准备Kali Linux ARM chroot
虽然你能从下载区下载Kali ARM镜象但是有人更热衷于定制他们的Kali rootfs.如下展示一个制作Kali armhf rootfs的例子.
安装需要的软件和依赖
apt-get install debootstrap qemu-user-static
定义架构和定制包
这里定义一些你需要的ARM架构(armel或armhf)的环境变量,下列的包将会安装到你的镜象里.这是全文要用到的,所以务必根据你的需要修改它们.
export packages="xfce4 kali-menu kali-defaults nmap openssh-server"
export architecture="armhf"
#export disk="/dev/sdc"
建立Kali rootfs
我们创建一个标准的目录结构并从Kali Linux的源用bootstrap获得ARM rootfs.然后我们从我们的主机复制qemu-arm-static到rootfs,以便进行第2步.
cd ~
mkdir -p arm-stuff
cd arm-stuff/
mkdir -p kernel
mkdir -p rootfs cd rootfs
debootstrap --foreign --arch $architecture kali kali-$architecture http://repo.kali.org/kali
cp /usr/bin/qemu-arm-static kali-$architecture/usr/bin/
LANG=C chroot kali-$architecture
/debootstrap/debootstrap --second-stage
第2步chroot
这里我们配置基本的镜象设置,例如keymaps,源,默认网络接口特性(有需要的话请修改)等..
cat << EOF > kali-$architecture/debconf.set
console-common console-data/keymap/policy select Select keymap from full list
console-common console-data/keymap/full select en-latin1-nodeadkeys
EOF
cat << EOF > kali-$architecture/etc/apt/sources.list
deb http://repo.kali.org/kali kali main contrib non-free
deb http://repo.kali.org/security kali/updates main contrib non-free
EOF
echo "kali" > kali-$architecture/etc/hostname
cat << EOF > kali-$architecture/etc/network/interfaces
auto lo
iface lo inet loopback
auto usbmon0
iface usbmon0 inet dhcp
EOF
第3步chroot
这里开始定制.$Packages变量表示这个包将会被安装,默认root的密码将被设置为”toor”,以及修改和修复其它配置.
mount -t proc proc kali-$architecture/proc mount -o bind /dev/ kali-$architecture/dev/ mount -o bind /dev/pts kali-$architecture/dev/pts
cat << EOF > kali-$architecture/third-stage
#!/bin/bash debconf-set-selections /debconf.set
rm -f /debconf.set
apt-get update
apt-get -y install git-core binutils ca-certificates
apt-get -y install locales console-common less nano git
echo "root:toor" | chpasswd
sed -i -e 's/KERNEL!="eth*|/KERNEL!="/' /lib/udev/rules.d/75-persistent-net-generator.rules
rm -f /etc/udev/rules.d/70-persistent-net.rules
apt-get --yes --force-yes install $packages
rm -f /third-stage
EOF
chmod +x kali-$architecture/third-stage
LANG=C chroot kali-$architecture /third-stage
在chroot环境中手动配置
如果有需要,你可以手工在rootfs环境里进行最终和必要的修改.
LANG=C chroot kali-$architecture
{在chroot环境里做额外的修改}
exit
清理chroot环境里的被锁文件
事实上在rootfs里一些你已经安装的包可能会产生被锁文件(例如在chroot环境里运行中的服务),需要在我们能关闭chroot时释放.在你umount之前可能需要在chroot环境里停止一些服务.umount proc和dev的命令:
umount kali-$architecture/proc umount kali-$architecture/dev/pts umount kali-$architecture/dev/
然而,如果仍然有服务在chroot里运行,将会出现这样的错误提示:
root@rootfs-box:~ umount kali-$architecture/proc
root@rootfs-box:~ umount kali-$architecture/dev/pts
root@rootfs-box:~ umount kali-$architecture/dev/
umount: kali-armhf/dev: device is busy. (In some cases useful info about processes that use the device is found by lsof(8) or fuser(1)) root@rootfs-box:~
如果出现这种情况,请用如下命令检查哪个文件/服务锁住了chroot:
root@rootfs-box:~/arm-stuff/rootfs:~ lsof |grep kali-armhf
...
dbus-daem 4419 messagebus mem REG 8,1 236108 15734602 dbus-daemon
dbus-daem 4419 messagebus mem REG 8,1 93472 17705250 ld-2.13.so ...
dbus-daem 4419 messagebus mem REG 8,1 100447 17705251 libpthread-2.13.so
dbus-daem 4419 messagebus mem REG 8,1 22540 17705240 librt-2.13.so
dbus-daem 4419 messagebus mem REG 8,1 893044 17705232 libc-2.13.so ...
从输出信息我们看到dbus守护进程仍在chroot环境里运行.在继续之前,我们需要在chroot环境里停止它.如果你已经成功umount了proc或dev,请用之前给出的命令重新挂载他们,chroot到rootfs里,然后停止dbus服务(或别的可能需要停止的服务):
# mount -t proc proc kali-$architecture/proc
# mount -o bind /dev/ kali-$architecture/dev/pts
LANG=C chroot kali-$architecture /etc/init.d/dbus stop exit
一旦释放了所有的服务和被锁文件,你就可以umount proc和dev了:
root@rootfs-box:~/arm-stuff/rootfs~ umount kali-$architecture/proc
root@rootfs-box:~/arm-stuff/rootfs~ umount kali-$architecture/dev/pts
root@rootfs-box:~/arm-stuff/rootfs~ umount kali-$architecture/dev/
root@rootfs-box:~/arm-stuff/rootfs~
清理
最后我们运行在chroot里的清理脚本释放缓存文件占用的空间,还有需要的清理工作:
cat << EOF > kali-$architecture/cleanup
#!/bin/bash rm -rf /root/.bash_history
apt-get update apt-get clean
rm -f cleanup
EOF
chmod +x kali-$architecture/cleanup
LANG=C chroot kali-$architecture /cleanup
/etc/init.d/dbus stop
umount kali-$architecture/proc
umount kali-$architecture/dev/pts
umount kali-$architecture/dev/
cd ..
恭喜!你定制的Kali ARM rootfs就在kali-$architecture目录里.你可以为往后的工作打包这个目录,或复制到一个镜像文件.