In an attempt to learn more about the inner workings of Linux I am going to start setting up an Arch Linux machine with pentesting tools. I’ve always used more user friendly Linux distributions like Ubuntu, Kali, Backtrack, etc. Arch is designed to give you full control over your operating system. Here is an excerpt from their wiki.
Arch Linux is an independently developed, i686/x86-64 general-purpose GNU/Linux distribution that strives to provide the latest stable versions of most software by following a rolling-release model. The default installation is a minimal base system, configured by the user to only add what is purposely required.
From what I have read it is not a simple process to get Arch up and running. You start with a very minimal amount of tools and everything must be installed and configured by the user. This setup process forces you to learn more about how the system works and in the end you should have a very efficient machine.
I expect to hit some roadblocks so I thought documenting my experience would be helpful to myself for future reference and to others who might also run into the same problems. From what I have gathered on the internet Arch has a great wiki and very active forums. These are the main resources that I will use when installing and configuring my machine. I’ll be utilizing Oracles VirtualBox to host my Arch virtual machine. I plan to use a lot of snapshots so it will be easy to recover from any catastrophic mistakes.
I’ll begin this series with the steps I took to setup a simple virtual machine to host my Arch operating system.
I start by opening up VirtualBox and hitting the “New” button to start the new virtual machine wizard.
I’m hoping that at some point I can actually use this VM for hacking challenges so I will give it alot of resources. I name the machine “Arch_v1” and allocate 4gb of memory. I select “Arch Linux (64-bit)” as the operating system version.
I give the machine 40GB of storage and select the VirtualBox Disk Image (VDI) format.
After I click create I have a new virtual machine ready to get loaded. Now I go over to the Arch download page and grab the installation media ISO file. It’s always good practice to check the has value of an install file to make sure it hasn’t been modified in some evil way. I use the Windows tool certUtil to verify the hash value.
certUtil -hashfile C:\users\me\Downloads\archlinux-2016.08.01-dual.iso SHA1
SHA1 hash of file C:\users\me\Downloads\archlinux-2016.08.01-dual.iso: 6d b5 a9 e4 62 67 ba 7e c4 d9 ae 79 d1 41 e5 a6 d9 d3 cf 88 CertUtil: -hashfile command completed successfully.
This hash value matches the value on the Arch website so I should be good to go. Please not this isn’t foolproof. If someone hacked the Arch website and modified the ISO file to have a backdoor they would probably also modify the trusted hash value. This sounds far fetched but it happened not too long ago to Mint Linux. More verification is beyond the scope of this series.
Now that I’m fairly sure I have a safe, and non-corrupt, ISO downloaded I edit the settings of my virtual machine and attach the ISO file.
I startup my VM and I’m greeted by the LiveCd splash screen.
I select the default option “Boot Arch Linux (x86_64)” and watch the usual Linux startup info scroll by. After a few seconds I’m greeted by a command prompt.
This is where I’m going to end Part 1. In the next post I will begin following the Arch install guide to install arch to my virtual machines hard drive and get my new OS booting.