Maybe works?

README.md

@@ -1,6 +0,0 @@
-# Coisas para leres que sao fixes wowowowowowow !!!!! (Assignment 2)
-- Os slides (duh)
-- Okay  o mais importante é os slides.
-
-- [X.509 (ssl.com)](https://www.ssl.com/faqs/what-is-an-x-509-certificate/)
-- [X.509 (youtube)](https://www.youtube.com/watch?v=kAaIYRJoJkc)

SERVER.sh

@@ -27,12 +27,23 @@ instalar httpd
 instalar mod_security
 instalar mod_security_crs
 
+# Enable ModSecurity blocking engine (change DetectionOnly to On)
+if [ -f /etc/httpd/conf.d/mod_security.conf ]; then
+    sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/g' /etc/httpd/conf.d/mod_security.conf
+fi
+if [ -f /etc/httpd/modsecurity.d/modsecurity.conf ]; then
+    sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/g' /etc/httpd/modsecurity.d/modsecurity.conf
+fi
+
 instalar iptables-services
 s stop firewalld
 s disable firewalld
 s mask firewalld
 s enable iptables
 sudo iptables -F
+sudo iptables -A INPUT -p tcp --dport 420 -j ACCEPT
+sudo iptables -A INPUT -i lo -p tcp --dport 3000 -j ACCEPT
+sudo iptables -A INPUT -p tcp --dport 3000 -j REJECT
 
 # nat
 sudo sysctl -w net.ipv4.ip_forward=1
@@ -54,9 +65,9 @@ if [[ ! -f "$jspath/package.json" ]]; then
     sudo chown -R $USER:$USER "$jspath"
 fi
 
-# apache WAF (desativado por default)
-s stop httpd
-s disable httpd
+# apache WAF (ativado por default)
+s enable httpd
+s start httpd
 
 # correr juice shop via npm
 cd "$jspath"

assignment1/DMZ.sh

@@ -1,45 +0,0 @@
-# ==============================
-# DMZ 
-#  NETWORK: 23.214.219.128/25
-# ==============================
-ip=23.214.219.129
-routerIp=23.214.219.254
-mask25=255.255.255.128
-
-dns=23.214.219.130
-mail=23.214.219.134
-vpn_gw=23.214.219.133
-www=23.214.219.132
-smtp=23.214.219.131
-
-dnsPort=53
-mailPort=888
-vpn_gwPort=443
-wwwPort=587
-smtpPort=80
-sudo yum install iptables-services -y
-sudo systemctl stop firewalld
-sudo systemctl disable firewalld
-sudo systemctl mask firewalld
-sudo systemctl enable iptables
-
-sudo iptables -F
-sudo ifconfig enp0s8 $ip netmask $mask25
-sudo ip route add 192.168.10.0/24 via $routerIp
-sudo route add default gw $routerIp
-# alias dos ips
-sudo ip addr add $dns dev enp0s8
-sudo ip addr add $mail dev enp0s8
-sudo ip addr add $vpn_gw dev enp0s8
-sudo ip addr add $www dev enp0s8
-sudo ip addr add $smtp dev enp0s8
-
-# netcart
-internalIp=192.168.10.1
-nc -l &
-nc -v -s $dns    -p $dnsPort        $internalIp
-nc -v -s $mail   -p $mailPort       $internalIp
-nc -v -s $vpn_gw -p $vpn_gwPort     $internalIp
-nc -v -s $smtp   -p $smtpPort       $internalIp
-nc -v -s $www    -p $wwwPort        $internalIp
-nc -v -s $www    -p $wwwPort        $internalIp

assignment1/INTERNAL.sh

@@ -1,30 +0,0 @@
-# ==============================
-# INTERNAL
-# NETWORK: 192.168.10.0/24
-# ==============================
-
-ip=192.168.10.1
-routerIp=192.168.10.254
-mask24=255.255.255.0
-
-ftp=192.168.10.2
-datastore=192.168.10.3
-dhcpClient=192.168.10.4
-sudo yum install iptables-services -y
-sudo systemctl stop firewalld
-sudo systemctl disable firewalld
-sudo systemctl mask firewalld
-sudo systemctl enable iptables
-sudo iptables -F
-sudo ifconfig enp0s8 $ip netmask $mask24
-sudo ip route add 23.214.219.128/25 via $routerIp
-sudo route add default gw $routerIp
-# aliasing
-sudo ip addr add $ftp dev enp0s8
-sudo ip addr add $datastore dev enp0s8
-
-# netcar
-dmz=23.214.219.129
-nc -l &
-nc -v -s $ftp       -p 53   $dmz
-nc -v -s $datastore -p 888  $dmz

assignment1/INTERNET.sh

@@ -1,15 +0,0 @@
-ip=87.248.214.98
-dns2=87.248.214.99
-eden=87.248.214.100
-mask24=255.255.255.0
-routerIp=87.248.214.97
-sudo yum install iptables-services -y
-sudo systemctl stop firewalld
-sudo systemctl disable firewalld
-sudo systemctl mask firewalld
-sudo systemctl enable iptables
-sudo iptables -F
-sudo ifconfig enp0s8 $dns2 netmask $mask24
-sudo route add default gw $routerIp
-#sudo ip addr add $dns2 dev enp0s8
-sudo ip addr add $eden dev enp0s8

assignment1/ROUTER.sh

@@ -1,106 +0,0 @@
-#!/bin/bash
-
-dns2="87.248.214.99"
-eden="87.248.214.100"
-
-# Router 1
-dmzIP="23.214.219.254"
-internalIP="192.168.10.254"
-externalIP="87.248.214.97"
-
-# DMZ /25
-dns="23.214.219.130"
-smtp="23.214.219.131"
-www="23.214.219.132"
-vpn_gw="23.214.219.133"
-mail="23.214.219.134"
-
-# Internal
-ftp="192.168.10.2"
-datastore="192.168.10.3"
-dhcpClient="192.168.10.4"
-
-# Interfaces
-dmzIF="enp0s8"
-internalIF="enp0s9"
-externalIF="enp0s10"
-
-sudo ifconfig $dmzIF $dmzIP netmask 255.255.255.128
-sudo ifconfig $internalIF $internalIP netmask 255.255.255.0
-sudo ifconfig $externalIF $externalIP netmask 255.255.255.0
-
-sudo yum install iptables-services -y
-sudo systemctl stop firewalld
-sudo systemctl disable firewalld
-sudo systemctl mask firewalld
-sudo systemctl enable iptables
-sudo iptables -F
-sudo iptables -t nat -F
-sudo iptables -t mangle -F
-sudo sysctl -w net.ipv4.ip_forward=1
-iptables -P INPUT DROP
-iptables -P FORWARD DROP
-iptables -P OUTPUT ACCEPT
-sudo iptables -A INPUT -i lo -j ACCEPT
-sudo iptables -A OUTPUT -o lo -j ACCEPT
-
-#sudo iptables -t nat -A POSTROUTING -i $internalIF -o enp0s3 -j MASQUERADE #SUS
-sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #CAREFULL
-
-#DNS name resolution requests sent to outside servers and want a response:
-sudo iptables -A INPUT -i $externalIF -p udp --dport 53 -j ACCEPT
-
-#SSH connections to the router system that originate from the inside and want an answer:
-sudo iptables -A INPUT -i $internalIF -p tcp --dport 22 -j ACCEPT
-sudo iptables -A INPUT -i $dmzIF -s $vpn_gw -p tcp --dport 22 -j ACCEPT
-
-#The dns server should be able to resolve names using the internet (and others???)
-sudo iptables -I FORWARD -j NFQUEUE --queue-bypass
-sudo iptables -I INPUT -j NFQUEUE --queue-bypass
-sudo iptables -A FORWARD -i $dmzIF -o $externalIF -s $dns -p udp --dport 53 -j ACCEPT
-
-#The internal network should be able to send and recieve dns name resolutions to the dns server (1!)
-sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $dns -p udp --dport 53 -j ACCEPT
-sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT #THIS IS IMPORTANT AND MIGHT FUCK US
-
-#The dns and dns2 servers should be able to synchronize the contents of DNS zones. (protocol tcp port 53)
-sudo iptables -A FORWARD -i $dmzIF -o $externalIF -s $dns -p tcp --dport 53 -j ACCEPT
-
-#SMTP connections to the smtp server and returns
-sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $smtp -p tcp --dport 587 -j ACCEPT 
-#sudo iptables -A FORWARD -i $dmzIF -o $internalIF -p tcp --dport 587 -m state --state ESTABLISHED,RELATED -j ACCEPT
-
-#POP and IMAP connections to the www server
-sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $mail -p tcp --dport 143 -j ACCEPT 
-sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $mail -p tcp --dport 110 -j ACCEPT
-
-#HTTP and HTTPS connectins
-sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $www -p tcp --dport 80 -j ACCEPT 
-sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $www -p tcp --dport 443 -j ACCEPT
-
-#OpenVPN connections to the vpn-gw server
-sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $vpn_gw -p udp --dport 1194 -j ACCEPT 
-#sudo iptables -A FORWARD -i $dmzIF -o $internalIF -p udp --dport 1194 -j ACCEPT
-
-#VPN clients connected to the gateway vpn-gw ???? vpn should be able to acess ftp e datastore
-sudo iptables -A FORWARD -i $dmzIF -o $internalIF -s $vpn_gw -d $ftp -j ACCEPT 
-sudo iptables -A FORWARD -i $dmzIF -o $internalIF -s $vpn_gw -d $datastore -j ACCEPT 
-
-#FTP da internet WORRIED ???
-sudo iptables -A FORWARD -i $externalIF -o $internalIF -d $ftp -p tcp --dport 21 -j ACCEPT
-sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --sport 20 -j ACCEPT #MIGHT BE NEEDED
-
-#SSH CONNECTIONS datastore server but only from eden or dn2 DNAT -s servers, and port and -d interface
-sudo iptables -t nat -A PREROUTING -s $dns2 -p tcp --dport 22 -j DNAT --to-destination $datastore
-sudo iptables -t nat -A PREROUTING -s $eden -p tcp --dport 22 -j DNAT --to-destination $datastore
-sudo iptables -t nat -A PREROUTING -i $externalIF -p tcp --dport 21 -j DNAT --to-destination $ftp
-sudo iptables -A FORWARD -i $externalIF -o $internalIF -d $datastore -s $dns2 -p tcp --dport 22 -j ACCEPT #Need to check and make diferent ip addresses
-sudo iptables -A FORWARD -i $externalIF -o $internalIF -d $datastore -s $eden -p tcp --dport 22 -j ACCEPT
-
-#$internalIF to internet DNS, http, https, ssh, FTP(SERVERS??????(WHO INVITED THIS GUY)) SNAT
-sudo iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o $externalIF -j SNAT --to-source $externalIP
-sudo iptables -A FORWARD -i $internalIF -o $externalIF -p udp --dport 53 -j ACCEPT 
-sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --dport 80 -j ACCEPT 
-sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --dport 443 -j ACCEPT
-sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --sport 21 -j ACCEPT #MIGHT NOT BE ENOUGH
-sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --dport 21 -j ACCEPT

assignment1/relatorio.aux

@@ -1,13 +0,0 @@
-\relax 
-\providecommand \babel@aux [2]{\global \let \babel@toc \@gobbletwo }
-\@nameuse{bbl@beforestart}
-\catcode `"\active 
-\babel@aux{portuguese}{}
-\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {2}Firewall}{2}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {4}Tests utilizados}{5}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusion}{5}{}\protected@file@percent }
-\gdef \@abspage@last{5}

assignment1/relatorio.log

@@ -1,244 +0,0 @@
-This is pdfTeX, Version 3.141592653-2.6-1.40.27 (TeX Live 2026/dev/Arch Linux) (preloaded format=pdflatex 2026.1.17)  22 MAR 2026 22:27
-entering extended mode
- \write18 enabled.
- %&-line parsing enabled.
-**/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio
-(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.tex
-LaTeX2e <2024-11-01> patch level 2
-L3 programming layer <2025-01-18>
-(/usr/share/texmf-dist/tex/latex/base/article.cls
-Document Class: article 2024/06/29 v1.4n Standard LaTeX document class
-(/usr/share/texmf-dist/tex/latex/base/size12.clo
-File: size12.clo 2024/06/29 v1.4n Standard LaTeX file (size option)
-)
-\c@part=\count196
-\c@section=\count197
-\c@subsection=\count198
-\c@subsubsection=\count199
-\c@paragraph=\count266
-\c@subparagraph=\count267
-\c@figure=\count268
-\c@table=\count269
-\abovecaptionskip=\skip49
-\belowcaptionskip=\skip50
-\bibindent=\dimen141
-)
-(/usr/share/texmf-dist/tex/generic/babel/babel.sty
-Package: babel 2025/02/14 v25.4 The multilingual framework for pdfLaTeX, LuaLaT
-eX and XeLaTeX
-\babel@savecnt=\count270
-\U@D=\dimen142
-\l@unhyphenated=\language33
-
-(/usr/share/texmf-dist/tex/generic/babel/txtbabel.def)
-\bbl@readstream=\read2
-\bbl@dirlevel=\count271
-
-(/usr/share/texmf-dist/tex/generic/babel-portuges/portuguese.ldf
-Language: portuges 2021/07/09 v1.2t Portuguese support from the babel system
-Package babel Info: Making " an active character on input line 143.
-))
-(/usr/share/texmf-dist/tex/generic/babel/locale/pt/babel-portuguese.tex
-Package babel Info: Importing font and identification data for portuguese
-(babel)             from babel-pt.ini. Reported on input line 11.
-)
-(/usr/share/texmf-dist/tex/latex/ebgaramond/ebgaramond.sty
-Package: ebgaramond 2024/04/23 (Bob Tennent and autoinst) Style file for EB Gar
-amond fonts.
-
-(/usr/share/texmf-dist/tex/generic/iftex/ifxetex.sty
-Package: ifxetex 2019/10/25 v0.7 ifxetex legacy package. Use iftex instead.
-
-(/usr/share/texmf-dist/tex/generic/iftex/iftex.sty
-Package: iftex 2024/12/12 v1.0g TeX engine tests
-))
-(/usr/share/texmf-dist/tex/generic/iftex/ifluatex.sty
-Package: ifluatex 2019/10/25 v1.5 ifluatex legacy package. Use iftex instead.
-)
-(/usr/share/texmf-dist/tex/latex/xkeyval/xkeyval.sty
-Package: xkeyval 2022/06/16 v2.9 package option processing (HA)
-
-(/usr/share/texmf-dist/tex/generic/xkeyval/xkeyval.tex
-(/usr/share/texmf-dist/tex/generic/xkeyval/xkvutils.tex
-\XKV@toks=\toks17
-\XKV@tempa@toks=\toks18
-
-(/usr/share/texmf-dist/tex/generic/xkeyval/keyval.tex))
-\XKV@depth=\count272
-File: xkeyval.tex 2014/12/03 v2.7a key=value parser (HA)
-))
-(/usr/share/texmf-dist/tex/latex/base/textcomp.sty
-Package: textcomp 2024/04/24 v2.1b Standard LaTeX package
-)
-(/usr/share/texmf-dist/tex/latex/base/fontenc.sty
-Package: fontenc 2021/04/29 v2.0v Standard LaTeX package
-)
-(/usr/share/texmf-dist/tex/latex/fontaxes/fontaxes.sty
-Package: fontaxes 2020/07/21 v1.0e Font selection axes
-LaTeX Info: Redefining \upshape on input line 29.
-LaTeX Info: Redefining \itshape on input line 31.
-LaTeX Info: Redefining \slshape on input line 33.
-LaTeX Info: Redefining \swshape on input line 35.
-LaTeX Info: Redefining \scshape on input line 37.
-LaTeX Info: Redefining \sscshape on input line 39.
-LaTeX Info: Redefining \ulcshape on input line 41.
-LaTeX Info: Redefining \textsw on input line 47.
-LaTeX Info: Redefining \textssc on input line 48.
-LaTeX Info: Redefining \textulc on input line 49.
-)
-LaTeX Info: Redefining \oldstylenums on input line 163.
-LaTeX Info: Redefining \textsw on input line 173.
-)
-(/usr/share/texmf-dist/tex/latex/listings/listings.sty
-\lst@mode=\count273
-\lst@gtempboxa=\box52
-\lst@token=\toks19
-\lst@length=\count274
-\lst@currlwidth=\dimen143
-\lst@column=\count275
-\lst@pos=\count276
-\lst@lostspace=\dimen144
-\lst@width=\dimen145
-\lst@newlines=\count277
-\lst@lineno=\count278
-\lst@maxwidth=\dimen146
-
-(/usr/share/texmf-dist/tex/latex/listings/lstpatch.sty
-File: lstpatch.sty 2024/09/23 1.10c (Carsten Heinz)
-)
-(/usr/share/texmf-dist/tex/latex/listings/lstmisc.sty
-File: lstmisc.sty 2024/09/23 1.10c (Carsten Heinz)
-\c@lstnumber=\count279
-\lst@skipnumbers=\count280
-\lst@framebox=\box53
-)
-(/usr/share/texmf-dist/tex/latex/listings/listings.cfg
-File: listings.cfg 2024/09/23 1.10c listings configuration
-))
-Package: listings 2024/09/23 1.10c (Carsten Heinz)
-LaTeX Font Info:    Trying to load font information for OT1+EBGaramond-LF on in
-put line 28.
-
-(/usr/share/texmf-dist/tex/latex/ebgaramond/OT1EBGaramond-LF.fd
-File: OT1EBGaramond-LF.fd 2023/03/19 (autoinst) Font definitions for OT1/EBGara
-mond-LF.
-)
-LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
-(Font)              scaled to size 12.0pt on input line 28.
-
-(/usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
-File: l3backend-pdftex.def 2024-05-08 L3 backend support: PDF output (pdfTeX)
-\l__color_backend_stack_int=\count281
-\l__pdf_internal_box=\box54
-)
-(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
-\openout1 = `relatorio.aux'.
-
-LaTeX Font Info:    Checking defaults for OML/cmm/m/it on input line 28.
-LaTeX Font Info:    ... okay on input line 28.
-LaTeX Font Info:    Checking defaults for OMS/cmsy/m/n on input line 28.
-LaTeX Font Info:    ... okay on input line 28.
-LaTeX Font Info:    Checking defaults for OT1/cmr/m/n on input line 28.
-LaTeX Font Info:    ... okay on input line 28.
-LaTeX Font Info:    Checking defaults for T1/cmr/m/n on input line 28.
-LaTeX Font Info:    ... okay on input line 28.
-LaTeX Font Info:    Checking defaults for TS1/cmr/m/n on input line 28.
-LaTeX Font Info:    ... okay on input line 28.
-LaTeX Font Info:    Checking defaults for OMX/cmex/m/n on input line 28.
-LaTeX Font Info:    ... okay on input line 28.
-LaTeX Font Info:    Checking defaults for U/cmr/m/n on input line 28.
-LaTeX Font Info:    ... okay on input line 28.
-\c@mv@tabular=\count282
-\c@mv@boldtabular=\count283
-\c@lstlisting=\count284
-LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
-(Font)              scaled to size 20.74pt on input line 29.
-LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
-(Font)              scaled to size 14.4pt on input line 29.
-LaTeX Font Info:    External font `cmex10' loaded for size
-(Font)              <14.4> on input line 29.
-LaTeX Font Info:    External font `cmex10' loaded for size
-(Font)              <7> on input line 29.
-LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
-(Font)              scaled to size 17.28pt on input line 30.
-LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
-(Font)              scaled to size 17.28pt on input line 30.
-
-(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.toc
-LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
-(Font)              scaled to size 12.0pt on input line 2.
-LaTeX Font Info:    External font `cmex10' loaded for size
-(Font)              <12> on input line 4.
-LaTeX Font Info:    External font `cmex10' loaded for size
-(Font)              <8> on input line 4.
-LaTeX Font Info:    External font `cmex10' loaded for size
-(Font)              <6> on input line 4.
-)
-\tf@toc=\write3
-\openout3 = `relatorio.toc'.
-
-
-
-[1
-
-{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texmf-dist/fonts
-/enc/dvips/ebgaramond/ebg_dacnth.enc}]
-(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
-File: lstlang1.sty 2024/09/23 1.10c listings language file
-)
-(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
-File: lstlang1.sty 2024/09/23 1.10c listings language file
-)
-LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
-(Font)              scaled to size 10.0pt on input line 37.
-
-Overfull \hbox (7.49481pt too wide) in paragraph at lines 42--44
-\OT1/EBGaramond-LF/m/n/12 As tr[]es re-des tem va-rios servi[]os, o DMZ tem dns
-(23.214.219.130), mail(23.214.219.134),
- []
-
-LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
-(Font)              scaled to size 14.4pt on input line 45.
-
-
-[2]
-
-[3]
-LaTeX Font Info:    Font shape `OT1/cmtt/bx/n' in size <10> not available
-(Font)              Font shape `OT1/cmtt/m/n' tried instead on input line 93.
-
-
-[4{/usr/share/texmf-dist/fonts/enc/dvips/cm-super/cm-super-ts1.enc}]
-Overfull \hbox (23.24622pt too wide) in paragraph at lines 125--126
-\OT1/EBGaramond-LF/m/n/12 Ao realizar-mos este pro-jeto apren-de-mos so-bre a c
-ria[][]ao de sce-na-rios em VMs, a configura[][]ao
- []
-
-
-
-[5] (/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
- ***********
-LaTeX2e <2024-11-01> patch level 2
-L3 programming layer <2025-01-18>
- ***********
- ) 
-Here is how much of TeX's memory you used:
- 4439 strings out of 474546
- 72779 string characters out of 5749982
- 968296 words of memory out of 5000000
- 27469 multiletter control sequences out of 15000+600000
- 573916 words of font info for 59 fonts, out of 8000000 for 9000
- 352 hyphenation exceptions out of 8191
- 57i,7n,99p,546b,1693s stack positions out of 10000i,1000n,20000p,200000b,200000s
-</usr/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Bold.pfb></us
-r/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Regular.pfb></usr/s
-hare/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt10.pfb></usr/share/texmf-dis
-t/fonts/type1/public/cm-super/sftt1000.pfb>
-Output written on /home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/rela
-torio.pdf (5 pages, 78451 bytes).
-PDF statistics:
- 42 PDF objects out of 1000 (max. 8388607)
- 26 compressed objects within 1 object stream
- 0 named destinations out of 1000 (max. 500000)
- 1 words of extra memory for PDF output out of 10000 (max. 10000000)
-

assignment1/relatorio.tex

@@ -1,126 +0,0 @@
-\documentclass[12pt,a4paper]{article}
-\usepackage[portuguese]{babel}
-\usepackage[lining]{ebgaramond}
-\usepackage{listings}
-
-\lstdefinestyle{mystyle}{
-    basicstyle=\ttfamily\footnotesize,
-    breakatwhitespace=false,         
-    breaklines=true,                 
-    captionpos=b,                    
-    keepspaces=true,                 
-    numbers=left,                    
-    numbersep=5pt,                  
-    showspaces=false,                
-    showstringspaces=false,
-    showtabs=false,                  
-    tabsize=2
-}
-
-\lstset{style=mystyle}
-
-\title{Practical Assignment \#1}
-\author{
-    João Neto -- 2023234004\\[1em]
-    Vasco Alves -- 2022228207
-}
-
-\begin{document}
-\maketitle
-\tableofcontents
-\newpage
-
-\section{Introduction}
-O objetivo principal deste trabalho era aprender IPTables e como configurar um com o Suricata um sistema de filtração e deteção de ataques. Para esse fim, foi simulado um sistema dividido em três redes e um router para conectar-las. As três redes são a DMZ (23.214.219.128/25, enp0s8), Internal network (192.168.10.0/24, enp0s9) e Internet (87.248.214.0/24, enp0s10).
-
-\begin{lstlisting}[language=bash]
-Rede,Interface,Gama IP
-DMZ,enp0s8,23.214.219.128/25
-Internal,enp0s9,192.168.10.0/24
-Internet,enp0s10,87.248.214.0/24
-\end{lstlisting}
-As três redes tem varios serviços, o DMZ tem dns(23.214.219.130), mail(23.214.219.134), vpn-gw(23.214.219.133), www(23.214.219.132) e smpt(23.214.219.131). A Internal network tem ftp(192.168.10.2), datastore(192.168.10.3) e clientes (nos testes os clientes tem ip 192.168.10.4, mas está configurado para dar para qualquer edereço). Por fim a rede Internet tem dns2 (87.248.214.99) e eden (87.248.214.100), existe também outros serviços (87.248.214.98).
-Para facilitar a recriação deste sistema foi criado 4 ficheiros .sh (um para cada rede e o router), e disponibilizamos os ficheiros suricata.rules e suricata.yaml, para o suricata que estiver ligado ao Router.  Os ficheiros .sh vão ter comandos para configurar o sistema para este exercicio.
-\section{Firewall}
-\subsection{Packet fileter without NAT}
-O policy que foi escolhido foi:
-\begin{lstlisting}[language=bash]
-iptables -P INPUT DROP
-iptables -P FORWARD DROP
-iptables -P OUTPUT ACCEPT
-\end{lstlisting}
-Foi escolhido porque é mais facil dar DROP a todos os pacotes que não foi criado regras do que criar uma regra de DROP para todos os protocolos e possibilidades, o OUTPUT ficou para ACCEPT porque não existe razão para dar DROP dos pacotes que estamos a enviar neste trabalho.
-Para o router conseguir resolver DNS requests e para aceitar coneções SSH da rede interna ou da VPN gateway foi utilizado estes comandos:
-\begin{lstlisting}[language=bash]
-sudo iptables -A INPUT -i enp0s10 -p udp --dport 53 -j ACCEPT
-sudo iptables -A INPUT -i enp0s9 -p tcp --dport 22 -j ACCEPT
-sudo iptables -A INPUT -i enp0s8 -s 23.214.219.133 -p tcp --dport 22 -j ACCEPT
-\end{lstlisting}
-Para conseguirmos a confirguração pedida entre redes foi utilizado estes commandos:
-\begin{lstlisting}[language=bash]
-sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.130 -p udp --dport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p tcp --dport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --dport 587 -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 143 -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 110 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 80 -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 443 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --dport 1194 -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.2 -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.3 -j ACCEPT
-\end{lstlisting}
-Inicialmente as implementações de respostas a forward eram especificas para cada regra isto é por exemplo:
-\begin{lstlisting}[language=bash]
-sudo iptables -A FORWARD -o enp0s8 -i enp0s10 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
-\end{lstlisting}
-No entanto isso facilmente originava confusão entre nós, então decimos utilizar estas duas regras:
-\begin{lstlisting}[language=bash]
-sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-\end{lstlisting}
-Neste cenario o uso destas regras faz sentido, mas pode existir outros cenarios no futuro que não queremos uma resposta, e nesse caso temos de criar as regras necessarias.
-\subsection{Packet filtering with NAT}
-Para conecções com origem/destino na internet foi utilizado DNAT/SNAT e iptables para "esconder" o ip para a internet que querer aceder a rede interna para não terem acesso ao edereço ip e iproutes para bloquear certos pacotes de entrar, para conseguir a configuração utilizamos estes comandos:
-\begin{lstlisting}[language=bash]
-sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -p tcp --dport 21 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 20 -j ACCEPT
-sudo iptables -t nat -A PREROUTING -s $dns2 -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3
-sudo iptables -t nat -A PREROUTING -s $eden -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3
-sudo iptables -t nat -A PREROUTING -i enp0s10 -p tcp --dport 21 -j DNAT --to-destination 192.168.10.2
-sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $dns2 -p tcp --dport 22 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $eden -p tcp --dport 22 -j ACCEPT
-sudo iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o enp0s10 -j SNAT --to-source 87.248.214.97
-sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p udp --dport 53 -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 80 -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 443 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 21 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 21 -j ACCEPT
-\end{lstlisting}
-
-\section{Intrusion Detection}
-As regras que utilizamos para o suricata foram estas:
-\begin{lstlisting}[language=bash]
-drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET"; flags:S; threshold:type both, track by_src, count 5, seconds 60; classtype:attempted-recon; sid:1000001; rev:1;)
-drop tcp any any -> any 80 (msg:"SQL injection"; content:"union"; nocase; content:"select"; nocase; classtype:web-application-attack; sid:1000002; rev:1;)
-drop tcp any any -> any 80 (msg:"SQl injection"; content:"'or 1=1"; nocase; classtype:web-application-attack; sid:1000003; rev:1;)
-drop tcp any any -> any 80 (msg:"XSS"; content:"<script"; nocase; classtype:web-application-attack; sid:1000004; rev:1;)
-\end{lstlisting}
-A primeira é para port scaning, a segunda e a terceira é para o caso de SQL injection, e a ultima é para XSS atacks.
-Também atualizamos o iptables para passar para o suricata os pacotes para analizar e bloquear com:
-\begin{lstlisting}[language=bash]
-sudo iptables -I FORWARD -j NFQUEUE --queue-bypass
-sudo iptables -I INPUT -j NFQUEUE --queue-bypass
-\end{lstlisting}
-
-\section{Tests utilizados}
-Netcat foi utilizado para maior parte dos testes excepto para FTP, em que devido ás suas caracteristicas especificas, utilizamos os serviços para ter a certeza que funcionava com a nossa configuração. Utilizamos estes comandos curl para testar se eram bloqueados:
-\begin{lstlisting}[language=bash]
-curl -i "http://23.214.219.132/index.php?id=1%20union%20select%201,2,3"
-curl -i "http://23.214.219.132/login.php?user='or%201=1"
-curl -i "http://23.214.219.132/search.php?q=<script>alert('XSS')</script>"
-\end{lstlisting}
-
-\section{Conclusion}
-Ao realizar-mos este projeto aprendemos sobre a criação de scenarios em VMs, a configuração de uma firewall utilizando IPTables e a configuração de um IDS/IPS system utilizando Suricata
-\end{document}

assignment1/relatorio.toc

@@ -1,8 +0,0 @@
-\babel@toc {portuguese}{}\relax 
-\contentsline {section}{\numberline {1}Introduction}{2}{}%
-\contentsline {section}{\numberline {2}Firewall}{2}{}%
-\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}%
-\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}%
-\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}%
-\contentsline {section}{\numberline {4}Tests utilizados}{5}{}%
-\contentsline {section}{\numberline {5}Conclusion}{5}{}%

assignment1/suricata.rules

@@ -1,5 +0,0 @@
-drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET"; flags:S; threshold:type both, track by_src, count 5, seconds 60; classtype:attempted-recon; sid:1000001; rev:1;)
-drop tcp any any -> any 80 (msg:"SQL injection"; content:"union"; nocase; content:"select"; nocase; classtype:web-application-attack; sid:1000002; rev:1;)
-drop tcp any any -> any 80 (msg:"SQl injection"; content:"'or 1=1"; nocase; classtype:web-application-attack; sid:1000003; rev:1;)
-drop tcp any any -> any 80 (msg:"XSS"; content:"<script"; nocase; classtype:web-application-attack; sid:1000004; rev:1;)
-

chave-pgp-do-rogerio.txt

@@ -1,65 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: SKS 1.1.1
-
-mQGNBGmLZjwBDACvUK1m3UikneSbyYrP0vbHMz3Dt5u0+1+/UoFHKrcIF0TeLMmeOL6s3iRW
-JoSuB0YEmiO01BMEtUHC3Bt6/fu1TjMTLGEwo4dltw/hakvjELfpKPecIo7NAX1XCmiw7f+M
-2kTfRXGlu0F0kKc+AD+xPC0tunfpacPX/xGtquPz0xp2XbKktNkj8NoUBO7BRtwrfjBXL7ZV
-irlVofs6j7w8Ka9SRtP8GLqsW+LFDQrbsDM2exvp7u61mKvTpuafOUqkqIIrXw4aDOIxjwON
-gjunZ4k38kZADxR+uzzwNFnn15qtLNECUMpOJDPplBDg0uVRQjn1BJ44AkcdwLM3unMp9BvO
-8DKg2Q6kmd5+qu3OH+BVaqDAD+5sED/LC+QGeTIEHGNbTP3hs6dGyeCcNQnORvn5JoMImUk0
-mmV/KV+qpGhi9PSxN44Kau4fWsaWIO33w1vMSnPf/s77dBT0uLT45G/1/b1N3WbD6eKTt+iC
-/+Ovp+MmWv6Fd2fPXEvwedUAEQEAAbQeUm9nZXJpbyBDIDxyb2djb3N0YUBkZWkudWMucHQ+
-iHUEEBYKAB0WIQTzZrv2P/XfDSKZTqn605rfvJqhwQUCaZMIVAAKCRD605rfvJqhwW/8AQDq
-k4kNVJOuOjHiq+F9K7X/QFJp3+z109x/ZpVGtP6aGgD6AlzWjGubsavImEMVN9QKr7tYEOWy
-NHldePm87lnDuQSJAbMEEAEIAB0WIQSORfJtzGpnilRlTysk/REF2WdojAUCaZL1XwAKCRAk
-/REF2WdojPPkC/40CesTUAcCnvKe/UHTbn483zcW8RSsXRzQZDE4iaOZQ2jCS9uzT+SaVNy5
-J8n3PNfghq19yZeyfWZrBHQBCqFwEvYqXZ/z1Qmz8wFvtDX+B5o15kuGO28/epXR7iqx/v53
-+le7VmuBR6ri2kq6uT1xzotd6NYcmZpRprnzaGvCUWtuPWhG7SHjZ1TZIJuJ5cmGG8bq/wu/
-n+fcSwa3evCUR0ErkqpcC+Z9Ll8wGuSioov5A3B9UW+QWoC68VyC53RSyanNAYI3czJu5Ltq
-qXNxOv1xC1gew8FvBuxCF/3z++h2W+E5HO02zRwtqglr5ZBr4UmI0E4s8xWq0DWBU+iLwwXq
-GVNZFiJ+fNVHW6cu4deMOMVNrGJlVmlki+GkIFanlrVOwWq2+vsJFYYvHa5zBwjRRqhK5tRk
-OOa0qD3KLsCzKpiCSNb+g7TEjHqmpB/h3/MFf5mVlIiOnGYTDWBlMwZLllpLMc/3/mFm5nfX
-ofuPGl2BHUv0kdSKSa6QiEOJAbMEEAEIAB0WIQSTCl6/mmEFADoHYKEIKzRkXO0zjQUCaZMV
-9QAKCRAIKzRkXO0zjZoDC/9fcB7uDf3QSrIGm+zO//sALNCe0FSOQ5Rn8ZzMOTn3HBI5i7ct
-dZntTZuYFLa0HHWUxHBoCSwMnP5oNG91xpRTxsYpucFkKMljSiSKPgoOGxEaJDW2rK39CbzY
-xDSa9bhnbXzLWn4laTI8n6iip95IWXuqfIqYc6jfVC3YOBg+8rJ8nAJr6CWIX/6k4bavKVQQ
-4bWeuICqUlbNRhZF1BZtCPrFbrChcB+n7CqK0EGkOoySekMr/6VzwgNmuCa2m8Gi9YqzrLLd
-AzPl0mfruNHhHLBrnM0rNMMOaR39/+0xSl6c3JcsQWmgBUM1lt0th1n/yKHJMM802IyQefhR
-aJhg++xjP61vOLuJa7pb5UWiyupstKemX+8f6X970bvYPj0OaSwy4ewgxU2D5Paqd7qonnct
-eYosMnB87ZfS67LcK6YRdqjJeThaQmFujta2hUM6ZczlqGaTsOmZ/GBxIvXGYBrcrnv4d6cj
-nSGwXKKSHD2EWSNsxfIBILkQDEotD5uJAbMEEAEIAB0WIQS/yqosJXwrVXFgqQa1WXCyNLIK
-ZQUCaZMSBAAKCRC1WXCyNLIKZeU7C/4t2QA7MGNJC+uDk4p/VMfqLFz4yoJOQmAyqI+jbJwn
-T+cu2airiE74Nt77kEHjDzyD47LSGjsFe/ynK+Ey/9SeRrzA/NBngP919LW2nSwonfAIiDZ4
-dHD/aeRVCdX6Ni6PY/dc5b5ztMEgu0XBlUtWMkrrPaTmiCQ1wX5IuxrSLwldbgA8ME2TZYh7
-XQ1LUt1n15FipmdBaXxTK5FrqqWeLLxfPdntZVMQnh2nyaqAF6aEZBRj47UrcbJEIM399G8P
-nVExdvOqcCi/CDY15BVBmx/EkWTnudta7fOQgiJiOJ3WLDXvMTEEG06I/dw+eZgGLwl7Ep/x
-zrTP65tF032dxbNy1RONOijlj+l/NuOM7pFofx6yCzmRprbydyb9uM1ysRSV0GI1YW2krFzj
-ZZosZvPB470svviF8adgIQBV5TZQCzWBY+Bc5gimpZwcWCI+ByQfRAimerOgPqz/r2jQglgP
-u4PwnChSTrfNMKyAfpHIKgXAj2ar6X3IvHCkv/OJAdgEEwEIAEIWIQQ3eZDCVL86W7QFeUkd
-N5xZDJkDjwUCaYtmPAIbAwUJA8JnAAULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcCF4AACgkQ
-HTecWQyZA49onAv9GbcIpT9a52ZfSLfoXUWAVsYrCwfPb6OG+7NwJXwUPf69gK2ZSWZLrcPl
-7gLYKkWsQ2LS9Pb+kirfENk9Xvw+DMBk0KKlvsC3dOFl4srkdvuAoWvR4x5lCKBBusjM2ByR
-kRtN68a3xhLrNIHF7uxFefMIyetCJhGl1Z4rgRzslFjsjeZqv5hs7lYBtodrKXvWOfyEvZRw
-Zpibyu3v+6YgpZKdq/YQd/DNMBgCWJZOUvKbj/XiCVQ+zKBDEZpjM56TqSyqaTs7OyTXlZGX
-WRYXbtOeEf5NFlUT57FetrSszStJKow7AlLBfPlcwFgDEEKNiLf0asfdnfHepR3MT5ULNdut
-hLniGbN8HItqY94dipc0D2l3q/REY7VrsZa3vBmWdMecCLMDLO37CzIqjUO+tIGWOFhXpH86
-ARRb3C4mi39aTk8XlAQ6nUctrQSHd+oRFKRqXznAGIHHo83L7z5XvRwZ/ehZww+h0QL4JEgm
-Jaja3SZFkqf1/yGwT1EyqfVzuQGNBGmLZjwBDAC7UT7SgI/lKTAP5fyrDXDaIsVKCPZ0K+ui
-BqR+Po765zZyuZnCd8IMaeGJZipa4Jc2HRBfb2t/4drDWChhjiMtSk2jA+Ke+z/Gg8yCskg2
-aSjhiKb4dZkCWwg0+Avca3ad8F3G+pbP/aubTH2FydrJP0dQW7sPChKPEhDH83g4ek7w3CXs
-tSLQ8f3orxxqNvDr3BuVK4Lej1zgXMhSUWcTNqFje1jUwG+V03FoHfvM67HTGmnOngu9fCX0
-QbIc0x++zJg3MvPZ+hsSnJ3EemVMc5SMH/GCwIUTufEdpkCLmjETvCFT9JaVwBtgFvsF6adq
-7JMD7wcogGMVXDqrWMONZJPhiLPK9AI57zi7a31AFJEfyMMaBT3io5KdzfM0LCkpI/VT/tsO
-tM/adnID1cFt47WjeQQ0Ed0kH4fk91/wZaMAlgYeN2TSaYjb0v4RkSIWlYz2KyZ2XPaUtYyS
-Md6CmOHchTUTJ9x/qvXD53FYjnkX309c1a9Z++76R+QU6IkAEQEAAYkBvAQYAQgAJhYhBDd5
-kMJUvzpbtAV5SR03nFkMmQOPBQJpi2Y8AhsMBQkDwmcAAAoJEB03nFkMmQOPy/EL/2NTDXEI
-6ZshBZgK1UOxIWLaKuK4LwMimz3IpfWH6E1acSV4oEn5S+kGCzCeWwbOqhjFP5YYlcN3IMJX
-KddpFVn+LiN178qJZM+WxbJdRlc3n9+F2693zGMxmNtgjJ9TDCjar8nyoxWcpKXOtjxf204T
-HZAq/r2l/NHvrqZ4KJ5RU5I1Gb43UcarxZHBHy6N1Z323Zt5UMgA3WWMeXB+r374IBg4g5/l
-WCfhytvZtwVIDDERFMqpyikhlrOzLJQgVoPHUt7PCslvAaVlz1Mkj7JkF+gwizJ+zsCIkJ2Z
-YYk5nfVtDf2xEasrZgs3XF6yhXKHIS1DyIELaLzr6UkLz0H/pwgjHGG9G6pcuMeuS4vR7MEE
-7OssNRo43LjtGT9WglRhMqjqiqAIZUM6NFZ2AQQci5tOj3nNQQHovVaPm0PcC1fv99eMsDBX
-o7LiabG3y38e2q2TzbNl7v3zTXimQKtYzoff6kGr9JnKr1pD/63qZlrTrVEq/SyMrKmWN3Aq
-Rw==
-=as3M
------END PGP PUBLIC KEY BLOCK-----

conf/httpd.conf

@@ -74,8 +74,16 @@ ProxyRequests Off
 ProxyPreserveHost On
 
 <VirtualHost *:420>
+    ProxyPass /socket.io/ ws://127.0.0.1:3000/socket.io/
+    ProxyPassReverse /socket.io/ ws://127.0.0.1:3000/socket.io/
     ProxyPass / http://127.0.0.1:3000/
     ProxyPassReverse / http://127.0.0.1:3000/
+
+    # Security Headers
+    Header set X-Frame-Options "SAMEORIGIN"
+    Header set X-Content-Type-Options "nosniff"
+    Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' ws: wss:;"
+    Header always unset Access-Control-Allow-Origin
 </VirtualHost>
 
 # EnableMMAP off

relatorio/relatorio.listing

@@ -1 +0,0 @@
-openssl ca -revoke user.crt -config cheese.cfg -keyfile ca.key -cert ca.crt

relatorio/style.sty

@@ -1,64 +0,0 @@
-\usepackage[margin=1in]{geometry}
-\usepackage{raleway}
-\renewcommand{\familydefault}{\sfdefault}
-\usepackage{ulem}
-\usepackage{wrapfig}
-\usepackage{graphicx,tabularx,booktabs}
-\usepackage{paracol}
-\usepackage[dvipsnames]{xcolor}
-\usepackage{enumitem,amssymb}
-\usepackage[colorlinks=true,urlcolor=blue,linkcolor=MidnightBlue]{hyperref}
-\graphicspath{{./img/}}
-
-\usepackage{enumitem,amssymb}
-\newlist{todolist}{itemize}{2}
-\setlist[todolist]{noitemsep, topsep=0pt,label=$\square$}
-
-\usepackage{pifont}
-\usepackage{amssymb}
-
-\usepackage[most]{tcolorbox}
-\tcbuselibrary{listings, skins, breakable}
-
-\lstdefinestyle{mystyle}{
-    basicstyle=\ttfamily\footnotesize,
-    breakatwhitespace=false,         
-    breaklines=true,                 
-    captionpos=b,                    
-    keepspaces=true,                 
-    numbers=left,                    
-    numbersep=5pt,                  
-    showspaces=false,                
-    showstringspaces=false,
-    showtabs=false,                  
-    tabsize=2,
-    commentstyle=\color{gray},
-    keywordstyle=\color{MidnightBlue}\bfseries,
-    stringstyle=\color{ForestGreen}
-}
-
-\newtcblisting{codeblock}[2][]{
-    enhanced,
-    breakable,
-    colback=gray!2!white,
-    colframe=gray!20!black,
-    attach boxed title to top left={yshift*=-\tcboxedtitleheight/2, xshift=4mm},
-    boxed title style={
-        colback=gray!20!black,
-        outer arc=0pt,
-        arc=0pt,
-        top=1pt,
-        bottom=1pt,
-    },
-    fonttitle=\bfseries\ttfamily\footnotesize,
-    title={#2},
-    listing only,
-    listing options={
-        style=mystyle,
-        language=#1,
-    }
-}
-
-\setlength{\parskip}{1em}%
-\setlength{\parindent}{0em}%
-