准备Kali Linux ARM chroot

虽然你能从下载区下载Kali ARM镜象但是有人更热衷于定制他们的Kali rootfs.如下展示一个制作Kali armhf rootfs的例子.

安装需要的软件和依赖

 apt-get install debootstrap qemu-user-static

定义架构和定制包

这里定义一些你需要的ARM架构(armel或armhf)的环境变量,下列的包将会安装到你的镜象里.这是全文要用到的,所以务必根据你的需要修改它们.

export packages="xfce4 kali-menu kali-defaults nmap openssh-server" 
export architecture="armhf" 
#export disk="/dev/sdc"

建立Kali rootfs

我们创建一个标准的目录结构并从Kali Linux的源用bootstrap获得ARM rootfs.然后我们从我们的主机复制qemu-arm-static到rootfs，以便进行第2步.

cd ~ 
mkdir -p arm-stuff 
cd arm-stuff/ 
mkdir -p kernel 
mkdir -p rootfs cd rootfs
debootstrap --foreign --arch $architecture kali kali-$architecture http://repo.kali.org/kali 
cp /usr/bin/qemu-arm-static kali-$architecture/usr/bin/ 
LANG=C chroot kali-$architecture 
/debootstrap/debootstrap --second-stage

第2步chroot

这里我们配置基本的镜象设置，例如keymaps,源，默认网络接口特性(有需要的话请修改)等..

cat << EOF >    kali-$architecture/debconf.set
console-common  console-data/keymap/policy      select  Select keymap from full list
console-common  console-data/keymap/full        select  en-latin1-nodeadkeys
EOF

cat << EOF >    kali-$architecture/etc/apt/sources.list
deb http://repo.kali.org/kali kali main contrib non-free
deb http://repo.kali.org/security kali/updates main contrib non-free
EOF

echo "kali" >   kali-$architecture/etc/hostname

cat << EOF >    kali-$architecture/etc/network/interfaces
auto lo
iface lo inet loopback
auto usbmon0
iface usbmon0 inet dhcp
EOF

第3步chroot

这里开始定制.$Packages变量表示这个包将会被安装，默认root的密码将被设置为”toor”,以及修改和修复其它配置.

 mount -t proc proc kali-$architecture/proc mount -o bind /dev/ kali-$architecture/dev/ mount -o bind /dev/pts kali-$architecture/dev/pts
cat << EOF >    kali-$architecture/third-stage 
#!/bin/bash debconf-set-selections /debconf.set 
rm -f /debconf.set 
apt-get update 
apt-get -y install git-core binutils ca-certificates 
apt-get -y install locales console-common less nano git 
echo "root:toor" | chpasswd 
sed -i -e 's/KERNEL!="eth*|/KERNEL!="/' /lib/udev/rules.d/75-persistent-net-generator.rules 
rm -f /etc/udev/rules.d/70-persistent-net.rules 
apt-get --yes --force-yes install $packages 
rm -f /third-stage 
EOF

chmod +x kali-$architecture/third-stage 
LANG=C chroot kali-$architecture /third-stage

在chroot环境中手动配置

如果有需要,你可以手工在rootfs环境里进行最终和必要的修改.

LANG=C chroot kali-$architecture 
{在chroot环境里做额外的修改} 
exit

清理chroot环境里的被锁文件

事实上在rootfs里一些你已经安装的包可能会产生被锁文件(例如在chroot环境里运行中的服务),需要在我们能关闭chroot时释放.在你umount之前可能需要在chroot环境里停止一些服务.umount proc和dev的命令:

 umount kali-$architecture/proc umount kali-$architecture/dev/pts umount kali-$architecture/dev/

然而,如果仍然有服务在chroot里运行,将会出现这样的错误提示:

root@rootfs-box:~ umount kali-$architecture/proc 
root@rootfs-box:~ umount kali-$architecture/dev/pts 
root@rootfs-box:~ umount kali-$architecture/dev/
umount: kali-armhf/dev: device is busy. (In some cases useful info about processes that use the device is found by lsof(8) or fuser(1)) root@rootfs-box:~

如果出现这种情况,请用如下命令检查哪个文件/服务锁住了chroot:

root@rootfs-box:~/arm-stuff/rootfs:~ lsof |grep kali-armhf
...
dbus-daem 4419 messagebus mem REG 8,1 236108 15734602 dbus-daemon 
dbus-daem 4419 messagebus mem REG 8,1 93472 17705250 ld-2.13.so ... 
dbus-daem 4419 messagebus mem REG 8,1 100447 17705251 libpthread-2.13.so 
dbus-daem 4419 messagebus mem REG 8,1 22540 17705240 librt-2.13.so 
dbus-daem 4419 messagebus mem REG 8,1 893044 17705232 libc-2.13.so ...

从输出信息我们看到dbus守护进程仍在chroot环境里运行.在继续之前,我们需要在chroot环境里停止它.如果你已经成功umount了proc或dev,请用之前给出的命令重新挂载他们,chroot到rootfs里,然后停止dbus服务(或别的可能需要停止的服务):

# mount -t proc proc kali-$architecture/proc 
# mount -o bind /dev/ kali-$architecture/dev/pts
LANG=C chroot kali-$architecture /etc/init.d/dbus stop exit

一旦释放了所有的服务和被锁文件,你就可以umount proc和dev了:

root@rootfs-box:~/arm-stuff/rootfs~ umount kali-$architecture/proc 
root@rootfs-box:~/arm-stuff/rootfs~ umount kali-$architecture/dev/pts 
root@rootfs-box:~/arm-stuff/rootfs~ umount kali-$architecture/dev/ 
root@rootfs-box:~/arm-stuff/rootfs~

清理

最后我们运行在chroot里的清理脚本释放缓存文件占用的空间,还有需要的清理工作:

cat << EOF > kali-$architecture/cleanup 
#!/bin/bash rm -rf /root/.bash_history 
apt-get update apt-get clean 
rm -f cleanup 
EOF

chmod +x kali-$architecture/cleanup 
LANG=C chroot kali-$architecture /cleanup
/etc/init.d/dbus stop
umount kali-$architecture/proc 
umount kali-$architecture/dev/pts 
umount kali-$architecture/dev/
cd ..

恭喜！你定制的Kali ARM rootfs就在kali-$architecture目录里.你可以为往后的工作打包这个目录,或复制到一个镜像文件.