Kali Network Service Policies






Kali Linux deals with network services differently than most other distributions. Most importantly, Kali does not enable any externally-listening services by default with the goal of minimizing exposure when in a default state.

Default Disallow Policy

Kali Linux will disallow network services to persist across reboots by default. The following example can be seen when attempting to install a tool which would by default would start a network proxy service on TCP port 3142:
root@kali:~# apt-get install apt-cacher-ng
...
Setting up apt-cacher-ng (0.7.11-1) ...
update-rc.d: We have no instructions for the apt-cacher-ng init script.
update-rc.d: It looks like a network service, we disable it.
...
root@kali:~#
Notice how the update-rc.d script disallowed persistence of the apt-cacher-ng daemon by default.

Service boot persistence

In certain situations, we’ll actually want certain services to persist over reboots. To allow for this, we can enable a service to persist through reboots using the update-rc.d script as follows:
root@kali:~# update-rc.d apt-cacher-ng enable
update-rc.d: using dependency based boot sequencing

Service whitelists and blacklists

Service whitelists and blacklists can be found in the /usr/sbin/update-rc.d file. Through this file you can explicitly allow or deny services to automatically boot in their default state.
root@kali:~# tail -95 /usr/sbin/update-rc.d |more
}

__DATA__
#
# List of blacklisted init scripts
#
apache2 disabled
avahi-daemon disabled
bluetooth disabled
cups disabled
dictd disabled
ssh disabled
...
#
# List of whitelisted init scripts
#
acpid enabled
acpi-fakekey enabled
acpi-support enabled
alsa-utils enabled
anacron enabled
...