From 36c4d52f9917a83bd7d8c677be77133905afabb4 Mon Sep 17 00:00:00 2001 From: "mp7462@student.uni-lj.si" Date: Sat, 20 Dec 2014 22:55:03 +0000 Subject: Added .key check in /vpn directory. Added checks for directory access in the NFS access control list. git-svn-id: https://svn.lusy.fri.uni-lj.si/kpov-public-svn/kpov-public@108 5cf9fbd1-b2bc-434c-b4b7-e852f4f63414 --- kpov_judge/tasks/openvpn_simple_smb/task.py | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) (limited to 'kpov_judge') diff --git a/kpov_judge/tasks/openvpn_simple_smb/task.py b/kpov_judge/tasks/openvpn_simple_smb/task.py index d6cfae1..77b5f64 100644 --- a/kpov_judge/tasks/openvpn_simple_smb/task.py +++ b/kpov_judge/tasks/openvpn_simple_smb/task.py @@ -8,8 +8,8 @@ instructions = { Postavi tri navidezne racunalnike - SimpleArbiter z diska SimpleArbiterVPN ter VPNClient1 in VPNClient2, ki jima nastavite pravilne mrežne nastavitve (medsebojna povezava in povezava na splet). Na vse racunalnike namestite OpenVPN in program za nadzor nad virtualnimi napravami (s katerim kreirate napravo tap). -Strežnik SimpleArbiterVPN naj generira skupno skrivnost (*.key),katero shranite v imenik /vpn in jo na VPNCLient uporabite skupaj z konfiguracijsko -datoteko za OpenVPN povezavo. Nato poskrbite, da bo VPNClient na navideznem omrežju prek NFS omogočil +Strežnik SimpleArbiterVPN naj generira skupno skrivnost (*.key), katero shranite v imenik /vpn in jo na VPNCLient uporabite +skupaj z konfiguracijsko datoteko za OpenVPN povezavo. Nato poskrbite, da bo VPNClient na navideznem omrežju prek NFS omogočil dostop do imenika /home/test/IME_IMENIKA, pri čemer IME_IMENIKA preberite na SimpleArbiter. V ta imenik skopirajte datoteke, ki so prek SMB dostopne na SimpleArbiter. """ @@ -30,7 +30,8 @@ computers = { # http://linux.die.net/man/1/nmap 'SimpleArbiter': { 'disks': [ - { 'name': 'SimpleArbiterVPN', + { + 'name': 'SimpleArbiterVPN', # attempt automount }, #{ 'name': 'CDROM', @@ -203,7 +204,7 @@ def task(IP_SimpleArbiterVPN, DNS_SimpleArbiterVPN, IP_VPNClient1, DNS_VPNClient # Check if the VPN is set up # Returns 1 if ok, else 0 - sA.sendline('ls /sys/class/net/ | grep "tap0"') + sA.sendline('ls /sys/class/net/ | grep -ci "tap0"') sA.prompt() output = sA.before output.split('\n')[1] @@ -211,7 +212,7 @@ def task(IP_SimpleArbiterVPN, DNS_SimpleArbiterVPN, IP_VPNClient1, DNS_VPNClient # Check if the VPN server is running # Returns 1 if ok, else 0 - sA.sendline('ls /sys/class/net | grep "tun0"') + sA.sendline('ls /sys/class/net | grep -ci "tun0"') sA.prompt() output = sA.before output.split('\n')[1] @@ -261,6 +262,17 @@ def task(IP_SimpleArbiterVPN, DNS_SimpleArbiterVPN, IP_VPNClient1, DNS_VPNClient sA.prompt() results['SimpleArbiter_nmap_results'] = sA.before + # Checks if .key file is in the /vpn directory + sA.sendline('ls /vpn | egrep "\.key"') + sA.prompt() + output = sA.before + results['SimpleArbiter_dir_vpn_contents'] = output + + # Checks if NFS access control list allows directory /home/test/IME_IMENIKA + sA.sendline('cat /etc/exports') + sA.prompt() + output = sA.before + results['SimpleArbiter_nfs_access_control_list'] = output ###### @@ -285,12 +297,6 @@ def task(IP_SimpleArbiterVPN, DNS_SimpleArbiterVPN, IP_VPNClient1, DNS_VPNClient results['VPNClient2_ping_VPN_server'] = output - - # TODO: (polz) please, add some sort of check to verify that the user created the neccessarry keys. - # - - - sA.logout() sC1.logout() sC2.logout() -- cgit v1.2.1