View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005236||Kali Linux||[All Projects] General Bug||public||2019-02-04 19:20||2019-02-04 22:19|
|Target Version||Fixed in Version|
|Summary||0005236: Reduce or remove automatic updates|
|Description||While on site at a location where I was pentesting, an inline proxy flagged traffic that my machine was automatically sending in the background to look for updates for Kali.|
Right now, the process to remove automatic updating is complex and amounts to a whack-a-mole approach to quieting Kali when it's on a network. In addition unattended-upgrades (including removing that package and editing some files), gnome has its own call back (many helpful places on the internet correctly suggest two gsettings entries), and recently there has been another change that has resulted in my installation prompting me to update that I have not traced down yet.
I would classify this as a bug rather than a feature request as Backtrack was originally designed to not beacon or respond to requests in order to stay unnoticed in a hostile environment, and I believe Kali is intended to further that mission.
|Steps To Reproduce||Install Kali, wait for pop-up with updates available.|
If you'd like to filter out the requests that I have already found, I co-wrote the attached script that applies the changes every time updating is desired (we have found that some updates will overwrite our changes during normal updating)
||The update script...|
Tired to attach the update script, and it failed twice. Tried to cut and paste it, and it was flagged as malicious.
Removes unattended-upgrades, /etc/apt/apt.conf.d/50unattended-upgrades, /etc/apt/apt.conf.d/10periodic
Modifies /etc/apt/apt.conf.d/20auto-upgrades, /etc/apt/apt.conf.d/99synaptic, /usr/lib/apt/apt.systemd.daily
gsettings set org.gnome.software download-updates false
gsettings set org.gnome.software download-updates-notify false
Thanks for the helpful feedback. We will look into fixing this in the live image and thus in the default installation.
The gsettings are the most important for the GNOME desktop. But the apt package also has its own daily update mechanism that we can likely just disable at the systemd level by disabling/masking apt-daily.timer and apt-daily-upgrade.timer.
As for unattended-upgrades, I believe it's no longer installed by default with the latest debian-installer. Will have to double check though.
I also don't see why synaptic comes into play, is that a package that you install on your own? It should not be in the default image.
||Yes, we install Synaptic as part of our standard build - feel free to ignore it.|
|2019-02-04 19:20||bfbcping||New Issue|
|2019-02-04 19:30||bfbcping||Note Added: 0010253|
|2019-02-04 19:35||bfbcping||Note Added: 0010254|
|2019-02-04 20:34||rhertzog||Assigned To||=> rhertzog|
|2019-02-04 20:34||rhertzog||Status||new => assigned|
|2019-02-04 20:45||rhertzog||Note Added: 0010255|
|2019-02-04 22:19||bfbcping||Note Added: 0010256|