Advices to secure and monitor your Kali system

Take time to define a comprehensive security policy on your own Kali environment.

Here are few propositions :

If you run web services :

  • host them over HTTPS to prevent network intermediaries from sniffing your traffic (which might include authentication cookies).
  • disable services that you do not use. Kali makes it easy to do this since all external network services are disabled by default.

Few more useful tools:

  • the logcheck program monitors log files every hour by default and sends unusual log messages in emails to the administrator for further analysis.
  • top is an interactive tool that displays a list of currently running processes.
  • dpkg --verify (or dpkg -V) displays the system files that have been modified (potentially by an attacker), but relies on checksums, which may be subverted by a clever attacker.
  • the Advanced Intrusion Detection Environment (AIDE) tool checks file integrity and detects any changes against a previously-recorded image of the valid system.
    • Tripwire is very similar to AIDE but uses a mechanism to sign the configuration file, so that an attacker cannot make it point at a different version of the reference database.
    • rkhunterchecksecurity, and chkrootkit help to detect rootkits on your system.

Cf. following articles :

Leave a Reply

Your email address will not be published. Required fields are marked *