Help

Help

Check out the FAQs out first! If you need help performing a task, check out the guides.
If you are still in need of assistance, contact me!

FAQs

• What is this
• What exactly does it do?
• System Requirements
• Pricing
• Troubleshooting
  • The Engine does not run

What is this?

This is a Scoring Engine designed for Linux. This scoring engine currently is designed to simply check system files, the output of commands, and audit the users on a computer and give points to the user for fixing these preconfigured vulnerabilties. The primary use case was for preperation for the US CyberDefense competition, which does not have an official Linux scoring engine for practice images.

What does it do?

The creator of the practice image can choose various tasks from one of the following categories:

• Files
• Users
• Commands

For “Files”, the creator can configure various checks invovling files:

• Existence (Whether the file exists or not)
• Contents
  • If the file contains text (contains)
  • If the file does not contain text (does not contain)
  • If the file only contains text (equals)
  • All the contents of a file can be set to check a partcicular line of a file only as well.

For “Users”, the creator can configure various checks involving the user accounts on the computer:

• Existence
  • If the user exists
  • If the user does not exist
• Privileges
  • If the user is an administrator
  • If the user is not an administrator

Finally, the creator can also create checks for “Commands”, by running a command and checking against the output.

• Contains
• Does not contain
• Equals
• Does not equal

The “Command” option can be used for multiple other checks as well, including user permissions. Since the scoring engine daemon runs as the root user, it can access all files and can read contents using the “Command” option.

In terms of the score report, there will be an HTML document created on the desktop with score information, including image running time, remaining time, the score, and the vulnerabilties found. The score report can be set to be hidden.

In addition, the Engine can be set to send the score report to a database. Currently, this function is only available to a Microsoft SQL database, and has been tested on Microsoft Azure only. The database should be set so the table has 3 columns, “TeamName”, “Score”, and “Time”. “TeamName” will have the name of the team the competiting team set at first run. The score will be the current score of the team (an Integer), and “Time” will be the running time of the team in minutes. This can be run in conjunction with CyberTigerScoreboard which can parse the databse and display the trend of the team in a graphical format.

The Engine and CyberTiger Scoreboard were designed in tandem to work together as a cohesive whole, so any data uploaded to an Azure database by the engine can be automatically parsed and interpreted by CyberTiger Scoreboard.

Troubleshooting

The Engine does not run

Follow the initial run guide

System Requirements

• Ubuntu 16.04+
• 32/64 bit systems
• OpenJRE or Oracle JRE 1.8+
• ruby-devel
• fpm

Pricing

This is free to use, but is not Open Source.

Guides

• Initial run

Initial run

Once you have downloaded the Engine, you may follow these steps. These assume you are running Ubuntu 16.04, but should work for similar varients of Ubuntu, including Kubuntu, Xubuntu, Lubuntu, etc.

1. Make sure the Engine is set to be run.
   • Right click the engine executable you downloaded, click on “properties”.
   • Click on the “Permissions”
   • Make sure “Allow exexcuting file as a program” is checked
2. Install Java
   • Ubuntu 16.04 ships with OpenJRE 7. Java 8 is required. The Engine does run on both OpenJDK and Oracle’s Java.
   • Verify your Java version
     • Run java -version
     • If it says “Version 1.8.xxx” or “JRE 8.xxx”, you are fine
     • If you do not have Java 1.8 or later, run sudo apt-get install openjdk-8-jre to download and install Java
3. Install ruby-dev
   • Currently, ruby-dev is a dependency.
   • Install: sudo apt-get install ruby-dev
   • Unfortunately, both commands: ruby and gem do not show differences between the development versions and the standard versions. The Engine requires the dev version.
4. Install fpm
   • sudo gem install fpm
5. If database functionality is to be used, these steps 5-9 must be followed. Otherwise, skip to step 10.
6. Install python-pip and curl
   • sudo apt-get install python-pip curl
7. Add the Microsoft database tools repository
   • curl packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
   • sudo bash -c "curl packages.microsoft.com/config/ubuntu$(lsb_release -r -s)/prod.list > /etc/apt/sources.list.d/mssql.list"
8. Update the apt cache
   • sudo apt-get update
9. Install the required tools
   • sudo apt-get install msodbcsql mssql-tools unixodbc-dev
   • sudo -H pip install pyodbc==3.1.1
10. Run the program
    • Normally, double clicking on the program will run it
    • If it does not work, open a terminal cd to the location of the downloaded file, then run java -jar {filename}, replacing “{filename}” with the name of the file, with the extension, such as “LinuxEngine.jar”