vasco/FSI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

totp

Browse Source
This commit is contained in:
Vasco
2026-04-21 21:48:31 +01:00
parent 97c8b30452
commit f8b9d52a96
15 changed files with 59 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
VM_APACHE.sh
View File

@@ -1,21 +1,9 @@
#!/bin/sh #!/bin/sh
# Configuração para a máquina virtual de CentOS 9
# que contém o APACHE server.
# Rede interna (enp0s8)
source VM_CONFIG.sh source VM_CONFIG.sh
# --- variaveis aqui pf joao fr fr fr aaaaa ---#
helloworld="print"
if_dentro="enp0s8" if_dentro="enp0s8"
ip_dentro="10.60.0.2" ip_dentro="10.60.0.2"
# --- instalar packages ---
sudo yum install -y epel-release
sudo yum install -y openssl apache sudo yum install -y openssl apache
# --- interfaces ---
ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
cp conf/httpd.conf /etc/httpd/conf/
cp httpd.conf /etc/httpd/conf/ cp conf/ssl.conf /etc/httpd/conf.d/
cp ssl.conf /etc/httpd/conf.d/

6
VM_OPENSSL.sh
View File

@@ -1,11 +1,7 @@
#!/bin/bash #!/bin/bash
# Configuração para a máquina virtual de CentOS 9
# que contém o OPENSSL server.
# Rede interna (enp0s8)
source VM_CONFIG.sh source VM_CONFIG.sh
if_dentro="enp0s8" if_dentro="enp0s8"
ip_dentro="10.60.0.1" ip_dentro="10.60.0.1"
ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
cp openssl.cnf /etc/pki/tls/ cp conf/openssl.cnf /etc/pki/tls/

15
VM_ROAD_WARRIOR.sh
View File

@@ -1,20 +1,15 @@
#!/bin/bash #!/bin/bash
# O road warrior ou gateway client liga a vpn gateway # --- configuração --- #
# Via a rede externa 193.136.212.0/24 source VM_CONFIG.sh
# Rede externa (enp0s8)
bash VM_CONFIG.sh
# --- interfaces --- #
ifconfig enp0s8 193.136.212.10 netmask 255.255.255.0 ifconfig enp0s8 193.136.212.10 netmask 255.255.255.0
route add default gw 193.136.212.1 # default gateway LIKE A SHEEP route add default gw 193.136.212.1
# copiar tudo # --- vpn client --- #
vpn_dir="/etc/openvpn/client/" vpn_dir="/etc/openvpn/client/"
cp ca/ta.key $vpn_dir cp ca/ta.key $vpn_dir
cp ca/ca.crt $vpn_dir cp ca/ca.crt $vpn_dir
cp ca/user.key $vpn_dir cp ca/user.key $vpn_dir
cp ca/user.crt $vpn_dir cp ca/user.crt $vpn_dir
cp client.conf $vpn_dir cp conf/client.conf $vpn_dir
openvpn --config "${vpn_dir}/client.conf" openvpn --config "${vpn_dir}/client.conf"

33
VM_VPN_GATEWAY.sh
View File

@@ -1,46 +1,27 @@
#!/bin/bash #!/bin/bash
# Temos que configurar a VPN gateway (duh)
# O gateway client é o VM_ROAD_WARRIOR :)
#
# O gateway client é a pont entre a rede externa 193.136.212.0/24
# E a rede interna 10.60.0.0/24
# NOTE(vasco): # NOTE(vasco):
# Ao configurar a maquina virtual em si deixei a rede externa primeiro (enp0s8) # Ao configurar a maquina virtual em si deixei a rede externa primeiro (enp0s8)
# E a rede interna como a segunda interface (enp0s9). # E a rede interna como a segunda interface (enp0s9).
# --- configuração --- #
source VM_CONFIG.sh source VM_CONFIG.sh
yum install -y google-authenticator
# --- variaveis aqui pf joao fr fr fr aaaaa --- # # --- forwarding --- #
helloworld="print"
if_fora="enp0s8" if_fora="enp0s8"
ip_fora="193.136.212.1" ip_fora="193.136.212.1"
if_dentro="enp0s9" if_dentro="enp0s9"
ip_dentro="10.60.0.3" ip_dentro="10.60.0.3"
mega_tunel="tun0" mega_tunel="tun0"
ip_mega_tunel="10.8.0.0/24" ip_mega_tunel="10.8.0.0/24"
# --- interfaces --- #
ifconfig $if_fora $ip_fora netmask 255.255.255.0 ifconfig $if_fora $ip_fora netmask 255.255.255.0
ifconfig $if_dentro $ip_dentro netmask 255.255.255.0 ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
# --- ip forwarding --- #
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf sysctl -p /etc/sysctl.conf
# --- nat forwardin de vpn para clientes --- #
# ?????????????????????????????????????????????????????????????????????
# iptables -I INPUT -i tun0 -j ACCEPT
# iptables -I OUTPUT -o tun0 -j ACCEPT
# echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
# echo 0 > /proc/sys/net/ipv4/conf/tun0/rp_filter
# echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
iptables -A INPUT -p udp --dport 1194 -j ACCEPT # :O iptables -A INPUT -p udp --dport 1194 -j ACCEPT # :O
iptables -A FORWARD -i $mega_tunel -o $if_dentro -j ACCEPT # :P iptables -A FORWARD -i $mega_tunel -o $if_dentro -j ACCEPT # :P
iptables -A FORWARD -i $if_dentro -o $mega_tunel -j ACCEPT # ;) iptables -A FORWARD -i $if_dentro -o $mega_tunel -j ACCEPT # ;)
@@ -49,13 +30,13 @@ iptables -A FORWARD -i $if_fora -m state --state ESTABLISHED,RELATED -j ACCEPT #
iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D
iptables-save > /etc/sysconfig/iptables # :3 iptables-save > /etc/sysconfig/iptables # :3
# servidor # --- vpn server --- #
vpn_dir="/etc/openvpn/server" vpn_dir="/etc/openvpn/server"
cp ca/ta.key $vpn_dir cp ca/ta.key $vpn_dir
cp ca/ca.crt $vpn_dir cp ca/ca.crt $vpn_dir
cp ca/vpn.key $vpn_dir cp ca/vpn.key $vpn_dir
cp ca/vpn.crt $vpn_dir cp ca/vpn.crt $vpn_dir
cp vpn.conf $vpn_dir cp ca/dh2048.pem $vpn_dir
cp conf/vpn.conf $vpn_dir
# correr serviço cp conf/totp /etc/pam.d/
systemctl enable --now openvpn-server@vpn.service systemctl enable --now openvpn-server@vpn.service

0
client.conf → conf/client.conf
View File

0
httpd.conf → conf/httpd.conf
View File

0
openssl.cnf → conf/openssl.cnf
View File

0
ssl.conf → conf/ssl.conf
View File

3
conf/totp Normal file
View File

@@ -0,0 +1,3 @@
auth required pam_unix.so workaround_procrastination
auth required pam_google_authenticator.so
account required pam_unix.so

3
vpn.conf → conf/vpn.conf
View File

@@ -18,5 +18,6 @@ topology subnet
cipher AES-256-GCM cipher AES-256-GCM
auth SHA256 auth SHA256
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login # plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so totp
tls-auth /etc/openvpn/server/ta.key 0 tls-auth /etc/openvpn/server/ta.key 0

4
relatorio/relatorio.aux
View File

@@ -4,5 +4,7 @@
\catcode `"\active \catcode `"\active
\babel@aux{portuguese}{} \babel@aux{portuguese}{}
\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{}\protected@file@percent } \@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {2}Conclusion}{2}{}\protected@file@percent } \@writefile{toc}{\contentsline {section}{\numberline {2}Configurar TOTP}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Aceder ao código}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {3}Conclusion}{2}{}\protected@file@percent }
\gdef \@abspage@last{2} \gdef \@abspage@last{2}

27
relatorio/relatorio.log
View File

@@ -1,4 +1,4 @@
This is pdfTeX, Version 3.141592653-2.6-1.40.29 (TeX Live 2026/Arch Linux) (preloaded format=pdflatex 2026.4.13) 21 APR 2026 14:33 This is pdfTeX, Version 3.141592653-2.6-1.40.29 (TeX Live 2026/Arch Linux) (preloaded format=pdflatex 2026.4.13) 21 APR 2026 21:45
entering extended mode entering extended mode
\write18 enabled. \write18 enabled.
%&-line parsing enabled. %&-line parsing enabled.
@@ -201,7 +201,9 @@ File: lstlang1.sty 2025/11/14 1.11b listings language file
File: lstlang1.sty 2025/11/14 1.11b listings language file File: lstlang1.sty 2025/11/14 1.11b listings language file
) )
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
(Font) scaled to size 10.0pt on input line 44. (Font) scaled to size 10.0pt on input line 48.
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be
(Font) scaled to size 14.4pt on input line 60.
[2] [2]
(/home/raw/uni/fsi/trabalho/relatorio/relatorio.aux) (/home/raw/uni/fsi/trabalho/relatorio/relatorio.aux)
*********** ***********
@@ -210,21 +212,22 @@ L3 programming layer <2026-01-19>
*********** ***********
) )
Here is how much of TeX's memory you used: Here is how much of TeX's memory you used:
4339 strings out of 469495 4351 strings out of 469495
72086 string characters out of 5470098 72228 string characters out of 5470098
672829 words of memory out of 5000000 676830 words of memory out of 5000000
32992 multiletter control sequences out of 15000+600000 33004 multiletter control sequences out of 15000+600000
638248 words of font info for 53 fonts, out of 8000000 for 9000 640065 words of font info for 54 fonts, out of 8000000 for 9000
16 hyphenation exceptions out of 8191 16 hyphenation exceptions out of 8191
62i,7n,99p,223b,1274s stack positions out of 10000i,1000n,20000p,200000b,200000s 62i,7n,99p,223b,1206s stack positions out of 10000i,1000n,20000p,200000b,200000s
</usr/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Bold.pfb></us </usr/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Bold.pfb></us
r/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Regular.pfb></usr/s r/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Regular.pfb></usr/s
hare/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt10.pfb> hare/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt10.pfb></usr/share/texmf-dis
t/fonts/type1/public/amsfonts/cm/cmtt12.pfb>
Output written on /home/raw/uni/fsi/trabalho/relatorio/relatorio.pdf (2 pages, Output written on /home/raw/uni/fsi/trabalho/relatorio/relatorio.pdf (2 pages,
48079 bytes). 58096 bytes).
PDF statistics: PDF statistics:
27 PDF objects out of 1000 (max. 8388607) 32 PDF objects out of 1000 (max. 8388607)
16 compressed objects within 1 object stream 19 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000) 0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000) 1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
relatorio/relatorio.pdf
View File

Binary file not shown.

18
relatorio/relatorio.tex
View File

@@ -48,6 +48,24 @@ Criar chave secreta.
openssl --genkey secret ta.key openssl --genkey secret ta.key
\end{lstlisting} \end{lstlisting}
\section{Configurar TOTP}
Foi criado o ficheiro \texttt{totp} com a configuração de autenticação a
ser utilizada pelo plugin de PAM para o openvpn.
\begin{lstlisting}[language=bash]
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
\end{lstlisting}
\subsection{Aceder ao código}
Primeiro, na gateway, entramos como o utilizador desejado e obtemos a chave
do gerador de palavras passes temporarias. Ao inserir a chave no
\texttt{google authenticator} podemos obter a nossa primeira chave de 6 digitos.
\begin{lstlisting}[language=bash]
su john
google-authenticator
\end{lstlisting}
\section{Conclusion} \section{Conclusion}
Conclusão!!! Conclusão!!!

4
relatorio/relatorio.toc
View File

@@ -1,3 +1,5 @@
\babel@toc {portuguese}{}\relax \babel@toc {portuguese}{}\relax
\contentsline {section}{\numberline {1}Introduction}{2}{}% \contentsline {section}{\numberline {1}Introduction}{2}{}%
\contentsline {section}{\numberline {2}Conclusion}{2}{}% \contentsline {section}{\numberline {2}Configurar TOTP}{2}{}%
\contentsline {subsection}{\numberline {2.1}Aceder ao código}{2}{}%
\contentsline {section}{\numberline {3}Conclusion}{2}{}%