vasco/FSI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: vasco:2e16b804abcb2de8791163b5d82d4e8760695cab
Branches Tags
vasco:main vasco:secret_branch
...
compare: vasco:790c789610bc4a86616cf98dcd1d3b7ca502ee13
Branches Tags
vasco:main vasco:secret_branch

2 Commits
2e16b804ab ... 790c789610

Author SHA1 Message Date
Vasco
790c789610 merge 2026-04-24 18:42:23 +01:00
Vasco
123a4cb709 hmm 2026-04-24 17:40:03 +01:00
8 changed files with 897 additions and 135 deletions
Expand all files Collapse all files

BIN
relatorio/google-authenticator.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

28
relatorio/relatorio.aux
View File

@@ -2,13 +2,23 @@
\providecommand \babel@aux [2]{\global \let \babel@toc \@gobbletwo }
\@nameuse{bbl@beforestart}
\catcode `"\active
\providecommand\hyper@newdestlabel[2]{}
\providecommand\HyField@AuxAddToFields[1]{}
\providecommand\HyField@AuxAddToCoFields[2]{}
\babel@aux{portuguese}{}
\@writefile{toc}{\contentsline {section}{\numberline {1}Introdução}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {2}Criação de certificados}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {3}Configuração da \textit {Gateway} VPN}{3}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {4}Configurar TOTP}{3}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Aceder ao código}{3}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {5}Revocation e OCSP}{3}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.1}Testar OSCP via revoke}{3}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {6}Conclusion}{4}{}\protected@file@percent }
\gdef \@abspage@last{4}
\def\@LN@column{1}
\@writefile{toc}{\contentsline {section}{\numberline {1}Introdução}{2}{section.1}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {2}Criação de certificados}{2}{section.2}\protected@file@percent }
\def\@LN@column{1}
\@writefile{toc}{\contentsline {section}{\numberline {3}Configuração geral}{3}{section.3}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {4}Configuração da \textit {Gateway} VPN}{3}{section.4}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Configurar TOTP}{3}{subsection.4.1}\protected@file@percent }
\def\@LN@column{1}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}Encaminhamento e Firewall}{4}{subsection.4.2}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {5}Configuração do Cliente (Road Warrior)}{4}{section.5}\protected@file@percent }
\def\@LN@column{1}
\@writefile{toc}{\contentsline {section}{\numberline {6}Servidor Apache e OCSP}{5}{section.6}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {6.1}Revocation e OCSP}{5}{subsection.6.1}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {7}Conclusão}{5}{section.7}\protected@file@percent }
\xdef \mintedoldcachechecksum{\detokenize{\minted@cachechecksum }}
\gdef \@abspage@last{5}

794
relatorio/relatorio.log
View File

@@ -1,4 +1,4 @@
This is pdfTeX, Version 3.141592653-2.6-1.40.29 (TeX Live 2026/Arch Linux) (preloaded format=pdflatex 2026.4.13) 24 APR 2026 10:42
This is pdfTeX, Version 3.141592653-2.6-1.40.29 (TeX Live 2026/Arch Linux) (preloaded format=pdflatex 2026.4.13) 24 APR 2026 18:42
entering extended mode
\write18 enabled.
%&-line parsing enabled.
@@ -154,23 +154,570 @@ Package: booktabs 2020/01/12 v1.61803398 Publication quality tables
\@lastruleclass=\count297
\@thisrulewidth=\dimen166
)
LaTeX Font Info: Trying to load font information for OT1+EBGaramond-LF on in
put line 34.
(/home/raw/uni/fsi/trabalho/relatorio/style.sty
(/usr/share/texmf-dist/tex/latex/geometry/geometry.sty
Package: geometry 2020/01/02 v5.9 Page Geometry
(/usr/share/texmf-dist/tex/latex/ebgaramond/OT1EBGaramond-LF.fd
File: OT1EBGaramond-LF.fd 2023/03/19 (autoinst) Font definitions for OT1/EBGara
mond-LF.
(/usr/share/texmf-dist/tex/generic/iftex/ifvtex.sty
Package: ifvtex 2019/10/25 v1.7 ifvtex legacy package. Use iftex instead.
)
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
\Gm@cnth=\count298
\Gm@cntv=\count299
\c@Gm@tempcnt=\count300
\Gm@bindingoffset=\dimen167
\Gm@wd@mp=\dimen168
\Gm@odd@mp=\dimen169
\Gm@even@mp=\dimen170
\Gm@layoutwidth=\dimen171
\Gm@layoutheight=\dimen172
\Gm@layouthoffset=\dimen173
\Gm@layoutvoffset=\dimen174
\Gm@dimlist=\toks21
)
(/usr/share/texmf-dist/tex/latex/raleway/raleway.sty
Package: raleway 2025/04/06 v1.6 Matt McInerneys Raleway family
(/usr/share/texmf-dist/tex/latex/base/fontenc.sty
Package: fontenc 2025/07/18 v2.1d Standard LaTeX package
(/usr/share/texmf-dist/tex/latex/ly1/ly1enc.def
File: ly1enc.def 2022/06/11 v0.8 TeX 'n ANSI encoding (DPC/KB)
Now handling font encoding LY1 ...
... processing UTF-8 mapping file for font encoding LY1
(/usr/share/texmf-dist/tex/latex/base/ly1enc.dfu
File: ly1enc.dfu 2022/06/07 v1.3c UTF-8 support
defining Unicode char U+00A0 (decimal 160)
defining Unicode char U+00A1 (decimal 161)
defining Unicode char U+00A2 (decimal 162)
defining Unicode char U+00A3 (decimal 163)
defining Unicode char U+00A4 (decimal 164)
defining Unicode char U+00A5 (decimal 165)
defining Unicode char U+00A6 (decimal 166)
defining Unicode char U+00A7 (decimal 167)
defining Unicode char U+00AA (decimal 170)
defining Unicode char U+00AB (decimal 171)
defining Unicode char U+00AD (decimal 173)
defining Unicode char U+00AE (decimal 174)
defining Unicode char U+00B0 (decimal 176)
defining Unicode char U+00B5 (decimal 181)
defining Unicode char U+00B6 (decimal 182)
defining Unicode char U+00B7 (decimal 183)
defining Unicode char U+00BA (decimal 186)
defining Unicode char U+00BB (decimal 187)
defining Unicode char U+00BC (decimal 188)
defining Unicode char U+00BD (decimal 189)
defining Unicode char U+00BE (decimal 190)
defining Unicode char U+00BF (decimal 191)
defining Unicode char U+00C0 (decimal 192)
defining Unicode char U+00C1 (decimal 193)
defining Unicode char U+00C2 (decimal 194)
defining Unicode char U+00C3 (decimal 195)
defining Unicode char U+00C4 (decimal 196)
defining Unicode char U+00C5 (decimal 197)
defining Unicode char U+00C6 (decimal 198)
defining Unicode char U+00C7 (decimal 199)
defining Unicode char U+00C8 (decimal 200)
defining Unicode char U+00C9 (decimal 201)
defining Unicode char U+00CA (decimal 202)
defining Unicode char U+00CB (decimal 203)
defining Unicode char U+00CC (decimal 204)
defining Unicode char U+00CD (decimal 205)
defining Unicode char U+00CE (decimal 206)
defining Unicode char U+00CF (decimal 207)
defining Unicode char U+00D0 (decimal 208)
defining Unicode char U+00D1 (decimal 209)
defining Unicode char U+00D2 (decimal 210)
defining Unicode char U+00D3 (decimal 211)
defining Unicode char U+00D4 (decimal 212)
defining Unicode char U+00D5 (decimal 213)
defining Unicode char U+00D6 (decimal 214)
defining Unicode char U+00D8 (decimal 216)
defining Unicode char U+00D9 (decimal 217)
defining Unicode char U+00DA (decimal 218)
defining Unicode char U+00DB (decimal 219)
defining Unicode char U+00DC (decimal 220)
defining Unicode char U+00DD (decimal 221)
defining Unicode char U+00DE (decimal 222)
defining Unicode char U+00DF (decimal 223)
defining Unicode char U+00E0 (decimal 224)
defining Unicode char U+00E1 (decimal 225)
defining Unicode char U+00E2 (decimal 226)
defining Unicode char U+00E3 (decimal 227)
defining Unicode char U+00E4 (decimal 228)
defining Unicode char U+00E5 (decimal 229)
defining Unicode char U+00E6 (decimal 230)
defining Unicode char U+00E7 (decimal 231)
defining Unicode char U+00E8 (decimal 232)
defining Unicode char U+00E9 (decimal 233)
defining Unicode char U+00EA (decimal 234)
defining Unicode char U+00EB (decimal 235)
defining Unicode char U+00EC (decimal 236)
defining Unicode char U+00ED (decimal 237)
defining Unicode char U+00EE (decimal 238)
defining Unicode char U+00EF (decimal 239)
defining Unicode char U+00F0 (decimal 240)
defining Unicode char U+00F1 (decimal 241)
defining Unicode char U+00F2 (decimal 242)
defining Unicode char U+00F3 (decimal 243)
defining Unicode char U+00F4 (decimal 244)
defining Unicode char U+00F5 (decimal 245)
defining Unicode char U+00F6 (decimal 246)
defining Unicode char U+00F8 (decimal 248)
defining Unicode char U+00F9 (decimal 249)
defining Unicode char U+00FA (decimal 250)
defining Unicode char U+00FB (decimal 251)
defining Unicode char U+00FC (decimal 252)
defining Unicode char U+00FD (decimal 253)
defining Unicode char U+00FE (decimal 254)
defining Unicode char U+00FF (decimal 255)
defining Unicode char U+0131 (decimal 305)
defining Unicode char U+0141 (decimal 321)
defining Unicode char U+0142 (decimal 322)
defining Unicode char U+0152 (decimal 338)
defining Unicode char U+0153 (decimal 339)
defining Unicode char U+0160 (decimal 352)
defining Unicode char U+0161 (decimal 353)
defining Unicode char U+0174 (decimal 372)
defining Unicode char U+0175 (decimal 373)
defining Unicode char U+0176 (decimal 374)
defining Unicode char U+0177 (decimal 375)
defining Unicode char U+0178 (decimal 376)
defining Unicode char U+017D (decimal 381)
defining Unicode char U+017E (decimal 382)
defining Unicode char U+0192 (decimal 402)
defining Unicode char U+0218 (decimal 536)
defining Unicode char U+0219 (decimal 537)
defining Unicode char U+021A (decimal 538)
defining Unicode char U+021B (decimal 539)
defining Unicode char U+0237 (decimal 567)
defining Unicode char U+02C6 (decimal 710)
defining Unicode char U+02DC (decimal 732)
defining Unicode char U+2013 (decimal 8211)
defining Unicode char U+2014 (decimal 8212)
defining Unicode char U+201C (decimal 8220)
defining Unicode char U+201D (decimal 8221)
defining Unicode char U+2020 (decimal 8224)
defining Unicode char U+2021 (decimal 8225)
defining Unicode char U+2022 (decimal 8226)
defining Unicode char U+2026 (decimal 8230)
defining Unicode char U+2030 (decimal 8240)
defining Unicode char U+2039 (decimal 8249)
defining Unicode char U+203A (decimal 8250)
defining Unicode char U+2122 (decimal 8482)
defining Unicode char U+FB00 (decimal 64256)
defining Unicode char U+FB01 (decimal 64257)
defining Unicode char U+FB02 (decimal 64258)
defining Unicode char U+FB03 (decimal 64259)
defining Unicode char U+FB04 (decimal 64260)
defining Unicode char U+FB05 (decimal 64261)
defining Unicode char U+FB06 (decimal 64262)
))
LaTeX Font Info: Trying to load font information for T1+EBGaramond-LF on inp
ut line 116.
(/usr/share/texmf-dist/tex/latex/ebgaramond/T1EBGaramond-LF.fd
File: T1EBGaramond-LF.fd 2023/03/19 (autoinst) Font definitions for T1/EBGaramo
nd-LF.
)
LaTeX Font Info: Font shape `T1/EBGaramond-LF/m/n' will be
(Font) scaled to size 10.95pt on input line 116.
))
(/usr/share/texmf-dist/tex/generic/ulem/ulem.sty
\UL@box=\box55
\UL@hyphenbox=\box56
\UL@skip=\skip51
\UL@hook=\toks22
\UL@height=\dimen175
\UL@pe=\count301
\UL@pixel=\dimen176
\ULC@box=\box57
Package: ulem 2019/11/18
\ULdepth=\dimen177
)
(/usr/share/texmf-dist/tex/latex/wrapfig/wrapfig.sty
\wrapoverhang=\dimen178
\WF@size=\dimen179
\c@WF@wrappedlines=\count302
\WF@box=\box58
\WF@everypar=\toks23
Package: wrapfig 2003/01/31 v 3.6
)
(/usr/share/texmf-dist/tex/latex/graphics/graphicx.sty
Package: graphicx 2024/12/31 v1.2e Enhanced LaTeX Graphics (DPC,SPQR)
(/usr/share/texmf-dist/tex/latex/graphics/graphics.sty
Package: graphics 2024/08/06 v1.4g Standard LaTeX Graphics (DPC,SPQR)
(/usr/share/texmf-dist/tex/latex/graphics/trig.sty
Package: trig 2023/12/02 v1.11 sin cos tan (DPC)
)
(/usr/share/texmf-dist/tex/latex/graphics-cfg/graphics.cfg
File: graphics.cfg 2016/06/04 v1.11 sample graphics configuration
)
Package graphics Info: Driver file: pdftex.def on input line 106.
(/usr/share/texmf-dist/tex/latex/graphics-def/pdftex.def
File: pdftex.def 2025/09/29 v1.2d Graphics/color driver for pdftex
))
\Gin@req@height=\dimen180
\Gin@req@width=\dimen181
)
(/usr/share/texmf-dist/tex/latex/tools/tabularx.sty
Package: tabularx 2023/12/11 v2.12a `tabularx' package (DPC)
(/usr/share/texmf-dist/tex/latex/tools/array.sty
Package: array 2025/09/25 v2.6n Tabular extension package (FMi)
\col@sep=\dimen182
\ar@mcellbox=\box59
\extrarowheight=\dimen183
\NC@list=\toks24
\extratabsurround=\skip52
\backup@length=\skip53
\ar@cellbox=\box60
)
\TX@col@width=\dimen184
\TX@old@table=\dimen185
\TX@old@col=\dimen186
\TX@target=\dimen187
\TX@delta=\dimen188
\TX@cols=\count303
\TX@ftn=\toks25
)
(/usr/share/texmf-dist/tex/latex/paracol/paracol.sty
Package: paracol 2025/07/14 1.37 typeset columns in parallel
\pcol@currcol=\count304
\pcol@nextcol=\count305
\pcol@ncol=\count306
\pcol@ncolleft=\count307
\pcol@page=\count308
\pcol@basepage=\count309
\pcol@toppage=\count310
\pcol@footnotebase=\count311
\pcol@nfootnotes=\count312
\pcol@mcid=\count313
\pcol@prevdepth=\dimen189
\pcol@colht=\dimen190
\pcol@textfloatsep=\dimen191
\pcol@lrmargin=\dimen192
\pagerim=\dimen193
\pcol@topskip=\skip54
\belowfootnoteskip=\skip55
\pcol@topfnotes=\box61
\pcol@prespan=\box62
\pcol@rightpage=\box63
\pcol@colorstack@saved=\box64
\pcol@tempboxa=\box65
\pcol@tempboxb=\box66
\pcol@colorins=\insert252
\pcol@everyvbox=\toks26
)
(/usr/share/texmf-dist/tex/latex/xcolor/xcolor.sty
Package: xcolor 2024/09/29 v3.02 LaTeX color extensions (UK)
(/usr/share/texmf-dist/tex/latex/graphics-cfg/color.cfg
File: color.cfg 2016/01/02 v1.6 sample color configuration
)
Package xcolor Info: Driver file: pdftex.def on input line 274.
(/usr/share/texmf-dist/tex/latex/graphics/mathcolor.ltx)
Package xcolor Info: Model `cmy' substituted by `cmy0' on input line 1349.
Package xcolor Info: Model `hsb' substituted by `rgb' on input line 1353.
Package xcolor Info: Model `RGB' extended on input line 1365.
Package xcolor Info: Model `HTML' substituted by `rgb' on input line 1367.
Package xcolor Info: Model `Hsb' substituted by `hsb' on input line 1368.
Package xcolor Info: Model `tHsb' substituted by `hsb' on input line 1369.
Package xcolor Info: Model `HSB' substituted by `hsb' on input line 1370.
Package xcolor Info: Model `Gray' substituted by `gray' on input line 1371.
Package xcolor Info: Model `wave' substituted by `hsb' on input line 1372.
)
(/usr/share/texmf-dist/tex/latex/graphics/dvipsnam.def
File: dvipsnam.def 2016/06/17 v3.0m Driver-dependent file (DPC,SPQR)
)
(/usr/share/texmf-dist/tex/latex/enumitem/enumitem.sty
Package: enumitem 2025/02/06 v3.11 Customized lists
\enitkv@toks@=\toks27
\labelindent=\skip56
\enit@outerparindent=\dimen194
\enit@toks=\toks28
\enit@inbox=\box67
\enit@count@id=\count314
\enitdp@description=\count315
)
(/usr/share/texmf-dist/tex/latex/amsfonts/amssymb.sty
Package: amssymb 2013/01/14 v3.01 AMS font symbols
(/usr/share/texmf-dist/tex/latex/amsfonts/amsfonts.sty
Package: amsfonts 2013/01/14 v3.01 Basic AMSFonts support
\@emptytoks=\toks29
\symAMSa=\mathgroup4
\symAMSb=\mathgroup5
LaTeX Font Info: Redeclaring math symbol \hbar on input line 98.
LaTeX Font Info: Overwriting math alphabet `\mathfrak' in version `bold'
(Font) U/euf/m/n --> U/euf/b/n on input line 106.
))
(/usr/share/texmf-dist/tex/latex/hyperref/hyperref.sty
Package: hyperref 2026-01-29 v7.01p Hypertext links for LaTeX
(/usr/share/texmf-dist/tex/latex/kvsetkeys/kvsetkeys.sty
Package: kvsetkeys 2022-10-05 v1.19 Key value parser (HO)
)
(/usr/share/texmf-dist/tex/generic/kvdefinekeys/kvdefinekeys.sty
Package: kvdefinekeys 2019-12-19 v1.6 Define keys (HO)
)
(/usr/share/texmf-dist/tex/generic/pdfescape/pdfescape.sty
Package: pdfescape 2019/12/09 v1.15 Implements pdfTeX's escape features (HO)
(/usr/share/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty
Package: ltxcmds 2023-12-04 v1.26 LaTeX kernel commands for general use (HO)
)
(/usr/share/texmf-dist/tex/generic/pdftexcmds/pdftexcmds.sty
Package: pdftexcmds 2020-06-27 v0.33 Utility functions of pdfTeX for LuaTeX (HO
)
(/usr/share/texmf-dist/tex/generic/infwarerr/infwarerr.sty
Package: infwarerr 2019/12/03 v1.5 Providing info/warning/error messages (HO)
)
Package pdftexcmds Info: \pdf@primitive is available.
Package pdftexcmds Info: \pdf@ifprimitive is available.
Package pdftexcmds Info: \pdfdraftmode found.
))
(/usr/share/texmf-dist/tex/latex/hycolor/hycolor.sty
Package: hycolor 2020-01-27 v1.10 Color options for hyperref/bookmark (HO)
)
(/usr/share/texmf-dist/tex/latex/hyperref/nameref.sty
Package: nameref 2026-01-29 v2.58 Cross-referencing by name of section
(/usr/share/texmf-dist/tex/latex/refcount/refcount.sty
Package: refcount 2019/12/15 v3.6 Data extraction from label references (HO)
)
(/usr/share/texmf-dist/tex/generic/gettitlestring/gettitlestring.sty
Package: gettitlestring 2019/12/15 v1.6 Cleanup title references (HO)
(/usr/share/texmf-dist/tex/latex/kvoptions/kvoptions.sty
Package: kvoptions 2022-06-15 v3.15 Key value format for package options (HO)
))
\c@section@level=\count316
)
(/usr/share/texmf-dist/tex/latex/etoolbox/etoolbox.sty
Package: etoolbox 2025/10/02 v2.5m e-TeX tools for LaTeX (JAW)
\etb@tempcnta=\count317
)
(/usr/share/texmf-dist/tex/generic/stringenc/stringenc.sty
Package: stringenc 2019/11/29 v1.12 Convert strings between diff. encodings (HO
)
)
\@linkdim=\dimen195
\Hy@linkcounter=\count318
\Hy@pagecounter=\count319
(/usr/share/texmf-dist/tex/latex/hyperref/pd1enc.def
File: pd1enc.def 2026-01-29 v7.01p Hyperref: PDFDocEncoding definition (HO)
Now handling font encoding PD1 ...
... no UTF-8 mapping file for font encoding PD1
)
(/usr/share/texmf-dist/tex/generic/intcalc/intcalc.sty
Package: intcalc 2019/12/15 v1.3 Expandable calculations with integers (HO)
)
\Hy@SavedSpaceFactor=\count320
(/usr/share/texmf-dist/tex/latex/hyperref/puenc.def
File: puenc.def 2026-01-29 v7.01p Hyperref: PDF Unicode definition (HO)
Now handling font encoding PU ...
... no UTF-8 mapping file for font encoding PU
)
Package hyperref Info: Option `colorlinks' set `true' on input line 4072.
Package hyperref Info: Hyper figures OFF on input line 4201.
Package hyperref Info: Link nesting OFF on input line 4206.
Package hyperref Info: Hyper index ON on input line 4209.
Package hyperref Info: Plain pages OFF on input line 4216.
Package hyperref Info: Backreferencing OFF on input line 4221.
Package hyperref Info: Implicit mode ON; LaTeX internals redefined.
Package hyperref Info: Bookmarks ON on input line 4468.
\c@Hy@tempcnt=\count321
(/usr/share/texmf-dist/tex/latex/url/url.sty
\Urlmuskip=\muskip17
Package: url 2013/09/16 ver 3.4 Verb mode for urls, etc.
)
LaTeX Info: Redefining \url on input line 4807.
\XeTeXLinkMargin=\dimen196
(/usr/share/texmf-dist/tex/generic/bitset/bitset.sty
Package: bitset 2019/12/09 v1.3 Handle bit-vector datatype (HO)
(/usr/share/texmf-dist/tex/generic/bigintcalc/bigintcalc.sty
Package: bigintcalc 2019/12/15 v1.5 Expandable calculations on big integers (HO
)
))
\Fld@menulength=\count322
\Field@Width=\dimen197
\Fld@charsize=\dimen198
Package hyperref Info: Hyper figures OFF on input line 6084.
Package hyperref Info: Link nesting OFF on input line 6089.
Package hyperref Info: Hyper index ON on input line 6092.
Package hyperref Info: backreferencing OFF on input line 6099.
Package hyperref Info: Link coloring ON on input line 6102.
Package hyperref Info: Link coloring with OCG OFF on input line 6109.
Package hyperref Info: PDF/A mode OFF on input line 6114.
\Hy@abspage=\count323
\c@Item=\count324
\c@Hfootnote=\count325
)
Package hyperref Info: Driver (autodetected): hpdftex.
(/usr/share/texmf-dist/tex/latex/hyperref/hpdftex.def
File: hpdftex.def 2026-01-29 v7.01p Hyperref driver for pdfTeX
\Fld@listcount=\count326
\c@bookmark@seq@number=\count327
(/usr/share/texmf-dist/tex/latex/rerunfilecheck/rerunfilecheck.sty
Package: rerunfilecheck 2025-06-21 v1.11 Rerun checks for auxiliary files (HO)
(/usr/share/texmf-dist/tex/generic/uniquecounter/uniquecounter.sty
Package: uniquecounter 2019/12/15 v1.4 Provide unlimited unique counter (HO)
)
Package uniquecounter Info: New unique counter `rerunfilecheck' on input line 2
84.
)
\Hy@SectionHShift=\skip57
)
\enitdp@todolist=\count328
(/usr/share/texmf-dist/tex/latex/psnfss/pifont.sty
Package: pifont 2020/03/25 PSNFSS-v9.3 Pi font support (SPQR)
LaTeX Font Info: Trying to load font information for U+pzd on input line 63.
(/usr/share/texmf-dist/tex/latex/psnfss/upzd.fd
File: upzd.fd 2001/06/04 font definitions for U/pzd.
)
LaTeX Font Info: Trying to load font information for U+psy on input line 64.
(/usr/share/texmf-dist/tex/latex/psnfss/upsy.fd
File: upsy.fd 2001/06/04 font definitions for U/psy.
))
(/usr/share/texmf-dist/tex/latex/minted/minted.sty
Package: minted 2026/03/03 v3.8.0 Yet another Pygments shim for LaTeX
(/usr/share/texmf-dist/tex/generic/catchfile/catchfile.sty
Package: catchfile 2019/12/09 v1.8 Catch the contents of a file (HO)
(/usr/share/texmf-dist/tex/generic/etexcmds/etexcmds.sty
Package: etexcmds 2019/12/15 v1.7 Avoid name clashes with e-TeX commands (HO)
))
(/usr/share/texmf-dist/tex/latex/fvextra/fvextra.sty
Package: fvextra 2026/02/25 v1.14.0 fvextra - extensions and patches for fancyv
rb
(/usr/share/texmf-dist/tex/latex/fancyvrb/fancyvrb.sty
Package: fancyvrb 2025/07/28 4.6 verbatim text (tvz,hv)
\FV@CodeLineNo=\count329
\FV@InFile=\read3
\FV@TabBox=\box68
\c@FancyVerbLine=\count330
\FV@StepNumber=\count331
\FV@OutFile=\write3
)
(/usr/share/texmf-dist/tex/latex/upquote/upquote.sty
Package: upquote 2012/04/19 v1.3 upright-quote and grave-accent glyphs in verba
tim
)
(/usr/share/texmf-dist/tex/latex/lineno/lineno.sty
Package: lineno 2026/02/16 line numbers on paragraphs v5.7
\linenopenalty=\count332
\output=\toks30
\linenoprevgraf=\count333
\linenumbersep=\dimen199
\linenumberwidth=\dimen256
\c@linenumber=\count334
\c@pagewiselinenumber=\count335
\c@LN@truepage=\count336
\c@internallinenumber=\count337
\c@internallinenumbers=\count338
\quotelinenumbersep=\dimen257
\bframerule=\dimen258
\bframesep=\dimen259
\bframebox=\box69
)
\c@FancyVerbWriteLine=\count339
\c@FancyVerbBufferLine=\count340
\c@FV@TrueTabGroupLevel=\count341
\c@FV@TrueTabCounter=\count342
\FV@TabBox@Group=\box70
\FV@bgcolorstructbox=\box71
\FV@TmpLength=\skip58
\c@FV@HighlightLinesStart=\count343
\c@FV@HighlightLinesStop=\count344
\FV@LoopCount=\count345
\FV@NCharsBox=\box72
\FV@BreakIndent=\dimen260
\FV@BreakIndentNChars=\count346
\FV@BreakSymbolSepLeft=\dimen261
\FV@BreakSymbolSepLeftNChars=\count347
\FV@BreakSymbolSepRight=\dimen262
\FV@BreakSymbolSepRightNChars=\count348
\FV@BreakSymbolIndentLeft=\dimen263
\FV@BreakSymbolIndentLeftNChars=\count349
\FV@BreakSymbolIndentRight=\dimen264
\FV@BreakSymbolIndentRightNChars=\count350
\c@FancyVerbLineBreakLast=\count351
\FV@LineBox=\box73
\FV@LineIndentBox=\box74
\c@FV@BreakBufferDepth=\count352
\FV@LineWidth=\dimen265
)
(/usr/share/texmf-dist/tex/latex/latex2pydata/latex2pydata.sty
Package: latex2pydata 2026/02/25 v0.7.0 latex2pydata - write data to file in Py
thon literal format
)
(/usr/share/texmf-dist/tex/latex/pgf/utilities/pgfkeys.sty
(/usr/share/texmf-dist/tex/generic/pgf/utilities/pgfkeys.code.tex
\pgfkeys@pathtoks=\toks31
\pgfkeys@temptoks=\toks32
(/usr/share/texmf-dist/tex/generic/pgf/utilities/pgfkeyslibraryfiltered.code.te
x
\pgfkeys@tmptoks=\toks33
))) (/usr/share/texmf-dist/tex/latex/pgfopts/pgfopts.sty
Package: pgfopts 2014/07/10 v2.1a LaTeX package options with pgfkeys
\pgfopts@list@add@a@toks=\toks34
\pgfopts@list@add@b@toks=\toks35
)
(/usr/share/texmf-dist/tex/latex/tools/shellesc.sty
Package: shellesc 2023/07/08 v1.0d unified shell escape interface for LaTeX
Package shellesc Info: Unrestricted shell escape enabled on input line 75.
)
(/usr/share/texmf-dist/tex/latex/float/float.sty
Package: float 2001/11/08 v1.3d Float enhancements (AL)
\c@float@type=\count353
\float@exts=\toks36
\float@box=\box75
\@float@everytoks=\toks37
\@floatcapt=\box76
)
\c@minted@FancyVerbLineTemp=\count354
\@float@every@listing=\toks38
\c@listing=\count355
))
LaTeX Font Info: Trying to load font information for T1+Raleway-OsF on input
line 34.
(/usr/share/texmf-dist/tex/latex/raleway/T1Raleway-OsF.fd
File: T1Raleway-OsF.fd 2025/04/09 (autoinst) Font definitions for T1/Raleway-Os
F.
)
LaTeX Font Info: Font shape `T1/Raleway-OsF/m/n' will be
(Font) scaled to size 10.95pt on input line 34.
(/usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
File: l3backend-pdftex.def 2025-10-09 L3 backend support: PDF output (pdfTeX)
\l__color_backend_stack_int=\count298
\l__color_backend_stack_int=\count356
)
(/home/raw/uni/fsi/trabalho/relatorio/relatorio.aux
Package babel Info: 'portuguese' activates 'portuges' shorthands.
(babel) Reported on input line 5.
(babel) Reported on input line 8.
)
\openout1 = `relatorio.aux'.
@@ -188,85 +735,192 @@ LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 34.
LaTeX Font Info: ... okay on input line 34.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 34.
LaTeX Font Info: ... okay on input line 34.
\c@mv@tabular=\count299
\c@mv@boldtabular=\count300
\c@lstlisting=\count301
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
(Font) scaled to size 17.28pt on input line 35.
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
(Font) scaled to size 12.0pt on input line 35.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <12> on input line 35.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 35.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 35.
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
LaTeX Font Info: Checking defaults for LY1/ptm/m/n on input line 34.
LaTeX Font Info: Trying to load font information for LY1+ptm on input line 3
4.
(/usr/share/texmf-dist/tex/latex/ly1/ly1ptm.fd
File: ly1ptm.fd 2001/02/01 font definitions for LY1/ptm using Berry names.
)
LaTeX Font Info: ... okay on input line 34.
LaTeX Font Info: Checking defaults for PD1/pdf/m/n on input line 34.
LaTeX Font Info: ... okay on input line 34.
LaTeX Font Info: Checking defaults for PU/pdf/m/n on input line 34.
LaTeX Font Info: ... okay on input line 34.
\c@mv@tabular=\count357
\c@mv@boldtabular=\count358
\c@lstlisting=\count359
*geometry* driver: auto-detecting
*geometry* detected driver: pdftex
*geometry* verbose mode - [ preamble ] result:
* driver: pdftex
* paper: a4paper
* layout: <same size as paper>
* layoutoffset:(h,v)=(0.0pt,0.0pt)
* modes:
* h-part:(L,W,R)=(72.26999pt, 452.9679pt, 72.26999pt)
* v-part:(T,H,B)=(72.26999pt, 700.50687pt, 72.26999pt)
* \paperwidth=597.50787pt
* \paperheight=845.04684pt
* \textwidth=452.9679pt
* \textheight=700.50687pt
* \oddsidemargin=0.0pt
* \evensidemargin=0.0pt
* \topmargin=-37.0pt
* \headheight=12.0pt
* \headsep=25.0pt
* \topskip=11.0pt
* \footskip=30.0pt
* \marginparwidth=50.0pt
* \marginparsep=10.0pt
* \columnsep=10.0pt
* \skip\footins=10.0pt plus 4.0pt minus 2.0pt
* \hoffset=0.0pt
* \voffset=0.0pt
* \mag=1000
* \@twocolumnfalse
* \@twosidefalse
* \@mparswitchfalse
* \@reversemarginfalse
* (1in=72.27pt=25.4mm, 1cm=28.453pt)
(/usr/share/texmf-dist/tex/context/base/mkii/supp-pdf.mkii
[Loading MPS to PDF converter (version 2006.09.02).]
\scratchcounter=\count360
\scratchdimen=\dimen266
\scratchbox=\box77
\nofMPsegments=\count361
\nofMParguments=\count362
\everyMPshowfont=\toks39
\MPscratchCnt=\count363
\MPscratchDim=\dimen267
\MPnumerator=\count364
\makeMPintoPDFobject=\count365
\everyMPtoPDFconversion=\toks40
) (/usr/share/texmf-dist/tex/latex/epstopdf-pkg/epstopdf-base.sty
Package: epstopdf-base 2020-01-24 v2.11 Base part for package epstopdf
Package epstopdf-base Info: Redefining graphics rule for `.eps' on input line 4
85.
(/usr/share/texmf-dist/tex/latex/latexconfig/epstopdf-sys.cfg
File: epstopdf-sys.cfg 2010/07/13 v1.3 Configuration of (r)epstopdf for TeX Liv
e
))
Package hyperref Info: Link coloring ON on input line 34.
\@outlinefile=\write4
\openout4 = `relatorio.out'.
LaTeX Font Info: Font shape `T1/Raleway-OsF/m/n' will be
(Font) scaled to size 17.28pt on input line 36.
LaTeX Font Info: Font shape `T1/Raleway-OsF/m/n' will be
(Font) scaled to size 12.0pt on input line 36.
LaTeX Font Info: Trying to load font information for U+msa on input line 36.
(/usr/share/texmf-dist/tex/latex/amsfonts/umsa.fd
File: umsa.fd 2013/01/14 v3.01 AMS symbols A
)
LaTeX Font Info: Trying to load font information for U+msb on input line 36.
(/usr/share/texmf-dist/tex/latex/amsfonts/umsb.fd
File: umsb.fd 2013/01/14 v3.01 AMS symbols B
)
LaTeX Font Info: Font shape `T1/Raleway-OsF/m/n' will be
(Font) scaled to size 14.4pt on input line 36.
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be
LaTeX Font Info: Font shape `T1/Raleway-OsF/bold/n' aliased to
(Font) `T1/Raleway-OsF/b/n' on input line 36.
LaTeX Font Info: Font shape `T1/Raleway-OsF/b/n' will be
(Font) scaled to size 14.4pt on input line 36.
(/home/raw/uni/fsi/trabalho/relatorio/relatorio.toc
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be
LaTeX Font Info: Font shape `T1/Raleway-OsF/bold/n' aliased to
(Font) `T1/Raleway-OsF/b/n' on input line 2.
LaTeX Font Info: Font shape `T1/Raleway-OsF/b/n' will be
(Font) scaled to size 10.95pt on input line 2.
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/it' will be
(Font) scaled to size 10.95pt on input line 4.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <10.95> on input line 6.
LaTeX Font Info: Font shape `T1/Raleway-OsF/bold/it' aliased to
(Font) `T1/Raleway-OsF/b/it' on input line 5.
LaTeX Font Info: Font shape `T1/Raleway-OsF/b/it' will be
(Font) scaled to size 10.95pt on input line 5.
)
\tf@toc=\write3
\openout3 = `relatorio.toc'.
\tf@toc=\write5
\openout5 = `relatorio.toc'.
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texmf-dist/fonts
/enc/dvips/ebgaramond/ebg_dacnth.enc}{/usr/share/texmf-dist/fonts/enc/dvips/ebg
aramond/ebg_3uowis.enc}]
Overfull \hbox (16.09543pt too wide) in paragraph at lines 54--61
[][]
[]
/enc/dvips/raleway/a_itoun2.enc}]
LaTeX Font Info: Font shape `T1/Raleway-OsF/m/it' will be
(Font) scaled to size 10.95pt on input line 42.
(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
File: lstlang1.sty 2025/11/14 1.11b listings language file
)
(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
File: lstlang1.sty 2025/11/14 1.11b listings language file
)
LaTeX Font Info: Font shape `T1/Raleway-OsF/m/n' will be
(Font) scaled to size 9.0pt on input line 86.
LaTeX Font Info: Font shape `T1/cmtt/bx/n' in size <9> not available
(Font) Font shape `T1/cmtt/m/n' tried instead on input line 95.
[2{/usr/share/texmf-dist/fonts/enc/dvips/cm-super/cm-super-t1.enc}]
LaTeX Font Info: Font shape `T1/Raleway-OsF/bold/it' aliased to
(Font) `T1/Raleway-OsF/b/it' on input line 141.
LaTeX Font Info: Font shape `T1/Raleway-OsF/b/it' will be
(Font) scaled to size 14.4pt on input line 141.
LaTeX Font Info: Font shape `T1/Raleway-OsF/bold/n' aliased to
(Font) `T1/Raleway-OsF/b/n' on input line 143.
LaTeX Font Info: Font shape `T1/Raleway-OsF/b/n' will be
(Font) scaled to size 12.0pt on input line 143.
<google-authenticator.jpg, id=60, 225.84375pt x 447.6725pt>
File: google-authenticator.jpg Graphic file (type jpg)
<use google-authenticator.jpg>
Package pdftex.def Info: google-authenticator.jpg used on input line 169.
(pdftex.def) Requested size: 87.59998pt x 173.64207pt.
LaTeX Warning: `h' float specifier changed to `ht'.
[3] [4 </home/raw/uni/fsi/trabalho/relatorio/google-authenticator.jpg>]
[5]
runsystem(latexminted cleantemp --timestamp 20260424184203 C117BC0880C49B7BB81
87B6D1568B650)...executed.
(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
File: lstlang1.sty 2025/11/14 1.11b listings language file
)
(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
File: lstlang1.sty 2025/11/14 1.11b listings language file
)
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
(Font) scaled to size 9.0pt on input line 67.
LaTeX Font Info: Font shape `OT1/cmtt/bx/n' in size <9> not available
(Font) Font shape `OT1/cmtt/m/n' tried instead on input line 76.
[2{/usr/share/texmf-dist/fonts/enc/dvips/cm-super/cm-super-ts1.enc}]
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/it' will be
(Font) scaled to size 14.4pt on input line 93.
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be
(Font) scaled to size 12.0pt on input line 106.
[3] [4]
(/home/raw/uni/fsi/trabalho/relatorio/relatorio.aux)
***********
LaTeX2e <2025-11-01>
L3 programming layer <2026-01-19>
***********
Package rerunfilecheck Warning: File `relatorio.out' has changed.
(rerunfilecheck) Rerun to get outlines right
(rerunfilecheck) or use package `bookmark'.
Package rerunfilecheck Info: Checksums for `relatorio.out':
(rerunfilecheck) Before: <no file>
(rerunfilecheck) After: 421D094394457CC27F2EA2D1C1EC716E;1586.
)
Here is how much of TeX's memory you used:
4481 strings out of 469495
74067 string characters out of 5470098
852951 words of memory out of 5000000
33120 multiletter control sequences out of 15000+600000
646339 words of font info for 65 fonts, out of 8000000 for 9000
20227 strings out of 469495
373994 string characters out of 5470098
1301885 words of memory out of 5000000
48492 multiletter control sequences out of 15000+600000
830020 words of font info for 92 fonts, out of 8000000 for 9000
16 hyphenation exceptions out of 8191
62i,7n,99p,223b,1810s stack positions out of 10000i,1000n,20000p,200000b,200000s
</usr/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Bold.pfb></us
r/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-BoldItalic.pfb></us
r/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Regular.pfb></usr/s
hare/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt10.pfb></usr/share/texmf-dis
t/fonts/type1/public/amsfonts/cm/cmtt9.pfb></usr/share/texmf-dist/fonts/type1/p
ublic/cm-super/sftt0900.pfb>
Output written on /home/raw/uni/fsi/trabalho/relatorio/relatorio.pdf (4 pages,
94582 bytes).
90i,6n,99p,490b,2124s stack positions out of 10000i,1000n,20000p,200000b,200000s
</usr/share/texmf-dist/fonts/type1/impallari/raleway/Raleway-Bold.pfb></usr/s
hare/texmf-dist/fonts/type1/impallari/raleway/Raleway-BoldItalic.pfb></usr/shar
e/texmf-dist/fonts/type1/impallari/raleway/Raleway-Italic.pfb></usr/share/texmf
-dist/fonts/type1/impallari/raleway/Raleway-Regular.pfb></usr/share/texmf-dist/
fonts/type1/public/cm-super/sfit0900.pfb></usr/share/texmf-dist/fonts/type1/pub
lic/cm-super/sftt0900.pfb></usr/share/texmf-dist/fonts/type1/public/cm-super/sf
tt1095.pfb>
Output written on /home/raw/uni/fsi/trabalho/relatorio/relatorio.pdf (5 pages,
176238 bytes).
PDF statistics:
50 PDF objects out of 1000 (max. 8388607)
31 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)
189 PDF objects out of 1000 (max. 8388607)
165 compressed objects within 2 object streams
97 named destinations out of 1000 (max. 500000)
6 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
relatorio/relatorio.pdf
View File

Binary file not shown.

BIN
relatorio/relatorio.synctex.gz
View File

Binary file not shown.

166
relatorio/relatorio.tex
View File

@@ -4,7 +4,7 @@
\usepackage{listings}
\usepackage{booktabs}
% \usepa
\usepackage{style}
\lstdefinestyle{mystyle}{
basicstyle=\ttfamily\footnotesize,
@@ -38,35 +38,50 @@
\section{Introdução}
Este projecto tem como âmbito implementar, uma rede virtual privada (VPN) num cenário de road-warrior,
configurar two-factor authentication com os serviços OpenVPN e Apache, e gerir certificados X.509 utilizando OCSP.
Este projeto tem como âmbito implementar, uma rede virtual privada (VPN) num cenário
de road-warrior, configurar \textit{two-factor authentication} (2FA) com os serviços
OpenVPN e Apache, e gerir certificados X.509 utilizando OCSP.
O nosso cenario vai envolver três maquinas, o cliente (road warrior), a gateway que utiliza OpenVPN e um servidor interno com OpenSSL e Apache. O OpenVPN utiliza two-factor authentication, recebendo o utilizador, e uma password que é uma junção de uma fixa, e de uma gerada pelo plugin google-authenticator. O servidor de Apache implementa a mesma authenticação.
% NOTE(vasco): Eu acho que basta explicar o cenario e explicar como decidimos
% implementar
Temos então três máquinas virtuais:
% Para tal, foi implementado um servidor e um cliente OpenVPN, certificados por uma
% autoridade central (CA) que em si é \textit{self-signed}. Para além disto, foi implementado
% um sistema de autenticação de dois factores através do plugin
% \textit{google-authenticator} para o OpenVPN e para o servidor de Apache.
Decidimos utilizar apenas três máquinas virtuais: o cliente (ou \textit{road warrior}),
a \textit{gateway} que utiliza OpenVPN e um servidor interno com OpenSSL e Apache.
Isto simplifica a elaboração do projecto, mas por razões de segurança poderia querer
separar a máquina de OpenSSL de outras máquinas destinadas a serviços da rede intera,
pois esta contém o \textit{certificate authority} CA.
% Ambos o OpenVPN eo servidor Apache utilizam 2FA,
% recebendo o utilizador, e uma password que é uma concatenação da palavra-passe do utilizador
% e de uma password temporária (TOTP) de 6 dígitos. O servidor de Apache implementa a mesma autenticação.
\begin{tabular}{l l l}
{\bf Nome} & {\bf Script} & {\bf Rede} \\\toprule
Road Warrior & VM\_ROAD\_WARRIOR.sh & Rede Externa 193.168.0.0/24 \\
VPN Gateway & VM\_OPENVPN\_GATEWAY.sh & Router \\
OpenSSL / Apache & VM\_OPENSSL\_APACHE.sh & Reder Interna 10.60.0.0/24 \\
OpenSSL / Apache & VM\_OPENSSL\_APACHE.sh & Rede Interna 10.60.0.0/24 \\
\end{tabular}
Os certificados utilizados foram certificados por uma autoridade central que não está no nosso cenario. A gestão da lista de revogação está a ser gerido pelo serviço OpenSSL que está na mesma maquina que o Apache. Num cenario real seria melhor dividir estes serviços por outras maquinas, mas os computadores que temos acesso estão limitados na quantidade de maquinas virtuais que consegue simular simultaniamente.
\section{Criação de certificados}
Criar chaves com 2048 bits.
Todas as chaves foram criadas no mesmo computador, com as variaveis que está neste codigo, aspetos importantes para mais tarde serão os parametros de CN que precisam de ser passados mais tarde para aceder ao Apache e ao gateway. Numa situação normal teriamos uma autoridade de certificação para enviar e no fundo gerir todos, mas para este cenario podemos inicializar as maquinas com as chaves, requests e certificados necessarios.
Os certificados utilizados foram auto-certificados por uma autoridade central que "pertence"
à máquina de OpenSSL. Esta mesma faz a gestão da lista de revogação.
Todas as chaves foram criadas no mesmo computador, com as variáveis que estão
neste código, aspetos importantes para mais tarde serão os parâmetros de CN
que precisam de ser passados mais tarde para aceder ao Apache e ao gateway.
Numa situação normal teríamos uma autoridade de certificação para enviar e
no fundo gerir todos, mas para este cenário podemos inicializar as máquinas
com as chaves, requests e certificados necessários.
O código para gerar os certificados X.509:
O codigo para gerar os certificados X.509:
\begin{lstlisting}[language=bash]
cert_ca="/C=PT/ST=Coimbra/L=Coimbra/O=UC/CN=CoimbraVPN"
cert_vpn="/C=PT/ST=Coimbra/L=Coimbra/O=UC/CN=gateway"
@@ -88,15 +103,16 @@ openssl req -new -key apache.key -out apache.csr -subj "$cert_apache" -addext "s
openssl ca -batch -in "apache.csr" -cert "ca.crt" -keyfile "ca.key" -out "apache.crt" -config cheese.cfg
\end{lstlisting}
Porque é que precisamos de uma chave secreta?
Criar chave secreta.
% Porque é que precisamos de uma chave secreta?
% Criar chave secreta.
\begin{lstlisting}[language=bash]
openssl --genkey secret ta.key
\end{lstlisting}
\section{Configuração geral}
Para configurar as VM's era preciso introduzir os mesmos comandos varias vezes, o que levava muitas vezes a erros de escrita, ou a correr o mesmo comando varias vezes, por isso criamos varios ficheiros .sh para conseguir facilitar o processo. A utilização de ficheiros .sh também vem com outros positivos pois facilita a testagem, e a recriação do cenario rapidamente.
Para configurar as VMs era preciso introduzir os mesmos comandos várias vezes, o que levava muitas vezes a erros de escrita, ou a correr o mesmo comando várias vezes, por isso criamos vários ficheiros .sh para conseguir facilitar o processo. A utilização de ficheiros .sh também vem com outros positivos pois facilita a testagem, e a recriação do cenário rapidamente.
No entanto para os serviços que configuramos, instalar, desativar e dar flush ás iptables não foi suficiente, tivemos que criar pastas e sincronizar os relogios de todas as VMs visto que elas estarem ligeiramente atrasadas nunca conseguiamos acertar na password do google-authenticator que utiliza o tempo local para calcular a sua chave.
No entanto para os serviços que configuramos, instalar, desativar e dar flush às iptables não foi suficiente, tivemos que criar pastas e sincronizar os relógios de todas as VMs visto que elas estarem ligeiramente atrasadas nunca conseguíamos acertar na password do google-authenticator que utiliza o tempo local para calcular a sua chave.
\begin{lstlisting}[language=bash]
yum install -y epel-release
yum install -y openvpn iptables-services dhcp-client
@@ -115,7 +131,7 @@ cp ca/serial "${CA_DIR}/serial"
mkdir -p /etc/openvpn/server
mkdir -p /etc/openvpn/client
# NOTE(vasco): tive problemas com a sincronização de tempo
# NOTE(vasco): tive problemas com a sincronizacao de tempo
# se nao tiver sincronizado, o TOTP nao funciona
systemctl stop chronyd
ntpdate pool.ntp.org
@@ -124,10 +140,7 @@ systemctl start chronyd
\section{Configuração da \textit{Gateway} VPN}
\section{Configurar TOTP}
\subsection{Configurar TOTP}
Foi criado o ficheiro \texttt{totp} com a configuração de autenticação a
ser utilizada pelo plugin de PAM para o openvpn.
@@ -136,41 +149,100 @@ ser utilizada pelo plugin de PAM para o openvpn.
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so totp
\end{lstlisting}
\subsection{Aceder ao código}
Adicionalmente, devido às restrições de segurança do \textit{systemd},
foi necessário desativar o \texttt{ProtectHome} no serviço do OpenVPN
para que o plugin PAM consiga ler os ficheiros de segredo do Google Authenticator
localizados nas diretorias \textit{home} dos utilizadores.
\begin{lstlisting}[language=bash]
[Service]
ProtectHome=false
\end{lstlisting}
Primeiro, na gateway, entramos como o utilizador desejado e obtemos a chave
do gerador de palavras passes temporarias. Ao inserir a chave no
\texttt{google authenticator} podemos obter a nossa primeira chave de 6 digitos.
do gerador de palavras passes temporárias. Ao inserir a chave no
\texttt{google authenticator} podemos obter um código QR, a nossa primeira
chave de 6 dígitos.
\begin{figure}[h]
\centering
\includegraphics[width=8em]{google-authenticator}
\end{figure}
\begin{lstlisting}[language=bash]
su john
google-authenticator
\end{lstlisting}
\section{Revocation e OCSP}
\subsection{Encaminhamento e Firewall}
\subsection{Testar OSCP via revoke}
Para que a gateway funcione como router entre a rede externa e a rede interna,
foi necessário ativar o \textit{IP forwarding} no kernel e configurar as regras
de \textit{iptables} para permitir o tráfego da VPN e realizar o mascaramento
de IP (NAT).
% NOTA(vasco): Não temos regras de DROP a packets
% talvez deviamos mudar isso nao sei
\begin{lstlisting}[language=bash]
# Ativar encaminhamento
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
# Regras de Firewall
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 -i tun0 -o enp0s9 -j ACCEPT
iptables -I FORWARD 1 -i enp0s9 -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o enp0s8 -j MASQUERADE
\end{lstlisting}
\section{Configuração do Cliente (Road Warrior)}
O cliente encontra-se na rede externa (\texttt{193.136.212.10}) e liga-se à VPN
gateway na porta 1194. Para garantir a segurança, utilizamos autenticação mútua (os certificados X.509)
e um \textit{two factor authentication} (2FA) como palavras-passe temporárias, geradas através do
\textit{Google Authenticator}.
\begin{lstlisting}[language=bash]
client
dev tun
proto udp
remote 193.136.212.1 1194
ca ca.crt
cert user.crt
key user.key
auth-user-pass
cipher AES-256-GCM
auth SHA256
\end{lstlisting}
\section{Servidor Apache e OCSP}
O servidor interno (\texttt{10.60.0.1}) alberga o serviço Apache e o responder OCSP
da autoridade de certificação.
\subsection{Revocation e OCSP}
\begin{enumerate}
\item Conectar ao VPN e ver que funciona
\item Na maquina host, nao nas vms, na repo mesmo.
\item revogar o certificado via openssl -revoke user.crt -config cheese.cfg -keyfile ca.key -cert ca.crt
\item Fechae OSCP e correr VM\_OPENSSL novamente (copiar index.txt e serial?)
\item Tentar outra vez e ver que de facto falha
\item Estabelecer a ligação VPN e verificar a conectividade à rede interna.
\item No diretório da autoridade de certificação (máquina \textit{host}), revogar o certificado do utilizador:
\begin{lstlisting}[language=bash]
openssl ca -revoke user.crt -config cheese.cfg -keyfile ca.key -cert ca.crt
\end{lstlisting}
\item Atualizar o ficheiro \texttt{index.txt} no servidor OCSP e reiniciar o serviço para carregar o novo estado de revogação.
\item Tentar estabelecer uma nova ligação VPN e verificar que a autenticação falha devido à resposta \texttt{revoked} do responder OCSP.
\end{enumerate}
\section{Conclusão}
\section{Conclusion}
Conclusão!!!
Atingimos o objetivo deste trabalho, conseguimos configurar o VPN tunnel, o two-factor authentication e conseguimos criar e retirar acesso aos certificados que emitimos. Utilizar mais maquinas para simular um cenario maior seria redundante, teriamos que emitir mais certificados mas não iamos aprender muito mais. Para aprofundar (???)
% Conclusão!!!
Atingimos o objetivo deste trabalho, conseguimos configurar o VPN tunnel,
o two-factor authentication e conseguimos criar e retirar acesso aos
certificados que emitimos. Utilizar mais maquinas para simular um cenario
maior seria redundante, teriamos que emitir mais certificados mas não iamos
aprender muito mais.
% Para aprofundar (???)
\end{document}
Para tal, foi implementado um servidor e um cliente OpenVPN, certificados por uma autoriadade central (CA)
que em si é self-signed. Para além disto, foi implementado um sistema de autenticação de dois factores
através do plugin google-authenticator para o OpenVPN.
Existe ainda um servidor Apache e um servidro de OpenSSL OCSP. Para simpliflicar, a elaboração do
projecto foram colocados na mesma maquina virtual, mas por razoes de seguranca poderia querer ter
estes serviços separados.

18
relatorio/relatorio.toc
View File

@@ -1,9 +1,11 @@
\babel@toc {portuguese}{}\relax
\contentsline {section}{\numberline {1}Introdução}{2}{}%
\contentsline {section}{\numberline {2}Criação de certificados}{2}{}%
\contentsline {section}{\numberline {3}Configuração da \textit {Gateway} VPN}{3}{}%
\contentsline {section}{\numberline {4}Configurar TOTP}{3}{}%
\contentsline {subsection}{\numberline {4.1}Aceder ao código}{3}{}%
\contentsline {section}{\numberline {5}Revocation e OCSP}{3}{}%
\contentsline {subsection}{\numberline {5.1}Testar OSCP via revoke}{3}{}%
\contentsline {section}{\numberline {6}Conclusion}{4}{}%
\contentsline {section}{\numberline {1}Introdução}{2}{section.1}%
\contentsline {section}{\numberline {2}Criação de certificados}{2}{section.2}%
\contentsline {section}{\numberline {3}Configuração geral}{3}{section.3}%
\contentsline {section}{\numberline {4}Configuração da \textit {Gateway} VPN}{3}{section.4}%
\contentsline {subsection}{\numberline {4.1}Configurar TOTP}{3}{subsection.4.1}%
\contentsline {subsection}{\numberline {4.2}Encaminhamento e Firewall}{4}{subsection.4.2}%
\contentsline {section}{\numberline {5}Configuração do Cliente (Road Warrior)}{4}{section.5}%
\contentsline {section}{\numberline {6}Servidor Apache e OCSP}{5}{section.6}%
\contentsline {subsection}{\numberline {6.1}Revocation e OCSP}{5}{subsection.6.1}%
\contentsline {section}{\numberline {7}Conclusão}{5}{section.7}%

24
relatorio/style.sty Normal file
View File

@@ -0,0 +1,24 @@
\usepackage[margin=1in]{geometry}
\usepackage{raleway}
\renewcommand{\familydefault}{\sfdefault}
\usepackage{ulem}
\usepackage{wrapfig}
\usepackage{graphicx,tabularx,booktabs}
\usepackage{paracol}
\usepackage[dvipsnames]{xcolor}
\usepackage{enumitem,amssymb}
\usepackage[colorlinks=true,urlcolor=blue,linkcolor=MidnightBlue]{hyperref}
\graphicspath{{./img/}}
\usepackage{enumitem,amssymb}
\newlist{todolist}{itemize}{2}
\setlist[todolist]{noitemsep, topsep=0pt,label=$\square$}
\usepackage{pifont}
\usepackage{amssymb}
\usepackage{minted}
\setlength{\parskip}{1em}%
\setlength{\parindent}{0em}%