Add setup instructions
This commit is contained in:
nemunaire
parent
b135e7f6f6
commit
27f9e7e372
48
README.md
48
README.md
@ -1,10 +1,12 @@
|
||||
# FIC forensic challenge validation server
|
||||
FIC forensic challenge validation server
|
||||
========================================
|
||||
|
||||
This is a CTF server for distributing and validating exercices. It is design to
|
||||
be robust, so it uses some uncommon technologies like client certificate for
|
||||
authentication, cryptographic functions and DMZ network architecture.
|
||||
|
||||
## Development and testing
|
||||
Development and testing
|
||||
-----------------------
|
||||
|
||||
The easiest way to have a working server is to build a Docker container.
|
||||
|
||||
@ -32,17 +34,53 @@ Use `docker ps` to view to which local ports was assigned the contained
|
||||
webserver.
|
||||
|
||||
|
||||
## Production environnement
|
||||
Production environnement
|
||||
------------------------
|
||||
|
||||
### Setup
|
||||
|
||||
You should compile/install hardened kernel (with latest stable GrSec patch) on
|
||||
each machine.
|
||||
|
||||
Prefer GNU/Linux distributions where most packages are compiled with `-fPIC`
|
||||
and `-fstack-protector`, like Ubuntu or
|
||||
[Gentoo Hardened](http://www.gentoo.org/proj/en/hardened/).
|
||||
|
||||
#### Frontend
|
||||
|
||||
FIXME
|
||||
Keep in mind that this is the machine exposed to participant.
|
||||
|
||||
##### Requirements
|
||||
|
||||
* `nginx` with those modules: `aio` (for fast delivery of huge
|
||||
content), `fastcgi`, `rewrite`, `ssl`;
|
||||
* `php-fpm` with `mcrypt` module (for submission encryption);
|
||||
|
||||
##### Firewall rules
|
||||
|
||||
Expose to participants only 80 and 443 ports.
|
||||
|
||||
Expose on synchronization interface the 22 port, used for synchronization and
|
||||
administration purpose from backend.
|
||||
|
||||
DROP **has to be** the default rule for INPUT, FORWARD and OUTPUT chains; use
|
||||
CONNTRACK states.
|
||||
|
||||
|
||||
#### Backend
|
||||
|
||||
FIXME
|
||||
##### Requirements
|
||||
|
||||
* `mysql`;
|
||||
* `nginx` with `fastcgi` module;
|
||||
* `php-fpm` with `mysql` module;
|
||||
* `openssl` and `pwgen` for client certificat generation;
|
||||
* `Mcrypt` from CPAN (`cpan -i Mcrypt`) to decrypt submissions (see https://metacpan.org/pod/Mcrypt);
|
||||
|
||||
##### Firewall rules
|
||||
|
||||
This machine shouldn't have any network connection, except outgoing one to the
|
||||
frontend for synchronization.
|
||||
|
||||
|
||||
### History
|
||||
|
||||
Loading…
Reference in New Issue
Block a user