diff --git a/VM_APACHE.sh b/VM_APACHE.sh index d5e7a51..ccf0a58 100644 --- a/VM_APACHE.sh +++ b/VM_APACHE.sh @@ -1,21 +1,9 @@ #!/bin/sh -# Configuração para a máquina virtual de CentOS 9 -# que contém o APACHE server. -# Rede interna (enp0s8) source VM_CONFIG.sh - -# --- variaveis aqui pf joao fr fr fr aaaaa ---# -helloworld="print" if_dentro="enp0s8" ip_dentro="10.60.0.2" - -# --- instalar packages --- -sudo yum install -y epel-release sudo yum install -y openssl apache - -# --- interfaces --- ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 - -cp httpd.conf /etc/httpd/conf/ -cp ssl.conf /etc/httpd/conf.d/ +cp conf/httpd.conf /etc/httpd/conf/ +cp conf/ssl.conf /etc/httpd/conf.d/ diff --git a/VM_OPENSSL.sh b/VM_OPENSSL.sh index 97e1a0b..67daadf 100644 --- a/VM_OPENSSL.sh +++ b/VM_OPENSSL.sh @@ -1,11 +1,7 @@ #!/bin/bash -# Configuração para a máquina virtual de CentOS 9 -# que contém o OPENSSL server. -# Rede interna (enp0s8) source VM_CONFIG.sh - if_dentro="enp0s8" ip_dentro="10.60.0.1" ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 -cp openssl.cnf /etc/pki/tls/ +cp conf/openssl.cnf /etc/pki/tls/ diff --git a/VM_ROAD_WARRIOR.sh b/VM_ROAD_WARRIOR.sh index 15522f8..e2cd96c 100644 --- a/VM_ROAD_WARRIOR.sh +++ b/VM_ROAD_WARRIOR.sh @@ -1,20 +1,15 @@ #!/bin/bash -# O road warrior ou gateway client liga a vpn gateway -# Via a rede externa 193.136.212.0/24 -# Rede externa (enp0s8) - -bash VM_CONFIG.sh - -# --- interfaces --- # +# --- configuração --- # +source VM_CONFIG.sh ifconfig enp0s8 193.136.212.10 netmask 255.255.255.0 -route add default gw 193.136.212.1 # default gateway LIKE A SHEEP +route add default gw 193.136.212.1 -# copiar tudo +# --- vpn client --- # vpn_dir="/etc/openvpn/client/" cp ca/ta.key $vpn_dir cp ca/ca.crt $vpn_dir cp ca/user.key $vpn_dir cp ca/user.crt $vpn_dir -cp client.conf $vpn_dir +cp conf/client.conf $vpn_dir openvpn --config "${vpn_dir}/client.conf" diff --git a/VM_VPN_GATEWAY.sh b/VM_VPN_GATEWAY.sh index 4c91415..c397c95 100644 --- a/VM_VPN_GATEWAY.sh +++ b/VM_VPN_GATEWAY.sh @@ -1,46 +1,27 @@ #!/bin/bash -# Temos que configurar a VPN gateway (duh) -# O gateway client é o VM_ROAD_WARRIOR :) -# -# O gateway client é a pont entre a rede externa 193.136.212.0/24 -# E a rede interna 10.60.0.0/24 - # NOTE(vasco): # Ao configurar a maquina virtual em si deixei a rede externa primeiro (enp0s8) # E a rede interna como a segunda interface (enp0s9). +# --- configuração --- # source VM_CONFIG.sh +yum install -y google-authenticator -# --- variaveis aqui pf joao fr fr fr aaaaa --- # -helloworld="print" - +# --- forwarding --- # if_fora="enp0s8" ip_fora="193.136.212.1" - if_dentro="enp0s9" ip_dentro="10.60.0.3" - mega_tunel="tun0" ip_mega_tunel="10.8.0.0/24" -# --- interfaces --- # ifconfig $if_fora $ip_fora netmask 255.255.255.0 ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 -# --- ip forwarding --- # echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p /etc/sysctl.conf -# --- nat forwardin de vpn para clientes --- # - -# ????????????????????????????????????????????????????????????????????? -# iptables -I INPUT -i tun0 -j ACCEPT -# iptables -I OUTPUT -o tun0 -j ACCEPT -# echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter -# echo 0 > /proc/sys/net/ipv4/conf/tun0/rp_filter -# echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter - iptables -A INPUT -p udp --dport 1194 -j ACCEPT # :O iptables -A FORWARD -i $mega_tunel -o $if_dentro -j ACCEPT # :P iptables -A FORWARD -i $if_dentro -o $mega_tunel -j ACCEPT # ;) @@ -49,13 +30,13 @@ iptables -A FORWARD -i $if_fora -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D iptables-save > /etc/sysconfig/iptables # :3 -# servidor +# --- vpn server --- # vpn_dir="/etc/openvpn/server" cp ca/ta.key $vpn_dir cp ca/ca.crt $vpn_dir cp ca/vpn.key $vpn_dir cp ca/vpn.crt $vpn_dir -cp vpn.conf $vpn_dir - -# correr serviço +cp ca/dh2048.pem $vpn_dir +cp conf/vpn.conf $vpn_dir +cp conf/totp /etc/pam.d/ systemctl enable --now openvpn-server@vpn.service diff --git a/client.conf b/conf/client.conf similarity index 100% rename from client.conf rename to conf/client.conf diff --git a/httpd.conf b/conf/httpd.conf similarity index 100% rename from httpd.conf rename to conf/httpd.conf diff --git a/openssl.cnf b/conf/openssl.cnf similarity index 100% rename from openssl.cnf rename to conf/openssl.cnf diff --git a/ssl.conf b/conf/ssl.conf similarity index 100% rename from ssl.conf rename to conf/ssl.conf diff --git a/conf/totp b/conf/totp new file mode 100644 index 0000000..9e89fee --- /dev/null +++ b/conf/totp @@ -0,0 +1,3 @@ +auth required pam_unix.so workaround_procrastination +auth required pam_google_authenticator.so +account required pam_unix.so diff --git a/vpn.conf b/conf/vpn.conf similarity index 70% rename from vpn.conf rename to conf/vpn.conf index efd7cc3..38be1fc 100644 --- a/vpn.conf +++ b/conf/vpn.conf @@ -18,5 +18,6 @@ topology subnet cipher AES-256-GCM auth SHA256 -plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login +# plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login +plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so totp tls-auth /etc/openvpn/server/ta.key 0 diff --git a/relatorio/relatorio.aux b/relatorio/relatorio.aux index b659f9f..1e61aed 100644 --- a/relatorio/relatorio.aux +++ b/relatorio/relatorio.aux @@ -4,5 +4,7 @@ \catcode `"\active \babel@aux{portuguese}{} \@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{}\protected@file@percent } -\@writefile{toc}{\contentsline {section}{\numberline {2}Conclusion}{2}{}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {2}Configurar TOTP}{2}{}\protected@file@percent } +\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Aceder ao código}{2}{}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {3}Conclusion}{2}{}\protected@file@percent } \gdef \@abspage@last{2} diff --git a/relatorio/relatorio.log b/relatorio/relatorio.log index 277e452..0d22e0d 100644 --- a/relatorio/relatorio.log +++ b/relatorio/relatorio.log @@ -1,4 +1,4 @@ -This is pdfTeX, Version 3.141592653-2.6-1.40.29 (TeX Live 2026/Arch Linux) (preloaded format=pdflatex 2026.4.13) 21 APR 2026 14:33 +This is pdfTeX, Version 3.141592653-2.6-1.40.29 (TeX Live 2026/Arch Linux) (preloaded format=pdflatex 2026.4.13) 21 APR 2026 21:45 entering extended mode \write18 enabled. %&-line parsing enabled. @@ -201,7 +201,9 @@ File: lstlang1.sty 2025/11/14 1.11b listings language file File: lstlang1.sty 2025/11/14 1.11b listings language file ) LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be -(Font) scaled to size 10.0pt on input line 44. +(Font) scaled to size 10.0pt on input line 48. +LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be +(Font) scaled to size 14.4pt on input line 60. [2] (/home/raw/uni/fsi/trabalho/relatorio/relatorio.aux) *********** @@ -210,21 +212,22 @@ L3 programming layer <2026-01-19> *********** ) Here is how much of TeX's memory you used: - 4339 strings out of 469495 - 72086 string characters out of 5470098 - 672829 words of memory out of 5000000 - 32992 multiletter control sequences out of 15000+600000 - 638248 words of font info for 53 fonts, out of 8000000 for 9000 + 4351 strings out of 469495 + 72228 string characters out of 5470098 + 676830 words of memory out of 5000000 + 33004 multiletter control sequences out of 15000+600000 + 640065 words of font info for 54 fonts, out of 8000000 for 9000 16 hyphenation exceptions out of 8191 - 62i,7n,99p,223b,1274s stack positions out of 10000i,1000n,20000p,200000b,200000s + 62i,7n,99p,223b,1206s stack positions out of 10000i,1000n,20000p,200000b,200000s +hare/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt10.pfb> Output written on /home/raw/uni/fsi/trabalho/relatorio/relatorio.pdf (2 pages, -48079 bytes). +58096 bytes). PDF statistics: - 27 PDF objects out of 1000 (max. 8388607) - 16 compressed objects within 1 object stream + 32 PDF objects out of 1000 (max. 8388607) + 19 compressed objects within 1 object stream 0 named destinations out of 1000 (max. 500000) 1 words of extra memory for PDF output out of 10000 (max. 10000000) diff --git a/relatorio/relatorio.pdf b/relatorio/relatorio.pdf index 3ff1509..a7091eb 100644 Binary files a/relatorio/relatorio.pdf and b/relatorio/relatorio.pdf differ diff --git a/relatorio/relatorio.tex b/relatorio/relatorio.tex index c61a9d5..12e741a 100644 --- a/relatorio/relatorio.tex +++ b/relatorio/relatorio.tex @@ -48,6 +48,24 @@ Criar chave secreta. openssl --genkey secret ta.key \end{lstlisting} +\section{Configurar TOTP} + +Foi criado o ficheiro \texttt{totp} com a configuração de autenticação a +ser utilizada pelo plugin de PAM para o openvpn. + +\begin{lstlisting}[language=bash] +plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn +\end{lstlisting} + +\subsection{Aceder ao código} +Primeiro, na gateway, entramos como o utilizador desejado e obtemos a chave +do gerador de palavras passes temporarias. Ao inserir a chave no +\texttt{google authenticator} podemos obter a nossa primeira chave de 6 digitos. + +\begin{lstlisting}[language=bash] +su john +google-authenticator +\end{lstlisting} \section{Conclusion} Conclusão!!! diff --git a/relatorio/relatorio.toc b/relatorio/relatorio.toc index da4a377..610ba9d 100644 --- a/relatorio/relatorio.toc +++ b/relatorio/relatorio.toc @@ -1,3 +1,5 @@ \babel@toc {portuguese}{}\relax \contentsline {section}{\numberline {1}Introduction}{2}{}% -\contentsline {section}{\numberline {2}Conclusion}{2}{}% +\contentsline {section}{\numberline {2}Configurar TOTP}{2}{}% +\contentsline {subsection}{\numberline {2.1}Aceder ao código}{2}{}% +\contentsline {section}{\numberline {3}Conclusion}{2}{}%