So, what on earth is Kali Unkaputtbar ?. It's a function that installs an automatic snapshot function in Kali. It simply makes a new automatic snapshot on boot, and one before and after an apt command is run, so if updates / installs don't work, you can roll back to previous config.
Now, It's not fully automated, the rollback is manual, but simple enough to do, and cleaning up snapshots is pretty simple too.
But it does take some terminal tapdancing, so be warned. If the thought of the terminal scares you, this feature is not for you :)
So, first, how do we get this to work ?. It's simply just installing a normal install of a recent kali, BUT, when you get to partitioning the disks, set the root ( / ) filesystem for btrfs, and continue as normal.
Now, when the system first boots, we need to turn on the function, and do some configuring. Open up a terminal, and set a password for the root user
sudo passwd rootEnter your new password, and remember it :)
Now, let's install the tools we need for later
apt update && sudo apt install btrfs-progs snapper snapper-gui grub-btrfsNext we configure the snapper feature.
cp /usr/share/snapper/config-templates/default /etc/snapper/configs/root
sed -i 's/^SNAPPER_CONFIGS=\"\"/SNAPPER_CONFIGS=\"root\"/' /etc/default/snapperNext, we prevent updatedb from indexing snapshots, so we don't slow the system down to much.
sed -i '/# PRUNENAMES=/ a PRUNENAMES = ".snapshots"' /etc/updatedb.conf
Now, reconfigure lightdm to allow to boot into read-only snapshots.
sed -i 's/^#user-authority-in-system-dir=false/user-authority-in-system-dir=true/' /etc/lightdm/lightdm.confReboot the system
rebootNow, allow the system to boot, and create the first snapshot, and reboot again, and see if you get a snapshots menu in your boot menu, it should be there.
Now, when you're logged into your desktop, to see the snapshots' oopen a terminal and run
sudo snapper-gui
OR as root
snapper-guiAnd then you should get a window with the snapshots. Note there's different types, boot, APT and timeline. Boot is made at boot, APT pre / post is run pre / post APT commands.
If you for some reason want to list the snapshots from terminal, simply run
snapper listand to delete
snapper delete snapshot-number
#delete snapshot 1
snapper delete 1Now, let's talk about roolback for a bit. This should be done from a root terminal. Remember tat out root / is in a subvolume called /@.
A snapshot is like any other volume, except that they are read-only, so to restore one onto the real root as read-write, we do this.
# get the device that contains your "/" subvolume and remember it for the next step:
mount | grep 'subvol=/@)'
# mount your root partition (replace "/dev/sda2" with yours from above):
sudo mount /dev/sda2 -o subvol=/ /mnt
# Move the old root away:
sudo mv /mnt/@ /mnt/@_badroot
# Roll back to a previous snapshot by creating a read-write copy of it as "@"":
sudo btrfs subvolume snapshot /mnt/@.snapshots/XXXXX/snapshot /mnt/@
# That's it, reboot:
sudo reboot -f
In the following command the xxxx is your snaphot number, so to restore snapshot 1, the command would be
btrfs subvolume snapshot /mnt/@.snapshots/1/snapshot /mnt/@And yes, from snapper-gui, you can actually mount and look through your snapshot content and copy files out to the working snapshot, if you want to, and yes you can boot into the snapshots from the boot menu, but since they are read-only, you can't make any changes, and some things will bitch about not working (yes desktop widgets' I'm looking at you), but most things work good enough.
That's it, enjoy your shiny new toy. And yep, it does work on LUKS encrypted volumes. And NO, you really should NOT run an rm -rf /, and see if you can restore it, it can't ;)