Does this distro have modern application sandboxing? For example, can I say which applications have access to my photos, email, location, microphone, etc...?
I've used Kali Linux quite a lot but, as a Linux user, I wouldn't recommend it to anyone who knows Linux. It's mainly good for:
1. Students studying an OffSec course (the creators / maintainers of Kali) as the course material is designed with Kali in mind.
2. Mac/Windows-using security professionals running Kali in a VM (or light/casual Linux users doing the same - i.e. users without a deep Linux knowledge/comfort*)
For anyone more Linux-savvy* I would recommend simply installing the tools Kali bundles that you want to use. It can be helpful to have Kali as a VM if you want to trial/explore the curated software library, but for professional use people typically start to get to know the set of tools they're comfortable with / interested in.
* Aside: for anyone surprised security-professionals wouldn't be Linux-savvy, knowledge is specialised. Even if you are working in Linux-specific security (& not just using Linux cli tooling to access MS networks or decompile MS binaries), areas of security focus can still be quite compartmentalised.
Yeah there are tons of people working in infosec that don't know or use any linux. IMHO they're doing themselves a disservice (both professioally and personally) but it is the reality that you can have a solid infosec career and never have to know linux.
Can confirm, as a security consultant I just use debian(ish) with an archlinux container (or sometimes VM) with all the stuff I need. This is far more sane for me than dealing with the bizarreness of kali. All my coworkers who are windows users are happy with it though.
I'm really grateful for distros like Kali / Parrot / Pentoo as they act as a (much more selectively) curated list of tooling akin to those "awesome lists" on Github, as well as being a rallying point for the maintenance of those same tools.
But yeah - the tools are available individually & this is how I typically use them.
Yes, this. Kali (purple or otherwise) is meant as a special-purpose toolset. It is not meant to be used as a regular Linux installation, and I strongly recommend that people don't use it as that.
If you have photos and personal stuff in a Kali installation you're doing it wrong, Kali isn't supposed to be a day to day OS, some time ago your default credentials were root, so yeah, they changed it some versions ago but still, that gives you a look as how it should be used.
EDIT: If you want a daily driver OS but need some Kali tools without installing it as a second boot or VM you can use the Kali Bundles which are repositories ordered by type of tools.
Yeah, it's an unfortunate titling of the HN post. Defensive means something different in this context - it's meant for people working within the defensive roles of an organization's infosec department.
Kali are a little to blame here for that confusion as well - "We are making enterprise grade security accessible" - is open to misinterpretation of what they are presenting.
>can I say which applications have access to my photos, email, location, microphone
Kali distros are not meant to be run bare metal as your daily driver, but as VMs.
They usually have very lax security setting as to not interfere with all the networking and security related apps provided. This makes them quite insecure by design versus mainstream distro like Ubuntu/Fedora. So don't put any personal data on them.
We always spin them up as disposable VMs in their own VLAN, and nuke them after every encounter is over.
Agreed on all points but this one; Occasionally I'll run it bare-metal on an SBC like a Raspberry Pi as a dropbox or similar, though the SD-Card gets nuked shortly afterwards so I guess it's treated in a very similar "disposable" way as VMs are.
I know that's being pedantic about your wording, but I thought it worthwhile mentioning that there are use-cases for it running outside of a VM.
Probably of less broad appeal but another option to add to the mix for anyone who happens to be running Gentoo is the Pentoo overlay https://github.com/pentoo/pentoo-overlay
The Github repo is also a nice browseable categorised directory tree of security tooling, including nice readable plaintext ebuild files listing the src urls for building each.
>Kali distros are not meant to be run bare metal as your daily driver,
Oh.
I was looking for something that had some radio stuff preconfigured, saw Kali was basically a xfce debian, and have been using it as a daily driver for years. Should I not do that?
Speaking as one daily driving Qubes, the opposite is true. Whenever I have problems with Linux, Qubes allows to backup and restore it in a few clicks. It doesn't matter that Qubes is not really Linux. It runs Linux apps fine.
It'll be very difficult getting most pentesting apps to work in a sandbox anyway. It was difficult enough to move away from root and a ton of things will still need sudo.
But it's ok, this is not the kind of distro where this matters. It's not for general work and targeted at users that really know what they're doing.
