Installing Kali in Qubes bricks the qube

I have tried, using the instructions on the Qubes site, to create a VM template for Kali in Qubes. First, I used Katoolin but during install, the terminal would crash and the Qube would be bricked. It would not open any program. Next, I tried the install using the instructions for Kali-Rolling in Debian-10. It would not install anything using the kali-linux-full so I tried downloading just the few tools I wanted. I got to the fourth tool (recon-ng) and again the terminal crashed midway through the install and the Qube was bricked. Has anyone set up a Kali VM template in Qubes 4.0.3?

The one common theme I have noticed in the 7 times I have tried this is that each time it crashes, the Qubes Updater runs instantly. Twice, it was trying to update the Kali template I was working in, but the other 5 times, it was showing updates to other templates. I have no idea if it is relevant, but it is suspicious.

Update. I installed a single tool and waited. The Qubes updater popped up with an update for the Kali Qube. The update ran without issue. I plan to duplicate the Qube and install a second tool today. Perhaps installing one tool at a time and letting the Qube updater run is the way to go.

Kali will not work in Qubes. Change my mind.

*I will boot Kali from a USB when needed. Hopefully there will be a fix for this eventually.

I personally never installed Kali in Qubes so I cannot help you. But you can look up different issues related to kali and Qubes on their GitHub https://github.com/QubesOS/qubes-issues/issues

https://github.com/QubesOS/qubes-issues/issues/6091

Jeeppler commented on Nov 2, 2020

@fepitre the intention of the katoolin method is to provide an easy way to install Kali on top of Debian, as long as there is no Kali template available for Qubes OS. The moment there is a Kali template available for Qubes the katoolin method is not necessary anymore.

@fepitre

fepitre commented on Nov 2, 2020

@Jeeppler Yes template is working and officially integrated in Qubes since a while. It was only an issue due to DNF that I’ve solved recently who was failing the build like bullseye .

@fepitre

fepitre commented on Nov 2, 2020

@andrewdavidwong I think at some point we would need to announce that too but first I need to add it into the doc and also fix an issue for installing it with qubes-dom0-update . The template itself is too big and exceed quota size allowed so currently the only way to install it is to use qvm-run on the update VM.

While I’m here, using a Kali Qube seems to me a little like bringing a flamethrower into a tank: you may find a way to make it work (without frying yourself and crew), but it’s mostly pointless. I can easily see why n00bs would want to try, it has an appeal like running emulators inside of emulators inside of emulators. But, its like placing a weapon inside of your shield and carrying them stuck together. Instead of holding one in each hand.
I don’t think I’ll come up with any better metaphors, so… if you want to do penetration testing, or just training or practice at StationX, wouldn’t you want a small nimble system? If you were worried about a counterstrike (and I’d have questions about what you are actually doing in that case, its difficult for me to see how that could be of any value in white-hat hacking) it would simply be more effective to attack from a separate installation that does not lead back to any of your other Qubes, which presumably contains materials other than minimal identifying information (of the sort that might be found in a compromised Kali anyways).
You have to consider, QubesOS from the beginning has had security experts who know of Kali Linux. Creating a Kali Qube has been a conspicuously low priority. I think this is because its a pretty bad idea. If there was value in it, it would have been promoted long ago, or at least given more priority. Even a usb stick Kali makes more sense than integrating Kali in Qubes. Obviously I have preferences of my own here, but I’m just asking you to look at the the Qubes OS Project and hear the crickets chirping at Kali Qube.

A disposable Kali qube would be the safest way to use Kali. You would not have to worry about security flaws in the Kali tools as the qube is trashed after it is used. I would use a different twist on your metaphor. It is more like using a Rheinmetall L55 tank gun while safely inside the tank.