Don't forget to crypt disks

README.md

@@ -5,7 +5,7 @@ This is a CTF server for distributing and validating exercices. It is design to
 be robust, so it uses some uncommon technologies like client certificate for
 authentication, cryptographic functions and DMZ network architecture.
 
-Development and testing
+Development And Testing
 -----------------------
 
 The easiest way to have a working server is to build a Docker container.
@@ -34,7 +34,7 @@ Use `docker ps` to view to which local ports was assigned the contained
 webserver.
 
 
-Production environnement
+Production Environnement
 ------------------------
 
 ### Setup
@@ -46,6 +46,11 @@ Prefer GNU/Linux distributions where most packages are compiled with `-fPIC`
 and `-fstack-protector`, like Ubuntu or
 [Gentoo Hardened](http://www.gentoo.org/proj/en/hardened/).
 
+As machines aren't always in safe place (transportation, night before CTF,
+...), disks should be encrypted.
+
+**Always set strong password when it is possible** eg. SSL certificats, ...
+
 #### Frontend
 
 Keep in mind that this is the machine exposed to participant.
@@ -75,6 +80,7 @@ CONNTRACK states.
 * `nginx` with `fastcgi` module;
 * `php-fpm` with `mysql` module;
 * `openssl` and `pwgen` for client certificat generation;
+* `mcrypt`;
 * `Mcrypt` from CPAN (`cpan -i Mcrypt`) to decrypt submissions (see https://metacpan.org/pod/Mcrypt);
 
 ##### Firewall rules
@@ -97,3 +103,9 @@ machine to connect to the frontend (over IPv6). The second interface on the
 backend was used for administration purpose (with a laptop not connected to
 Internet). The second interface on the frontend was used to provide network
 connectivity to participants.
+
+
+The D Day
+---------
+
+TODO