🦦 ponchos blog.

Securing Kali Linux & Some

A few simple and easy steps to securing your Kali Linux OS.

I created this because all of the information I needed to secure my own Kali OS was scattered across different blog posts etc.

I also included some tips and tricks to fix a few things like USB mouse lag and expanding the SD card.

USB Mouse Lag Fix [Restart required]

sudo nano /boot/cmdline.txt

At the end of the line type the below

Usbhid.mousepoll=0

Ctrl+X to exit and save, hit Y when asked to save

Expanding SD Card [Restart required]

sudo raspi-config --expand-rootfs

Change root Password

sudo passwd root

changing passwd

Create a New User (Unprivileged)

sudo adduser yoda

Yoda Account Creation

Update Kali Image

I like to run these two commands separately. I also run them twice each, for good luck

sudo apt-get update
sudo apt-get upgrade

upate and upgrade

I also run another command, this installs and/or removes packages.

sudo apt-get dist-upgrade

Change the Default SSH Keys

So many people forget this part when they first install Kali. Change the damn SSH Keys!! Everyone who has the same Image, has the same exact keys!!

It's up to you if you keep the old keys in a folder or delete them after the new ones have been generated.

We will be changing the ssh_host_ files.

Here's how you can get rid of your n00b status;

cd /etc/ssh

ls

etcssh

Next we will create a folder to store the old keys before replacing them.

sudo mkdir old_keys

oldkeysfolder

Move the old keys, and pivot to the directory to check all the old keys are there.
Like so;

sudo mv ssh_host* /etc/ssh/old_keys

cd /old_keys/

ls

oldkeys

Once the keys are moved, we can generate new SSH Keys. [Redacted cause I don't trust any of you 😂].
This is how;

Ignore anything regarding static unit

cd .. [to go back to /etc/ssh/ directory

sudo dpkg-reconfigure openssh-server

new keys

Great, new keys have been created. Let's compare the hashes to make sure they are new keys.

We can run these commands;

sudo md5sum ssh_host_*

md5sum /etc/ssh/old_keys/ssh_host_*

md5sum compare

- 5 toasts