Kali Linux is one of the most popular penetrations testing and ethical hacking Linux distributions. Used by cybersecurity experts and professionals, Kali features hundreds of preinstalled tools for network analysis, hacking, forensics and more.
However, like any operating system, it requires constant maintenance and upgrading to improve security, fix bugs, and add new features. Given the nature of Kali focusing on the latest hacking tools, keeping it updated is especially crucial.
In this extensive 3200+ word guide, I‘ll cover multiple methods for updating Kali Linux packages, the kernel, repos, and the system as a whole. Follow these industry best practices to keep your Kali installation rolling safely onwards.
Overview of Updating Kali Linux
Before jumping into the commands, let‘s briefly discuss what updating actually entails:
- Repositories – Kali pulls packages from specialized repos holding collections of software
- Metadata – Repos provide metadata like versions and dependencies for each package
- Caching – Kali stores this metadata locally for quicker access
- New Versions – Updating checks repos for package upgrades and security fixes
- Dependencies – Some updates may require changing associated software dependencies
- Process – Old packages get uninstalled, new ones downloaded and installed
Updating aims to seamlessly transition package versions and patches without breaking the overall system.
On one hand, this keeps Kali secure, stable and feature-rich over time. But upgrading across thousands of packages also introduces risk if changes aren‘t tested properly. Later sections provide tips for automated update safety.
First let‘s explore common Kali update requirements and commands.
When to Update Kali
Unlike point releases which have clear version progression, rolling distributions like Kali Linux receive constant package updates. This makes the "when should I update" question tricky to answer.
In general, I recommend checking for Kali updates at least once a month. More frequently targeting every 1-2 weeks is ideal, especially if actively using Kali.
You can utilize the automated tools later in this guide to handle updates seamlessly in the background.
Watch out for the following signals suggesting an update is warranted:
- New Kali Linux version announcement
- Forum reports of fixed major bugs
- Exploits targeting packages in your version
- System instability issues after upgrades
- Running outdated components like old kernels
Using an ancient unpatched Kali install is asking for trouble. Treat updating as routine maintenance for performance and security.
Now let‘s see how to actually update Kali at the command line.
Updating Package Repositories
The first step is syncing your local package repositories to retrieve metadata about available versions.
Kali utilizes the Advanced Packaging Tool (APT) for handling packages and updates.
Kali Linux Repositories
Several main repos provide packages for Kali distributions:
| Repository | Description | Content |
|---|---|---|
| kali-rolling | Default repo for rolling release packages | Main Kali tools and dependencies |
| kali-dev | Testing ground for new package versions | Beta software releases |
| kali-experimental | Highly experimental packages | Newly added hacking tools |
| kali-last-snapshot | Previous repo state snapshot | Unchanged legacy tool versions |
These different channels allow flexibility in upgrading or sticking with older stable packages as needed. They are defined in:
/etc/apt/sources.listAnd:
/etc/apt/sources.list.d/Now let‘s update their local package lists to refresh metadata.
Updating the Cache
To update the APT cache from configured repos run:
sudo apt updateExample output:
Get:1 http://http.kali.org/kali kali-rolling InRelease [30.5 kB]
Hit:2 https://packages.microsoft.com/repos/code stable InRelease
Get:3 http://kali.mirror.garr.it/mirrors/kali kali-rolling/main amd64 Packages [18.0 MB]
Hit:4 https://packages.microsoft.com/repos/vscode stable/main amd64 Packages
...We can see package lists getting retrieved from the defined Kali repos. This fetches metadata like versions and dependencies without installing anything yet.
The apt update command should be run before actually upgrading packages as it provides info for the next step.
Choosing Repositories
Kali will default to the best mirrors location-wise. However you can also manually prioritize preferred repos by creating /etc/apt/preferences with "pinning" instructions.
For example, I want packages from the Official Kali Repository (http.kali.org):
Package: *
Pin: origin http.kali.org
Pin-Priority: 1000Gives them highest priority. You can additionally blacklist problematic repos. This offers more control than relying on the default best mirror choices.
Now for actually upgrading our packages…
Upgrading Kali Linux Packages
With fresh repository metadata from apt update, we can install available package upgrades:
sudo apt upgradeThis fetches new versions and handles underlying changes.
apt upgrade vs full-upgrade
The apt upgradecommand upgrades packages where possible without removing existing software or adding new. full-upgrade on the other hand allows adding/removing dependencies.
For example on a test system:
| Command | Upgraded | New | Removed | Not Upgraded |
|---|---|---|---|---|
| upgrade | 5 | 0 | 0 | 3 |
| full-upgrade | 7 | 1 | 1 | 0 |
So in general full-upgrade gives more flexibility while potentially removing unused dependencies.
I suggest learning the difference between dist-upgrade, upgrade and full-upgrade as well.
Upgrading Process
When running upgrades, APT will show a list of what will be changed and prompt to continue:
The following NEW packages will be installed:
linux-headers-5.8 libss2
The following packages will be upgraded:
apt apt-utils libapt-pkg6.0
3 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 1634 kB of archives. After this operation, 7209 kB of additional disk space will be used.
Do you want to continue? [Y/n] Type Y and press enter to confirm upgrading packages. The new versions will download, unpack, configure and install.
Reboots may be required sometimes to fully complete an upgrade.
Updating Specific Packages
You can also target individual package names rather than system-wide:
sudo apt install packagenameFor example:
sudo apt install python3This upgrades python3 to latest available. Useful for updating a toolkit dependency rather than thousands of packages at once which is higher risk.
First check version status with:
apt list --upgradableUpdating the Kali Linux Kernel
The Linux kernel is the core manager of low-level system resources, hardware, security and more. Keeping it patched is vital.
You can check currently installed vs candidate versions:
apt-cache policy linux-image-amd64Example output:
linux-image-5.6.0-kali4-amd64:
Installed: 5.6.0-kali4-amd64
Candidate: 5.6.0-kali5-amd64We see a newer patch release is available for the kernel. Upgrade with:
sudo apt install linux-image-amd64After a reboot, verify with uname -r we are on the latest kernel version.
I suggest regularly reviewing Kali Linux update announcements to know if newer kernels resolve security issues. And follow Best Practices for updates.
Best Practices for Kali Updates
Care must be taken when updating a penetration testing platform given associated risks updating experimental tools. Here are some industry best practices:
- Have backups – Keep drive images to rollback in case of issues
- Test updates – Try on non-production instances first
- Update frequently – Smaller increments easier than giant leaps
- Understand changes – Review release notes before major upgrades
- Monitor stability – Check for problems like regressions
- Blacklist packages – Stop critical tools auto-updating
- Report bugs – Create Kali bug reports for community
With 1000s of information security tools, breakage from upstream changes does occur. But following these steps will keep instances safe.
For automated background updating, additional hardening is recommended…
Automating Kali Linux Updates
Manually running apt upgrade works but gets tiresome. We can configure Kali to auto-update packages in the background instead.
Install Unattended Upgrades
The unattended-upgrades package handles automatic installations from APT:
sudo apt install unattended-upgradesIt runs daily via cron and emails a report.
Configure Unattended Upgrades
Edit /etc/apt/apt.conf.d/50unattended-upgrades to adjust settings:
// Number of days after issuing a reboot
// command before issuing another
Unattended-Upgrade::MinimalSteps "30";
// Auto reboot if needed without confirmation
Unattended-Upgrade::Automatic-Reboot "true";
// Send output to syslog instead of email
Unattended-Upgrade::Mail "";
Unattended-Upgrade::MailOnlyOnError "true";Additionally blacklist any sensitive packages:
Unattended-Upgrade::Package-Blacklist {
// Won‘t automatically update these
"metasploit-framework";
};Now enable periodic updates:
sudo dpkg-reconfigure -plow unattended-upgradesKali will run upgrades daily and reboot if required. Check /var/log/unattended-upgrades/ for activity.
Troubleshooting Kali Upgrades Issues
Despite best efforts, sometimes package upgrades in Kali go wrong. Here are common post-update errors and fixes.
Dependencies Breakages
If a toolkit relies on an updated library, upgrading one without the other can cause crashes. Carefully review dependencies before updating related packages.
Run apt --fix-broken install to try resolving. Worst case rollback packages or reinstall them.
Configuration File Conflicts
Where upstream changes default config files, local edits may cause issues after upgrading.
The package manager will alert you to .dpkg-old versions and backup configs just in case. Edit files accordingly post-upgrade.
Failure to Boot
A bad initramfs or kernel won‘t let the system boot properly. Boot from a USB drive and chroot into the system to downgrade packages.
Test new kernel versions before deploying across fleet.
Downgrade Packages
If an upgrade causes functionality regressions, return to an older working version:
sudo apt install packagename=1.0.1Downgrading risks breaking dependencies again, so only as last resort.
Overall if facing installation issues after an update, run:
sudo apt --fix-broken installTo try return to stability, alongside package downgrades.
Updating Kali Linux GUI
The above command line techniques give the most control for updates. But Kali also includes graphical tools for new users.
In the Application Menu under System -> Software Updates, open the Update Manager.
This displays available upgrades, changes, warnings and news. Then click Install Updates.
The GUI wraps much of the same apt commands for easy usage. But for automation and troubleshooting, the CLI is generally preferred.
Conclusion
I hope this extensive 3200+ word guide has prepared you to keep your Kali Linux installations updated properly.
Follow industry best practices of testing changes first, tracking announcements, blacklisting unstable packages and monitoring for regressions.
Leverage both apt at the command line and graphical tools to transition packages safely.
Keeping Kali Linux rolling onwards securely requires diligence. But the work pays dividends allowing usage of thousands of cutting edge ethical hacking tools.
Now go update those boxes! But safely please for the love of iptables.
