| db | ||
| docs/guide | ||
| htdocs | ||
| misc | ||
| onyx | ||
| submission | ||
| .gitignore | ||
| backup.sh | ||
| check.pl | ||
| clear_cache.sh | ||
| comm-socket.pl | ||
| Dockerfile | ||
| gen_hash_link_files.sh | ||
| gen_site.pl | ||
| gen_site.sh | ||
| launch.sh | ||
| nginx_gen_team.sh | ||
| nginx-server-common.conf | ||
| nginx-server.conf | ||
| nginx.conf | ||
| php-fpm.conf | ||
| README.md | ||
| stop.sh | ||
| submission.php | ||
| synchro.sh | ||
| TODO | ||
FIC forensic challenge validation server
This is a CTF server for distributing and validating exercices. It is design to be robust, so it uses some uncommon technologies like client certificate for authentication, cryptographic functions and DMZ network architecture.
Development and testing
The easiest way to have a working server is to build a Docker container.
Docker
First, build the container with the following command:
docker build -t fic2014 .
Then, run it with:
docker run -t -i -P fic2014
It will ask you for a passphrase, you must provide one with at least 4 characters. This key is used to generate the server certificate.
When you see:
root@xxxxxxxxxxxx:/var/www/fic2014-server/misc#
congratulations, the container is running!
Use docker ps to view to which local ports was assigned the contained
webserver.
Production environnement
Setup
Frontend
FIXME
Backend
FIXME
History
FIC2014
Two machines were used : one for backend (Phobos) and one for frontend (Deimos). They ran a GNU/Linux Gentoo Hardened with custom 3.2 kernel without module loading, unused and unecessary components and with all GrSecurity features activated.
Each machine was two network interfaces: one was used to permit to the backend machine to connect to the frontend (over IPv6). The second interface on the backend was used for administration purpose (with a laptop not connected to Internet). The second interface on the frontend was used to provide network connectivity to participants.