diff --git a/relatorio/relatorio.aux b/relatorio/relatorio.aux index 1e61aed..72e4bae 100644 --- a/relatorio/relatorio.aux +++ b/relatorio/relatorio.aux @@ -3,8 +3,12 @@ \@nameuse{bbl@beforestart} \catcode `"\active \babel@aux{portuguese}{} -\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{}\protected@file@percent } -\@writefile{toc}{\contentsline {section}{\numberline {2}Configurar TOTP}{2}{}\protected@file@percent } -\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Aceder ao código}{2}{}\protected@file@percent } -\@writefile{toc}{\contentsline {section}{\numberline {3}Conclusion}{2}{}\protected@file@percent } -\gdef \@abspage@last{2} +\@writefile{toc}{\contentsline {section}{\numberline {1}Introdução}{2}{}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {2}Criação de certificados}{2}{}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {3}Configuração da \textit {Gateway} VPN}{3}{}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {4}Configurar TOTP}{3}{}\protected@file@percent } +\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Aceder ao código}{3}{}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {5}Revocation e OCSP}{3}{}\protected@file@percent } +\@writefile{toc}{\contentsline {subsection}{\numberline {5.1}Testar OSCP via revoke}{3}{}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {6}Conclusion}{4}{}\protected@file@percent } +\gdef \@abspage@last{4} diff --git a/relatorio/relatorio.log b/relatorio/relatorio.log index 0d22e0d..74aac1b 100644 --- a/relatorio/relatorio.log +++ b/relatorio/relatorio.log @@ -1,4 +1,4 @@ -This is pdfTeX, Version 3.141592653-2.6-1.40.29 (TeX Live 2026/Arch Linux) (preloaded format=pdflatex 2026.4.13) 21 APR 2026 21:45 +This is pdfTeX, Version 3.141592653-2.6-1.40.29 (TeX Live 2026/Arch Linux) (preloaded format=pdflatex 2026.4.13) 24 APR 2026 10:42 entering extended mode \write18 enabled. %&-line parsing enabled. @@ -8,8 +8,8 @@ LaTeX2e <2025-11-01> L3 programming layer <2026-01-19> (/usr/share/texmf-dist/tex/latex/base/article.cls Document Class: article 2025/01/22 v1.4n Standard LaTeX document class -(/usr/share/texmf-dist/tex/latex/base/size12.clo -File: size12.clo 2025/01/22 v1.4n Standard LaTeX file (size option) +(/usr/share/texmf-dist/tex/latex/base/size11.clo +File: size11.clo 2025/01/22 v1.4n Standard LaTeX file (size option) ) \c@part=\count275 \c@section=\count276 @@ -134,18 +134,39 @@ Package: listings 2025/11/14 1.11b (Carsten Heinz) but found: 2025/11/14 1.11b (Carsten Heinz) so I'm assuming it got fixed. +(/usr/share/texmf-dist/tex/latex/booktabs/booktabs.sty +Package: booktabs 2020/01/12 v1.61803398 Publication quality tables +\heavyrulewidth=\dimen154 +\lightrulewidth=\dimen155 +\cmidrulewidth=\dimen156 +\belowrulesep=\dimen157 +\belowbottomsep=\dimen158 +\aboverulesep=\dimen159 +\abovetopsep=\dimen160 +\cmidrulesep=\dimen161 +\cmidrulekern=\dimen162 +\defaultaddspace=\dimen163 +\@cmidla=\count294 +\@cmidlb=\count295 +\@aboverulesep=\dimen164 +\@belowrulesep=\dimen165 +\@thisruleclass=\count296 +\@lastruleclass=\count297 +\@thisrulewidth=\dimen166 +) LaTeX Font Info: Trying to load font information for OT1+EBGaramond-LF on in -put line 33. +put line 34. + (/usr/share/texmf-dist/tex/latex/ebgaramond/OT1EBGaramond-LF.fd File: OT1EBGaramond-LF.fd 2023/03/19 (autoinst) Font definitions for OT1/EBGara mond-LF. ) LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be -(Font) scaled to size 12.0pt on input line 33. +(Font) scaled to size 10.95pt on input line 34. (/usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def File: l3backend-pdftex.def 2025-10-09 L3 backend support: PDF output (pdfTeX) -\l__color_backend_stack_int=\count294 +\l__color_backend_stack_int=\count298 ) (/home/raw/uni/fsi/trabalho/relatorio/relatorio.aux Package babel Info: 'portuguese' activates 'portuges' shorthands. @@ -153,39 +174,45 @@ Package babel Info: 'portuguese' activates 'portuges' shorthands. ) \openout1 = `relatorio.aux'. -LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 33. -LaTeX Font Info: ... okay on input line 33. -LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 33. -LaTeX Font Info: ... okay on input line 33. -LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 33. -LaTeX Font Info: ... okay on input line 33. -LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 33. -LaTeX Font Info: ... okay on input line 33. -LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 33. -LaTeX Font Info: ... okay on input line 33. -LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 33. -LaTeX Font Info: ... okay on input line 33. -LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 33. -LaTeX Font Info: ... okay on input line 33. -\c@mv@tabular=\count295 -\c@mv@boldtabular=\count296 -\c@lstlisting=\count297 -LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be -(Font) scaled to size 20.74pt on input line 34. -LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be -(Font) scaled to size 14.4pt on input line 34. -LaTeX Font Info: External font `cmex10' loaded for size -(Font) <14.4> on input line 34. -LaTeX Font Info: External font `cmex10' loaded for size -(Font) <7> on input line 34. +LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 34. +LaTeX Font Info: ... okay on input line 34. +LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 34. +LaTeX Font Info: ... okay on input line 34. +LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 34. +LaTeX Font Info: ... okay on input line 34. +LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 34. +LaTeX Font Info: ... okay on input line 34. +LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 34. +LaTeX Font Info: ... okay on input line 34. +LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 34. +LaTeX Font Info: ... okay on input line 34. +LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 34. +LaTeX Font Info: ... okay on input line 34. +\c@mv@tabular=\count299 +\c@mv@boldtabular=\count300 +\c@lstlisting=\count301 LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be (Font) scaled to size 17.28pt on input line 35. +LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be +(Font) scaled to size 12.0pt on input line 35. +LaTeX Font Info: External font `cmex10' loaded for size +(Font) <12> on input line 35. +LaTeX Font Info: External font `cmex10' loaded for size +(Font) <8> on input line 35. +LaTeX Font Info: External font `cmex10' loaded for size +(Font) <6> on input line 35. +LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be +(Font) scaled to size 14.4pt on input line 36. LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be -(Font) scaled to size 17.28pt on input line 35. +(Font) scaled to size 14.4pt on input line 36. (/home/raw/uni/fsi/trabalho/relatorio/relatorio.toc LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be -(Font) scaled to size 12.0pt on input line 2. +(Font) scaled to size 10.95pt on input line 2. +LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/it' will be +(Font) scaled to size 10.95pt on input line 4. +LaTeX Font Info: External font `cmex10' loaded for size +(Font) <10.95> on input line 6. ) \tf@toc=\write3 \openout3 = `relatorio.toc'. @@ -193,18 +220,28 @@ LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be [1 {/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texmf-dist/fonts -/enc/dvips/ebgaramond/ebg_dacnth.enc}] (/usr/share/texmf-dist/tex/latex/listing -s/lstlang1.sty +/enc/dvips/ebgaramond/ebg_dacnth.enc}{/usr/share/texmf-dist/fonts/enc/dvips/ebg +aramond/ebg_3uowis.enc}] +Overfull \hbox (16.09543pt too wide) in paragraph at lines 54--61 +[][] + [] + +(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty File: lstlang1.sty 2025/11/14 1.11b listings language file ) (/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty File: lstlang1.sty 2025/11/14 1.11b listings language file ) LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be -(Font) scaled to size 10.0pt on input line 48. +(Font) scaled to size 9.0pt on input line 67. +LaTeX Font Info: Font shape `OT1/cmtt/bx/n' in size <9> not available +(Font) Font shape `OT1/cmtt/m/n' tried instead on input line 76. + [2{/usr/share/texmf-dist/fonts/enc/dvips/cm-super/cm-super-ts1.enc}] +LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/it' will be +(Font) scaled to size 14.4pt on input line 93. LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be -(Font) scaled to size 14.4pt on input line 60. - [2] +(Font) scaled to size 12.0pt on input line 106. + [3] [4] (/home/raw/uni/fsi/trabalho/relatorio/relatorio.aux) *********** LaTeX2e <2025-11-01> @@ -212,22 +249,24 @@ L3 programming layer <2026-01-19> *********** ) Here is how much of TeX's memory you used: - 4351 strings out of 469495 - 72228 string characters out of 5470098 - 676830 words of memory out of 5000000 - 33004 multiletter control sequences out of 15000+600000 - 640065 words of font info for 54 fonts, out of 8000000 for 9000 + 4481 strings out of 469495 + 74067 string characters out of 5470098 + 852951 words of memory out of 5000000 + 33120 multiletter control sequences out of 15000+600000 + 646339 words of font info for 65 fonts, out of 8000000 for 9000 16 hyphenation exceptions out of 8191 - 62i,7n,99p,223b,1206s stack positions out of 10000i,1000n,20000p,200000b,200000s + 62i,7n,99p,223b,1810s stack positions out of 10000i,1000n,20000p,200000b,200000s -Output written on /home/raw/uni/fsi/trabalho/relatorio/relatorio.pdf (2 pages, -58096 bytes). +t/fonts/type1/public/amsfonts/cm/cmtt9.pfb> +Output written on /home/raw/uni/fsi/trabalho/relatorio/relatorio.pdf (4 pages, +94582 bytes). PDF statistics: - 32 PDF objects out of 1000 (max. 8388607) - 19 compressed objects within 1 object stream + 50 PDF objects out of 1000 (max. 8388607) + 31 compressed objects within 1 object stream 0 named destinations out of 1000 (max. 500000) 1 words of extra memory for PDF output out of 10000 (max. 10000000) diff --git a/relatorio/relatorio.pdf b/relatorio/relatorio.pdf index a7091eb..7b9c456 100644 Binary files a/relatorio/relatorio.pdf and b/relatorio/relatorio.pdf differ diff --git a/relatorio/relatorio.tex b/relatorio/relatorio.tex index 0c31300..236e739 100644 --- a/relatorio/relatorio.tex +++ b/relatorio/relatorio.tex @@ -1,7 +1,8 @@ -\documentclass[12pt,a4paper]{article} +\documentclass[11pt,a4paper]{article} \usepackage[portuguese]{babel} \usepackage[lining]{ebgaramond} \usepackage{listings} +\usepackage{booktabs} % \usepa @@ -35,12 +36,54 @@ \tableofcontents \newpage -\section{Introduction} -Introdução!!!! +\section{Introdução} +Este projecto tem como âmbito implementar uma rede virtual privada (VPN) em um cenário de road-warrior, +ou seja, onde o administrador de acesso da rede é o cliente ou tem acesso a ele. + +Para tal, foi implementado um servidor e um cliente OpenVPN, certificados por uma autoriadade central (CA) +que em si é self-signed. Para além disto, foi implementado um sistema de autenticação de dois factores +através do plugin google-authenticator para o OpenVPN. + +Existe ainda um servidor Apache e um servidro de OpenSSL OCSP. Para simpliflicar, a elaboração do +projecto foram colocados na mesma maquina virtual, mas por razoes de seguranca poderia querer ter +estes serviços separados. + +Temos então três máquinas virtuais: + +\begin{tabular}{l l l} + + {\bf Nome} & {\bf Script} & {\bf Rede} \\\toprule + Road Warrior & VM\_ROAD\_WARRIOR.sh & Rede Externa 193.168.0.0/24 \\ + VPN Gateway & VM\_OPENVPN\_GATEWAY.sh & Router \\ + OpenSSL / Apache & VM\_OPENSSL\_APACHE.sh & Reder Interna 10.60.0.0/24 \\ +\end{tabular} + + + + +\section{Criação de certificados} Criar chaves com 2048 bits. \begin{lstlisting}[language=bash] +cert_ca="/C=PT/ST=Coimbra/L=Coimbra/O=UC/CN=CoimbraVPN" +cert_vpn="/C=PT/ST=Coimbra/L=Coimbra/O=UC/CN=gateway" +cert_user="/C=PT/ST=Coimbra/L=Coimbra/O=UC/CN=warrior" +cert_apache="/C=PT/ST=Coimbra/L=Coimbra/O=UC/CN=apache.coimbra" + +openssl genrsa -out "ca.key" 2048 +openssl req -x509 -nodes -days 365 -key "ca.key" -out "ca.crt" -subj "$cert_ca" +openssl genrsa -out "vpn.key" 2048 +openssl req -new -key "vpn.key" -out "vpn.csr" -subj "$cert_vpn" +openssl ca -batch -in "vpn.csr" -cert "ca.crt" -keyfile "ca.key" -out "vpn.crt" -config cheese.cfg +openssl dhparam -out "dh2048.pem" 2048 +openvpn --genkey secret "ta.key" +openssl genrsa -out user.key +openssl req -new -key user.key -out user.csr -subj "$cert_user" +openssl ca -batch -in "user.csr" -cert "ca.crt" -keyfile "ca.key" -out "user.crt" -config cheese.cfg +openssl genrsa -out apache.key +openssl req -new -key apache.key -out apache.csr -subj "$cert_apache" -addext "subjectAltName = IP:10.60.0.1,DNS:apache" +openssl ca -batch -in "apache.csr" -cert "ca.crt" -keyfile "ca.key" -out "apache.crt" -config cheese.cfg \end{lstlisting} Criar chave secreta. @@ -48,13 +91,18 @@ Criar chave secreta. openssl --genkey secret ta.key \end{lstlisting} + +\section{Configuração da \textit{Gateway} VPN} + \section{Configurar TOTP} + + Foi criado o ficheiro \texttt{totp} com a configuração de autenticação a ser utilizada pelo plugin de PAM para o openvpn. \begin{lstlisting}[language=bash] -plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn +plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so totp \end{lstlisting} \subsection{Aceder ao código} @@ -70,12 +118,14 @@ google-authenticator \section{Revocation e OCSP} \subsection{Testar OSCP via revoke} -1. Conectar ao VPN e ver que funciona -2. Na maquina host, nao nas vms, na repo mesmo. -3. revogar o certificado via openssl - -revoke user.crt -config cheese.cfg -keyfile ca.key -cert ca.crt -4.Fechae OSCP e correr VM_OPENSSL novamente (copiar index.txt e serial?) -5. Tentar outra vez e ver que de facto falha + +\begin{enumerate} + \item Conectar ao VPN e ver que funciona + \item Na maquina host, nao nas vms, na repo mesmo. + \item revogar o certificado via openssl -revoke user.crt -config cheese.cfg -keyfile ca.key -cert ca.crt + \item Fechae OSCP e correr VM\_OPENSSL novamente (copiar index.txt e serial?) + \item Tentar outra vez e ver que de facto falha +\end{enumerate} diff --git a/relatorio/relatorio.toc b/relatorio/relatorio.toc index 610ba9d..cce52ba 100644 --- a/relatorio/relatorio.toc +++ b/relatorio/relatorio.toc @@ -1,5 +1,9 @@ \babel@toc {portuguese}{}\relax -\contentsline {section}{\numberline {1}Introduction}{2}{}% -\contentsline {section}{\numberline {2}Configurar TOTP}{2}{}% -\contentsline {subsection}{\numberline {2.1}Aceder ao código}{2}{}% -\contentsline {section}{\numberline {3}Conclusion}{2}{}% +\contentsline {section}{\numberline {1}Introdução}{2}{}% +\contentsline {section}{\numberline {2}Criação de certificados}{2}{}% +\contentsline {section}{\numberline {3}Configuração da \textit {Gateway} VPN}{3}{}% +\contentsline {section}{\numberline {4}Configurar TOTP}{3}{}% +\contentsline {subsection}{\numberline {4.1}Aceder ao código}{3}{}% +\contentsline {section}{\numberline {5}Revocation e OCSP}{3}{}% +\contentsline {subsection}{\numberline {5.1}Testar OSCP via revoke}{3}{}% +\contentsline {section}{\numberline {6}Conclusion}{4}{}%