Every distribution is different, and has different idioms for configuration location and style, but we recommend the following:
Provide a suid (or setcap) install option
The Kismet capture binaries (
kismet_cap_linux_bluetooth, and so on) require root privileges to control the interfaces, however generally Kismet itself should not be run as root. Kismet supports two mechanisms for this:
- Installing the binaries setuid root, and restricting access to them by limiting them to a specific group (
kismet, by preference).
- Installing the binaries normally, but using
setcapto give them authority to change network settings:
setcap cap_net_raw,cap_net_admin=eip, and restricting them to a single group (
kismetagain, by preference).
When installed suid-root, the Kismet helper utilities will drop capabilities and pivot into a read-only mount namespace.
Provide multiple packages for capture tools
Kismet capture tools can be packaged independently. By preference, the capture tools should be independent packages so that a user building a remote capture system only needs the specific capture packages. A meta-package which references all of the capture tools can provide a simple installation point for users.
The Kismet configure defaults to
/usr/local/; typically a distribution package would target
/usr as the prefix.
Kismet looks for config files in the directory specified in
configure via the
--sysconfdir directive. This location may vary per distribution, however typically
/etc/kismet would be the appropriate default, and is the location used by the packages provided on the Kismet site.
When building packages for tiny systems, like under OpenWRT, you can include a
kismet_package.conf in your package; the default Kismet configs will first load the Kismet configuration files, then, if present, a
kismet_package.conf configuration file which will override any options specified, and finally,
kismet_site.conf which will override any previous settings.
This setup allows tuning Kismet automatically for inclusion on some systems, while removing the need to maintain patches to the base Kismet configs.
kismet_package.conf should be placed in the configuration directory with the other Kismet configs.
Kismet provides an override mechanism for local configurations which take precedence over all other config options; these are kept in
kismet_site.conf by default. A package should never provide this file, as changes made by the user will likely go here. You can auto-configure options via
Some distributions (like OpenWRT) use libprotobuf-lite to save space. Kismet does not use any of the options removed in the lite version, but should be configured with the
--enable-protobufite option to