View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0008105||Kali Linux||[All Projects] Kali Package Bug||public||2022-12-16 16:02||2022-12-19 03:01|
|Target Version||Fixed in Version||kali-dev|
|Summary||0008105: kali-tweaks 2023.1.0 does not unset unprivileged ports|
|Description||kali-tweaks will only set unprivileged port hardening, but fail to unset it|
The issue is that systemd-sysctl (as far as I understand it) will only take into account the relevant config files found in /etc/sysctl.d in this case
When the script unsets privileged port hardening, it removes said config file `/etc/sysctl.d/50-kali-tweaks-unprivileged-ports.conf`, leaving systemd-sysctl without a proper directive to write to `/proc/sys/net/ipv4/ip_unprivileged_port_start`
So, upon initial configuration, ip_unprivileged_port_start is set to 1024
When the config file is removed as per the unselected option in kali-tweaks, systemd-sysctl no longer has a reference as to what the "new" value should be.
- Update `/etc/sysctl.d/50-kali-tweaks-unprivileged-ports.conf` to set the port start to 0, update systemd-sysctl with the prefix, and remove the file afterwards
diff --git a/kali_tweaks/settings/sysctl.py b/kali_tweaks/settings/sysctl.py
index 1d04710..173087c 100644
@@ -128,5 +128,9 @@ class SysctlSetting:
# Restore Kali's default
+ "unprivileged-ports", "net.ipv4.ip_unprivileged_port_start", "0"
A similar fix might also be needed for dmesg-restrict
Additionally, there's a typo in the choice description where it reads (Restrict ports > 1024) as opposed to (Restrict ports < 1024)
|Steps To Reproduce||```sh|
# Hardening => [*] Privileged Ports
# Apply and relaunch the tool, toggling off the switch this time
# Notice the option will still be locked in when trying to unset it after the third relaunch
$ cat /etc/os-release
PRETTY_NAME="Kali GNU/Linux Rolling"
$ uname -a
Linux FX7 6.0.0-kali5-amd64 0000001 SMP PREEMPT_DYNAMIC Debian 6.0.10-2kali1 (2022-12-06) x86_64 GNU/Linux
$ apt policy kali-tweaks
*** 2023.1.0 500
500 https://kali.download/kali kali-rolling/main amd64 Packages
500 https://kali.download/kali kali-rolling/main i386 Packages
P.s apologies for the horrible Discord formatting
Thanks for the quick feedback!
The issue in this case is that the latest version of kali-defaults (2023.1.0) is not yet in kali-rolling. It's stuck in kali-dev, waiting for automatic tests to run, before it can migrate to kali-rolling. This new version of kali-defaults provides the missing sysctl config files in /usr/lib/sysctl.d, and those files define the default values.
So it's a packaging issue, I should have been more careful and make kali-tweaks Depend on kali-defaults >= 2023.1.0, my mistake. Sorry that you spend your time on this. Let me see if I can speed up the migration of the package kali-defaults.
No worries at all..I still learned something new, and I like debugging, so that wasn't a waste of time for me at all.
Thank you for the explanation!
||kali-defaults 2023.1.0 is now in kali-rolling. It will take a few hours until it hits the mirrors. Closing this bug then. Thanks again for the report !|
|2022-12-16 16:02||X0RW3LL||New Issue|
|2022-12-16 16:25||X0RW3LL||Note Added: 0017248|
|2022-12-16 22:58||Gamb1t||Assigned To||=> arnaudr|
|2022-12-16 22:58||Gamb1t||Status||new => assigned|
|2022-12-19 02:32||arnaudr||Note Added: 0017254|
|2022-12-19 02:38||X0RW3LL||Note Added: 0017255|
|2022-12-19 03:01||arnaudr||Note Added: 0017256|
|2022-12-19 03:01||arnaudr||Status||assigned => resolved|
|2022-12-19 03:01||arnaudr||Resolution||open => fixed|
|2022-12-19 03:01||arnaudr||Fixed in Version||=> kali-dev|