For the latest Kali Linux 2020.1, released yesterday, the developers have decided to go with a traditional default non-root user model. Other changes in this Kali Linux release include a single installer image instead of separate images for every desktop environment, rootless mode for Kali NetHunter, and more.

Kali Linux is a Debian Testing based Linux distribution created for digital forensics and penetration testing, which comes with hundreds of tools preinstalled.

Root user no longer default

Kali Linux contains many tools that can only run with root privileges, and its nature makes its use in a multi-user environment highly unlikely. This is why until now the default Kali user was root, with no regular user being created during the installation process.

Starting with Kali Linux 2020.1 though, the ethical hacking Linux distribution has replaced the default root user (which had toor as its default password) with a standard, unprivileged user (the new default Kali Linux username is kali with the default password kali). The ARM images continue to use root by default for the 2020.1 release though.

In an article posted on the Kali blog, it’s explained that over the years, more and more users have started to use Kali as their daily driver. With this usage increasing over time, “there is the obvious conclusion that default root user is no longer necessary and Kali will be better off moving to a more traditional security model.”

There are also quite a few applications that don’t run at all as the root user, like Google Chrome / Chromium. This required patching to get these applications to run on Kali Linux, which became a maintenance burden.

The Kali developers note that while there’s nothing stopping users from using Kali Linux as their main OS, just like before, they still don’t encourage this. But the change to a non-root default user will make it easier for those that want this.

The main reason for not recommending the usage Kali Linux as the main OS is that it’s not tested for this kind of usage, and the Kali developers don’t want the influx of bug reports that come with it.

If you do, however, run Kali as your main OS, you’ll probably want to switch from the rolling branch to kali-last-snapshot for more stability.

kali-rolling is the constantly updated branch that pulls from kali-dev after ensuring questionable packages are stable and combines them with packages from kali-rolling-only.

kali-last-snapshot is a branch that offers a more standard feeling of software control. For every release, the code is frozen and merged from kali-rolling into kali-last-snapshot, at which point users get all the updates between releases.

New single installer image

With the 2020.1 release, Kali Linux offers a single installer image (an installer image, a live image, and a network installer) with the option of picking your desktop environment during installation. Previously users could choose between separate images for every desktop environment (Xfce, GNOME, KDE, etc.).

The new installer image is recommended for most users. It allows users to select their preferred desktop environment and the tools to install. In case an Internet connection is not available, this image installs the default package selection (kali-tools-default) with the Xfce desktop (kali-desktop-xfce); selecting any other package will require a network connection.

It’s worth noting that the installer image does not include Kali Live, so it can’t be used to boot a live system. If you want to use the live mode, download the live image.

Also, with this release there are fewer ARM images available for download due to manpower and hardware constraints. The ARM images for 220.1 will continue to run as root by default!

Other changes in Kali Linux 2020.1

  • Kali NetHunter no longer requires rooted phones but with some limitations, and it’s now available in three editions:
    • NetHunter which has no limitations but requires rooted Android devices with custom recovery and patched kernel
    • NetHunter Light which has some minor limitations (no WiFi injection or HID support) needs rooted devices with custom recovery but no custom kernels
    • NetHunter Rootless which has some limitations (like the lack of db support in Metasploit, and no root permissions) is installable on stock, unmodified Android devices using Termux
  • New theme (with both light and dark variants) for those using the GNOME desktop on Kali Linux
  • Updated tools icons
  • Updated Kali-Undercover (tool that instantly switches the look of Xfce desktop to mimic a Windows 10 desktop, so that you don’t draw any attention to your activities) with various improvements and bug fixes
  • New packages: cloud-enum (multi-cloud open source intelligence tool), emailharvester (a tool to retrieve Domain email addresses from search engines), phpggc (generate payloads that exploit unsafe object deserialization), sherlock (find usernames across social networks) and splinter (Python test framework for web applications)

Download Kali Linux

You can install Kali Linux on your hard disk, either as single boot, or dual boot with macOS or Windows. You can also install Kali Linux on Windows via WSL, use it from a portable USB stick (with or without persistance), and more.

via Kali blog

, ,
Show Comments