0008899: Suggestion to add a Baseline Descriptive list of default accounts to Kali Documentation - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0008899	Kali Linux	Kali Websites & Docs	public	2024-09-04 10:56	2024-09-06 04:39

Reporter	steelghost	Assigned To	arnaudr
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	fixed

Summary	0008899: Suggestion to add a Baseline Descriptive list of default accounts to Kali Documentation
Description	Greetings, Beforehand I want to say that the content of this message is not about an existing bug. I checked the forums and Discord and was told to try filing a suggestion through here. I recently downloaded and installed Kali on VirtualBox and was trying to perform some accounting and hardening before using the system. One of the tasks I was doing for these purposes involved making a baseline of exisiting users by doing a zsh cat /etc/passwd. However, due to the presence of so many accounts even with the default configuration as is I thought that either Debian or Kali Documentation would provide a descriptive list of users alongside a short comment on what they do. I checked and if such list exists and if it does I have not found it. I believe that adding this list to your webpage's documentation would be beneficial as an additional integrity check. I doubt this could be a problem due to Kali not being meant to support servers or entreprise infraestructure, But it could nevertheless come useful in a scenario where a researcher or an analyst is performing IoC/Persistence/Forensic diagnosis or when approving an image for a Red Teaming exercise in the Rules of Engagement. Thanks for your work and kind regards.

arnaudr 2024-09-06 04:38 manager ~0019721	However, due to the presence of so many accounts even with the default configuration as is I thought that either Debian or Kali Documentation would provide a descriptive list of users alongside a short comment on what they do. I checked and if such list exists and if it does I have not found it. It's probably not documented, but there's not much we can do. Writing such a documentation right now would take quite some time, and then would need ongoing maintenance. The list of users in /etc/password is not "static", a good part of those users are created when packages are installed or upgraded. New versions of some packages might create a new users, or not create a user anymore. And the lists of packages installed in a Kali system is not static either, it changes constantly as Kali is a rolling distro. So we'd need to review and update this documentation for every release: we don't have the bandwidth for that. Also, it's standard practice that a service doesn't run as root, but instead a user is created upon installation (also called "system user"), and the service runs as this particular user. As a result, in a fully-fledged desktop environment like Kali Linux: a lot of packages are pre-installed, a lot of services are installed, and as a consequence a lot of system users are already created. It's really standard, there's nothing special about Kali here, and anyone familiar with Linux systems (at least Debian) won't find anything surprising. I don't know how it looks like by default in other distros though, but I'd expect a pretty similar passwd file All in all, thanks for taking the time to write this bug report, but it's really not something actionable for us. Sorry.

Date Modified	Username	Field	Change
2024-09-04 10:56	steelghost	New Issue
2024-09-06 04:38	arnaudr	Note Added: 0019721
2024-09-06 04:39	arnaudr	Assigned To	=> arnaudr
2024-09-06 04:39	arnaudr	Status	new => closed
2024-09-06 04:39	arnaudr	Resolution	open => fixed