Kali Linux is not maintaining their own cloud images. Therefore we need to create them manually. To create a Kali image, follow this article. The image is built with tightvncserver enabled for the root user, with a default password ("kaliVNC"). Cloud-init is configured to not disable the root user. This makes it possible to SSH into the root account, and the keypair injected from Openstack will be valid for root login.
This article describes how to build the image on a Linux computer, with KVM/libvirt running locally.
Install Kali on a local virtual machine
- Download the latest Kali Linux image. Download here
- Create a new VM on your local Linux computer running KVM/libvirt, and install Kali from the ISO. 15GB disk should be sufficient. Use the qcow2 format. Make sure to select the virtio driver both for disk and NIC. The VM also need internet connectivity.
- During the installation, use manual partitioning. Create just one partition, with / mounted, and enable the bootable flag. Disable swap.
- When prompted, create the user "kali" with "kali" as password. The password will be overwritten by cloud-init later.
Modify the image, to make it cloud ready
- Login to the virtual machine with kali user, and run
sudo apt update && sudo apt upgrade
. Reboot if necessary. - Install cloud-init:
apt install cloud-init
- Add
datasource_list: [ OpenStack, ConfigDrive, Ec2 ]
to/etc/cloud/cloud.cfg
- Add
- Run
systemctl enable cloud-init
- Run
systemctl enable cloud-final
- Edit the file
/etc/default/grub
, and make sure that the variableGRUB_CMDLINE_LINUX_DEFAULT
containsconsole=ttyS0 console=tty0
(if there's other content in this variable that's fine. Just add this to the end of the string.
NOTE: removequiet
- Run
update-grub
- Run
Enable ssh server
systemctl enable ssh
Enable vncserver for user "kali", and add it to upstart
- Install
tightvncserver
anddbus-x11
- Run
vncserver
- Enter the password "kaliVNC" twice
- When the command returns, kill the vncserver with
vncserver -kill :1
Create
/usr/local/bin/vncserv
and paste this contentchmod 755
/usr/local/bin/vncserv
Create
/lib/systemd/system/vncserv.service
and paste this contentRun
systemctl daemon-reload; systemctl enable vncserv
Final steps
- Shutdown the virtual machine
- Unmount the ISO file (if still mounted)
- Run (on your local machine)
virt-sysprep -d <vm-name>
- Convert the qcow2 disk to raw format, and upload it to glance. (howto)