From 8081a5520a441b43a8a7a73f3a90c7aacfaa8e10 Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Sun, 24 Feb 2019 21:05:27 +0100 Subject: Move everything one level up --- .../tasks/openvpn_simple_smb/howtos/en/index.html | 98 -------- .../tasks/openvpn_simple_smb/howtos/si/index.html | 95 -------- kpov_judge/tasks/openvpn_simple_smb/task.py | 261 --------------------- 3 files changed, 454 deletions(-) delete mode 100644 kpov_judge/tasks/openvpn_simple_smb/howtos/en/index.html delete mode 100644 kpov_judge/tasks/openvpn_simple_smb/howtos/si/index.html delete mode 100644 kpov_judge/tasks/openvpn_simple_smb/task.py (limited to 'kpov_judge/tasks/openvpn_simple_smb') diff --git a/kpov_judge/tasks/openvpn_simple_smb/howtos/en/index.html b/kpov_judge/tasks/openvpn_simple_smb/howtos/en/index.html deleted file mode 100644 index aba834e..0000000 --- a/kpov_judge/tasks/openvpn_simple_smb/howtos/en/index.html +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - - -OpenVPN and SMB task:
-

Quick task:

- Connect to VPN with OpenVPN. Enable access to files through NFS and copy them through SMB.

Instructions:

- 1. From Directory with images of virtual computers drag twice the picture SimpleArbiterVPN and VPNClient.
- 2. With VirtualBox (or other programs for virtual computers) create two virtual computers and give them VPNCLient.vdi and SimpleArbiterVPN.vdi as disk for storage.
- 3. On both set two network interface(NAT and Internal) and run them.
- 4. On both VM login with username root and password kaboom .

First part: Set up OpenVPN on SimpleArbiterVPN and VPNClient.

Settings on the server:

- 1. Download packages uml-utilities -> to adjust the virtual network interfaces and packet (openvpn). example: sudo apt-get install openvpn
- 2. The new virtual network interface create with tunctl and specify IP with sudo ifconfig tap0 10.P.Q.R netmask 255.255.255.0
- 3. Then generirate common key (you will share that key with client) with the command: openvpn --genkey --secret vpnkljuc.key
- 4. On server set the configuration file tap0.conf, which should contain (split by lines) "dev tap0","proto tcp-server", "secret vpnkljuc.key"
- 5. Run openvpn with openvpn --config /some_directory/somewhere/tap0.conf
-

Settings on the client:

-1., 2. steps are the same as the settings on the server
-3. Create configuration file tap0.conf, which should contain (split by lines) "remote IP_OF_YOUR_VPN_SERVR", "dev tap0", "proto tcp-client", "secret vpnkljuc.key"
-4. On OpenVPN server connect to openvpn --config /some_directory/somewhere/tap0.conf
-

- -

Second part: Access to imenika /home/test/IME_IMENIKA over NFS

Client settings:

- 1. Using "sudo apt-get install nfs-kernel-server" we install nfs service
- 2. Create a directory /home/test/IME_IMENIKA
- 3. To /etc/exports add line /home/test/bla IP_client - 4. Use sudo exportfs -a to save - 5. Restart service using "sudo service nfs-kernel-server start" -

Client settings:

- 1. Instal client for nfs with command "sudo apt-get install nfs-common"
- 2. Create mounting directory "sudo mkdir -p /mnt/nfs/home/test" and mount servers file "sudo mount IP_SERVER:/home/test"
- 3. For automatic mounting we add previous commands to /etc/fstab
- -

How-to za uporabo kpov-judge za OpenVPN

- - - -

-howto: task_check(results, params): - Metoda dobi, kot prvi argument rezultat metode task(...), kot drugi pa - rezultat funkcije gen_params(). - - Vrne stevilo pridobljenih tock. - - -howto: task(...): - Metoda prejme naslednje argumente: - - IP naslov VPN streznika - - DNS naslov VPN streznika - - IP naslov klienta 1 - - DNS naslov klienta 1 - - IP naslov klienta 2 - - DNS naslov klienta 2 - - Vrne slovar rezultatov: - - results['SimpleArbiter_is_VPN_set_up'] - pove ali je VPN streznik nastavljen - - results['SimpleArbiter_is_VPN_running'] - pove ali je VPN streznik zagnan - - results['SimpleArbiter_ping_C1'] - ping rezultati (streznik -> klient1) - - results['SimpleArbiter_ping_C2'] - ping rezultati (streznik -> klient2) - - results['SimpleArbiter_nmap_results'] - pove ali sta oba klienta povezana na pravi VPN streznik - - results['SimpleArbiter_dir_vpn_contents'] - kljuc, ce se ta nahaja v ustreznem imeniku - - results['SimpleArbiter_nfs_access_control_list'] - preveri ce NFS dovoljuje dostop do /home/test/IME_UPORABNIKA - - results['VPNClient1_ping_VPN_server'] - ping rezultati (klient 1 -> strežnik) - - results['VPNClient2_ping_VPN_server'] - ping rezultati (klient 2 -> strežnik) - -

- - - - - - diff --git a/kpov_judge/tasks/openvpn_simple_smb/howtos/si/index.html b/kpov_judge/tasks/openvpn_simple_smb/howtos/si/index.html deleted file mode 100644 index 67e1c4e..0000000 --- a/kpov_judge/tasks/openvpn_simple_smb/howtos/si/index.html +++ /dev/null @@ -1,95 +0,0 @@ - - - - - - - -OpenVPN in SMB vaja:
-

Naloga na hitro:

- Vzpostavi VPN povezavo z pomočjo OpenVPN. Omogoči dostop do datotek prek NFS in skopiraj datoteke prek SMB.

Navodila:

- 1. Iz imenika s slikami virtualnih računalnikov dvakrat povlecite sliki SimpleArbiterVPN ter VPNClient.
- 2. Z VirtualBoxom (ali ostalim programom za virtualne računalnike) ustvarite dva virtualna računalnika in jim kot disk za shranjevanje podajte VPNCLient.vdi ter SimpleArbiterVPN.vdi.
- 3. Na obeh nastavite dva omrežna vmesnika (NAT in Internal) in jih zaženite.
- 4. Na oba VM-a se prijavite z uporabnikom root in geslom kaboom .

Prvi del naloge: Nastavi OpenVPN na SimpleArbiterVPN in VPNClient.

Nastavitve na strežniku:

- 1. Prenesite pakete uml-utilities -> za nastavljanje navideznih omrežnih vmesnikov in paket (openvpn). Npr: sudo apt-get install openvpn
- 2. Nov navidezni omrežni vmesnik kreirate z tunctl in mu podate IP z sudo ifconfig tap0 10.P.Q.R netmask 255.255.255.0
- 3. Nato generirate skupen ključ(ta ključ boste delili z klientom) z ukazom: openvpn --genkey --secret vpnkljuc.key
- 4. Na strežniku še nastavite konfiguracijsko datoteko tap0.conf, ki naj vsebuje (ločeno po vrsticah) "dev tap0","proto tcp-server", "secret vpnkljuc.key"
- 5. Zaženete openvpn z openvpn --config /some_directory/somewhere/tap0.conf
-

Nastavitve na klientu:

-1., 2. koraka sta ista kot pri nastavitvah na strežniku
-3. Kreirajte konfiguracijsko datoteko tap0.conf, ki naj vsebuje (ločeno po vrsticah) "remote IP_VAŠEGA_VPN_SERVERJA", "dev tap0", "proto tcp-client", "secret vpnkljuc.key"
-4. Na OpenVPN strežnik se povežete z openvpn --config /some_directory/somewhere/tap0.conf
-

Drugi del naloge: Dostop prek NFS do imenika /home/test/IME_IMENIKA

Nastavitve na strežniku:

- 1. Z ukazom "sudo apt-get install nfs-kernel-server" namestimo nfs program
- 2. Uredimo mapo exports "sudo nano /etc/exports" in kreiramo direktorij /home/test/IME_IMENIKA
- 3. V datoteko exports dodamo /home/test/bla IP_klienta - 4. Share shranimo z sudo exportfs -a - 5. NFS strežnik štartamo z "sudo service nfs-kernel-server start" -

Nastavitve na klientu:

- 1. Z ukazom "sudo apt-get install nfs-common" namestimo programček nfs-common, da lahko kasneje pripnemo share
- 2. Na klientu moramo urediti še mount tega direktorija: "sudo mkdir -p /mnt/nfs/home/test" in "sudo mount IP_SERVERJA:/home/test"
- 3. Za avtomatski mount ob ponovnem zagonu, dodamo prejšnje ukaze v datoteko /etc/fstab
- -

How-to za uporabo kpov-judge za OpenVPN

- - - -

- - - - diff --git a/kpov_judge/tasks/openvpn_simple_smb/task.py b/kpov_judge/tasks/openvpn_simple_smb/task.py deleted file mode 100644 index 5d7c22f..0000000 --- a/kpov_judge/tasks/openvpn_simple_smb/task.py +++ /dev/null @@ -1,261 +0,0 @@ -# kpov_util should be imported by add_assignment.py - -instructions = { - 'si': '''\ -

-Postavi dva navidezna računalnika: SimpleArbiter in VPNClient1. Poskrbite, da bosta povezana med seboj in v internet. Na VPNClient1 namestite OpenVPN in program za nadzor nad virtualnimi napravami (s katerim kreirate napravo tap). - -

-Na strežniku SimpleArbiter že teče strežnik in uporablja skrivnost, ki jo najdete tudi na VPNClient1 v domačem imeniku uporabnika student. Na VPNClient1 vzpostavite VPN tako, da napišete primerno datoteko z nastavitvami. Računalniku VPNClient1 na navideznem lokalnem omrežju nastavite naslov -{{IP_VPNClient1}}. - -

-Nato poskrbite, da bo na VPNClient1 na navideznem omrežju prek NFS omogočen -dostop do imenika /home/test/{{DIRNAME}}. V ta imenik skopirajte datoteke, ki so prek SMB dostopne na SimpleArbiter. -''', - 'en': '''\ -

-Setup two virtual machines: SimpleArbiter and VPNClient1. Set the client's network up so that it has access to the internal network and the internet. On VPNClient1, install OpenVPN and a program for supervising virtual devices -(which you will use to create a tap device). On the VPN, set the IP for -VPNClient1 to {{IP_VPNClient1}}. - -

-An OpenVPN server is already running on SimpleArbiter. Use the secret -available on VPNClient1 in the home directory of user student to connect to the VPN server on SimpleArbiter. To do that, you will have to write your -own OpenVPN configuration file. - -

-After you have set up the VPN, make the directory /home/test/{{DIRNAME}} on VPNClient1 available over NFS from SimpleArbiter over -your VPN. Copy files that are available from SimpleArbiter over SMB to /home/test/{{DIRNAME}}. -''' -} - -computers = { - 'SimpleArbiter': { - 'disks': [ - { - 'name': 'simpleArbiterDhcpGWVPN', - }, - ], - 'network_interfaces': [ - { - 'network': 'test-net' - }, - { - 'network': 'net1' - } - ], - 'flavor': 'm1.tiny', - 'config_drive': False - }, - 'VPNClient1': { - 'disks': [ - { 'name': 'student-VPNClient1', - }, - ], - 'network_interfaces': [ - { - 'network': 'net1' - } - ], - 'flavor': 'm1.tiny', - 'config_drive': False - }, -} - -networks = { - 'test-net': { - 'public': True - }, - # Used for the VPN tunnel - 'net1': { - 'public': False - } -} - -#Tukaj sem generiral tri parametre, prosil bi če se upoštevajo pri Tasku. -params_meta = { - 'IP_SimpleArbiterVPN': {'descriptions':{'si':'IP za SimpleArbiter na VPN'}, 'w': False, 'public': True, 'type': 'IP', 'generated': True}, - 'IP_VPNClient1': {'descriptions':{'si':'IP klienta na VPN'}, 'w': False, 'public': True, 'type': 'IP', 'generated': True}, - 'IP_LANClient1': {'descriptions':{'si':'IP klienta na LAN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': False}, - 'DIRNAME': {'descriptions':{'si':'Imenik, dostopen prek NFS'}, 'w': False, 'public': True, 'type': 'IP', 'generated': True}, - 'secret_random_seed': {'descriptions':{'si':'Seme za skrivnost'}, 'w': False, 'public': False, 'type': None, 'generated': True}, -} - -def task(IP_SimpleArbiterVPN, IP_VPNClient1, IP_LANClient1, DIRNAME): - import collections - from pexpect import pxssh # Used to set up an SSH connection to a remote machine - import pexpect # Allows the script to spawn a child application and control it as if a human were typing commands - - # The necessary things we need to check if the task was performed correctly - results = collections.defaultdict(str) - - # VPNClient1 - sC1 = pxssh.pxssh(encoding='utf-8') - sC1.login(IP_LANClient1, 'student', 'vaje') - - # sA - results['SimpleArbiter_ifconfig'] = pexpect.run( - 'ifconfig -a', encoding='utf-8', env={'PATH': '/bin:/sbin'}) - results['SimpleArbiter_route'] = pexpect.run( - 'route -n', encoding='utf-8', env={'PATH': '/bin:/sbin'}) - - # Pings each of the clients - # 10.8.0.6 and 10.8.0.10 are the first two default addresses distributed by OpenVPN - # Will output everything ping outputs (set to ping 3 times) - results['SimpleArbiter_ping_C1'] = pexpect.run( - 'ping -c 3 {}'.format(IP_VPNClient1), encoding='utf-8') - results['SimpleArbiter_traceroute'] = pexpect.run( - 'traceroute {}'.format(IP_VPNClient1), encoding='utf-8') - sC1.sendline('cat /etc/exports') - sC1.prompt() - output = sC1.before - results['VPNClient1_nfs_access_control_list'] = output - results['SimpleArbiter_mount'] = pexpect.run( - 'sudo mount {}:/home/test/{} /mnt'.format(IP_VPNClient1, DIRNAME), encoding='utf-8') - results['SimpleArbiter_mount_result'] = pexpect.run( - 'sudo mount', encoding='utf-8') - results['SimpleArbiter_ls'] = pexpect.run( - 'ls /mnt', encoding='utf-8') - pexpect.run( - 'sudo umount /mnt', encoding='utf-8') - - # Ping the VPN server - sC1.sendline('ping -c 3 {0}'.format( IP_SimpleArbiterVPN )) - sC1.prompt() - results['VPNClient1_ping_VPN_server'] = sC1.before - - sC1.sendline('/sbin/ifconfig -a') - sC1.prompt() - results['VPNClient1_ifconfig'] = sC1.before - - sC1.sendline('ps xa') - sC1.prompt() - results['VPNClient1_ps'] = sC1.before - sC1.logout() - - return results - -def gen_params(user_id, params_meta): - params = dict() - #Tukaj sem generiral te tri parametre (ime skupne skrivnosti je heidi ) - #(ime imenika kjer naj bo shranjena skupna skrivnost naj bo openvpn) - #(HASH bo naključno generiran niz iz user_id s katerim se bo preverjalo plagiatorstvo) - import random - r = random.Random(user_id) - net = kpov_util.IPv4_subnet_gen(r, '10.168.0.0/16', 24) - params['IP_VPNClient1'], params['IP_SimpleArbiterVPN'] = kpov_util.IPv4_addr_gen(r, net, 2) - params['DIRNAME'] = kpov_util.fname_gen(r, extension=False) - params['secret_random_seed']=str(r.random()) - return params - - -def task_check(results, params): - import re - score = 0 - hints = [] - - IP_SA = params['IP_SimpleArbiterVPN'].replace('.', '\.') - IP_C1 = params['IP_VPNClient1'].replace('.', '\.') - rs = r"tap0: flags=.* mtu 1500\r\n +inet {}".format(IP_SA) - if re.search(rs, - results['SimpleArbiter_ifconfig']): - score += 1 - else: - hints.append("ifconfig on SimpleArbiter not OK") - - if re.search( - "PING.*\r\n64 bytes from {}: icmp_seq=[0-9]+ ttl=64 time=[0-9.]* ms".format(IP_C1), - results['SimpleArbiter_ping_C1']): - score += 1 - else: - hints.append("ping from server not OK") - rs = "1 +{0} \({0}\)".format(IP_C1) - if re.search(rs, results['SimpleArbiter_traceroute']): - score += 1 - else: - hints.append("traceroute not OK") - if results['VPNClient1_nfs_access_control_list'].find( - '/home/test/' + params['DIRNAME'] + ' ') >= 0: - score += 1 - if results['SimpleArbiter_mount_result'].find( - '{}:/home/test/{} on /mnt type nfs'.format( - params['IP_VPNClient1'], params['DIRNAME'])): - score += 1 - else: - hints.append("mount not OK") - - # get r into the correct state - r = random.Random(params['secret_random_seed']) - s = "\n".join(["".join([r.choice("0123456789abcdef") for i in range(32)]) - for i in range(16)]) - keyfile = kpov_util.fname_gen(r, extension=False) - - # now check the filenames - fnames_ok = True - for i in range(3): - fname = kpov_util.fname_gen(r, False) - foo = kpov_util.fortune(r, 4096) - pos = results['SimpleArbiter_ls'].find(fname + '.txt') - fnames_ok = fnames_ok and pos >= 0 - if fnames_ok: - score += 2 - else: - hints.append("shared filenames not OK:") - - # Ping the VPN server - if re.search( - "PING.*\r\n64 bytes from {}: icmp_seq=[0-9]+ ttl=64 time=[0-9.]* ms".format(IP_SA), - results['VPNClient1_ping_VPN_server']): - score += 1 - else: - hints.append("ping from client not OK") - - rs = r"tap0: flags=.* mtu 1500\r\n +inet {}".format(IP_C1) - if re.search(rs, results['VPNClient1_ifconfig']): - score += 1 - else: - hints.append("ifconfig on VPNClient1 not OK") - - if results['VPNClient1_ps'].find('openvpn') > 0: - score += 1 - else: - hints.append("openvpn not found running on VPNClient") - return score, hints - -def prepare_disks(templates, task_params, global_params): - #guestmount -a d -m /dev/VG/LV -m /dev/sda1:/boot --ro /mnt - #asistent je pocasnela :) - import random - r = random.Random(task_params['secret_random_seed']) - s = "\n".join([ - "".join([r.choice("0123456789abcdef") for i in range(32)]) - for i in range(16)]) - s = """# -# 2048 bit OpenVPN static key -# ------BEGIN OpenVPN Static key V1----- -{} ------END OpenVPN Static key V1----- -""".format(s) - keyfile = kpov_util.fname_gen(r, extension=False) + ".key" - templates['simpleArbiterDhcpGWVPN'].write("/etc/openvpn/secret.key", s) - netaddr_s = """auto tap0 -iface tap0 inet static - openvpn server - pre-up tunctl -t tap0 - address {} - netmask 255.255.255.0 -""".format(task_params['IP_SimpleArbiterVPN']) - templates['simpleArbiterDhcpGWVPN'].write_append("/etc/network/interfaces", netaddr_s) - for i in range(3): - fname = kpov_util.fname_gen(r, False) - templates['simpleArbiterDhcpGWVPN'].write( - "/srv/smb/" + fname + '.txt', - kpov_util.fortune(r, 4096)) - write_default_config(templates['simpleArbiterDhcpGWVPN'], global_params) - templates['student-VPNClient1'].write("/home/student/" + keyfile, s) - # uid, gid (student = ) - templates['student-VPNClient1'].chown(1000, 1000, "/home/student/" + keyfile) - - write_default_config(templates['simpleArbiterDhcpGWVPN'], global_params) -- cgit v1.2.1