From da484826f4c4677cff8a4128fedacf87a3c9bb33 Mon Sep 17 00:00:00 2001 From: Arnaud Rebillout Date: Mon, 4 Apr 2022 15:18:53 +0700 Subject: [PATCH 1/3] Nitpicks in kali-{user-setup,finish-install} Changes: - order groups alphabetically - use the same comment "Ensure those groups exist" consistently in the 2 scripts, and also drop the comment regarding a "generically named" function. - adds "|| true" to the usermod command in kali-user-setup (only for consistency, the script is not run with "set -e" anyway). After those changes, the two functions "configure_usergroups()" are very similar, and it's very easy to spot the differences between both. --- .../usr/lib/live/config/0031-kali-user-setup | 12 +++++++----- .../common/includes.installer/kali-finish-install | 8 +++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup b/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup index cdde35e..5fc6df0 100755 --- a/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup +++ b/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup @@ -14,15 +14,17 @@ configure_zsh() { } configure_usergroups() { - addgroup --system kaboxer || true # Ensures the group exists - addgroup --system wireshark || true # Ensures the group exists + # Ensure those groups exist + addgroup --system kaboxer || true + addgroup --system wireshark || true + # adm - read access to log files - # kaboxer - for kaboxer # dialout - for serial port access + # kaboxer - for kaboxer # wireshark - capture sessions without being root - kali_groups="adm,kaboxer,dialout,wireshark" + kali_groups="adm,dialout,kaboxer,wireshark" - usermod -a -G $kali_groups kali + usermod -a -G $kali_groups kali || true } # Avoid configuring multiple times in case persistence is enabled diff --git a/kali-config/common/includes.installer/kali-finish-install b/kali-config/common/includes.installer/kali-finish-install index 99d691a..11e7e2e 100755 --- a/kali-config/common/includes.installer/kali-finish-install +++ b/kali-config/common/includes.installer/kali-finish-install @@ -51,18 +51,16 @@ configure_zsh() { done } -# This is generically named in case we want to add other groups in the future. configure_usergroups() { - # Create the kaboxer group if needed + # Ensure those groups exist addgroup --system kaboxer || true - # Create the wireshark group if needed addgroup --system wireshark || true # adm - read access to log files - # kaboxer - for kaboxer # dialout - for serial access + # kaboxer - for kaboxer # wireshark - capture sessions in wireshark - kali_groups="adm,kaboxer,dialout,wireshark" + kali_groups="adm,dialout,kaboxer,wireshark" for user in $(get_user_list | grep -xv root); do echo "INFO: adding user '$user' to groups '$kali_groups'" From 6ea2a3ce82268d90761b13bd17449bff1da6541e Mon Sep 17 00:00:00 2001 From: Arnaud Rebillout Date: Mon, 4 Apr 2022 15:28:57 +0700 Subject: [PATCH 2/3] Add kali user to additional groups one by one Up to now, it was fine to use a command such as: usermod -a -G group1,group2,... kali However a limitation is that all the groups that are given to the option -G must exist. If that's not the case, usermod fails (return code: 6) without doing anything, and the user is not added to any group. So with this commit, we prepare the code to support optional groups, that might or might not exist. If ever a group does not exist, it's skipped silently. --- .../usr/lib/live/config/0031-kali-user-setup | 7 +++++-- kali-config/common/includes.installer/kali-finish-install | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup b/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup index 5fc6df0..31af2ba 100755 --- a/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup +++ b/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup @@ -22,9 +22,12 @@ configure_usergroups() { # dialout - for serial port access # kaboxer - for kaboxer # wireshark - capture sessions without being root - kali_groups="adm,dialout,kaboxer,wireshark" + kali_groups="adm dialout kaboxer wireshark" - usermod -a -G $kali_groups kali || true + for grp in $kali_groups; do + getent group $grp >/dev/null || continue + usermod -a -G $grp kali + done } # Avoid configuring multiple times in case persistence is enabled diff --git a/kali-config/common/includes.installer/kali-finish-install b/kali-config/common/includes.installer/kali-finish-install index 11e7e2e..74c4322 100755 --- a/kali-config/common/includes.installer/kali-finish-install +++ b/kali-config/common/includes.installer/kali-finish-install @@ -60,11 +60,14 @@ configure_usergroups() { # dialout - for serial access # kaboxer - for kaboxer # wireshark - capture sessions in wireshark - kali_groups="adm,dialout,kaboxer,wireshark" + kali_groups="adm dialout kaboxer wireshark" for user in $(get_user_list | grep -xv root); do echo "INFO: adding user '$user' to groups '$kali_groups'" - usermod -a -G "$kali_groups" $user || true + for grp in $kali_groups; do + getent group $grp >/dev/null || continue + usermod -a -G $grp $user + done done } From a90925b4443e6220d801a6d9dc046f14efa91fd3 Mon Sep 17 00:00:00 2001 From: Arnaud Rebillout Date: Mon, 4 Apr 2022 15:32:26 +0700 Subject: [PATCH 3/3] Add kali user to the vboxsf group, if ever it exists The vboxsf group is created by the postinst script of the package virtualbox-guest-utils. The kali user needs to be part of this group in order to access VirtualBox's shared folders. This change does just that. It's effective for all the Live images (where VirtualBox guest additions are installed unconditionnally), and for the systems installed by the Installer image where VirtualBox was detected (and therefore VirtualBox guest additions were installed). Ref: --- .../includes.chroot/usr/lib/live/config/0031-kali-user-setup | 3 ++- kali-config/common/includes.installer/kali-finish-install | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup b/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup index 31af2ba..b47da04 100755 --- a/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup +++ b/kali-config/common/includes.chroot/usr/lib/live/config/0031-kali-user-setup @@ -21,8 +21,9 @@ configure_usergroups() { # adm - read access to log files # dialout - for serial port access # kaboxer - for kaboxer + # vboxsf - shared folders for virtualbox guest # wireshark - capture sessions without being root - kali_groups="adm dialout kaboxer wireshark" + kali_groups="adm dialout kaboxer vboxsf wireshark" for grp in $kali_groups; do getent group $grp >/dev/null || continue diff --git a/kali-config/common/includes.installer/kali-finish-install b/kali-config/common/includes.installer/kali-finish-install index 74c4322..df55102 100755 --- a/kali-config/common/includes.installer/kali-finish-install +++ b/kali-config/common/includes.installer/kali-finish-install @@ -59,8 +59,9 @@ configure_usergroups() { # adm - read access to log files # dialout - for serial access # kaboxer - for kaboxer + # vboxsf - shared folders for virtualbox guest # wireshark - capture sessions in wireshark - kali_groups="adm dialout kaboxer wireshark" + kali_groups="adm dialout kaboxer vboxsf wireshark" for user in $(get_user_list | grep -xv root); do echo "INFO: adding user '$user' to groups '$kali_groups'"