fic/server
2
0
Fork 0
Code Issues Pull Requests 5 Releases Wiki Activity

Don't forget to crypt disks

Browse Source
This commit is contained in:
nemunaire 2014-11-05 17:00:37 +01:00
parent 27f9e7e372
commit 76269a821d
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@ -5,7 +5,7 @@ This is a CTF server for distributing and validating exercices. It is design to
be robust, so it uses some uncommon technologies like client certificate for be robust, so it uses some uncommon technologies like client certificate for
authentication, cryptographic functions and DMZ network architecture. authentication, cryptographic functions and DMZ network architecture.
Development and testing Development And Testing
----------------------- -----------------------
The easiest way to have a working server is to build a Docker container. The easiest way to have a working server is to build a Docker container.
@ -34,7 +34,7 @@ Use `docker ps` to view to which local ports was assigned the contained
webserver. webserver.
Production environnement Production Environnement
------------------------ ------------------------
### Setup ### Setup
@ -46,6 +46,11 @@ Prefer GNU/Linux distributions where most packages are compiled with `-fPIC`
and `-fstack-protector`, like Ubuntu or and `-fstack-protector`, like Ubuntu or
[Gentoo Hardened](http://www.gentoo.org/proj/en/hardened/). [Gentoo Hardened](http://www.gentoo.org/proj/en/hardened/).
As machines aren't always in safe place (transportation, night before CTF,
...), disks should be encrypted.
**Always set strong password when it is possible** eg. SSL certificats, ...
#### Frontend #### Frontend
Keep in mind that this is the machine exposed to participant. Keep in mind that this is the machine exposed to participant.
@ -75,6 +80,7 @@ CONNTRACK states.
* `nginx` with `fastcgi` module; * `nginx` with `fastcgi` module;
* `php-fpm` with `mysql` module; * `php-fpm` with `mysql` module;
* `openssl` and `pwgen` for client certificat generation; * `openssl` and `pwgen` for client certificat generation;
* `mcrypt`;
* `Mcrypt` from CPAN (`cpan -i Mcrypt`) to decrypt submissions (see https://metacpan.org/pod/Mcrypt); * `Mcrypt` from CPAN (`cpan -i Mcrypt`) to decrypt submissions (see https://metacpan.org/pod/Mcrypt);
##### Firewall rules ##### Firewall rules
@ -97,3 +103,9 @@ machine to connect to the frontend (over IPv6). The second interface on the
backend was used for administration purpose (with a laptop not connected to backend was used for administration purpose (with a laptop not connected to
Internet). The second interface on the frontend was used to provide network Internet). The second interface on the frontend was used to provide network
connectivity to participants. connectivity to participants.
The D Day
---------
TODO