ALL) NOPASSWD: ALL
# adduser easior -a sudo # passwd easior
# cat /etc/fstab /dev/sda1 none swap sw 0 0 /dev/sda2 / ext4 noatime 0 1 /dev/cdrom /mnt/cdrom iso9660 noauto,ro 0 0 proc /proc proc defaults 0 0
# apt-get install grub2 # grub2-install /dev/hda # update-grub
# exit # umount /mnt/kali/dev # umount /mnt/kali/sys # umount /mnt/kali/proc # umount /mnt/kali # swapoff # reboot
$ VBoxManage storageattach "Kali Dev" --storagectl "SATA" --port 1 --device 0 --type dvddrive --medium none $ VBoxManage closemedium dvd ~/Downloads/Fedora-18-x86_64-Live-Desktop.iso
login: easior password:
$ sudo apt-get install xserver-xorg
$ sudo apt-get install pciutils $ lspci
$ sudo apt-get install xserver-xorg-core xserver-xorg-video-intel xserver-xorg-input-evdev xserver-xorg-input-synpatic
$ sudo apt-get install gnome-core kali-defaults kali-root-login desktop-base
$ sudo apt-get install gdm3
$ sudo apt-get install gnome-icon-theme gnome-themes-standard
$ gnome-shell --replace
$ gsettings set org.gnome.desktop.session session-name gnome
$ gsettings set org.gnome.desktop.session session-name gnome-fallback
$ sudo apt-get install nautilus nautilus-open-terminal
$ sudo apt-get install alsa-utils gnome-media
$ sudo apt-get install network-manager network-manager-gnome
需要注意,Linux 系统中有两套网络服务管理工具:由 ifupdown 提供的/etc/init.d/networking 以及由 network-manager 提供的 /etc/init.d/network-manager。前者常用于没有桌面环境的系统,后者应用于桌面环境,两套网络服务不能同时运行,但可以共存。前面已经由 /etc/init.d/networking 包接管了网络,若现在想换用 network-manager,请先停用它:
$ sudo invoke-rc.d networking stop $ sudo update-rc.d networking disable
接着开启 /etc/init.d/network-manager:
$ sudo invoke-rc.d network-manager start
若想完全由 network-manager 接管网络服务,作如下配置
$ sudo nano -w /etc/NetworkManager/NetworkManager.conf [ifupdwon] manager=true
其中 manager 由原先的 false 改成了 true。并重启 /etc/init.d/network-manager 服务:
$ sudo invoke-rc.d network-manager restart
若觉得 ifupdown 包没有必要存在,可删除它
$ sudo apt-get remove ifupdown
$ sudo apt-get install netspeed
$ sudo apt-get install file-roller
$ sudo apt-get remove --purge gnash
$ sudo apt-get install iceweasel iceweasel-l10n-zh-cn
$ sudo apt-get install flashplugin-nonfree $ sudo update-flashplugin-nonfree --install
$ sudo apt-get install evolution
$ sudo apt-get install gdebi
$ sudo apt-get install synaptic
$ sudo apt-get install software-center
$ sudo apt-get install packagekit gnome-packagekit
$ sudo apt-get install acpi acpid hibernate cpufreqd hotkeys
$ sudo apt-get install hotplug usbutils discover
$ sudo apt-get install hdparm
$ sudo apt-get install rcconf
$ sudo apt-get install prelink
$ sudo prelink -am
$ sudo reboot
$ sudo apt-get install gnome-tweak-tool
$ sudo apt-get install tff-wqy-microhei tff-wqy-zenhei fonts-liberations ttf-mscorefonts-installer
$ mkdir -p ~/.fonts/truetype
$ sudo mkdir -p /usr/local/share/fonts/truetype
$ cp sim*.tt* ~/.fonts/truetype/
$ sudo apt-get install xfonts-utils $ cd ~/.fonts/truetype/ $ mkfontscale $ mkfontsdir
$ sudo nano -w /etc/X11/Xorg.conf.d/10-fonts.conf FontPath "/usr/share/fonts/truetype/" FontPath "~/.fonts/truetype/"
$ fc-cache -v -f
$ su # cat << EOF > /etc/default/locale LC_ALL="zh_CN.UTF-8" LANG="zh_CN.UTF-8" EOF $ su easior
export LANG=zh_CN.GB18030 export G_FILENAME_ENCODING=@GB18030 export LC_ALL=zh_CN.GB18030 export G_BROKEN_FILENAMES=1
$ sudo apt-get install manpages-zh
$ sudo apt-get install convmv iconv easytag
$ sudo apt-get install ibus ibus-rime
$ ibus-setup
$ sudo apt-get install linux-headers-`uname -r` virtualbox-guest-dkms virtualbox-guest-x11
$ VBoxManage modifyvm "Kali Dev" --clipboard bidirectional --draganddrop bidirectional
$ VBoxManage sharedfolder add "Kali Dev" --name "vbmeida" --hostpath "~/Downloads/"
$ lsmod | grep vboxsf $ sudo modprobe vboxsf
$ su -c 'echo vboxsf >> /etc/modules'
$ sudo gpasswd -a easior vboxsf
$ sudo mkdir /mnt/share/ $ sudo mount -t vboxsf vbmedia /mnt/share/ $ ls /mnt/share
$ su -c "echo 'vbmedia /mnt/share default 0 0' >> /etc/fstab"
$ sudo apt-get install build-essential gcc-4.8-multilib gcc-4.8-locales gcc-4.8-doc gdb automake libtool
安装更多的手册页 例如 C API 手册页、posix 函数以及开发文档的手册页、C API 手册页、标准类库手册页、C++ API 手册页:
$ sudo apt-get install manpages-dev manpages-posix manpages-posix-dev glibc-doc stl-manual libstdc++6-4.3-doc
C/C++ 的集成开发环境 Linux 下也有很多集成开发环境可以选择,例如 Code::Blocks、CodeLite、Eclipse+cdt 等,这里选择安装 Code::Blocks,最好连带安装上它插件需要的工具 valgrind、asytle、doxygen、cppcheck、cccc、cscope 等:
$ sudo apt-get install codeblocks valgrind asytle cppcheck cccc cscope doxygen
Java 运行环境或者开发工具
$ sudo apt-get default-jre
或者
$ sudo apt-get default-jdk
通常,默认安装是由 OpenJRE 或者 OpenJDK 提供的 Java。接着可以安装浏览器的 Java 插件了
$ sudo apt-get install icedtea-7-plugin
Java 集成开发环境
$ sudo apt-get install eclipse
$ sudo apt-get install python-dev python-vte python-appindicator
Python 的集成开发环境也有很多选择,例如 pycharm、Eclipse+pydev。通常选择前者,不过需要首先确认 Java 开发环境已经安装,然后便可以开始下载并安装它了
$ wget http://download-cf.jetbrains.com/python/pycharm-community-4.5.1.tar.gz $ sudo tar zxvf pycharm-community-4.5.1.tar.gz -C /usr/local/ $ sudo sh -c 'cat > /etc/profile.d/pycharm-4.5.1.sh << EOF /usr/local/pycharm/bin/ EOF'
第一次运行 PyCharm,需先执行
$ pycharm.sh
以后执行非常简单。
$ sudo apt-get install libgtk2.0-dev libgtk-3.0-dev devhelp libgtk2.0-doc
若想使用 wxWidgets 作界面开发库,则
$ sudo apt-get install wx3.0-doc libwxgtk3.0-dev python-wxgtk3.0-dev
版本控制工具:
$ sudo apte-get install git gitg bzr subversion
$ sudo apt-get install bzip2 zip unzip gzip p7zip unrar arj
$ sudo apt-get install gnome-keyring seahorse pinentry-gtk2 keychain
$ sudo apt-get install keepassX
$ sudo apt-get install amule transmission transmission-cli ftp gftp wget gwget
$ sudo apt-get install openssh-client xtightvncviewer rdesktop
$ wget http://download.teamviewer.com/download/teamviewer_linux_x64.deb $ sudo dpkg -i teamviewer_linux_x64.deb
$ sudo apt-get install xchat pan liferea
$ sudo dpkg --add-architecture i386 $ sudo apt-get update
$ wget http://skype.tom.com/download/linux/skype-debian_4.2.0.11-1_i386.deb $ sudo dpkg -i skype-debian_4.2.0.11-1_i386.deb
$ sudo apt-get upgrade $ sudo apt-get install -f skype-debian
$ sudo apt-get install pcmanx-gtk2 qterm
$ sudo apt-get install nano emacs gedit
$ sudo apt-get install bluefish
$ sudo apt-get install evince
$ su -c "echo 'deb http://www.deb-multimedia.org/ sid main non-free deb-src http://www.deb-multimedia.org/ sid main non-free' >> /etc/apt/sources.list" $ sudo apt-get update
W: GPG error: http://www.deb-multimedia.org sid InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 07DC563D1F41B907
$ sudo apt-key adv --keyserver pgp.mit.edu --recv-keys 07DC563D1F41B907
$ sudo apt-get update
$ sudo apt-get install acroread-chfonts acroread acroread-plugins
$ wget http://wdl.cache.ijinshan.com/wps/download/Linux/unstable/wps-office_8.1.0.3724~b1p2_i386.deb
$ sudo dpkg --add-architecture i386 $ sudo apt-get update
$ sudo dpkg -i wps-office_8.1.0.3724~b1p2_i386.deb
$ sudo apt-get install stardict-langdao-ec-gb stardict-oxford-gb stardict-xdict-ec-gb stardict-xdict-ce-gb stardict-langdao-ce-gb sdcv
$ sudo apt-get install gimp imagemagick eog
$ sudo apt-get install xchm chmsee
$ sudo apt-get install audacious mplayer smplayer gnome-mplayer
$ sudo apt-get install avidemux cinelerra lives pitivi winff ffmpeg
$ sudo apt-get install audacity mhwaveedit mencoder
$ sudo apt-get install brasero
$ sudo apt-get install gparted
安装 plymouth
Debian 默认的启动画面确实很酷,但是一行一行的文字滚动确实很丑陋,为了不给人留下 Dos 命令行的错觉,还是装一个splash,让开机变得漂亮一点。有两种 splash 的选择,一个是 splashy,一个是 plymouth。不过 splashy 似乎有些过时,对 KMS 支持的不好。于是安装 plymouth。
$ sudo apt-get install plymouth plymouth-themes-all
安装以后,需要进行配置。修改 /etc/initramfs-tools/modules 添加以下三行
$ sudo nano -w /etc/initramfs-tools/module intel_agp drm i915 modeset=1
如果使用的是 nvidia 或者 ATI 的显卡,设置会有所不同,具体参考 /usr/share/doc/plymouth 下的文档。接着修改grub 的配置文件
$ sudo nano -w /etc/default/grub #GRUB_GFXMODE="" GRUB_CMDLINE_LINUX_DEFAULT="quiet"
修改为
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" GRUB_GFXMODE=1024x768
运行
$ sudo update-grub2
使上面的修改生效。请喝杯茶继续,革命还未成功。先列出已安装的所有主题
$ sudo plymouth-set-default-theme --list
设定主题
$ sudo plymouth-set-default-theme solar
重新生成 initramfs
$ sudo update-initramfs -u -k all
安装 Dropbox,首先添加 Debian 源
$ su -c "echo 'deb https://linux.dropbox.com/debian sid main deb-src https://linux.dropbox.com/debian sid main' >> /etc/apt/source.list"
$ sudo apt-get install apt-transport-https
$ wget https://linux.dropbox.com/fedora/rpm-public-key.asc $ sudo apt-key add rpm-public-key.asc $ rm rpm-public-key.asc
$ sudo apt-get update
$ sudo apt-get install dropbox
$ sudo apt-get install python-gpgme
$ su -c " echo 'deb http://dl.google.com/linux/chrome/deb/ stable main deb http://dl.google.com/linux/earth/deb/ stable main deb http://dl.google.com/linux/musicmanager/deb/ stable main deb http://dl.google.com/linux/talkplugin/deb/ stable main deb http://dl.google.com/linux/mod-pagespeed/deb/ stable main' >> /etc/apt-source.list"
$ wget https://dl-ssl.google.com/linux/linux_signing_key.pub $ sudo apt-key add linux_signing_key.pub $ rm linux_signing_key.pub
$ sudo apt-get update
$ sudo apt-get install google-chrome google-earth google-musicmanage google-talkplugin
有关 Debian 更多的第三方仓库,请看 https://wiki.debian.org/UnofficialRepositories 的介绍。
General setup ---> [*] Initial RAM filesystem and RAM disk (initramfs/initrd) support (/usr/share/v86d/initramfs) Initramfs source file(s) Device Drivers -> Input Device Support ---> <*> Event Interface <*> Connector - unified userspace <-> kernelspace linker ---> Graphics support ---> [*] Support for frame buffer devices ---> [*] Enable firmware EDID <*> Userspace VESA VGA graphics support Console display driver support ---> [*] VGA text console [*] Enable Scrollback Buffer in System RAM (64) Scrollback Buffer Size (in KB) <*> Framebuffer Console support -*- Map the console to the primary display device [ ] Framebuffer Console Rotation [*] Support for the Framebuffer Console Decorations [ ] Select compiled-in fonts
$ lsmod | grep fb fbcon vesafb vga16b
$ sudo modprobe fbcon vesafb vga16b
$ sudo nano -w /etc/modules fbcon vesafb vga16b
$ sudo apt-get install hwinfo $ hwinfo --framebuffer | grep Mode
vga=0x317
$ sudo apt-get install fbset
$ sudo apt-get install console-setup console-data
$ sudo apt-get install fbterm ibus-fbterm
$ sudo apt-get console-tools
$ sudo apt-get install lynx links2 w3m w3m-img
$ sudo apt-get install finch irssi
$ sudo apt-get install fbcat
$ sudo apt-get install fbi
$ sudo apt-get install fbida-fbgs
$ sudo apt-get install gpm
$ sudo /etc/init.d/gpm start
J、在 Kali Linux 中开启 SELinux 与 iptables 防火墙
配置 SELinux,需要确认 Linux 内核与文件系统是否支持。目前包括 btrfs、ext2、ext3、ext4、jfs 与 xfs 在内的文件系统都是支持 SELinux。其次,凡是基于 Debian 内核的 Linux 系统都是具备了运行 SELinux 的能力。但是,如果内核是自行编译的话,请务必确认内核选项 CONFIG_AUDIT 与 CONFIG_SECURITY_SELINUX 已经开启。如果不然,请重新编译内核。一切就绪之后就可以开始配置 SELinux 了。 先安装 SELinux 的基本工具集以及默认策略:
$ sudo apt-get install selinux-basics selinux-policy-default auditd接着运行
$ sudo selinux-activate配置 GRUB 与 PAM 并在根目录创建 /.autorelabel。重启系统并等待完成文件系统的标记直至系统再次重启。随后执行
$ sudo check-selinux-installation检查系统是否正确执行设置并捕获一些 SELinux 的普通问题。例如,若出现 FSCKFIX is not enabled - not serious, but could prevent system from booting... 请检查 /etc/default/rcS 中的 FSCKFIX 配置,设置为 yes 即可。 若前述问题全部解决之后,一个可工作的 SELinux 系统准备好了,不过它还是处于 permissive 模式。这意味着 SELinux 策略不是强制执行的,但所有的 denials 信息会被记录到日志系统。执行
$ audit2why -al可以查看所有可能的 denials 以及一些简短解释。如果系统日志里没有出现严重的 audit 错误,那么可以放心的使用 SELinux。可尝试临时启用 SELinux 的 enforcing 模式
$ sudo setenforce 1
或者可以在 /etc/default/grub 中增加 enforcing=1 参数到内核命令行然后重启系统永久生效。
防火墙服务有很多,这里以最简单的方式提供,先安装软件
$ sudo apt-get install iptables创建防火墙脚本
$ sudo sh -c 'cat > /etc/iptables.rules << EOF *filter # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT # Accepts all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allows all outbound traffic # You could modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allows HTTP and HTTPS connections from anywhere (the normal ports for websites) -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT # Allows SSH connections # The --dport number is the same as in /etc/ssh/sshd_config -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT # Now you should read up on iptables rules and consider whether ssh access # for everyone is really desired. Most likely you will only allow access from certain IPs. # Allow ping # note that blocking other types of icmp packets is considered a bad idea by some # remove -m icmp --icmp-type 8 from this line to allow all kinds of icmp: # https://security.stackexchange.com/questions/22711 -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # log iptables denied calls (access via 'dmesg' command) -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # Reject all other inbound - default deny unless explicitly allowed policy: -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT EOF'然后测试
$ sudo iptables-restore < /etc/iptables.rules $ sudo iptables -L $ netstat -nat如无任何问题,将上述防火墙配置脚本放入网络启动服务
$ sudo sh -c 'cat > /etc/network/if-pre-up.d/iptables << EOF #!/bin/bash iptables-restore < /etc/iptables.rules EOF'
防火墙服务配置完成。
K、最后,Kali Linux/Debian 的日常维护工作:
$ sudo apt-get update $ sudo apt-get upgrade $ sudo apt-get dist-upgrade