Kali-Linux on Chromebook / Crostini (LXC/LXD linux container)

Intro

let me first state that this is not the normal intended use of containers.

In the normal use case containers are supposed to be ephemeral.

However, in this specific use case I want to use it as a light-weight virtual machine, and therefore I do want to keep it's state at all times. 

---

Objective: 

1. Running a Kali-Linux docker-container inside the Crostini LXC/LXD- Debian-container on a Chromebook. 
2. Keeping an up-to-date Kali-Linux image with any updates, pen-test-data, and changes made inside the active kali-Linux container so it is easy to create new and/or transport containers with all the latest changes and data. (back-up image with the current state of the current container)

Assumptions:

The Linux-container is active on your Chromebook

 

Setup Docker:

1. Update your Debian LXC/LXD container:
   
   sudo apt update && upgrade -y
   
   
2. Install dependencies:
   
   sudo apt install -y \
   apt-transport-https ca-certificates \
   curl gnupg2 software-properties-common
   
   
3. Import gpg-key:
   
   curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
   
   (note: don't forget the "-" at the end of the line!)
   
   
4. Add the docker repo to the source list:
   
   sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/debian \
   $(lsb_release -cs) stable"
   
   
5. Update the new resources:
   
   sudo apt update
   
   
6. Install the docker engine (community edition):
   
   sudo apt install -y docker-ce docker-ce-cli containerd.io
   
   
   

Adding the Kali-Linux Container: 

1. Creating the initial container from the official docker-hub image:
   
   docker run --name kali_linux -it kalilinux/kali-rolling
   
   
2. Starting container:
   
   docker container start kali_linux
   
   
3. Execute a bash terminal into the Kali-Linux container:
   
   docker exec -it kali_linux bash
   
   
   
   
   
   
   
   
   
4. Stopping container:
   
   docker container stop kali_linux

Backup current container state into an image. 

There are 2 ways to backup a container. 

• local backup to your machine, 
• push to a local/private registry. 

The second way is out of the scope of this post.

IMPORTANT NOTE!!

This backup method assumes you do not save any data outside the container on the host system (volumes / mounts). You need to take care of that data by other means. In this case specifically I want to keep the system and any related data confined inside the container to make it portable as a whole.

1. Backup kali_linux container:
   
   docker commit -p kali_linux kali_linux.backup
   
   
   
2. Compress backup to tar file:
   This file is transportable to any other machine running docker
   
   docker save -o kali_linux.backup.tar kali_linux.backup
   
   
   
3. Remove the backup image: (optional)
   If you want to keep your image repository clean and only keep a backup.tar file
   
   docker image rm kali_linux.backup:latest 
   
   
   

Restore a backup image to a new container:

Create a new container based on the previous known good state in your backup.tar file either on the same machine or any other machine running the docker engine, given you have transferred the backup.tar file.

1. Loading backup tar:
   
   docker load -i kali_linux.backup.tar
   
   (depending on where you put the tar file, you have to precede the filename with the correct path)
   
   
   
2. Creating new container with the restored image:
   
   docker run --name new_kali_linux -it kali_linux.backup:latest

NOTE: 
This procedure is not exclusive to Kali-Linux images of course and can be applied to any image/container, but just be aware that data saved in volumes on the host system need to be taken care of by other means.