62 lines
1.5 KiB
Markdown
62 lines
1.5 KiB
Markdown
# FIC forensic challenge validation server
|
|
|
|
This is a CTF server for distributing and validating exercices. It is design to
|
|
be robust, so it uses some uncommon technologies like client certificate for
|
|
authentication, cryptographic functions and DMZ network architecture.
|
|
|
|
## Development and testing
|
|
|
|
The easiest way to have a working server is to build a Docker container.
|
|
|
|
### Docker
|
|
|
|
First, build the container with the following command:
|
|
```
|
|
docker build -t fic2014 .
|
|
```
|
|
|
|
Then, run it with:
|
|
```
|
|
docker run -t -i -P fic2014
|
|
```
|
|
It will ask you for a passphrase, you must provide one with at least 4
|
|
characters. This key is used to generate the server certificate.
|
|
|
|
When you see:
|
|
```
|
|
root@xxxxxxxxxxxx:/var/www/fic2014-server/misc#
|
|
```
|
|
congratulations, the container is running!
|
|
|
|
Use `docker ps` to view to which local ports was assigned the contained
|
|
webserver.
|
|
|
|
|
|
## Production environnement
|
|
|
|
### Setup
|
|
|
|
#### Frontend
|
|
|
|
FIXME
|
|
|
|
#### Backend
|
|
|
|
FIXME
|
|
|
|
|
|
### History
|
|
|
|
#### FIC2014
|
|
|
|
Two machines were used : one for backend (Phobos) and one for frontend
|
|
(Deimos). They ran a GNU/Linux Gentoo Hardened with custom 3.2 kernel without
|
|
module loading, unused and unecessary components and with all GrSecurity
|
|
features activated.
|
|
|
|
Each machine was two network interfaces: one was used to permit to the backend
|
|
machine to connect to the frontend (over IPv6). The second interface on the
|
|
backend was used for administration purpose (with a laptop not connected to
|
|
Internet). The second interface on the frontend was used to provide network
|
|
connectivity to participants.
|