安装kali-linux-default包时的提示


1
┌──────────────────────────────────────────────────────┤ Configuring kismet-capture-common ├──────────────────────────────────────────────────────┐   │                                                                                                                                                 │   │ Kismet needs root privileges for some of its functions. However, running it as root ("sudo kismet") is not recommended, since running all of    │   │ the code with elevated privileges increases the risk of bugs doing system-wide damage. Instead Kismet can be installed with the "setuid" bit    │   │ set, which will allow it to grant these privileges automatically to the processes that need them, excluding the user interface and packet       │   │ decoding parts.                                                                                                                                 │   │                                                                                                                                                 │   │ Enabling this feature allows users in the "kismet" group to run Kismet (and capture packets, change wireless card state, etc), so only          │   │ thoroughly trusted users should be granted membership of the group.                                                                             │   │                                                                                                                                                 │   │ For more detailed information, see the Kismet 010-suid.md, which can be found at "/usr/share/doc/kismet-doc/readme/010-suid.md" in kismet-doc   │   │ package or "https://www.kismetwireless.net/docs/readme/suid/".                                                                                  │   │                                                                                                                                                 │   │ Install Kismet "setuid root"?                                                                                                                   │   │                                                                                                                                                 │   │                                            <Yes>                                               <No>                                             │   │                                                                                                                                                 │   └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

┌───────────────────┤ Configuring kismet-capture-common ├───────────────────┐
│ Only users in the kismet group are able to use kismet under the setuid │
│ model. │
│ │
│ Please specify the users to be added to the group, as a space-separated │
│ list. │
│ │
│ Note that currently logged-in users who are added to a group will │
│ typically need to log out and log in again before it is recognized. │
│ │
│ Users to add to the kismet group: │
│ │
│ |
│ |
│ │
│ <Ok> │
│ │
└───────────────────────────────────────────────────────────────────────────┘


1
2
3
4
  Dumpcap can be installed in a way that allows members of the "wireshark"  │
│ system group to capture packets. This is recommended over the │
│ alternative of running Wireshark/Tshark directly as root, because less │
│ of the code will run with elevated privileges.

                                ┌──────────────────────────┤ sslh configuration ├───────────────────────────┐
                                │ sslh can be run either as a service from inetd, or as a standalone        │
                                │ server. Each choice has its own benefits. With only a few connection per  │
                                │ day, it is probably better to run sslh from inetd in order to save        │
                                │ resources.                                                                │
                                │                                                                           │
                                │ On the other hand, with many connections, sslh should run as a            │
                                │ standalone server to avoid spawning a new process for each incoming       │
                                │ connection.                                                               │
                                │                                                                           │
                                │ Run sslh:                                                                 │
                                │                                                                           │
                                │                              --from inetd--                               │
                                │                                standalone                                 │
                                │                                                                           │
                                │                                                                           │
                                │                                  <Ok>                                     │
                                │                                                                           │
                                └───────────────────────────────────────────────────────────────────────────┘