Pen-Test Lab PART 1 - Setting Up QEMU, KVM, Cockpit, SPICE, and KALI Linux

This guide will walk you through setting up a complete virtualization environment on Debian 12, including QEMU/KVM for virtual machines, Cockpit for web-based management, and SPICE for improved virtual desktop performance. While this tutorial focuses on Debian 12, these instructions should work on any Debian-based distribution with minimal adjustments.

Prerequisites

First, ensure your CPU supports virtualization:

egrep -c '(vmx|svm)' /proc/cpuinfo

If the output is greater than 0, your CPU supports virtualization. Also make sure virtualization is enabled in your BIOS/UEFI settings.

Step 1: Install QEMU and KVM

Start by updating your system and installing the required packages:

sudo apt update
sudo apt upgrade -y
sudo apt install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virtinst cpu-checker

These packages include:
- qemu-kvm: The main virtualization package
- libvirt-daemon-system: The libvirt daemon
- libvirt-clients: Client tools for managing VMs
- bridge-utils: Utilities for network bridging
- virtinst: Tools for installing virtual machines
- cpu-checker: Provides the kvm-ok command to verify KVM compatibility

Step 2: Add Your User to Required Groups

To manage VMs without root privileges, add your user to the necessary groups:

sudo usermod -aG libvirt $(whoami)
sudo usermod -aG kvm $(whoami)

Log out and back in for these changes to take effect.

Step 3: Start and Enable the libvirt Service

sudo systemctl start libvirtd
sudo systemctl enable libvirtd

Verify that the service is running:

sudo systemctl status libvirtd

Step 4: Install Cockpit for Web Management

Cockpit provides a web interface for managing your system and virtual machines:

sudo apt install -y cockpit cockpit-machines

Start and enable the Cockpit service:

sudo systemctl start cockpit.socket
sudo systemctl enable cockpit.socket

You can now access Cockpit by navigating to https://your-server-ip:9090 in your web browser. Log in with your server's credentials.

Step 5: Install SPICE for Enhanced VM Interaction

SPICE offers improved graphics performance and better desktop integration:

sudo apt install -y virt-viewer spice-vdagent spice-html5

For the best experience with SPICE, install the additional packages:

sudo apt install -y gir1.2-spiceclientgtk-3.0 qemu-system-gui

Step 6: Configure Default Network for VMs

Ensure the default network for virtual machines is active:

sudo virsh net-start default
sudo virsh net-autostart default

Step 7: Verify Your Installation

Check that KVM modules are loaded:

lsmod | grep kvm

You should see output including kvm_intel (for Intel CPUs) or kvm_amd (for AMD CPUs).

Check if your system can use KVM acceleration:

sudo kvm-ok

If KVM is properly configured, you should see a message like "INFO: /dev/kvm exists. KVM acceleration can be used."

Creating Your First Virtual Machine

You can create VMs either through the Cockpit web interface or using the command line:

Using Cockpit:

1. Access Cockpit at https://your-server-ip:9090
2. Navigate to the "Virtual Machines" section
3. Click "Create VM" and follow the wizard

Using Command Line:

Here's how to create a VM using a Linux ISO (for example, Kali Linux):

sudo virt-install --name kali-vm \
  --memory 4096 \
  --vcpus 2 \
  --disk size=40 \
  --cdrom ~/Downloads/kali-linux-2024.4-installer-amd64.iso \
  --os-variant linux2020 \
  --graphics spice

You can adjust the parameters as needed:
- --name: Set a name for your VM
- --memory: Set the amount of RAM in MB (4GB recommended for Kali)
- --vcpus: Set the number of virtual CPUs
- --disk size: Set the virtual disk size in GB
- --cdrom: Path to your ISO file
- --os-variant: The OS type (use linux2020 for general Linux compatibility)
- --graphics: Use SPICE for better graphics performance

If you want to see all available OS variants you can use:

osinfo-query os

Handling ISO Permission Issues

If you get permission errors when accessing an ISO in your home directory, you can fix them by:

Option 1: Granting permissions to the libvirt-qemu user:

sudo setfacl -m u:libvirt-qemu:x /home/yourusername
sudo setfacl -m u:libvirt-qemu:x /home/yourusername/Downloads
sudo setfacl -m u:libvirt-qemu:r /home/yourusername/Downloads/your-iso-file.iso

Option 2 (Simpler): Copy the ISO to the libvirt images directory:

sudo cp ~/Downloads/your-iso-file.iso /var/lib/libvirt/images/
sudo virt-install --name vm-name \
  --memory 4096 \
  --vcpus 2 \
  --disk size=40 \
  --cdrom /var/lib/libvirt/images/your-iso-file.iso \
  --os-variant linux2020 \
  --graphics spice

Connecting to VMs with SPICE

To connect to a VM using SPICE:

1. Through Cockpit: Click on the VM and use the "Console" option
2. With virt-viewer: virt-viewer --connect qemu:///system vm-name

Managing Virtual Machines

Here are some common commands for managing your VMs:

List all VMs:

sudo virsh list --all

Start a VM:

sudo virsh start vm-name

Shutdown a VM gracefully:

sudo virsh shutdown vm-name

Force power off a VM:

sudo virsh destroy vm-name

Delete a VM (must be stopped first):

sudo virsh undefine vm-name --remove-all-storage

Troubleshooting Tips

If networking doesn't work for VMs:

sudo virsh net-list --all
sudo virsh net-start default

If Cockpit shows no virtual machines:

sudo systemctl restart libvirtd
sudo systemctl restart cockpit.socket

If SPICE connectivity issues occur:

sudo apt install --reinstall spice-vdagent

Optional Enhancements

Enable Nested Virtualization (useful for testing)

For Intel CPUs:

echo "options kvm-intel nested=1" | sudo tee /etc/modprobe.d/kvm-intel.conf

For AMD CPUs:

echo "options kvm-amd nested=1" | sudo tee /etc/modprobe.d/kvm-amd.conf

Reboot your system for changes to take effect.

Configure QEMU to Use Host CPU Features

Edit the QEMU configuration:

sudo nano /etc/libvirt/qemu.conf

Uncomment and modify the line:

#host_model = "host"

to:

host_model = "host"

Restart the libvirt service:

sudo systemctl restart libvirtd