Secure Kali Linux
After creating a Kali live USB with LUKS encrypted persistence and setting up a nuke key, there are a couple more things to secure Kali Linux. First, let’s create a new user in the sudoers group. This will allow us to run software that requires root permissions, without being the root user.
Add the new user
To create the user and their home directory:
# useradd -m <user>
Where <user> is the name of whatever user you want to create.
Add the user to the sudo group
Now, we have to add this user to the sudoers group:
# usermod -a -G sudo <user>
Set the user’s password
Now to set the new user’s password:
# passwd <user>
Disable Automatic Login
Next, let’s disable the automatic root login. You will have to edit the gdm3 daemon configuration file to do this. So in your favorite editor, open:
Once there, look for these lines:
When located, change the lines to false:
Kali will no longer login to root automatically.
Disable Root Login
The final step, is to disable root login completely. But don’t worry, you can still access root via ‘sudo’, or if you want an interactive shell as root, ‘sudo su -‘:
# sudo usermod -p ‘!’ root
While Kali Linux is a more secure linux distribution, and these steps further the security of this distribution, good security also requires a change in habits.