From 76269a821d82a13599af712962eb6c079dad8d64 Mon Sep 17 00:00:00 2001 From: nemunaire Date: Wed, 5 Nov 2014 17:00:37 +0100 Subject: [PATCH] Don't forget to crypt disks --- README.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fe82b807..3511bdf4 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ This is a CTF server for distributing and validating exercices. It is design to be robust, so it uses some uncommon technologies like client certificate for authentication, cryptographic functions and DMZ network architecture. -Development and testing +Development And Testing ----------------------- The easiest way to have a working server is to build a Docker container. @@ -34,7 +34,7 @@ Use `docker ps` to view to which local ports was assigned the contained webserver. -Production environnement +Production Environnement ------------------------ ### Setup @@ -46,6 +46,11 @@ Prefer GNU/Linux distributions where most packages are compiled with `-fPIC` and `-fstack-protector`, like Ubuntu or [Gentoo Hardened](http://www.gentoo.org/proj/en/hardened/). +As machines aren't always in safe place (transportation, night before CTF, +...), disks should be encrypted. + +**Always set strong password when it is possible** eg. SSL certificats, ... + #### Frontend Keep in mind that this is the machine exposed to participant. @@ -75,6 +80,7 @@ CONNTRACK states. * `nginx` with `fastcgi` module; * `php-fpm` with `mysql` module; * `openssl` and `pwgen` for client certificat generation; +* `mcrypt`; * `Mcrypt` from CPAN (`cpan -i Mcrypt`) to decrypt submissions (see https://metacpan.org/pod/Mcrypt); ##### Firewall rules @@ -97,3 +103,9 @@ machine to connect to the frontend (over IPv6). The second interface on the backend was used for administration purpose (with a laptop not connected to Internet). The second interface on the frontend was used to provide network connectivity to participants. + + +The D Day +--------- + +TODO