View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005236 | Kali Linux | [All Projects] General Bug | public | 2019-02-04 19:20 | 2020-12-01 10:48 |
| Reporter | bfbcping | Assigned To | rhertzog | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 2018.4 | ||||
| Target Version | Fixed in Version | 2019.3 | |||
| Summary | 0005236: Reduce or remove automatic updates | ||||
| Description | While on site at a location where I was pentesting, an inline proxy flagged traffic that my machine was automatically sending in the background to look for updates for Kali. Right now, the process to remove automatic updating is complex and amounts to a whack-a-mole approach to quieting Kali when it's on a network. In addition unattended-upgrades (including removing that package and editing some files), gnome has its own call back (many helpful places on the internet correctly suggest two gsettings entries), and recently there has been another change that has resulted in my installation prompting me to update that I have not traced down yet. I would classify this as a bug rather than a feature request as Backtrack was originally designed to not beacon or respond to requests in order to stay unnoticed in a hostile environment, and I believe Kali is intended to further that mission. | ||||
| Steps To Reproduce | Install Kali, wait for pop-up with updates available. If you'd like to filter out the requests that I have already found, I co-wrote the attached script that applies the changes every time updating is desired (we have found that some updates will overwrite our changes during normal updating) | ||||
|
|
The update script... |
|
|
Tired to attach the update script, and it failed twice. Tried to cut and paste it, and it was flagged as malicious. Basically, it: Removes unattended-upgrades, /etc/apt/apt.conf.d/50unattended-upgrades, /etc/apt/apt.conf.d/10periodic Modifies /etc/apt/apt.conf.d/20auto-upgrades, /etc/apt/apt.conf.d/99synaptic, /usr/lib/apt/apt.systemd.daily gsettings set org.gnome.software download-updates false gsettings set org.gnome.software download-updates-notify false |
|
|
Thanks for the helpful feedback. We will look into fixing this in the live image and thus in the default installation. The gsettings are the most important for the GNOME desktop. But the apt package also has its own daily update mechanism that we can likely just disable at the systemd level by disabling/masking apt-daily.timer and apt-daily-upgrade.timer. As for unattended-upgrades, I believe it's no longer installed by default with the latest debian-installer. Will have to double check though. I also don't see why synaptic comes into play, is that a package that you install on your own? It should not be in the default image. |
|
|
Yes, we install Synaptic as part of our standard build - feel free to ignore it. |
|
|
I renamed every instance of apt-daily.timer and apt-daily-upgrade.timer along with our changes, and I am still seeing "Software Updates Available" on a vanilla install. |
|
|
It looks like adding an additional Gnome setting at least shuts off the notification (although it may not shut off all beaconing for updates). The three that we've found so far are: gsettings set org.gnome.software download-updates false gsettings set org.gnome.software download-updates-notify false gsettings set org.gnome.software allow-updates false |
|
|
That is not sufficient, you need to deal with packagekit: systemctl mask packagekit rm /etc/apt/apt.conf.d/20packagekit |
|
|
On my systems i have : - Disable services apt-daily and apt-daily-upgrade - Set to foase the three Gnome settings (see below) - Mask packagekit and remove the packagekit apt hook file (to remove the warnings) - disable ntp: timedatectl set-ntp false to finely have quiet Kali systems. “The quieter you become, the more you are able to hear.” :) |
|
|
The situation is even worse nowadays: - there's also "fwupd" which is connecting to cdn.fwupd.org (might be triggered by GNOME software too) - something is connecting to extensions.gnome.org (might be GNOME software too) - GNOME software is still asking for a refresh of the metadata despite the 3 gsettings - GNOME software is also connecting to odrs.gnome.org - GNOME calculator is making requests to www.imf.org every time that you do a search in the dashboard ! |
|
|
I filed a new wishlist issue against gnome-software to request a working option to disable network connections in the background: https://gitlab.gnome.org/GNOME/gnome-software/issues/748 I made a quick try by dropping /etc/xdg/autostart/gnome-software-service.desktop and it was enough to disable all network connections I had seen on session startup. |
|
|
kali-defaults 2019.3.9 now disables gnome-software-service on session startup (by diverting the file in /etc/xdg/autostart/), it also contains supplementary gsettings to cope with the other issues... base-files 2019.3.0 disables the APT timers by default (will only work on new ISO). |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-02-04 19:20 | bfbcping | New Issue | |
| 2019-02-04 19:30 | bfbcping | Note Added: 0010253 | |
| 2019-02-04 19:35 | bfbcping | Note Added: 0010254 | |
| 2019-02-04 20:34 | rhertzog | Assigned To | => rhertzog |
| 2019-02-04 20:34 | rhertzog | Status | new => assigned |
| 2019-02-04 20:45 | rhertzog | Note Added: 0010255 | |
| 2019-02-04 22:19 | bfbcping | Note Added: 0010256 | |
| 2019-03-04 12:40 | bfbcping | Note Added: 0010384 | |
| 2019-03-27 10:41 | bfbcping | Note Added: 0010443 | |
| 2019-03-27 12:51 | fl0 | Note Added: 0010444 | |
| 2019-03-27 13:04 | fl0 | Note Added: 0010445 | |
| 2019-03-29 16:34 | rhertzog | Priority | normal => high |
| 2019-07-23 13:40 | rhertzog | Note Added: 0010793 | |
| 2019-07-23 14:43 | rhertzog | Note Added: 0010794 | |
| 2019-07-23 15:23 | rhertzog | Status | assigned => resolved |
| 2019-07-23 15:23 | rhertzog | Resolution | open => fixed |
| 2019-07-23 15:23 | rhertzog | Fixed in Version | => 2019.3 |
| 2019-07-23 15:23 | rhertzog | Note Added: 0010795 | |
| 2020-12-01 10:48 | g0tmi1k | Priority | high => normal |