Secure and Optimize Kali

08 April 2025 - 3 mins read time
Tags: linux kali

Create a Non-Root User

Using root for daily tasks is dangerous. Create a limited-privilege user:

sudo adduser yourusername
sudo usermod -aG sudo yourusername

Enable the Firewall

Use UFW to protect your network:

sudo ufw enable
sudo ufw status
sudo ufw allow 22  # if using SSH

Install Essential Tools

Some useful additions:

sudo apt install htop curl tmux

Secure SSH Access

Edit your SSH configuration:

sudo nano /etc/ssh/sshd_config

Set the following:

• PermitRootLogin no
• Change Port 22 to something like 2222

Then restart SSH:

sudo systemctl restart ssh

Enable Automatic Updates

Automate security updates:

sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

Install Monitoring Tools

Install Nagios for system monitoring:

sudo apt install nagios

Encrypt Sensitive Data

Use LUKS for full disk/partition encryption:

sudo cryptsetup luksFormat /dev/sda1
sudo cryptsetup open /dev/sda1 encrypted_partition

Perform Vulnerability Scans

Use OpenVAS (via GVM):

gvm-setup

If prompted to install, type Y. Then:

sudo gvm-setup

Schedule Regular Maintenance

Use cron to automate updates:

crontab -e

Add:

0 2 * * * apt update && apt upgrade -y

Harden the Kernel

Edit the sysctl configuration:

sudo nano /etc/sysctl.conf

Add:

net.ipv4.ip_forward = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0

Apply changes:

sudo sysctl -p

Configure Intrusion Detection

Install Suricata:

sudo apt install suricata

Test Your Defensive Tools

Use Metasploit to simulate attacks and observe reactions in Suricata or Snort.

Automate Tasks (e.g. Log Backups)

Create a script backup-logs.sh:

#!/bin/bash
tar -czf /backup/logs-$(date +%F).tar.gz /var/log
echo "Logs have been backed up successfully!"

Make it executable:

chmod +x backup-logs.sh

Document Your Configuration

Use tools like:

• Typora
• Notion
• Markdown files in /docs

Backup Your System

Create backup-system.sh:

#!/bin/bash
rsync -a --exclude="/proc" --exclude="/sys" / /backup/
echo "Backup completed successfully!"

Then:

chmod +x backup-system.sh

Set Up Logwatch

Install and configure Logwatch:

sudo apt install logwatch
sudo nano /usr/share/logwatch/default.conf/logwatch.conf

Set MailTo = your@email.com and adjust Detail = Low | Med | High

Generate a report manually:

sudo logwatch --detail High --mailto your@email.com

Enable Automatic Updates

Automate security updates:

sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

Update the system:

sudo apt update && sudo apt upgrade