vasco/FSI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: vasco:5bd7355e8b296eaab09441e102eca7e74d6b12ed
Branches Tags
vasco:main vasco:secret_branch
..
compare: vasco:secret_branch
Branches Tags
vasco:main vasco:secret_branch

1 Commits
5bd7355e8b ... secret_bra

Author SHA1 Message Date
vascoalvesxyz
a91dd239ef secret branch 2026-03-21 19:57:55 +00:00
94 changed files with 160 additions and 7541 deletions
Expand all files Collapse all files

10
assignment1/DMZ.sh → DMZ.sh
View File

@@ -7,10 +7,10 @@ routerIp=23.214.219.254
mask25=255.255.255.128
dns=23.214.219.130
mail=23.214.219.134
vpn_gw=23.214.219.133
www=23.214.219.132
smtp=23.214.219.131
mail=23.214.219.131
vpn_gw=23.214.219.132
www=23.214.219.133
smtp=23.214.219.134
dnsPort=53
mailPort=888
@@ -26,7 +26,7 @@ sudo systemctl enable iptables
sudo iptables -F
sudo ifconfig enp0s8 $ip netmask $mask25
sudo ip route add 192.168.10.0/24 via $routerIp
sudo route add default gw $routerIp
sudo add default gw $routerIp
# alias dos ips
sudo ip addr add $dns dev enp0s8
sudo ip addr add $mail dev enp0s8

0
assignment1/INTERNAL.sh → INTERNAL.sh
View File

4
assignment1/INTERNET.sh → INTERNET.sh
View File

@@ -9,7 +9,7 @@ sudo systemctl disable firewalld
sudo systemctl mask firewalld
sudo systemctl enable iptables
sudo iptables -F
sudo ifconfig enp0s8 $dns2 netmask $mask24
sudo ifconfig enp0s8 $dn2 netmask $mask24
sudo route add default gw $routerIp
#sudo ip addr add $dns2 dev enp0s8
sudo ip addr add $dns2 dev enp0s8
sudo ip addr add $eden dev enp0s8

0
assignment1/Practical Assignment 1.pdf → Practical Assignment 1.pdf
View File

6
README.md
View File

@@ -1,6 +0,0 @@
# Coisas para leres que sao fixes wowowowowowow !!!!! (Assignment 2)
- Os slides (duh)
- Okay o mais importante é os slides.
- [X.509 (ssl.com)](https://www.ssl.com/faqs/what-is-an-x-509-certificate/)
- [X.509 (youtube)](https://www.youtube.com/watch?v=kAaIYRJoJkc)

69
ROUTER.sh Normal file
View File

@@ -0,0 +1,69 @@
IF_DMZ="enp0s8"
IF_INT="enp0s9"
IF_EXT="enp0s10"
NET_DMZ="23.214.219.128/25"
NET_INT="192.168.10.0/24"
IP_EXT_FW="87.248.214.97"
IP_DMZ_FW="23.214.219.254"
IP_INT_FW="192.168.10.254"
IP_DMZ_DNS="23.214.219.130"
IP_DMZ_SMTP="23.214.219.131"
IP_DMZ_WWW="23.214.219.132"
IP_DMZ_VPN_GW="23.214.219.133"
IP_DMZ_MAIL="23.214.219.134"
IP_INT_FTP="192.168.10.2"
IP_INT_DATASTORE="192.168.10.3"
IP_DNS2="193.137.16.75"
IP_EDEN="193.136.212.1"
sudo yum install epel-release -y
sudo yum install suricata -y
sudo suricata-update
sudo ifconfig $IF_DMZ $IP_DMZ_FW netmask 255.255.255.128
sudo ifconfig $IF_INT $IP_INT_FW netmask 255.255.255.0
sudo ifconfig $IF_EXT $IP_EXT_FW netmask 255.255.255.0
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT
sudo modprobe nf_conntrack_ftp
sudo modprobe nf_nat_ftp
sudo iptables -A FORWARD -j NFQUEUE --queue-num 0
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -i $IF_INT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -i $IF_DMZ -s $IP_DMZ_VPN_GW -p tcp --dport 22 -j ACCEPT
sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -p udp -d $IP_DMZ_DNS --dport 53 -j ACCEPT
sudo iptables -A FORWARD -s $IP_DMZ_DNS -d $IP_DNS2 -p tcp --dport 53 -j ACCEPT
sudo iptables -A FORWARD -s $IP_DNS2 -d $IP_DMZ_DNS -p tcp --dport 53 -j ACCEPT
sudo iptables -A FORWARD -p tcp -d $IP_DMZ_SMTP --dport 25 -j ACCEPT
sudo iptables -A FORWARD -p tcp -d $IP_DMZ_MAIL --dport 110 -j ACCEPT
sudo iptables -A FORWARD -p tcp -d $IP_DMZ_MAIL --dport 143 -j ACCEPT
sudo iptables -A FORWARD -p tcp -d $IP_DMZ_WWW -m multiport --dports 80,443 -j ACCEPT
sudo iptables -A FORWARD -p udp -d $IP_DMZ_VPN_GW --dport 1194 -j ACCEPT
sudo iptables -A FORWARD -i $IF_DMZ -s $IP_DMZ_VPN_GW -d $NET_INT -j ACCEPT
sudo iptables -t nat -A POSTROUTING -s $NET_INT -o $IF_EXT -j SNAT --to-source $IP_EXT_FW
sudo iptables -A FORWARD -i $IF_INT -o $IF_EXT -p udp --dport 53 -j ACCEPT
sudo iptables -A FORWARD -i $IF_INT -o $IF_EXT -p tcp -m multiport --dports 80,443,22,21 -j ACCEPT
sudo iptables -t nat -A PREROUTING -i $IF_EXT -d $IP_EXT_FW -p tcp --dport 21 -j DNAT --to-destination $IP_INT_FTP
sudo iptables -A FORWARD -i $IF_EXT -d $IP_INT_FTP -p tcp --dport 21 -j ACCEPT
sudo iptables -t nat -A PREROUTING -i $IF_EXT -s $IP_EDEN -d $IP_EXT_FW -p tcp --dport 22 -j DNAT --to-destination $IP_INT_DATASTORE
sudo iptables -t nat -A PREROUTING -i $IF_EXT -s $IP_DNS2 -d $IP_EXT_FW -p tcp --dport 22 -j DNAT --to-destination $IP_INT_DATASTORE
sudo iptables -A FORWARD -i $IF_EXT -d $IP_INT_DATASTORE -p tcp --dport 22 -j ACCEPT

8
TODO.md
View File

@@ -1,8 +0,0 @@
# Objectivos de acordo com o enunciado
## Goals
- [X] Configure a tunnel in the "road warrior"
- [X] Enable two factor authentication with OpenSSL and Apache services
- [X] Manage PKI: certification authorities, X.509 certificates, revocation and OCSP.

36
VM_CONFIG.sh
View File

@@ -1,36 +0,0 @@
#!/bin/bash
# NOTA(vasco): feito para correr como root
if [[ "$USER" != "root" ]]; then
echo "corre o script como root"
exit 1
fi
yum install -y epel-release
yum install -y openvpn iptables-services dhcp-client ntpsec
systemctl stop firewalld
systemctl disable firewalld
systemctl mask firewalld
systemctl enable iptables
iptables -F
CA_DIR="/etc/pki/CA"
mkdir -p "${CA_DIR}/newcerts"
mkdir -p "${CA_DIR}/private"
touch "${CA_DIR}/index.txt"
cp ca/serial "${CA_DIR}/serial"
mkdir -p /etc/openvpn/server
mkdir -p /etc/openvpn/client
# NOTE(vasco): tive problemas com a sincronização de tempo
# se nao tiver sincronizado, o TOTP nao funciona
systemctl stop chronyd
ntpdate pool.ntp.org
systemctl start chronyd
# NOTE(vasco): o openvpn não consegui aceder ao home e ler os secrets
# do google authenticator, por isso fiz isto:
mkdir -p /etc/systemd/system/openvpn-server@.service.d
echo -e "[Service]\nProtectHome=false" > /etc/systemd/system/openvpn-server@.service.d/override.conf
systemctl daemon-reload

62
VM_OPENSSL_APACHE.sh
View File

@@ -1,62 +0,0 @@
#!/bin/bash
# configuracao
source VM_CONFIG.sh
sudo yum install -y epel-release
sudo yum install -y openssl httpd mod_ssl mod_authnz_pam mod_authnz_pam google-authenticator
sudo yum install -y mod_session
if_dentro="enp0s8"
ip_dentro="10.60.0.1"
ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
# route de volta para comunicar com o warrior
route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.60.0.3
cp conf/openssl.cnf /etc/pki/tls/
# copiar ca para esta VM
cp ca/index.txt $CA_DIR
cp ca/ca.crt $CA_DIR
cp ca/ca.key $CA_DIR
cp ca/serial $CA_DIR
cp ca/dh2048.pem $CA_DIR
# correr oscp
killall openssl 2>/dev/null
openssl ocsp -index $CA_DIR/index.txt -port 8888 -rsigner $CA_DIR/ca.crt -rkey $CA_DIR/ca.key -CA $CA_DIR/ca.crt -text &
# apache
mkdir -p /etc/httpd/ssl
cp ca/ca.crt /etc/httpd/ssl/
cp ca/apache.crt /etc/httpd/ssl/
cp ca/apache.key /etc/httpd/ssl/
cp conf/ssl.conf /etc/httpd/conf.d/ssl.conf
cp conf/httpd-totp /etc/pam.d/httpd-totp
# NOTA(vasco) é preciso desativar home protection outra vez
mkdir -p /etc/systemd/system/httpd.service.d
echo -e "[Service]\nProtectHome=false" > /etc/systemd/system/httpd.service.d/override.conf
systemctl daemon-reload
# sim, é preciso fazer isto para carregar serviços
echo "LoadModule session_module modules/mod_session.so" > /etc/httpd/conf.modules.d/01-session.conf
echo "LoadModule session_cookie_module modules/mod_session_cookie.so" >> /etc/httpd/conf.modules.d/01-session.conf
echo "LoadModule auth_form_module modules/mod_auth_form.so" > /etc/httpd/conf.modules.d/01-auth_form.conf
# mega paginas webs
cp -r www/* /var/www/html/
chown -R apache:apache /var/www/html/
systemctl enable --now httpd
# acho ?????
sudo chgrp apache /etc/shadow
sudo chmod o+x /home/john
sudo chown apache /home/john/.google_authenticator
sudo chmod 400 /home/john/.google_authenticator
sudo chmod o+x /home/user
sudo chown apache /home/user/.google_authenticator
sudo chmod 400 /home/user/.google_authenticator

19
VM_ROAD_WARRIOR.sh
View File

@@ -1,19 +0,0 @@
#!/bin/bash
# --- configuração --- #
source VM_CONFIG.sh
ifconfig enp0s8 193.136.212.10 netmask 255.255.255.0
route add default gw 193.136.212.1
if ! grep -q "apache" /etc/hosts; then
echo "10.60.0.1 apache" >> /etc/hosts
fi
# --- vpn client --- #
vpn_dir="/etc/openvpn/client/"
cp ca/ta.key $vpn_dir
cp ca/ca.crt $vpn_dir
cp ca/user.key $vpn_dir
cp ca/user.crt $vpn_dir
cp conf/client.conf $vpn_dir
openvpn --config "${vpn_dir}/client.conf"

44
VM_VPN_GATEWAY.sh
View File

@@ -1,44 +0,0 @@
#!/bin/bash
# NOTE(vasco):
# Ao configurar a maquina virtual em si deixei a rede externa primeiro (enp0s8)
# E a rede interna como a segunda interface (enp0s9).
# --- configuração --- #
source VM_CONFIG.sh
yum install -y google-authenticator qrencode ntpsec
# --- forwarding --- #
if_fora="enp0s8"
ip_fora="193.136.212.1"
if_dentro="enp0s9"
ip_dentro="10.60.0.3"
mega_tunel="tun0"
ip_mega_tunel="10.8.0.0/24"
ifconfig $if_fora $ip_fora netmask 255.255.255.0
ifconfig $if_dentro $ip_dentro netmask 255.255.255.0
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT # :O
iptables -I FORWARD 1 -i $mega_tunel -o $if_dentro -j ACCEPT # :P
iptables -I FORWARD 1 -i $if_dentro -o $mega_tunel -j ACCEPT # ;)
iptables -I FORWARD 1 -i $mega_tunel -o $if_fora -j ACCEPT # faltava isto ?
iptables -I FORWARD 1 -i $if_fora -m state --state ESTABLISHED,RELATED -j ACCEPT # faltava isto ?
iptables -t nat -A POSTROUTING -s $ip_mega_tunel -o $if_fora -j MASQUERADE # :D
iptables-save > /etc/sysconfig/iptables # :3
# --- vpn server --- #
vpn_dir="/etc/openvpn/server"
cp ca/ta.key $vpn_dir
cp ca/ca.crt $vpn_dir
cp ca/vpn.key $vpn_dir
cp ca/vpn.crt $vpn_dir
cp ca/dh2048.pem $vpn_dir
cp conf/vpn.conf $vpn_dir
cp conf/ocsp-verify.sh $vpn_dir
cp conf/totp /etc/pam.d/
systemctl enable --now openvpn-server@vpn.service

106
assignment1/ROUTER.sh
View File

@@ -1,106 +0,0 @@
#!/bin/bash
dns2="87.248.214.99"
eden="87.248.214.100"
# Router 1
dmzIP="23.214.219.254"
internalIP="192.168.10.254"
externalIP="87.248.214.97"
# DMZ /25
dns="23.214.219.130"
smtp="23.214.219.131"
www="23.214.219.132"
vpn_gw="23.214.219.133"
mail="23.214.219.134"
# Internal
ftp="192.168.10.2"
datastore="192.168.10.3"
dhcpClient="192.168.10.4"
# Interfaces
dmzIF="enp0s8"
internalIF="enp0s9"
externalIF="enp0s10"
sudo ifconfig $dmzIF $dmzIP netmask 255.255.255.128
sudo ifconfig $internalIF $internalIP netmask 255.255.255.0
sudo ifconfig $externalIF $externalIP netmask 255.255.255.0
sudo yum install iptables-services -y
sudo systemctl stop firewalld
sudo systemctl disable firewalld
sudo systemctl mask firewalld
sudo systemctl enable iptables
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo sysctl -w net.ipv4.ip_forward=1
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
#sudo iptables -t nat -A POSTROUTING -i $internalIF -o enp0s3 -j MASQUERADE #SUS
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #CAREFULL
#DNS name resolution requests sent to outside servers and want a response:
sudo iptables -A INPUT -i $externalIF -p udp --dport 53 -j ACCEPT
#SSH connections to the router system that originate from the inside and want an answer:
sudo iptables -A INPUT -i $internalIF -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -i $dmzIF -s $vpn_gw -p tcp --dport 22 -j ACCEPT
#The dns server should be able to resolve names using the internet (and others???)
sudo iptables -I FORWARD -j NFQUEUE --queue-bypass
sudo iptables -I INPUT -j NFQUEUE --queue-bypass
sudo iptables -A FORWARD -i $dmzIF -o $externalIF -s $dns -p udp --dport 53 -j ACCEPT
#The internal network should be able to send and recieve dns name resolutions to the dns server (1!)
sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $dns -p udp --dport 53 -j ACCEPT
sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT #THIS IS IMPORTANT AND MIGHT FUCK US
#The dns and dns2 servers should be able to synchronize the contents of DNS zones. (protocol tcp port 53)
sudo iptables -A FORWARD -i $dmzIF -o $externalIF -s $dns -p tcp --dport 53 -j ACCEPT
#SMTP connections to the smtp server and returns
sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $smtp -p tcp --dport 587 -j ACCEPT
#sudo iptables -A FORWARD -i $dmzIF -o $internalIF -p tcp --dport 587 -m state --state ESTABLISHED,RELATED -j ACCEPT
#POP and IMAP connections to the www server
sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $mail -p tcp --dport 143 -j ACCEPT
sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $mail -p tcp --dport 110 -j ACCEPT
#HTTP and HTTPS connectins
sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $www -p tcp --dport 80 -j ACCEPT
sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $www -p tcp --dport 443 -j ACCEPT
#OpenVPN connections to the vpn-gw server
sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $vpn_gw -p udp --dport 1194 -j ACCEPT
#sudo iptables -A FORWARD -i $dmzIF -o $internalIF -p udp --dport 1194 -j ACCEPT
#VPN clients connected to the gateway vpn-gw ???? vpn should be able to acess ftp e datastore
sudo iptables -A FORWARD -i $dmzIF -o $internalIF -s $vpn_gw -d $ftp -j ACCEPT
sudo iptables -A FORWARD -i $dmzIF -o $internalIF -s $vpn_gw -d $datastore -j ACCEPT
#FTP da internet WORRIED ???
sudo iptables -A FORWARD -i $externalIF -o $internalIF -d $ftp -p tcp --dport 21 -j ACCEPT
sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --sport 20 -j ACCEPT #MIGHT BE NEEDED
#SSH CONNECTIONS datastore server but only from eden or dn2 DNAT -s servers, and port and -d interface
sudo iptables -t nat -A PREROUTING -s $dns2 -p tcp --dport 22 -j DNAT --to-destination $datastore
sudo iptables -t nat -A PREROUTING -s $eden -p tcp --dport 22 -j DNAT --to-destination $datastore
sudo iptables -t nat -A PREROUTING -i $externalIF -p tcp --dport 21 -j DNAT --to-destination $ftp
sudo iptables -A FORWARD -i $externalIF -o $internalIF -d $datastore -s $dns2 -p tcp --dport 22 -j ACCEPT #Need to check and make diferent ip addresses
sudo iptables -A FORWARD -i $externalIF -o $internalIF -d $datastore -s $eden -p tcp --dport 22 -j ACCEPT
#$internalIF to internet DNS, http, https, ssh, FTP(SERVERS??????(WHO INVITED THIS GUY)) SNAT
sudo iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o $externalIF -j SNAT --to-source $externalIP
sudo iptables -A FORWARD -i $internalIF -o $externalIF -p udp --dport 53 -j ACCEPT
sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --dport 80 -j ACCEPT
sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --dport 443 -j ACCEPT
sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --sport 21 -j ACCEPT #MIGHT NOT BE ENOUGH
sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --dport 21 -j ACCEPT

BIN
assignment1/entrega.zip
View File

Binary file not shown.

2281
assignment1/entrega.zip.asc
View File

File diff suppressed because it is too large Load Diff

BIN
assignment1/relatorio.pdf
View File

Binary file not shown.

126
assignment1/relatorio.tex
View File

@@ -1,126 +0,0 @@
\documentclass[12pt,a4paper]{article}
\usepackage[portuguese]{babel}
\usepackage[lining]{ebgaramond}
\usepackage{listings}
\lstdefinestyle{mystyle}{
basicstyle=\ttfamily\footnotesize,
breakatwhitespace=false,
breaklines=true,
captionpos=b,
keepspaces=true,
numbers=left,
numbersep=5pt,
showspaces=false,
showstringspaces=false,
showtabs=false,
tabsize=2
}
\lstset{style=mystyle}
\title{Practical Assignment \#1}
\author{
João Neto -- 2023234004\\[1em]
Vasco Alves -- 2022228207
}
\begin{document}
\maketitle
\tableofcontents
\newpage
\section{Introduction}
O objetivo principal deste trabalho era aprender IPTables e como configurar um com o Suricata um sistema de filtração e deteção de ataques. Para esse fim, foi simulado um sistema dividido em três redes e um router para conectar-las. As três redes são a DMZ (23.214.219.128/25, enp0s8), Internal network (192.168.10.0/24, enp0s9) e Internet (87.248.214.0/24, enp0s10).
\begin{lstlisting}[language=bash]
Rede,Interface,Gama IP
DMZ,enp0s8,23.214.219.128/25
Internal,enp0s9,192.168.10.0/24
Internet,enp0s10,87.248.214.0/24
\end{lstlisting}
As três redes tem varios serviços, o DMZ tem dns(23.214.219.130), mail(23.214.219.134), vpn-gw(23.214.219.133), www(23.214.219.132) e smpt(23.214.219.131). A Internal network tem ftp(192.168.10.2), datastore(192.168.10.3) e clientes (nos testes os clientes tem ip 192.168.10.4, mas está configurado para dar para qualquer edereço). Por fim a rede Internet tem dns2 (87.248.214.99) e eden (87.248.214.100), existe também outros serviços (87.248.214.98).
Para facilitar a recriação deste sistema foi criado 4 ficheiros .sh (um para cada rede e o router), e disponibilizamos os ficheiros suricata.rules e suricata.yaml, para o suricata que estiver ligado ao Router. Os ficheiros .sh vão ter comandos para configurar o sistema para este exercicio.
\section{Firewall}
\subsection{Packet fileter without NAT}
O policy que foi escolhido foi:
\begin{lstlisting}[language=bash]
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
\end{lstlisting}
Foi escolhido porque é mais facil dar DROP a todos os pacotes que não foi criado regras do que criar uma regra de DROP para todos os protocolos e possibilidades, o OUTPUT ficou para ACCEPT porque não existe razão para dar DROP dos pacotes que estamos a enviar neste trabalho.
Para o router conseguir resolver DNS requests e para aceitar coneções SSH da rede interna ou da VPN gateway foi utilizado estes comandos:
\begin{lstlisting}[language=bash]
sudo iptables -A INPUT -i enp0s10 -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -i enp0s9 -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -i enp0s8 -s 23.214.219.133 -p tcp --dport 22 -j ACCEPT
\end{lstlisting}
Para conseguirmos a confirguração pedida entre redes foi utilizado estes commandos:
\begin{lstlisting}[language=bash]
sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.130 -p udp --dport 53 -j ACCEPT
sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p tcp --dport 53 -j ACCEPT
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --dport 587 -j ACCEPT
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 143 -j ACCEPT
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 110 -j ACCEPT
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 80 -j ACCEPT
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 443 -j ACCEPT
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --dport 1194 -j ACCEPT
sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.2 -j ACCEPT
sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.3 -j ACCEPT
\end{lstlisting}
Inicialmente as implementações de respostas a forward eram especificas para cada regra isto é por exemplo:
\begin{lstlisting}[language=bash]
sudo iptables -A FORWARD -o enp0s8 -i enp0s10 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
\end{lstlisting}
No entanto isso facilmente originava confusão entre nós, então decimos utilizar estas duas regras:
\begin{lstlisting}[language=bash]
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
\end{lstlisting}
Neste cenario o uso destas regras faz sentido, mas pode existir outros cenarios no futuro que não queremos uma resposta, e nesse caso temos de criar as regras necessarias.
\subsection{Packet filtering with NAT}
Para conecções com origem/destino na internet foi utilizado DNAT/SNAT e iptables para "esconder" o ip para a internet que querer aceder a rede interna para não terem acesso ao edereço ip e iproutes para bloquear certos pacotes de entrar, para conseguir a configuração utilizamos estes comandos:
\begin{lstlisting}[language=bash]
sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -p tcp --dport 21 -j ACCEPT
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 20 -j ACCEPT
sudo iptables -t nat -A PREROUTING -s $dns2 -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3
sudo iptables -t nat -A PREROUTING -s $eden -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3
sudo iptables -t nat -A PREROUTING -i enp0s10 -p tcp --dport 21 -j DNAT --to-destination 192.168.10.2
sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $dns2 -p tcp --dport 22 -j ACCEPT
sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $eden -p tcp --dport 22 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o enp0s10 -j SNAT --to-source 87.248.214.97
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p udp --dport 53 -j ACCEPT
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 80 -j ACCEPT
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 443 -j ACCEPT
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 21 -j ACCEPT
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 21 -j ACCEPT
\end{lstlisting}
\section{Intrusion Detection}
As regras que utilizamos para o suricata foram estas:
\begin{lstlisting}[language=bash]
drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET"; flags:S; threshold:type both, track by_src, count 5, seconds 60; classtype:attempted-recon; sid:1000001; rev:1;)
drop tcp any any -> any 80 (msg:"SQL injection"; content:"union"; nocase; content:"select"; nocase; classtype:web-application-attack; sid:1000002; rev:1;)
drop tcp any any -> any 80 (msg:"SQl injection"; content:"'or 1=1"; nocase; classtype:web-application-attack; sid:1000003; rev:1;)
drop tcp any any -> any 80 (msg:"XSS"; content:"<script"; nocase; classtype:web-application-attack; sid:1000004; rev:1;)
\end{lstlisting}
A primeira é para port scaning, a segunda e a terceira é para o caso de SQL injection, e a ultima é para XSS atacks.
Também atualizamos o iptables para passar para o suricata os pacotes para analizar e bloquear com:
\begin{lstlisting}[language=bash]
sudo iptables -I FORWARD -j NFQUEUE --queue-bypass
sudo iptables -I INPUT -j NFQUEUE --queue-bypass
\end{lstlisting}
\section{Tests utilizados}
Netcat foi utilizado para maior parte dos testes excepto para FTP, em que devido ás suas caracteristicas especificas, utilizamos os serviços para ter a certeza que funcionava com a nossa configuração. Utilizamos estes comandos curl para testar se eram bloqueados:
\begin{lstlisting}[language=bash]
curl -i "http://23.214.219.132/index.php?id=1%20union%20select%201,2,3"
curl -i "http://23.214.219.132/login.php?user='or%201=1"
curl -i "http://23.214.219.132/search.php?q=<script>alert('XSS')</script>"
\end{lstlisting}
\section{Conclusion}
Ao realizar-mos este projeto aprendemos sobre a criação de scenarios em VMs, a configuração de uma firewall utilizando IPTables e a configuração de um IDS/IPS system utilizando Suricata
\end{document}

8
assignment1/relatorio.toc
View File

@@ -1,8 +0,0 @@
\babel@toc {portuguese}{}\relax
\contentsline {section}{\numberline {1}Introduction}{2}{}%
\contentsline {section}{\numberline {2}Firewall}{2}{}%
\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}%
\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}%
\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}%
\contentsline {section}{\numberline {4}Tests utilizados}{5}{}%
\contentsline {section}{\numberline {5}Conclusion}{5}{}%

5
assignment1/suricata.rules
View File

@@ -1,5 +0,0 @@
drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET"; flags:S; threshold:type both, track by_src, count 5, seconds 60; classtype:attempted-recon; sid:1000001; rev:1;)
drop tcp any any -> any 80 (msg:"SQL injection"; content:"union"; nocase; content:"select"; nocase; classtype:web-application-attack; sid:1000002; rev:1;)
drop tcp any any -> any 80 (msg:"SQl injection"; content:"'or 1=1"; nocase; classtype:web-application-attack; sid:1000003; rev:1;)
drop tcp any any -> any 80 (msg:"XSS"; content:"<script"; nocase; classtype:web-application-attack; sid:1000004; rev:1;)

2242
assignment1/suricata.yaml
View File

File diff suppressed because it is too large Load Diff

74
ca/1000.pem
View File

@@ -1,74 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=PT, ST=Coimbra, L=Coimbra, O=UC, CN=CoimbraVPN
Validity
Not Before: Apr 22 10:50:26 2026 GMT
Not After : Apr 22 10:50:26 2027 GMT
Subject: CN=gateway
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bc:46:6b:0e:12:3f:c2:64:0d:dd:36:e7:86:a2:
f6:98:04:86:21:73:85:3b:cc:ce:7d:c5:74:f9:8d:
97:f8:c9:01:1c:e9:88:db:10:fc:40:a8:2a:44:76:
de:07:bd:39:58:c3:ba:b3:9a:d2:01:91:12:c8:7f:
0e:7a:51:56:f6:a4:ad:4e:63:92:8e:05:b9:9d:5a:
76:37:60:58:60:0a:10:f2:6e:15:6b:76:a1:34:91:
c5:cf:c7:86:00:cd:3f:53:c2:e9:45:8c:86:49:c2:
a1:36:f9:ca:3b:a5:30:76:92:ff:a6:e5:fa:40:67:
d9:91:ea:24:90:a5:a4:e0:15:2a:da:ce:1b:4e:f9:
86:7e:9f:33:de:e9:24:dc:b9:60:fa:c9:f0:e0:79:
83:a3:d3:b3:c9:61:37:9d:26:ab:e9:bd:21:68:74:
51:02:e0:a2:36:24:9e:c6:5d:22:f3:f6:76:8d:17:
ab:e3:46:a2:dc:a3:e4:f8:bc:a2:4b:59:8b:76:f4:
91:7e:2f:48:79:b6:72:1b:d5:45:e2:9f:d3:8d:b2:
f6:45:53:07:95:4d:8e:76:73:b8:54:10:17:63:c4:
07:bf:bf:a6:72:4f:ea:be:b7:1d:38:37:3a:95:26:
8f:36:81:a0:53:07:d3:49:32:7a:de:3c:7f:61:b6:
7c:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:52:2F:9E:1C:51:4D:A7:91:73:93:1B:E6:69:6C:06:99:28:2D:0B
X509v3 Authority Key Identifier:
AC:CD:79:CC:80:17:AA:8D:16:CC:97:B1:E9:36:5E:00:2A:BD:5B:D5
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
9a:fd:c0:13:d2:8a:7d:8d:d6:79:d0:35:1f:a6:75:ea:ff:1b:
73:1a:4b:30:d9:c8:3b:9d:96:e5:a8:28:eb:74:26:0d:13:fa:
e1:89:ad:eb:38:d4:57:d1:72:af:c5:93:ab:ce:07:35:3a:b5:
34:9f:72:af:71:b7:79:23:c8:88:99:af:a9:bf:72:8f:01:f2:
cf:f8:a1:57:8e:2a:05:e7:05:c2:0e:ac:92:df:db:f4:fd:64:
16:01:28:5a:7b:8b:c1:e3:8b:49:48:58:b4:36:28:ed:a3:99:
60:9c:a7:a6:3b:eb:07:3d:42:36:29:f2:d2:ff:07:86:34:3c:
0a:b0:70:cb:23:d2:f3:f1:f7:88:74:a5:a6:c3:ee:4e:5f:d7:
6d:ba:a6:83:09:76:f5:e4:1a:3b:d5:58:e9:be:a8:80:cf:68:
13:82:95:b3:da:75:43:4b:e7:f3:fb:6b:0d:b3:d5:07:5e:1b:
7a:69:f4:77:1b:59:eb:c5:a1:84:fb:cc:3e:5c:26:f5:b3:b3:
4d:36:8d:40:d2:53:f9:1e:bd:cf:b9:4b:c3:a8:40:29:97:58:
48:c2:94:94:28:9d:3f:e7:e3:d2:a3:db:32:8d:fb:a9:bb:c3:
32:a5:b3:c0:8b:c5:e3:56:45:55:2d:fb:62:5a:c0:36:f1:df:
b6:00:f9:b9
-----BEGIN CERTIFICATE-----
MIIDIzCCAgugAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwUzELMAkGA1UEBhMCUFQx
EDAOBgNVBAgMB0NvaW1icmExEDAOBgNVBAcMB0NvaW1icmExCzAJBgNVBAoMAlVD
MRMwEQYDVQQDDApDb2ltYnJhVlBOMB4XDTI2MDQyMjEwNTAyNloXDTI3MDQyMjEw
NTAyNlowEjEQMA4GA1UEAwwHZ2F0ZXdheTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALxGaw4SP8JkDd0254ai9pgEhiFzhTvMzn3FdPmNl/jJARzpiNsQ
/ECoKkR23ge9OVjDurOa0gGREsh/DnpRVvakrU5jko4FuZ1adjdgWGAKEPJuFWt2
oTSRxc/HhgDNP1PC6UWMhknCoTb5yjulMHaS/6bl+kBn2ZHqJJClpOAVKtrOG075
hn6fM97pJNy5YPrJ8OB5g6PTs8lhN50mq+m9IWh0UQLgojYknsZdIvP2do0Xq+NG
otyj5Pi8oktZi3b0kX4vSHm2chvVReKf042y9kVTB5VNjnZzuFQQF2PEB7+/pnJP
6r63HTg3OpUmjzaBoFMH00kyet48f2G2fCECAwEAAaNCMEAwHQYDVR0OBBYEFJZS
L54cUU2nkXOTG+ZpbAaZKC0LMB8GA1UdIwQYMBaAFKzNecyAF6qNFsyXsek2XgAq
vVvVMA0GCSqGSIb3DQEBCwUAA4IBAQCa/cAT0op9jdZ50DUfpnXq/xtzGksw2cg7
nZblqCjrdCYNE/rhia3rONRX0XKvxZOrzgc1OrU0n3Kvcbd5I8iIma+pv3KPAfLP
+KFXjioF5wXCDqyS39v0/WQWAShae4vB44tJSFi0Nijto5lgnKemO+sHPUI2KfLS
/weGNDwKsHDLI9Lz8feIdKWmw+5OX9dtuqaDCXb15Bo71VjpvqiAz2gTgpWz2nVD
S+fz+2sNs9UHXht6afR3G1nrxaGE+8w+XCb1s7NNNo1A0lP5Hr3PuUvDqEApl1hI
wpSUKJ0/5+PSo9syjfupu8MypbPAi8XjVkVVLftiWsA28d+2APm5
-----END CERTIFICATE-----

74
ca/1001.pem
View File

@@ -1,74 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4097 (0x1001)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=PT, ST=Coimbra, L=Coimbra, O=UC, CN=CoimbraVPN
Validity
Not Before: Apr 22 10:50:26 2026 GMT
Not After : Apr 22 10:50:26 2027 GMT
Subject: CN=warrior
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d8:5e:36:38:85:bb:f8:15:29:90:2a:03:47:26:
36:ad:47:b8:80:c2:1c:b2:35:53:34:a3:c8:79:73:
1a:7b:c5:06:f9:0e:fb:61:e9:16:81:81:4d:55:ac:
25:7d:96:f4:a4:1a:46:d0:0a:af:48:65:b7:1e:9b:
02:4a:4a:af:53:64:20:4f:af:d8:ab:f7:99:c2:b7:
80:b2:80:24:00:7c:a7:43:f7:35:69:47:fc:bc:ce:
fa:1a:8e:81:c3:2b:55:ea:57:c8:ec:76:3b:1b:58:
e9:65:c1:66:97:c5:39:62:1f:c7:f2:64:b3:6a:31:
41:a9:66:00:f5:48:3c:31:9b:70:a7:ca:f0:b8:28:
d3:cf:fb:86:25:f0:93:17:ad:3f:c8:60:dd:a7:a1:
be:b4:e8:fc:79:47:53:68:ed:eb:21:b5:f7:aa:f5:
bf:22:45:d9:10:5a:db:be:41:c3:09:47:72:f4:6b:
d6:21:65:77:43:79:89:0d:cd:72:58:14:e2:25:55:
0b:17:e8:97:d4:d0:0e:9c:7d:9c:38:6e:52:50:cb:
25:a5:00:fc:cb:69:bb:09:f0:3a:f1:8a:83:e7:7c:
95:07:46:58:11:41:25:8d:5c:91:02:ec:d2:83:4c:
98:d0:aa:ad:b0:fa:67:6c:22:79:87:de:5a:f5:01:
8f:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:84:32:04:21:19:F0:A6:B7:C1:32:4C:1B:9F:7E:EF:EC:3C:D3:79
X509v3 Authority Key Identifier:
AC:CD:79:CC:80:17:AA:8D:16:CC:97:B1:E9:36:5E:00:2A:BD:5B:D5
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
60:76:03:78:46:0e:db:33:a4:1a:13:67:11:66:b6:7e:bf:ba:
23:4e:01:9e:6b:28:dc:46:9c:5e:e8:a9:2a:72:d2:ae:c0:c7:
b7:68:6f:92:55:43:b7:cd:8f:6b:78:ad:86:d1:8a:bb:ba:7a:
a7:3b:fa:53:8f:1d:ec:75:0b:36:05:6b:14:91:c4:79:51:b2:
d0:2f:b9:17:0c:f1:6b:88:4d:24:6b:ae:15:36:2b:ac:4b:94:
67:04:f8:93:49:cc:c1:d7:ec:ae:a2:dc:32:c8:d1:f4:ee:4b:
0c:11:ad:4c:84:5d:96:97:31:d6:9f:c5:a7:79:b2:f1:b8:42:
5b:79:b8:12:d2:a3:56:a0:ae:3b:ba:7f:56:25:d4:ad:a7:fa:
39:52:e0:57:af:4f:d2:c6:3c:24:5d:d6:07:84:b0:a5:5f:d2:
3c:8b:36:2a:1f:24:55:cd:89:22:94:b7:f2:93:69:01:89:6e:
a4:67:2d:8b:d9:cd:af:29:70:09:83:69:e5:46:35:51:59:90:
71:c0:0a:8a:00:5c:55:c6:12:34:1a:b7:3d:a9:67:9c:0b:2f:
71:32:cb:87:92:b0:18:ff:fe:ec:f0:3e:cc:e3:1c:65:c8:24:
a9:bd:c9:8f:96:f7:19:af:95:a6:e0:e5:21:65:50:ad:69:da:
d3:09:27:84
-----BEGIN CERTIFICATE-----
MIIDIzCCAgugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwUzELMAkGA1UEBhMCUFQx
EDAOBgNVBAgMB0NvaW1icmExEDAOBgNVBAcMB0NvaW1icmExCzAJBgNVBAoMAlVD
MRMwEQYDVQQDDApDb2ltYnJhVlBOMB4XDTI2MDQyMjEwNTAyNloXDTI3MDQyMjEw
NTAyNlowEjEQMA4GA1UEAwwHd2FycmlvcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANheNjiFu/gVKZAqA0cmNq1HuIDCHLI1UzSjyHlzGnvFBvkO+2Hp
FoGBTVWsJX2W9KQaRtAKr0hltx6bAkpKr1NkIE+v2Kv3mcK3gLKAJAB8p0P3NWlH
/LzO+hqOgcMrVepXyOx2OxtY6WXBZpfFOWIfx/Jks2oxQalmAPVIPDGbcKfK8Lgo
08/7hiXwkxetP8hg3aehvrTo/HlHU2jt6yG196r1vyJF2RBa275BwwlHcvRr1iFl
d0N5iQ3NclgU4iVVCxfol9TQDpx9nDhuUlDLJaUA/MtpuwnwOvGKg+d8lQdGWBFB
JY1ckQLs0oNMmNCqrbD6Z2wieYfeWvUBj1kCAwEAAaNCMEAwHQYDVR0OBBYEFDCE
MgQhGfCmt8EyTBuffu/sPNN5MB8GA1UdIwQYMBaAFKzNecyAF6qNFsyXsek2XgAq
vVvVMA0GCSqGSIb3DQEBCwUAA4IBAQBgdgN4Rg7bM6QaE2cRZrZ+v7ojTgGeayjc
Rpxe6KkqctKuwMe3aG+SVUO3zY9reK2G0Yq7unqnO/pTjx3sdQs2BWsUkcR5UbLQ
L7kXDPFriE0ka64VNiusS5RnBPiTSczB1+yuotwyyNH07ksMEa1MhF2WlzHWn8Wn
ebLxuEJbebgS0qNWoK47un9WJdStp/o5UuBXr0/SxjwkXdYHhLClX9I8izYqHyRV
zYkilLfyk2kBiW6kZy2L2c2vKXAJg2nlRjVRWZBxwAqKAFxVxhI0Grc9qWecCy9x
MsuHkrAY//7s8D7M4xxlyCSpvcmPlvcZr5Wm4OUhZVCtadrTCSeE
-----END CERTIFICATE-----

74
ca/1002.pem
View File

@@ -1,74 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4098 (0x1002)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=PT, ST=Coimbra, L=Coimbra, O=UC, CN=CoimbraVPN
Validity
Not Before: Apr 22 12:33:59 2026 GMT
Not After : Apr 22 12:33:59 2027 GMT
Subject: CN=apache
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d0:88:fb:32:17:9b:9d:95:15:42:a5:b3:20:0e:
27:1a:bd:aa:10:6a:59:9c:18:40:cb:81:80:70:33:
1a:22:34:08:6f:94:0c:97:1c:68:d4:69:59:7e:50:
65:c1:46:2a:fd:9d:4e:96:13:47:58:da:87:86:0e:
ac:ad:ad:48:ad:d1:b1:6e:61:2b:de:04:c1:5f:cf:
60:f5:a6:bd:3d:fd:b3:eb:a0:db:8f:9f:67:5b:91:
76:aa:a5:87:9a:83:57:1a:84:3d:11:c2:b3:71:84:
51:48:d3:38:8e:0e:f2:c5:96:55:b5:6e:86:4c:f0:
22:9d:19:13:ae:23:21:ea:d5:fe:e4:1d:9c:fb:42:
3a:84:81:43:03:2e:c5:bd:ed:0b:7e:48:50:83:e0:
0b:15:87:bd:65:9b:0d:d0:7e:55:8d:02:e9:03:af:
fe:7d:19:28:ef:46:6b:2c:02:04:33:05:2e:73:94:
10:ae:54:25:d2:82:55:10:22:74:7b:44:7c:c6:d3:
e5:35:5e:10:af:9e:67:49:0a:1f:fe:bb:00:60:26:
a8:ee:4b:66:2f:7d:f4:76:24:3e:73:81:e4:79:53:
3c:30:e6:25:00:80:fb:d2:0c:fa:e7:db:01:15:52:
4e:c4:ec:9f:95:b4:1d:a0:e7:7a:a2:59:77:c0:24:
13:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:9F:64:BF:CB:5E:2F:7D:F8:0B:26:94:DB:17:9D:F4:59:CE:79:20
X509v3 Authority Key Identifier:
AC:CD:79:CC:80:17:AA:8D:16:CC:97:B1:E9:36:5E:00:2A:BD:5B:D5
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
a4:24:8d:a2:b8:b4:da:5c:a6:e0:75:2a:e0:71:aa:03:35:e8:
b4:64:49:90:b9:f3:09:a6:c6:99:0c:64:04:5e:65:e6:09:72:
13:11:e8:4c:29:a4:99:c5:dd:67:ff:49:fb:5f:8a:b3:cf:3a:
e5:b7:1c:a0:8a:59:ca:10:a9:dd:26:c3:3d:25:c7:82:b8:0d:
db:91:fe:45:d1:3b:ac:80:1d:11:49:85:13:9b:c2:86:fd:17:
81:5d:e3:a4:d1:64:2d:27:0c:c9:77:08:2a:89:ed:7e:2e:ac:
d2:86:f5:d5:fd:de:a6:c4:5d:18:33:ec:78:a1:ca:cf:64:68:
cb:1a:25:1e:a3:cf:e5:28:0b:a2:f8:45:bd:b6:99:54:17:62:
09:f0:ab:ba:d2:38:dc:bc:7b:1d:b8:f2:51:e5:d3:0c:1d:8d:
a3:3e:57:c2:0d:ef:93:5d:39:9c:ee:50:f1:e3:f8:fb:ff:94:
88:2c:37:f7:39:47:97:2c:fc:71:27:88:21:b3:da:68:ac:f4:
c6:a0:77:00:25:37:67:ea:ee:d1:a8:44:01:f6:40:79:68:4a:
94:24:d8:1a:d9:07:7d:73:0b:8c:b0:80:dd:b4:a9:49:3f:33:
73:7e:4d:5a:b6:f0:51:94:46:b2:81:a3:cb:81:a2:d9:7f:dd:
32:60:ba:8c
-----BEGIN CERTIFICATE-----
MIIDIjCCAgqgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwUzELMAkGA1UEBhMCUFQx
EDAOBgNVBAgMB0NvaW1icmExEDAOBgNVBAcMB0NvaW1icmExCzAJBgNVBAoMAlVD
MRMwEQYDVQQDDApDb2ltYnJhVlBOMB4XDTI2MDQyMjEyMzM1OVoXDTI3MDQyMjEy
MzM1OVowETEPMA0GA1UEAwwGYXBhY2hlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA0Ij7MhebnZUVQqWzIA4nGr2qEGpZnBhAy4GAcDMaIjQIb5QMlxxo
1GlZflBlwUYq/Z1OlhNHWNqHhg6sra1IrdGxbmEr3gTBX89g9aa9Pf2z66Dbj59n
W5F2qqWHmoNXGoQ9EcKzcYRRSNM4jg7yxZZVtW6GTPAinRkTriMh6tX+5B2c+0I6
hIFDAy7Fve0LfkhQg+ALFYe9ZZsN0H5VjQLpA6/+fRko70ZrLAIEMwUuc5QQrlQl
0oJVECJ0e0R8xtPlNV4Qr55nSQof/rsAYCao7ktmL330diQ+c4HkeVM8MOYlAID7
0gz659sBFVJOxOyflbQdoOd6oll3wCQTqQIDAQABo0IwQDAdBgNVHQ4EFgQUE59k
v8teL334CyaU2xed9FnOeSAwHwYDVR0jBBgwFoAUrM15zIAXqo0WzJex6TZeACq9
W9UwDQYJKoZIhvcNAQELBQADggEBAKQkjaK4tNpcpuB1KuBxqgM16LRkSZC58wmm
xpkMZAReZeYJchMR6EwppJnF3Wf/SftfirPPOuW3HKCKWcoQqd0mwz0lx4K4DduR
/kXRO6yAHRFJhRObwob9F4Fd46TRZC0nDMl3CCqJ7X4urNKG9dX93qbEXRgz7Hih
ys9kaMsaJR6jz+UoC6L4Rb22mVQXYgnwq7rSONy8ex248lHl0wwdjaM+V8IN75Nd
OZzuUPHj+Pv/lIgsN/c5R5cs/HEniCGz2mis9MagdwAlN2fq7tGoRAH2QHloSpQk
2BrZB31zC4ywgN20qUk/M3N+TVq28FGURrKBo8uBotl/3TJguow=
-----END CERTIFICATE-----

77
ca/1003.pem
View File

@@ -1,77 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4099 (0x1003)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=PT, ST=Coimbra, L=Coimbra, O=UC, CN=CoimbraVPN
Validity
Not Before: Apr 22 14:14:59 2026 GMT
Not After : Apr 22 14:14:59 2027 GMT
Subject: CN=apache.coimbra
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d0:88:fb:32:17:9b:9d:95:15:42:a5:b3:20:0e:
27:1a:bd:aa:10:6a:59:9c:18:40:cb:81:80:70:33:
1a:22:34:08:6f:94:0c:97:1c:68:d4:69:59:7e:50:
65:c1:46:2a:fd:9d:4e:96:13:47:58:da:87:86:0e:
ac:ad:ad:48:ad:d1:b1:6e:61:2b:de:04:c1:5f:cf:
60:f5:a6:bd:3d:fd:b3:eb:a0:db:8f:9f:67:5b:91:
76:aa:a5:87:9a:83:57:1a:84:3d:11:c2:b3:71:84:
51:48:d3:38:8e:0e:f2:c5:96:55:b5:6e:86:4c:f0:
22:9d:19:13:ae:23:21:ea:d5:fe:e4:1d:9c:fb:42:
3a:84:81:43:03:2e:c5:bd:ed:0b:7e:48:50:83:e0:
0b:15:87:bd:65:9b:0d:d0:7e:55:8d:02:e9:03:af:
fe:7d:19:28:ef:46:6b:2c:02:04:33:05:2e:73:94:
10:ae:54:25:d2:82:55:10:22:74:7b:44:7c:c6:d3:
e5:35:5e:10:af:9e:67:49:0a:1f:fe:bb:00:60:26:
a8:ee:4b:66:2f:7d:f4:76:24:3e:73:81:e4:79:53:
3c:30:e6:25:00:80:fb:d2:0c:fa:e7:db:01:15:52:
4e:c4:ec:9f:95:b4:1d:a0:e7:7a:a2:59:77:c0:24:
13:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
IP Address:10.60.0.1, DNS:apache
X509v3 Subject Key Identifier:
13:9F:64:BF:CB:5E:2F:7D:F8:0B:26:94:DB:17:9D:F4:59:CE:79:20
X509v3 Authority Key Identifier:
AC:CD:79:CC:80:17:AA:8D:16:CC:97:B1:E9:36:5E:00:2A:BD:5B:D5
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
9c:7e:99:3c:10:22:23:cd:d6:c7:96:be:82:5e:e5:7f:69:16:
5c:57:e1:68:e2:04:26:74:e9:72:ea:3b:03:5c:81:bd:21:15:
a3:e8:86:4d:93:6f:a4:d8:a1:47:de:e0:b5:a3:bb:aa:5b:24:
e9:9d:f7:9d:7d:e3:ba:38:39:af:c6:8b:36:5c:a8:3d:37:af:
79:be:8f:bf:ba:76:a5:d5:62:8e:37:c8:2e:6d:7e:24:fc:56:
d2:91:01:9e:05:4d:26:16:52:75:3d:28:7f:20:d0:88:25:96:
2a:d3:3a:8f:27:3d:99:46:4d:de:e2:a7:11:07:84:ff:ac:55:
54:4a:25:1b:b3:05:47:b5:d5:db:b9:69:e5:f6:d7:28:c9:54:
45:9c:a5:9a:86:74:37:33:7c:47:75:5a:dd:bf:50:23:be:95:
8e:cd:2c:ba:72:cc:41:95:1f:a0:67:78:61:de:38:89:18:c4:
0c:df:e0:be:f3:9d:3e:e7:72:9f:3c:a3:e0:06:9a:6c:28:d1:
e2:1d:d2:14:76:89:8a:d4:ca:e1:38:9c:b3:31:81:bb:ca:11:
ba:78:36:01:e5:db:bf:a0:82:36:d2:b4:65:01:60:bf:63:c2:
a8:86:54:cb:ac:59:52:31:bd:a2:cc:94:47:cc:0a:cc:d3:87:
db:7b:fa:1a
-----BEGIN CERTIFICATE-----
MIIDQzCCAiugAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwUzELMAkGA1UEBhMCUFQx
EDAOBgNVBAgMB0NvaW1icmExEDAOBgNVBAcMB0NvaW1icmExCzAJBgNVBAoMAlVD
MRMwEQYDVQQDDApDb2ltYnJhVlBOMB4XDTI2MDQyMjE0MTQ1OVoXDTI3MDQyMjE0
MTQ1OVowGTEXMBUGA1UEAwwOYXBhY2hlLmNvaW1icmEwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDQiPsyF5udlRVCpbMgDicavaoQalmcGEDLgYBwMxoi
NAhvlAyXHGjUaVl+UGXBRir9nU6WE0dY2oeGDqytrUit0bFuYSveBMFfz2D1pr09
/bProNuPn2dbkXaqpYeag1cahD0RwrNxhFFI0ziODvLFllW1boZM8CKdGROuIyHq
1f7kHZz7QjqEgUMDLsW97Qt+SFCD4AsVh71lmw3QflWNAukDr/59GSjvRmssAgQz
BS5zlBCuVCXSglUQInR7RHzG0+U1XhCvnmdJCh/+uwBgJqjuS2YvffR2JD5zgeR5
Uzww5iUAgPvSDPrn2wEVUk7E7J+VtB2g53qiWXfAJBOpAgMBAAGjWzBZMBcGA1Ud
EQQQMA6HBAo8AAGCBmFwYWNoZTAdBgNVHQ4EFgQUE59kv8teL334CyaU2xed9FnO
eSAwHwYDVR0jBBgwFoAUrM15zIAXqo0WzJex6TZeACq9W9UwDQYJKoZIhvcNAQEL
BQADggEBAJx+mTwQIiPN1seWvoJe5X9pFlxX4WjiBCZ06XLqOwNcgb0hFaPohk2T
b6TYoUfe4LWju6pbJOmd951947o4Oa/GizZcqD03r3m+j7+6dqXVYo43yC5tfiT8
VtKRAZ4FTSYWUnU9KH8g0IgllirTOo8nPZlGTd7ipxEHhP+sVVRKJRuzBUe11du5
aeX21yjJVEWcpZqGdDczfEd1Wt2/UCO+lY7NLLpyzEGVH6BneGHeOIkYxAzf4L7z
nT7ncp88o+AGmmwo0eId0hR2iYrUyuE4nLMxgbvKEbp4NgHl27+ggjbStGUBYL9j
wqiGVMusWVIxvaLMlEfMCszTh9t7+ho=
-----END CERTIFICATE-----

77
ca/apache.crt
View File

@@ -1,77 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4099 (0x1003)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=PT, ST=Coimbra, L=Coimbra, O=UC, CN=CoimbraVPN
Validity
Not Before: Apr 22 14:14:59 2026 GMT
Not After : Apr 22 14:14:59 2027 GMT
Subject: CN=apache.coimbra
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d0:88:fb:32:17:9b:9d:95:15:42:a5:b3:20:0e:
27:1a:bd:aa:10:6a:59:9c:18:40:cb:81:80:70:33:
1a:22:34:08:6f:94:0c:97:1c:68:d4:69:59:7e:50:
65:c1:46:2a:fd:9d:4e:96:13:47:58:da:87:86:0e:
ac:ad:ad:48:ad:d1:b1:6e:61:2b:de:04:c1:5f:cf:
60:f5:a6:bd:3d:fd:b3:eb:a0:db:8f:9f:67:5b:91:
76:aa:a5:87:9a:83:57:1a:84:3d:11:c2:b3:71:84:
51:48:d3:38:8e:0e:f2:c5:96:55:b5:6e:86:4c:f0:
22:9d:19:13:ae:23:21:ea:d5:fe:e4:1d:9c:fb:42:
3a:84:81:43:03:2e:c5:bd:ed:0b:7e:48:50:83:e0:
0b:15:87:bd:65:9b:0d:d0:7e:55:8d:02:e9:03:af:
fe:7d:19:28:ef:46:6b:2c:02:04:33:05:2e:73:94:
10:ae:54:25:d2:82:55:10:22:74:7b:44:7c:c6:d3:
e5:35:5e:10:af:9e:67:49:0a:1f:fe:bb:00:60:26:
a8:ee:4b:66:2f:7d:f4:76:24:3e:73:81:e4:79:53:
3c:30:e6:25:00:80:fb:d2:0c:fa:e7:db:01:15:52:
4e:c4:ec:9f:95:b4:1d:a0:e7:7a:a2:59:77:c0:24:
13:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
IP Address:10.60.0.1, DNS:apache
X509v3 Subject Key Identifier:
13:9F:64:BF:CB:5E:2F:7D:F8:0B:26:94:DB:17:9D:F4:59:CE:79:20
X509v3 Authority Key Identifier:
AC:CD:79:CC:80:17:AA:8D:16:CC:97:B1:E9:36:5E:00:2A:BD:5B:D5
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
9c:7e:99:3c:10:22:23:cd:d6:c7:96:be:82:5e:e5:7f:69:16:
5c:57:e1:68:e2:04:26:74:e9:72:ea:3b:03:5c:81:bd:21:15:
a3:e8:86:4d:93:6f:a4:d8:a1:47:de:e0:b5:a3:bb:aa:5b:24:
e9:9d:f7:9d:7d:e3:ba:38:39:af:c6:8b:36:5c:a8:3d:37:af:
79:be:8f:bf:ba:76:a5:d5:62:8e:37:c8:2e:6d:7e:24:fc:56:
d2:91:01:9e:05:4d:26:16:52:75:3d:28:7f:20:d0:88:25:96:
2a:d3:3a:8f:27:3d:99:46:4d:de:e2:a7:11:07:84:ff:ac:55:
54:4a:25:1b:b3:05:47:b5:d5:db:b9:69:e5:f6:d7:28:c9:54:
45:9c:a5:9a:86:74:37:33:7c:47:75:5a:dd:bf:50:23:be:95:
8e:cd:2c:ba:72:cc:41:95:1f:a0:67:78:61:de:38:89:18:c4:
0c:df:e0:be:f3:9d:3e:e7:72:9f:3c:a3:e0:06:9a:6c:28:d1:
e2:1d:d2:14:76:89:8a:d4:ca:e1:38:9c:b3:31:81:bb:ca:11:
ba:78:36:01:e5:db:bf:a0:82:36:d2:b4:65:01:60:bf:63:c2:
a8:86:54:cb:ac:59:52:31:bd:a2:cc:94:47:cc:0a:cc:d3:87:
db:7b:fa:1a
-----BEGIN CERTIFICATE-----
MIIDQzCCAiugAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwUzELMAkGA1UEBhMCUFQx
EDAOBgNVBAgMB0NvaW1icmExEDAOBgNVBAcMB0NvaW1icmExCzAJBgNVBAoMAlVD
MRMwEQYDVQQDDApDb2ltYnJhVlBOMB4XDTI2MDQyMjE0MTQ1OVoXDTI3MDQyMjE0
MTQ1OVowGTEXMBUGA1UEAwwOYXBhY2hlLmNvaW1icmEwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDQiPsyF5udlRVCpbMgDicavaoQalmcGEDLgYBwMxoi
NAhvlAyXHGjUaVl+UGXBRir9nU6WE0dY2oeGDqytrUit0bFuYSveBMFfz2D1pr09
/bProNuPn2dbkXaqpYeag1cahD0RwrNxhFFI0ziODvLFllW1boZM8CKdGROuIyHq
1f7kHZz7QjqEgUMDLsW97Qt+SFCD4AsVh71lmw3QflWNAukDr/59GSjvRmssAgQz
BS5zlBCuVCXSglUQInR7RHzG0+U1XhCvnmdJCh/+uwBgJqjuS2YvffR2JD5zgeR5
Uzww5iUAgPvSDPrn2wEVUk7E7J+VtB2g53qiWXfAJBOpAgMBAAGjWzBZMBcGA1Ud
EQQQMA6HBAo8AAGCBmFwYWNoZTAdBgNVHQ4EFgQUE59kv8teL334CyaU2xed9FnO
eSAwHwYDVR0jBBgwFoAUrM15zIAXqo0WzJex6TZeACq9W9UwDQYJKoZIhvcNAQEL
BQADggEBAJx+mTwQIiPN1seWvoJe5X9pFlxX4WjiBCZ06XLqOwNcgb0hFaPohk2T
b6TYoUfe4LWju6pbJOmd951947o4Oa/GizZcqD03r3m+j7+6dqXVYo43yC5tfiT8
VtKRAZ4FTSYWUnU9KH8g0IgllirTOo8nPZlGTd7ipxEHhP+sVVRKJRuzBUe11du5
aeX21yjJVEWcpZqGdDczfEd1Wt2/UCO+lY7NLLpyzEGVH6BneGHeOIkYxAzf4L7z
nT7ncp88o+AGmmwo0eId0hR2iYrUyuE4nLMxgbvKEbp4NgHl27+ggjbStGUBYL9j
wqiGVMusWVIxvaLMlEfMCszTh9t7+ho=
-----END CERTIFICATE-----

74
ca/apache.crt.old
View File

@@ -1,74 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4098 (0x1002)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=PT, ST=Coimbra, L=Coimbra, O=UC, CN=CoimbraVPN
Validity
Not Before: Apr 22 12:33:59 2026 GMT
Not After : Apr 22 12:33:59 2027 GMT
Subject: CN=apache
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d0:88:fb:32:17:9b:9d:95:15:42:a5:b3:20:0e:
27:1a:bd:aa:10:6a:59:9c:18:40:cb:81:80:70:33:
1a:22:34:08:6f:94:0c:97:1c:68:d4:69:59:7e:50:
65:c1:46:2a:fd:9d:4e:96:13:47:58:da:87:86:0e:
ac:ad:ad:48:ad:d1:b1:6e:61:2b:de:04:c1:5f:cf:
60:f5:a6:bd:3d:fd:b3:eb:a0:db:8f:9f:67:5b:91:
76:aa:a5:87:9a:83:57:1a:84:3d:11:c2:b3:71:84:
51:48:d3:38:8e:0e:f2:c5:96:55:b5:6e:86:4c:f0:
22:9d:19:13:ae:23:21:ea:d5:fe:e4:1d:9c:fb:42:
3a:84:81:43:03:2e:c5:bd:ed:0b:7e:48:50:83:e0:
0b:15:87:bd:65:9b:0d:d0:7e:55:8d:02:e9:03:af:
fe:7d:19:28:ef:46:6b:2c:02:04:33:05:2e:73:94:
10:ae:54:25:d2:82:55:10:22:74:7b:44:7c:c6:d3:
e5:35:5e:10:af:9e:67:49:0a:1f:fe:bb:00:60:26:
a8:ee:4b:66:2f:7d:f4:76:24:3e:73:81:e4:79:53:
3c:30:e6:25:00:80:fb:d2:0c:fa:e7:db:01:15:52:
4e:c4:ec:9f:95:b4:1d:a0:e7:7a:a2:59:77:c0:24:
13:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:9F:64:BF:CB:5E:2F:7D:F8:0B:26:94:DB:17:9D:F4:59:CE:79:20
X509v3 Authority Key Identifier:
AC:CD:79:CC:80:17:AA:8D:16:CC:97:B1:E9:36:5E:00:2A:BD:5B:D5
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
a4:24:8d:a2:b8:b4:da:5c:a6:e0:75:2a:e0:71:aa:03:35:e8:
b4:64:49:90:b9:f3:09:a6:c6:99:0c:64:04:5e:65:e6:09:72:
13:11:e8:4c:29:a4:99:c5:dd:67:ff:49:fb:5f:8a:b3:cf:3a:
e5:b7:1c:a0:8a:59:ca:10:a9:dd:26:c3:3d:25:c7:82:b8:0d:
db:91:fe:45:d1:3b:ac:80:1d:11:49:85:13:9b:c2:86:fd:17:
81:5d:e3:a4:d1:64:2d:27:0c:c9:77:08:2a:89:ed:7e:2e:ac:
d2:86:f5:d5:fd:de:a6:c4:5d:18:33:ec:78:a1:ca:cf:64:68:
cb:1a:25:1e:a3:cf:e5:28:0b:a2:f8:45:bd:b6:99:54:17:62:
09:f0:ab:ba:d2:38:dc:bc:7b:1d:b8:f2:51:e5:d3:0c:1d:8d:
a3:3e:57:c2:0d:ef:93:5d:39:9c:ee:50:f1:e3:f8:fb:ff:94:
88:2c:37:f7:39:47:97:2c:fc:71:27:88:21:b3:da:68:ac:f4:
c6:a0:77:00:25:37:67:ea:ee:d1:a8:44:01:f6:40:79:68:4a:
94:24:d8:1a:d9:07:7d:73:0b:8c:b0:80:dd:b4:a9:49:3f:33:
73:7e:4d:5a:b6:f0:51:94:46:b2:81:a3:cb:81:a2:d9:7f:dd:
32:60:ba:8c
-----BEGIN CERTIFICATE-----
MIIDIjCCAgqgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwUzELMAkGA1UEBhMCUFQx
EDAOBgNVBAgMB0NvaW1icmExEDAOBgNVBAcMB0NvaW1icmExCzAJBgNVBAoMAlVD
MRMwEQYDVQQDDApDb2ltYnJhVlBOMB4XDTI2MDQyMjEyMzM1OVoXDTI3MDQyMjEy
MzM1OVowETEPMA0GA1UEAwwGYXBhY2hlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA0Ij7MhebnZUVQqWzIA4nGr2qEGpZnBhAy4GAcDMaIjQIb5QMlxxo
1GlZflBlwUYq/Z1OlhNHWNqHhg6sra1IrdGxbmEr3gTBX89g9aa9Pf2z66Dbj59n
W5F2qqWHmoNXGoQ9EcKzcYRRSNM4jg7yxZZVtW6GTPAinRkTriMh6tX+5B2c+0I6
hIFDAy7Fve0LfkhQg+ALFYe9ZZsN0H5VjQLpA6/+fRko70ZrLAIEMwUuc5QQrlQl
0oJVECJ0e0R8xtPlNV4Qr55nSQof/rsAYCao7ktmL330diQ+c4HkeVM8MOYlAID7
0gz659sBFVJOxOyflbQdoOd6oll3wCQTqQIDAQABo0IwQDAdBgNVHQ4EFgQUE59k
v8teL334CyaU2xed9FnOeSAwHwYDVR0jBBgwFoAUrM15zIAXqo0WzJex6TZeACq9
W9UwDQYJKoZIhvcNAQELBQADggEBAKQkjaK4tNpcpuB1KuBxqgM16LRkSZC58wmm
xpkMZAReZeYJchMR6EwppJnF3Wf/SftfirPPOuW3HKCKWcoQqd0mwz0lx4K4DduR
/kXRO6yAHRFJhRObwob9F4Fd46TRZC0nDMl3CCqJ7X4urNKG9dX93qbEXRgz7Hih
ys9kaMsaJR6jz+UoC6L4Rb22mVQXYgnwq7rSONy8ex248lHl0wwdjaM+V8IN75Nd
OZzuUPHj+Pv/lIgsN/c5R5cs/HEniCGz2mis9MagdwAlN2fq7tGoRAH2QHloSpQk
2BrZB31zC4ywgN20qUk/M3N+TVq28FGURrKBo8uBotl/3TJguow=
-----END CERTIFICATE-----

17
ca/apache.csr
View File

@@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICxjCCAa4CAQAwVzELMAkGA1UEBhMCUFQxEDAOBgNVBAgMB0NvaW1icmExEDAO
BgNVBAcMB0NvaW1icmExCzAJBgNVBAoMAlVDMRcwFQYDVQQDDA5hcGFjaGUuY29p
bWJyYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCI+zIXm52VFUKl
syAOJxq9qhBqWZwYQMuBgHAzGiI0CG+UDJccaNRpWX5QZcFGKv2dTpYTR1jah4YO
rK2tSK3RsW5hK94EwV/PYPWmvT39s+ug24+fZ1uRdqqlh5qDVxqEPRHCs3GEUUjT
OI4O8sWWVbVuhkzwIp0ZE64jIerV/uQdnPtCOoSBQwMuxb3tC35IUIPgCxWHvWWb
DdB+VY0C6QOv/n0ZKO9GaywCBDMFLnOUEK5UJdKCVRAidHtEfMbT5TVeEK+eZ0kK
H/67AGAmqO5LZi999HYkPnOB5HlTPDDmJQCA+9IM+ufbARVSTsTsn5W0HaDneqJZ
d8AkE6kCAwEAAaAqMCgGCSqGSIb3DQEJDjEbMBkwFwYDVR0RBBAwDocECjwAAYIG
YXBhY2hlMA0GCSqGSIb3DQEBCwUAA4IBAQBzs+QEnIvT5ArumDP7/7TeEcOeTmfh
GkLMHKn2+lRH055KE+sv2k2l+PW4zrPLdEWw82CW7zy4ilpXjzywGIXZY0dCAWWH
wc/mRqbE6b4gdatU+LEqkcUiiCKkAh+stG1QOYB4yhISR0N/KWC4GIBsNIen8jjO
+qQunBa/wb7XRvHWCl4ihLMSA4PjijkxPOAjnGe6swPCo8gl39477bdAYL2Qrrr2
FxkZRZMZG1cSX2lV8DhBV4/AZAzZMGFHc4GOzcyzPNJ3PWFotv+jNQ1DxbTFmOYI
m6A0coUdCw87lYuWlH8J3s0CUUb7Swd1dKrTjk7UDOTG1VK7q7xYaMkJ
-----END CERTIFICATE REQUEST-----

28
ca/apache.key
View File

@@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDQiPsyF5udlRVC
pbMgDicavaoQalmcGEDLgYBwMxoiNAhvlAyXHGjUaVl+UGXBRir9nU6WE0dY2oeG
DqytrUit0bFuYSveBMFfz2D1pr09/bProNuPn2dbkXaqpYeag1cahD0RwrNxhFFI
0ziODvLFllW1boZM8CKdGROuIyHq1f7kHZz7QjqEgUMDLsW97Qt+SFCD4AsVh71l
mw3QflWNAukDr/59GSjvRmssAgQzBS5zlBCuVCXSglUQInR7RHzG0+U1XhCvnmdJ
Ch/+uwBgJqjuS2YvffR2JD5zgeR5Uzww5iUAgPvSDPrn2wEVUk7E7J+VtB2g53qi
WXfAJBOpAgMBAAECggEAC8SDGlVLNoYEbF2h4U/zJHbp+yGpO14CAAnnh81WbvIt
PLCn0jor7zqfrnlWeKTfRa8EEYN2ffzc83NuCqHx7T8dSluI6G8vw1qWP96AJNil
d8k8wprN8BSiE+ih4ZYCSxCFyrQIQMJk/N1QfnG5AO3mGcYqJXrSlTdmTSgV4KTH
HMhcbE3oBi5sixfYuhz7JmoN2MtvUH7T1XQ93IK/EDANCHeOYfVDlQMv+VKqUsEA
4tB1j2Mk+MENIbxg2vswsDzi4X3geU9kDkZ+V/ahzQSKnoUJtC81QftGst7gia7i
Kl51DWvw3SXclDn//5ZSaWd6T0a0Gc8f73yC0vzKIQKBgQD9TVBrSTZTvJcJhhMQ
Tk7Epe96nWPw3PwKPntAaCcWaNi+AXOWw5oKX1Okilrsbxz5P6yH/jTvFZF33zpT
nhS30ew41GTSL0j3gCWK25I0SJOeth2dycyjd/yljotOGOz667vTGHleso7NYthD
s+iU6ceb7EuU9T0JjhHDsrVK8QKBgQDSwZmOwMAq0evNFgKB0QiipABIWhm7As1n
O0M439zA2bVo8Z3UAQb7YOBG/EoH+I/1HakJBM0BVyGRzkg4Krq0Dd8iL4gESj8E
niCtIC874AjhemVjHDPNwI/m93Czg8tqfd3r82rOa5HJWW4WYGeHPTjvd0puS8/6
SWTyBgSkOQKBgANxmKVMwoNS7g7AFuRC3ElKJD5bg29T4c1V2iEfCWEBnei/Zk3n
bOG1OBLlmqTaQd+VoQfcSeXyOh8SFt3qKUfyf66qHJDK+cf7owcHQy6YygD/Ytmx
U6npSLMLhBNUvWwP5mbRT10dOlnKfTw2ZvQXVZJmHQTybJkDqHQrqtFRAoGAA1t6
Kr//T69QZk/3ckH2NUEPkBd/WW9N/lr/UySdy6SsMyPGM95gUhjU+cyDEWVwRaNX
UgF1kpPkwQHcPKjRmJSv/Udsj0TvhA9QzfE5T2bePVlJzC5i1OBAapl+fh2XW/bt
Vhjmlqs4A1EdY9XdUFY1Vfs8gE1M3tvUc9aMtGECgYA3ebYLBwDB48gbYfnv8o3P
rY2hBfBsvfSKeYT/NPxG/XR035h9BnBcNG2L7U7GKmbxdULYZ2nEOSjqTxTvlHUO
ncGr7M00D9hpzTX+Yfr3em+lGsZxVfU7sKq1fWF/BdF7gCf8cdHk66gR19kYhi38
cEB0Z02sLDDP2AYOawrliA==
-----END PRIVATE KEY-----

21
ca/ca.crt
View File

@@ -1,21 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIUHeUZwwOlaXM3yPbokh5CjXEFw/YwDQYJKoZIhvcNAQEL
BQAwUzELMAkGA1UEBhMCUFQxEDAOBgNVBAgMB0NvaW1icmExEDAOBgNVBAcMB0Nv
aW1icmExCzAJBgNVBAoMAlVDMRMwEQYDVQQDDApDb2ltYnJhVlBOMB4XDTI2MDQy
MjEwNDgwMloXDTI3MDQyMjEwNDgwMlowUzELMAkGA1UEBhMCUFQxEDAOBgNVBAgM
B0NvaW1icmExEDAOBgNVBAcMB0NvaW1icmExCzAJBgNVBAoMAlVDMRMwEQYDVQQD
DApDb2ltYnJhVlBOMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1ft
wTq/HG1SavpgkRSP/ZO3hvW8lCR8e8ica/w7ogJwMoTAHz0axMpY9MQ6SmXXvXEh
/DY0wwM60jJ8f332fk3otcWzHznEK+EC2xrZSvnikWYSWcaDe6PzPtu0w9//y/Cl
Jt8ocvC1qyN20skhCP8nuTCW7o0nO+glPEHAl1fSuHuA/0tXbpROsxpi3cqzWypB
ufnDyIg4vxKbhQdtJn0UMvA2g92gTpxl9Dvt4L68L2e/Oz5B2l+USEIHxfkS+N1v
p8O22H+KV4+4Le76RJ/DOzV+pAieY4/bWIFQ5CsB6SvcHwP0CxOa1KOeHZbdyyDe
TBCmDTR3K4ZBy/ii2wIDAQABo1MwUTAdBgNVHQ4EFgQUrM15zIAXqo0WzJex6TZe
ACq9W9UwHwYDVR0jBBgwFoAUrM15zIAXqo0WzJex6TZeACq9W9UwDwYDVR0TAQH/
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAlkndsM3ikWZibO3l5UBBVSQjgjdf
8CdE3UyrzuTOTFGWW8ALD1PTMjZ/uFR6mX5pn3Afd6CcRvm/SP/ybh4q+7oBlJCT
hjJo/r8NAsaN1TubFSaLsQTzilZDCK6Go+WvcNgar0pwgMunqphBycuLOkT3cxli
ubGzplv33gA6EPwZ7LaSfMRf/mVeLutUyP0SKyos3/Je1lAz8Wel245JPJ2mI8fT
HopjnVWScOPedFKt/nh//RVTjZDvPGH5Lvglg9ko+Lc62JF/5XIqIS25TwcUskXK
KfotGiwJM1VHyi49PWEC1Asu7C9ljMbHy/UsISPGxUOq/oy3OQoj7DXEng==
-----END CERTIFICATE-----

28
ca/ca.key
View File

@@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzV+3BOr8cbVJq
+mCRFI/9k7eG9byUJHx7yJxr/DuiAnAyhMAfPRrEylj0xDpKZde9cSH8NjTDAzrS
Mnx/ffZ+Tei1xbMfOcQr4QLbGtlK+eKRZhJZxoN7o/M+27TD3//L8KUm3yhy8LWr
I3bSySEI/ye5MJbujSc76CU8QcCXV9K4e4D/S1dulE6zGmLdyrNbKkG5+cPIiDi/
EpuFB20mfRQy8DaD3aBOnGX0O+3gvrwvZ787PkHaX5RIQgfF+RL43W+nw7bYf4pX
j7gt7vpEn8M7NX6kCJ5jj9tYgVDkKwHpK9wfA/QLE5rUo54dlt3LIN5MEKYNNHcr
hkHL+KLbAgMBAAECggEAPpkTUJ3LtQVnfhWUfS87LxxPM9k0EFVH6gDUsFBjFCJb
vRZe5Mh0PnoOYKjZW7x+eA4z+Y+GDQdkkZezouB5mA5jiobOBbkpAtPQJmARtjzQ
W0XQY+uJWy+XqLoRN0lJRIrjalT8Dlp8XpbLU7mGQVimKdqO5Ab6ycs2q/ibW3dj
am9L/AaV8YW99xWeRVi8OKn1Oyhpaplnb7IDdeDx8/nCSplVx1EggsV7XPStfL2R
us8/sE525OCo7mriXBLph62r7C1oFxxeASIjpPD5+gh09CCoMcodETlCBKPia7Q4
ha/nnsjXRPZIq4b2y4BYzlCVnCldwKzr+QW+s0EZKQKBgQDZRV2kR4k9ytF1kG85
DCW8ogk03BZ2x9Wk6sEU3lUtR3YfyHe3zFrZ2lDynknVAxXABPQ8XG8i24O0ZQ/h
oiRu9LtUIf+rYVrZke8DiPEuGUdTMLeLMBUhWtSpG5kNrpr/hdt/lXnnszTd5Xon
YGpa2qQAB2eki+uxnJMbAHopRQKBgQDTT9V2FEUa+GG5mbQXClbXqbd7+8LoKH7l
VYzQxaWSWgW1o9/0NOBY5Jw6PoWdhbf0IzA2bYeKIChp6IwhEh9+A+Vdp0Hupz/Z
tDlHThWXUBqYTPM1mXX1KyEoNjGQiMMpeuOc0sUJZvMfFWrzkn0kG8VsB9u8n1ND
CQ+O3MaNnwKBgEQJ5+ApEr5KBDvnphzcQ/kFWRK3lUVPIQVLCnnpggzy4vfjBDKH
iS/NoSnJDd/p3mbKZl18qMTmryDPwSBscTJZ60vWdcUKcLPPcmTN/pDsE5zmlaO9
w/A1DIGEhfJ16k34chtLCOjZAsY2NYGdPNEExPTJXNh3hLCTErIS/S5tAoGAITum
A6sObz5vCCSPOSxsGgDcFYizz5VG18SLn+3lq02zJiz+tMZ4HiLeGx7oHq0AEEpU
c8roDSYflQB4wV67SzNLqF38tY7iMNfyRi+Wn7R+akN34I8hCQzeaxeS1ftcTjLA
h1JyoJbrV5Ejv+ji+4HOm73kphacnqdXJg28wFsCgYEAs4VbAruXv3thxJ8a7Y4n
8FRwdDV2nJRGYRR6WdE8qCLFi5rhoI2/sqblp2i/j8e419YWzj+pRqDMCWlePg+i
7Ne5swH3UQXb+3sS/q0BUnYuJDnpmae/qJ4gDU1NvHZnrqz047hfvHw9gAcCh4a2
IZGzyqYAUSqhzm9epjEZ9+w=
-----END PRIVATE KEY-----

12
ca/cheese.cfg
View File

@@ -1,12 +0,0 @@
[ ca ]
default_ca = CA_default
[ CA_default ]
default_days = 365
database = index.txt
serial = serial
copy_extensions = copy
new_certs_dir = .
default_md = sha256
policy = policy_any
[ policy_any ]
commonName = supplied

22
ca/create_all_keys.sh
View File

@@ -1,22 +0,0 @@
#!/bin/bash
cert_ca="/C=PT/ST=Coimbra/L=Coimbra/O=UC/CN=CoimbraVPN"
cert_vpn="/C=PT/ST=Coimbra/L=Coimbra/O=UC/CN=gateway"
cert_user="/C=PT/ST=Coimbra/L=Coimbra/O=UC/CN=warrior"
cert_apache="/C=PT/ST=Coimbra/L=Coimbra/O=UC/CN=apache.coimbra"
[[ -e "serial" ]] || echo 1000 > serial
[[ -e "index.txt" ]] || touch index.txt
[[ -e "ca.key" ]] || openssl genrsa -out "ca.key" 2048
[[ -e "ca.crt" ]] || openssl req -x509 -nodes -days 365 -key "ca.key" -out "ca.crt" -subj "$cert_ca"
[[ -e "vpn.key" ]] || openssl genrsa -out "vpn.key" 2048
[[ -e "vpn.csr" ]] || openssl req -new -key "vpn.key" -out "vpn.csr" -subj "$cert_vpn"
[[ -e "vpn.crt" ]] || openssl ca -batch -in "vpn.csr" -cert "ca.crt" -keyfile "ca.key" -out "vpn.crt" -config cheese.cfg
[[ -e "dh2048.pem" ]] || openssl dhparam -out "dh2048.pem" 2048
[[ -e "ta.key" ]] || openvpn --genkey secret "ta.key"
[[ -e "user.key" ]] || openssl genrsa -out user.key
[[ -e "user.csr" ]] || openssl req -new -key user.key -out user.csr -subj "$cert_user"
[[ -e "user.crt" ]] || openssl ca -batch -in "user.csr" -cert "ca.crt" -keyfile "ca.key" -out "user.crt" -config cheese.cfg
[[ -e "apache.key" ]] || openssl genrsa -out apache.key
[[ -e "apache.csr" ]] || openssl req -new -key apache.key -out apache.csr -subj "$cert_apache" -addext "subjectAltName = IP:10.60.0.1,DNS:apache"
[[ -e "apache.crt" ]] || openssl ca -batch -in "apache.csr" -cert "ca.crt" -keyfile "ca.key" -out "apache.crt" -config cheese.cfg

8
ca/dh2048.pem
View File

@@ -1,8 +0,0 @@
-----BEGIN DH PARAMETERS-----
MIIBDAKCAQEAvqMnND0GPZb1287Irc8grekth4JCb5Mfz4iig9GR0AJNzIj+/hf6
Cnz3+5F6OD7XDyY7Prgq/dZ6KhZAnKOSQ4r6rDbgcVqPoU5g8ykKuhI3daAOr/Ut
EauKJN4kcTDARvdk9gebWNIDRrbuV0wv7QDsO3TIznn24MTnYUm3ReExv58fmqX6
Ttr74clxnUC660HX084sxhxAA9Mfewy+8KCxy1MF2MttZP6DY3IWEVokfK2W/ZlE
UsFIMNlblKK/JBn7Y/6/FZN/V8zwxFCQBhuvOvaNbtraejkeUnl7VdqQ6T4Rmvid
0jN5ddbuyyu+pm7WPU94ilLyPQECexnx7wIBAgICAOE=
-----END DH PARAMETERS-----

4
ca/index.txt
View File

@@ -1,4 +0,0 @@
V 270422105026Z 1000 unknown /CN=gateway
V 270422105026Z 1001 unknown /CN=warrior
V 270422123359Z 1002 unknown /CN=apache
V 270422141459Z 1003 unknown /CN=apache.coimbra

1
ca/index.txt.attr
View File

@@ -1 +0,0 @@
unique_subject = yes

1
ca/index.txt.attr.old
View File

@@ -1 +0,0 @@
unique_subject = yes

3
ca/index.txt.old
View File

@@ -1,3 +0,0 @@
V 270422105026Z 1000 unknown /CN=gateway
V 270422105026Z 1001 unknown /CN=warrior
V 270422123359Z 1002 unknown /CN=apache

2
ca/revoke_user.sh
View File

@@ -1,2 +0,0 @@
#!/bin/bash
openssl ca -revoke user.crt -config cheese.cfg -keyfile ca.key -cert ca.crt

1
ca/serial
View File

@@ -1 +0,0 @@
1004

1
ca/serial.old
View File

@@ -1 +0,0 @@
1003

21
ca/ta.key
View File

@@ -1,21 +0,0 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
8ab6c529070f93ad262f6ba5ec506c5e
3e89f24851df40259a2e5fce5b98117c
4ccba0c1c5a045d802ee4638c1f047fb
f2537cb038f1faf976e1cf05ad2c5cc2
23be82d9bdd89180ff235bc995116c83
f08bc102313dd043fa3dcb924665fc36
408fd7bc620c6939e0a42f90e37a9ea7
078e323acbe6b844405b929fecbcc539
e5022c1e9a2b76503b63d35aeeb70cb4
cf260ac014c5914b30ee0020a737bcc5
d08a810e512769245993d9075572f1c0
4971992ba8782b2b7e6189b03c8e1448
842e42983c9af8c32d007237e9b597db
2c6cf399d16f153136307605297e3bbb
cb1b9b1cc9c4cb2f2684ad5d50dd0448
3480fb0a4cc3af1553e5b40645eae3f0
-----END OpenVPN Static key V1-----

74
ca/user.crt
View File

@@ -1,74 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4097 (0x1001)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=PT, ST=Coimbra, L=Coimbra, O=UC, CN=CoimbraVPN
Validity
Not Before: Apr 22 10:50:26 2026 GMT
Not After : Apr 22 10:50:26 2027 GMT
Subject: CN=warrior
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d8:5e:36:38:85:bb:f8:15:29:90:2a:03:47:26:
36:ad:47:b8:80:c2:1c:b2:35:53:34:a3:c8:79:73:
1a:7b:c5:06:f9:0e:fb:61:e9:16:81:81:4d:55:ac:
25:7d:96:f4:a4:1a:46:d0:0a:af:48:65:b7:1e:9b:
02:4a:4a:af:53:64:20:4f:af:d8:ab:f7:99:c2:b7:
80:b2:80:24:00:7c:a7:43:f7:35:69:47:fc:bc:ce:
fa:1a:8e:81:c3:2b:55:ea:57:c8:ec:76:3b:1b:58:
e9:65:c1:66:97:c5:39:62:1f:c7:f2:64:b3:6a:31:
41:a9:66:00:f5:48:3c:31:9b:70:a7:ca:f0:b8:28:
d3:cf:fb:86:25:f0:93:17:ad:3f:c8:60:dd:a7:a1:
be:b4:e8:fc:79:47:53:68:ed:eb:21:b5:f7:aa:f5:
bf:22:45:d9:10:5a:db:be:41:c3:09:47:72:f4:6b:
d6:21:65:77:43:79:89:0d:cd:72:58:14:e2:25:55:
0b:17:e8:97:d4:d0:0e:9c:7d:9c:38:6e:52:50:cb:
25:a5:00:fc:cb:69:bb:09:f0:3a:f1:8a:83:e7:7c:
95:07:46:58:11:41:25:8d:5c:91:02:ec:d2:83:4c:
98:d0:aa:ad:b0:fa:67:6c:22:79:87:de:5a:f5:01:
8f:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:84:32:04:21:19:F0:A6:B7:C1:32:4C:1B:9F:7E:EF:EC:3C:D3:79
X509v3 Authority Key Identifier:
AC:CD:79:CC:80:17:AA:8D:16:CC:97:B1:E9:36:5E:00:2A:BD:5B:D5
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
60:76:03:78:46:0e:db:33:a4:1a:13:67:11:66:b6:7e:bf:ba:
23:4e:01:9e:6b:28:dc:46:9c:5e:e8:a9:2a:72:d2:ae:c0:c7:
b7:68:6f:92:55:43:b7:cd:8f:6b:78:ad:86:d1:8a:bb:ba:7a:
a7:3b:fa:53:8f:1d:ec:75:0b:36:05:6b:14:91:c4:79:51:b2:
d0:2f:b9:17:0c:f1:6b:88:4d:24:6b:ae:15:36:2b:ac:4b:94:
67:04:f8:93:49:cc:c1:d7:ec:ae:a2:dc:32:c8:d1:f4:ee:4b:
0c:11:ad:4c:84:5d:96:97:31:d6:9f:c5:a7:79:b2:f1:b8:42:
5b:79:b8:12:d2:a3:56:a0:ae:3b:ba:7f:56:25:d4:ad:a7:fa:
39:52:e0:57:af:4f:d2:c6:3c:24:5d:d6:07:84:b0:a5:5f:d2:
3c:8b:36:2a:1f:24:55:cd:89:22:94:b7:f2:93:69:01:89:6e:
a4:67:2d:8b:d9:cd:af:29:70:09:83:69:e5:46:35:51:59:90:
71:c0:0a:8a:00:5c:55:c6:12:34:1a:b7:3d:a9:67:9c:0b:2f:
71:32:cb:87:92:b0:18:ff:fe:ec:f0:3e:cc:e3:1c:65:c8:24:
a9:bd:c9:8f:96:f7:19:af:95:a6:e0:e5:21:65:50:ad:69:da:
d3:09:27:84
-----BEGIN CERTIFICATE-----
MIIDIzCCAgugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwUzELMAkGA1UEBhMCUFQx
EDAOBgNVBAgMB0NvaW1icmExEDAOBgNVBAcMB0NvaW1icmExCzAJBgNVBAoMAlVD
MRMwEQYDVQQDDApDb2ltYnJhVlBOMB4XDTI2MDQyMjEwNTAyNloXDTI3MDQyMjEw
NTAyNlowEjEQMA4GA1UEAwwHd2FycmlvcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANheNjiFu/gVKZAqA0cmNq1HuIDCHLI1UzSjyHlzGnvFBvkO+2Hp
FoGBTVWsJX2W9KQaRtAKr0hltx6bAkpKr1NkIE+v2Kv3mcK3gLKAJAB8p0P3NWlH
/LzO+hqOgcMrVepXyOx2OxtY6WXBZpfFOWIfx/Jks2oxQalmAPVIPDGbcKfK8Lgo
08/7hiXwkxetP8hg3aehvrTo/HlHU2jt6yG196r1vyJF2RBa275BwwlHcvRr1iFl
d0N5iQ3NclgU4iVVCxfol9TQDpx9nDhuUlDLJaUA/MtpuwnwOvGKg+d8lQdGWBFB
JY1ckQLs0oNMmNCqrbD6Z2wieYfeWvUBj1kCAwEAAaNCMEAwHQYDVR0OBBYEFDCE
MgQhGfCmt8EyTBuffu/sPNN5MB8GA1UdIwQYMBaAFKzNecyAF6qNFsyXsek2XgAq
vVvVMA0GCSqGSIb3DQEBCwUAA4IBAQBgdgN4Rg7bM6QaE2cRZrZ+v7ojTgGeayjc
Rpxe6KkqctKuwMe3aG+SVUO3zY9reK2G0Yq7unqnO/pTjx3sdQs2BWsUkcR5UbLQ
L7kXDPFriE0ka64VNiusS5RnBPiTSczB1+yuotwyyNH07ksMEa1MhF2WlzHWn8Wn
ebLxuEJbebgS0qNWoK47un9WJdStp/o5UuBXr0/SxjwkXdYHhLClX9I8izYqHyRV
zYkilLfyk2kBiW6kZy2L2c2vKXAJg2nlRjVRWZBxwAqKAFxVxhI0Grc9qWecCy9x
MsuHkrAY//7s8D7M4xxlyCSpvcmPlvcZr5Wm4OUhZVCtadrTCSeE
-----END CERTIFICATE-----

16
ca/user.csr
View File

@@ -1,16 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIClTCCAX0CAQAwUDELMAkGA1UEBhMCUFQxEDAOBgNVBAgMB0NvaW1icmExEDAO
BgNVBAcMB0NvaW1icmExCzAJBgNVBAoMAlVDMRAwDgYDVQQDDAd3YXJyaW9yMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2F42OIW7+BUpkCoDRyY2rUe4
gMIcsjVTNKPIeXMae8UG+Q77YekWgYFNVawlfZb0pBpG0AqvSGW3HpsCSkqvU2Qg
T6/Yq/eZwreAsoAkAHynQ/c1aUf8vM76Go6BwytV6lfI7HY7G1jpZcFml8U5Yh/H
8mSzajFBqWYA9Ug8MZtwp8rwuCjTz/uGJfCTF60/yGDdp6G+tOj8eUdTaO3rIbX3
qvW/IkXZEFrbvkHDCUdy9GvWIWV3Q3mJDc1yWBTiJVULF+iX1NAOnH2cOG5SUMsl
pQD8y2m7CfA68YqD53yVB0ZYEUEljVyRAuzSg0yY0KqtsPpnbCJ5h95a9QGPWQID
AQABoAAwDQYJKoZIhvcNAQELBQADggEBAKBuw6o5zucZ3cULpuQBZiBtvodrV1ht
V7NCqQe5UoFP0wywUCQyB1A4rAT+Of3yJxKLYiBrq8u9/ra6zGfXTOxZSSpm+1cN
iZMVb3c57Hir3cS3sG/tLi147168GpBxiV87WLgBozw2ki0x9fApx5crLZY9/FlM
qCwTF8g/Pu6c/gXf+y/aGzcElx0tTpR5FvJopFJ/PNNJSmJZ22Mtbynvztnk8xB6
vzX3+0lp9eNv7X1IwcaDk45B1Fv+7OiyVZ57hOrsUsr4whmb7jctpEm5UzL4cHuE
nMjY5Eqe9Gsct5g7PO+LVH8CF1joBLShgqOIH+1k797iS5maYWHdYW0=
-----END CERTIFICATE REQUEST-----

28
ca/user.key
View File

@@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDYXjY4hbv4FSmQ
KgNHJjatR7iAwhyyNVM0o8h5cxp7xQb5Dvth6RaBgU1VrCV9lvSkGkbQCq9IZbce
mwJKSq9TZCBPr9ir95nCt4CygCQAfKdD9zVpR/y8zvoajoHDK1XqV8jsdjsbWOll
wWaXxTliH8fyZLNqMUGpZgD1SDwxm3CnyvC4KNPP+4Yl8JMXrT/IYN2nob606Px5
R1No7eshtfeq9b8iRdkQWtu+QcMJR3L0a9YhZXdDeYkNzXJYFOIlVQsX6JfU0A6c
fZw4blJQyyWlAPzLabsJ8DrxioPnfJUHRlgRQSWNXJEC7NKDTJjQqq2w+mdsInmH
3lr1AY9ZAgMBAAECggEAaYNcDqlM9pifWbHbQl2kyVDR7Vx78P3nMyLx1yQmFJiL
I3bGaUNpWcNMCsz1xW6Ro9s6kCa9vuD3cYHnFoKgSFrqFOIsmAQZZCbnqGSr6d7g
FNlfnxVfb1XCCqRXLG2cKrkffwzTGy17OEedt8KSjsLv10l7YvxdSHY5XmQZEpkU
l9O6olSvhaPQxx3RynR0rTdyESZMLMj2SqHpSlHg6TVvTjRH5EspMTpJiU/cNiqv
b57OH02gh1huS0DKV3aPvR8+6jlP0Ec0djcwXatQxzesFjHutVR1f5RBh36O6zJ0
9Nx2wxppFPsFVB5olJWzIkMH2MalYyIK5+0Lpl3PDwKBgQD04wRGe+EZrCcfLJy+
wpsBqoUeclhDtfz1aMlmhCurWdIQKiEn1lYVMopxn+FvZy3pyE9ymn7aSsmb6PT4
f1j3rOjYcWKceyUCdEsYDRq8ciW7bhKVwXd+763CI485x63ZkKcKe2b7v1GIhkII
7Kp/Nwh5tXxCp6ta+0hJO9nEqwKBgQDiL+CDlgkEVM0MsjuSS2arHwfolXEaoApy
CwX6abCOkV3RiMmuMGKidQJ3v0K+vI3WlG/fW9s6ZRe9mSj/Qu3hq3el5ozzSpW9
FOI41cTOHdvKDpN21Cgk9gMBt0Slp2+qrv+OT4zCheQV29mGZ0dudr5/fMzrAxnk
nbhkXlpUCwKBgQC5mgHYhfVypraz+vUF46rl1V61V8ar8xe4zGWwzEXoxdffJn8g
mWN/B2JEgf+zlokG4inM22l/eyVYhHR+js5YUXXc7frmTLMdLBTqMqxr3TvZ1bBC
TnKKA5A3TwozqbKK7gacfDDuZu+dwNv1taH3bzd+P13hiwDloQQFdVY0pwKBgEC1
S7i5apj3nbXdI5fFxHh+JygN4M6qLHLV3n72T5Fp2vo/9NrFcuJhMTSK3hBtJvLV
gm/W+o/pLfKK56SnRCDEijVHENnlY5M1b0atOWFyP1e99cgQB/ATBWcvRA9UKGkf
KXNQJMfdwBPU0pVV5KSgif00+fbd60FxMbhdGeBjAoGBAO4GIfg1FgIixd3BjuW8
vCcYqqyRphtiHUeZMoVeIVO+CwD4tm7Rj7mRux/3lU8qRFdD/5O5oFE5MR6gvyno
aBt/fPzA40/zjsDMdILaL6IoJUw1B3OsRUoNTupHxqkBl3gJV1WUnWMQftzNAYuy
GJzEUr6jpE6MJyt3osZwfurm
-----END PRIVATE KEY-----

74
ca/vpn.crt
View File

@@ -1,74 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=PT, ST=Coimbra, L=Coimbra, O=UC, CN=CoimbraVPN
Validity
Not Before: Apr 22 10:50:26 2026 GMT
Not After : Apr 22 10:50:26 2027 GMT
Subject: CN=gateway
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bc:46:6b:0e:12:3f:c2:64:0d:dd:36:e7:86:a2:
f6:98:04:86:21:73:85:3b:cc:ce:7d:c5:74:f9:8d:
97:f8:c9:01:1c:e9:88:db:10:fc:40:a8:2a:44:76:
de:07:bd:39:58:c3:ba:b3:9a:d2:01:91:12:c8:7f:
0e:7a:51:56:f6:a4:ad:4e:63:92:8e:05:b9:9d:5a:
76:37:60:58:60:0a:10:f2:6e:15:6b:76:a1:34:91:
c5:cf:c7:86:00:cd:3f:53:c2:e9:45:8c:86:49:c2:
a1:36:f9:ca:3b:a5:30:76:92:ff:a6:e5:fa:40:67:
d9:91:ea:24:90:a5:a4:e0:15:2a:da:ce:1b:4e:f9:
86:7e:9f:33:de:e9:24:dc:b9:60:fa:c9:f0:e0:79:
83:a3:d3:b3:c9:61:37:9d:26:ab:e9:bd:21:68:74:
51:02:e0:a2:36:24:9e:c6:5d:22:f3:f6:76:8d:17:
ab:e3:46:a2:dc:a3:e4:f8:bc:a2:4b:59:8b:76:f4:
91:7e:2f:48:79:b6:72:1b:d5:45:e2:9f:d3:8d:b2:
f6:45:53:07:95:4d:8e:76:73:b8:54:10:17:63:c4:
07:bf:bf:a6:72:4f:ea:be:b7:1d:38:37:3a:95:26:
8f:36:81:a0:53:07:d3:49:32:7a:de:3c:7f:61:b6:
7c:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:52:2F:9E:1C:51:4D:A7:91:73:93:1B:E6:69:6C:06:99:28:2D:0B
X509v3 Authority Key Identifier:
AC:CD:79:CC:80:17:AA:8D:16:CC:97:B1:E9:36:5E:00:2A:BD:5B:D5
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
9a:fd:c0:13:d2:8a:7d:8d:d6:79:d0:35:1f:a6:75:ea:ff:1b:
73:1a:4b:30:d9:c8:3b:9d:96:e5:a8:28:eb:74:26:0d:13:fa:
e1:89:ad:eb:38:d4:57:d1:72:af:c5:93:ab:ce:07:35:3a:b5:
34:9f:72:af:71:b7:79:23:c8:88:99:af:a9:bf:72:8f:01:f2:
cf:f8:a1:57:8e:2a:05:e7:05:c2:0e:ac:92:df:db:f4:fd:64:
16:01:28:5a:7b:8b:c1:e3:8b:49:48:58:b4:36:28:ed:a3:99:
60:9c:a7:a6:3b:eb:07:3d:42:36:29:f2:d2:ff:07:86:34:3c:
0a:b0:70:cb:23:d2:f3:f1:f7:88:74:a5:a6:c3:ee:4e:5f:d7:
6d:ba:a6:83:09:76:f5:e4:1a:3b:d5:58:e9:be:a8:80:cf:68:
13:82:95:b3:da:75:43:4b:e7:f3:fb:6b:0d:b3:d5:07:5e:1b:
7a:69:f4:77:1b:59:eb:c5:a1:84:fb:cc:3e:5c:26:f5:b3:b3:
4d:36:8d:40:d2:53:f9:1e:bd:cf:b9:4b:c3:a8:40:29:97:58:
48:c2:94:94:28:9d:3f:e7:e3:d2:a3:db:32:8d:fb:a9:bb:c3:
32:a5:b3:c0:8b:c5:e3:56:45:55:2d:fb:62:5a:c0:36:f1:df:
b6:00:f9:b9
-----BEGIN CERTIFICATE-----
MIIDIzCCAgugAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwUzELMAkGA1UEBhMCUFQx
EDAOBgNVBAgMB0NvaW1icmExEDAOBgNVBAcMB0NvaW1icmExCzAJBgNVBAoMAlVD
MRMwEQYDVQQDDApDb2ltYnJhVlBOMB4XDTI2MDQyMjEwNTAyNloXDTI3MDQyMjEw
NTAyNlowEjEQMA4GA1UEAwwHZ2F0ZXdheTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALxGaw4SP8JkDd0254ai9pgEhiFzhTvMzn3FdPmNl/jJARzpiNsQ
/ECoKkR23ge9OVjDurOa0gGREsh/DnpRVvakrU5jko4FuZ1adjdgWGAKEPJuFWt2
oTSRxc/HhgDNP1PC6UWMhknCoTb5yjulMHaS/6bl+kBn2ZHqJJClpOAVKtrOG075
hn6fM97pJNy5YPrJ8OB5g6PTs8lhN50mq+m9IWh0UQLgojYknsZdIvP2do0Xq+NG
otyj5Pi8oktZi3b0kX4vSHm2chvVReKf042y9kVTB5VNjnZzuFQQF2PEB7+/pnJP
6r63HTg3OpUmjzaBoFMH00kyet48f2G2fCECAwEAAaNCMEAwHQYDVR0OBBYEFJZS
L54cUU2nkXOTG+ZpbAaZKC0LMB8GA1UdIwQYMBaAFKzNecyAF6qNFsyXsek2XgAq
vVvVMA0GCSqGSIb3DQEBCwUAA4IBAQCa/cAT0op9jdZ50DUfpnXq/xtzGksw2cg7
nZblqCjrdCYNE/rhia3rONRX0XKvxZOrzgc1OrU0n3Kvcbd5I8iIma+pv3KPAfLP
+KFXjioF5wXCDqyS39v0/WQWAShae4vB44tJSFi0Nijto5lgnKemO+sHPUI2KfLS
/weGNDwKsHDLI9Lz8feIdKWmw+5OX9dtuqaDCXb15Bo71VjpvqiAz2gTgpWz2nVD
S+fz+2sNs9UHXht6afR3G1nrxaGE+8w+XCb1s7NNNo1A0lP5Hr3PuUvDqEApl1hI
wpSUKJ0/5+PSo9syjfupu8MypbPAi8XjVkVVLftiWsA28d+2APm5
-----END CERTIFICATE-----

16
ca/vpn.csr
View File

@@ -1,16 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIClTCCAX0CAQAwUDELMAkGA1UEBhMCUFQxEDAOBgNVBAgMB0NvaW1icmExEDAO
BgNVBAcMB0NvaW1icmExCzAJBgNVBAoMAlVDMRAwDgYDVQQDDAdnYXRld2F5MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEZrDhI/wmQN3TbnhqL2mASG
IXOFO8zOfcV0+Y2X+MkBHOmI2xD8QKgqRHbeB705WMO6s5rSAZESyH8OelFW9qSt
TmOSjgW5nVp2N2BYYAoQ8m4Va3ahNJHFz8eGAM0/U8LpRYyGScKhNvnKO6UwdpL/
puX6QGfZkeokkKWk4BUq2s4bTvmGfp8z3ukk3Llg+snw4HmDo9OzyWE3nSar6b0h
aHRRAuCiNiSexl0i8/Z2jRer40ai3KPk+LyiS1mLdvSRfi9IebZyG9VF4p/TjbL2
RVMHlU2OdnO4VBAXY8QHv7+mck/qvrcdODc6lSaPNoGgUwfTSTJ63jx/YbZ8IQID
AQABoAAwDQYJKoZIhvcNAQELBQADggEBAAqV168ZttquI1P85iodBEo4pkefV9g7
DNOtjf/BQ4SZUmtMBSH95aH1o+EjhYy+522IJ7yTOke5uTsr4R0uD/D7EX9hKnp5
Qx2t/QZc+q3VKzOMV687VfBfq2RErMGSvJmk7cH40HyDlh4Ts5NZO3CAwaiIovKc
ddcZfrO3naktT8jwayWA16pk+vxf0G3jwJqbeizyS0hl12+dwPr/+ESRHCQoSkUH
wG5mL4eRW5E0NyuH9iGvOHms6WDrPU0qp2Rztql+FYZB+qGPJ3pdsajCIjJG7n4E
n3D5ofg5q3dlLHAwueMcMLGL9hpjXRGLZturgB5JdUp9+1fMhgxYfFY=
-----END CERTIFICATE REQUEST-----

28
ca/vpn.key
View File

@@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8RmsOEj/CZA3d
NueGovaYBIYhc4U7zM59xXT5jZf4yQEc6YjbEPxAqCpEdt4HvTlYw7qzmtIBkRLI
fw56UVb2pK1OY5KOBbmdWnY3YFhgChDybhVrdqE0kcXPx4YAzT9TwulFjIZJwqE2
+co7pTB2kv+m5fpAZ9mR6iSQpaTgFSrazhtO+YZ+nzPe6STcuWD6yfDgeYOj07PJ
YTedJqvpvSFodFEC4KI2JJ7GXSLz9naNF6vjRqLco+T4vKJLWYt29JF+L0h5tnIb
1UXin9ONsvZFUweVTY52c7hUEBdjxAe/v6ZyT+q+tx04NzqVJo82gaBTB9NJMnre
PH9htnwhAgMBAAECggEABIq6WGuOSDU7tGN3sGLMChzJ05LC2w90x8n0qXSF/wVy
Vm031PkS7MhhxKcNcihZcs+9+Ek62bjTOC0Af2jo7ShJ2gNC7NQshyRAh9N2LlLv
17laIO6Kswb1O673h5tr9KxWDkx2jN76HqZl/4xbn/Cp5C/WGqmmsQNyAF9Om+08
M/5jB3aVT4PFBoyOXd3WDkuxG1wEfFZPrrbOu7T06duzMH8yYnxFX42UyDOVNT73
iqZsxLzlOjLiAaVEZE+2WpZICnwaa04OaOimGHgYEcr4DFQwgUvkVQBvg6sDHVk2
R9GpBsf7BJceimpOAzw3zQaJ/BftFgli6/gHCZpJAQKBgQDgxxbBIxyVHYeaddAJ
cDMHTCr2wsk63gUxdqilDC/HZWpCtB1AI02IyxjPVQ87FxtQrCrGXAeztrqYRbKB
7bPu4UbYP1XCm8o0jNIsFObrMKv1KFLTycZEmvhjivFrQMXLunyPmciV1HKoPg1w
fZqJjn6X6nJyYEZBYDX6XmaX8QKBgQDWbVNxMEw4cpEdpl9lMTpry87XS1SpOKSR
YLqa5yhXMC+5l54B3a/xxoo3wY8YJLixWy67PXakKZ4iWhmAxzQocAJ4ML0ztLep
Z6fGjmE4XyBKQRIz4NaHZ76bh3SwSc07XirTahib6CPjpVc4b5h7+4JNcnmpIiq7
yFs0RfjXMQKBgAOQRHUVaGuYx0CUo5Kyu6xe8cNtvSD4yh5JokzTj6Jaoj+ieWA9
7wm/JoqK763hJOa3hAoXBWw89mJZoIXczeB4o9Xj0yk9rQv+O4rFXg/WerNtSzre
VQ1bY5q4ZjFsGnarYzQnnP17G8I9EZt58kxB/RHNfrj/e72nl9N7UacRAoGBAKeS
/t/5X8fJeTFTwT+i7kYqG/bTL1GkK7BViN/gAP3KcbG4FMrehk8L2x7hzMOQhypL
2USJLzvyLlwoT7/9bfygNL3bUTGkbNgeYtbglIfqh6CgI+qZLu7ZG/QOMxpGQva/
i/Z29s545/tTTsuTIvbZwqZl7UBJrF3eobBDcsoxAoGAbtIHtMulH7WJYu57DdC2
AD/xc0YBESCDN8wV73XZrOTluuCXDGOiQow4jWZM9SgFosVY0DrAM4pu6JWso93x
xAPexrca18YxCs2UwT66AYzDXOcijl1F9fUitf3WC/sZWmO3sd1FVFuLRGlq8mXY
kGgsbmgiuKROuuMqB2fHgWo=
-----END PRIVATE KEY-----

65
chave-pgp-do-rogerio.txt
View File

@@ -1,65 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.1
mQGNBGmLZjwBDACvUK1m3UikneSbyYrP0vbHMz3Dt5u0+1+/UoFHKrcIF0TeLMmeOL6s3iRW
JoSuB0YEmiO01BMEtUHC3Bt6/fu1TjMTLGEwo4dltw/hakvjELfpKPecIo7NAX1XCmiw7f+M
2kTfRXGlu0F0kKc+AD+xPC0tunfpacPX/xGtquPz0xp2XbKktNkj8NoUBO7BRtwrfjBXL7ZV
irlVofs6j7w8Ka9SRtP8GLqsW+LFDQrbsDM2exvp7u61mKvTpuafOUqkqIIrXw4aDOIxjwON
gjunZ4k38kZADxR+uzzwNFnn15qtLNECUMpOJDPplBDg0uVRQjn1BJ44AkcdwLM3unMp9BvO
8DKg2Q6kmd5+qu3OH+BVaqDAD+5sED/LC+QGeTIEHGNbTP3hs6dGyeCcNQnORvn5JoMImUk0
mmV/KV+qpGhi9PSxN44Kau4fWsaWIO33w1vMSnPf/s77dBT0uLT45G/1/b1N3WbD6eKTt+iC
/+Ovp+MmWv6Fd2fPXEvwedUAEQEAAbQeUm9nZXJpbyBDIDxyb2djb3N0YUBkZWkudWMucHQ+
iHUEEBYKAB0WIQTzZrv2P/XfDSKZTqn605rfvJqhwQUCaZMIVAAKCRD605rfvJqhwW/8AQDq
k4kNVJOuOjHiq+F9K7X/QFJp3+z109x/ZpVGtP6aGgD6AlzWjGubsavImEMVN9QKr7tYEOWy
NHldePm87lnDuQSJAbMEEAEIAB0WIQSORfJtzGpnilRlTysk/REF2WdojAUCaZL1XwAKCRAk
/REF2WdojPPkC/40CesTUAcCnvKe/UHTbn483zcW8RSsXRzQZDE4iaOZQ2jCS9uzT+SaVNy5
J8n3PNfghq19yZeyfWZrBHQBCqFwEvYqXZ/z1Qmz8wFvtDX+B5o15kuGO28/epXR7iqx/v53
+le7VmuBR6ri2kq6uT1xzotd6NYcmZpRprnzaGvCUWtuPWhG7SHjZ1TZIJuJ5cmGG8bq/wu/
n+fcSwa3evCUR0ErkqpcC+Z9Ll8wGuSioov5A3B9UW+QWoC68VyC53RSyanNAYI3czJu5Ltq
qXNxOv1xC1gew8FvBuxCF/3z++h2W+E5HO02zRwtqglr5ZBr4UmI0E4s8xWq0DWBU+iLwwXq
GVNZFiJ+fNVHW6cu4deMOMVNrGJlVmlki+GkIFanlrVOwWq2+vsJFYYvHa5zBwjRRqhK5tRk
OOa0qD3KLsCzKpiCSNb+g7TEjHqmpB/h3/MFf5mVlIiOnGYTDWBlMwZLllpLMc/3/mFm5nfX
ofuPGl2BHUv0kdSKSa6QiEOJAbMEEAEIAB0WIQSTCl6/mmEFADoHYKEIKzRkXO0zjQUCaZMV
9QAKCRAIKzRkXO0zjZoDC/9fcB7uDf3QSrIGm+zO//sALNCe0FSOQ5Rn8ZzMOTn3HBI5i7ct
dZntTZuYFLa0HHWUxHBoCSwMnP5oNG91xpRTxsYpucFkKMljSiSKPgoOGxEaJDW2rK39CbzY
xDSa9bhnbXzLWn4laTI8n6iip95IWXuqfIqYc6jfVC3YOBg+8rJ8nAJr6CWIX/6k4bavKVQQ
4bWeuICqUlbNRhZF1BZtCPrFbrChcB+n7CqK0EGkOoySekMr/6VzwgNmuCa2m8Gi9YqzrLLd
AzPl0mfruNHhHLBrnM0rNMMOaR39/+0xSl6c3JcsQWmgBUM1lt0th1n/yKHJMM802IyQefhR
aJhg++xjP61vOLuJa7pb5UWiyupstKemX+8f6X970bvYPj0OaSwy4ewgxU2D5Paqd7qonnct
eYosMnB87ZfS67LcK6YRdqjJeThaQmFujta2hUM6ZczlqGaTsOmZ/GBxIvXGYBrcrnv4d6cj
nSGwXKKSHD2EWSNsxfIBILkQDEotD5uJAbMEEAEIAB0WIQS/yqosJXwrVXFgqQa1WXCyNLIK
ZQUCaZMSBAAKCRC1WXCyNLIKZeU7C/4t2QA7MGNJC+uDk4p/VMfqLFz4yoJOQmAyqI+jbJwn
T+cu2airiE74Nt77kEHjDzyD47LSGjsFe/ynK+Ey/9SeRrzA/NBngP919LW2nSwonfAIiDZ4
dHD/aeRVCdX6Ni6PY/dc5b5ztMEgu0XBlUtWMkrrPaTmiCQ1wX5IuxrSLwldbgA8ME2TZYh7
XQ1LUt1n15FipmdBaXxTK5FrqqWeLLxfPdntZVMQnh2nyaqAF6aEZBRj47UrcbJEIM399G8P
nVExdvOqcCi/CDY15BVBmx/EkWTnudta7fOQgiJiOJ3WLDXvMTEEG06I/dw+eZgGLwl7Ep/x
zrTP65tF032dxbNy1RONOijlj+l/NuOM7pFofx6yCzmRprbydyb9uM1ysRSV0GI1YW2krFzj
ZZosZvPB470svviF8adgIQBV5TZQCzWBY+Bc5gimpZwcWCI+ByQfRAimerOgPqz/r2jQglgP
u4PwnChSTrfNMKyAfpHIKgXAj2ar6X3IvHCkv/OJAdgEEwEIAEIWIQQ3eZDCVL86W7QFeUkd
N5xZDJkDjwUCaYtmPAIbAwUJA8JnAAULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcCF4AACgkQ
HTecWQyZA49onAv9GbcIpT9a52ZfSLfoXUWAVsYrCwfPb6OG+7NwJXwUPf69gK2ZSWZLrcPl
7gLYKkWsQ2LS9Pb+kirfENk9Xvw+DMBk0KKlvsC3dOFl4srkdvuAoWvR4x5lCKBBusjM2ByR
kRtN68a3xhLrNIHF7uxFefMIyetCJhGl1Z4rgRzslFjsjeZqv5hs7lYBtodrKXvWOfyEvZRw
Zpibyu3v+6YgpZKdq/YQd/DNMBgCWJZOUvKbj/XiCVQ+zKBDEZpjM56TqSyqaTs7OyTXlZGX
WRYXbtOeEf5NFlUT57FetrSszStJKow7AlLBfPlcwFgDEEKNiLf0asfdnfHepR3MT5ULNdut
hLniGbN8HItqY94dipc0D2l3q/REY7VrsZa3vBmWdMecCLMDLO37CzIqjUO+tIGWOFhXpH86
ARRb3C4mi39aTk8XlAQ6nUctrQSHd+oRFKRqXznAGIHHo83L7z5XvRwZ/ehZww+h0QL4JEgm
Jaja3SZFkqf1/yGwT1EyqfVzuQGNBGmLZjwBDAC7UT7SgI/lKTAP5fyrDXDaIsVKCPZ0K+ui
BqR+Po765zZyuZnCd8IMaeGJZipa4Jc2HRBfb2t/4drDWChhjiMtSk2jA+Ke+z/Gg8yCskg2
aSjhiKb4dZkCWwg0+Avca3ad8F3G+pbP/aubTH2FydrJP0dQW7sPChKPEhDH83g4ek7w3CXs
tSLQ8f3orxxqNvDr3BuVK4Lej1zgXMhSUWcTNqFje1jUwG+V03FoHfvM67HTGmnOngu9fCX0
QbIc0x++zJg3MvPZ+hsSnJ3EemVMc5SMH/GCwIUTufEdpkCLmjETvCFT9JaVwBtgFvsF6adq
7JMD7wcogGMVXDqrWMONZJPhiLPK9AI57zi7a31AFJEfyMMaBT3io5KdzfM0LCkpI/VT/tsO
tM/adnID1cFt47WjeQQ0Ed0kH4fk91/wZaMAlgYeN2TSaYjb0v4RkSIWlYz2KyZ2XPaUtYyS
Md6CmOHchTUTJ9x/qvXD53FYjnkX309c1a9Z++76R+QU6IkAEQEAAYkBvAQYAQgAJhYhBDd5
kMJUvzpbtAV5SR03nFkMmQOPBQJpi2Y8AhsMBQkDwmcAAAoJEB03nFkMmQOPy/EL/2NTDXEI
6ZshBZgK1UOxIWLaKuK4LwMimz3IpfWH6E1acSV4oEn5S+kGCzCeWwbOqhjFP5YYlcN3IMJX
KddpFVn+LiN178qJZM+WxbJdRlc3n9+F2693zGMxmNtgjJ9TDCjar8nyoxWcpKXOtjxf204T
HZAq/r2l/NHvrqZ4KJ5RU5I1Gb43UcarxZHBHy6N1Z323Zt5UMgA3WWMeXB+r374IBg4g5/l
WCfhytvZtwVIDDERFMqpyikhlrOzLJQgVoPHUt7PCslvAaVlz1Mkj7JkF+gwizJ+zsCIkJ2Z
YYk5nfVtDf2xEasrZgs3XF6yhXKHIS1DyIELaLzr6UkLz0H/pwgjHGG9G6pcuMeuS4vR7MEE
7OssNRo43LjtGT9WglRhMqjqiqAIZUM6NFZ2AQQci5tOj3nNQQHovVaPm0PcC1fv99eMsDBX
o7LiabG3y38e2q2TzbNl7v3zTXimQKtYzoff6kGr9JnKr1pD/63qZlrTrVEq/SyMrKmWN3Aq
Rw==
=as3M
-----END PGP PUBLIC KEY BLOCK-----

19
conf/client.conf
View File

@@ -1,19 +0,0 @@
client
dev tun
proto udp
remote 193.136.212.1 1194 # ip da vpn gateway
persist-tun
persist-key
# certificados
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/user.crt
key /etc/openvpn/client/user.key
# auth
cipher AES-256-GCM
auth SHA256
auth-user-pass
tls-auth /etc/openvpn/client/ta.key 1
reneg-sec 0

3
conf/httpd-totp
View File

@@ -1,3 +0,0 @@
auth required pam_google_authenticator.so forward_pass secret=/home/${USER}/.google_authenticator user=apache
auth required pam_unix.so use_first_pass
account required pam_unix.so

1
conf/httpd.conf
View File

@@ -1 +0,0 @@
# LoadModule authnz_pam_module modules/mod_authnz_pam.so

32
conf/ocsp-verify.sh
View File

@@ -1,32 +0,0 @@
#!/bin/bash
depth=$1
env >> /etc/openvpn/server/ocsp_env.log
if [ "$depth" -eq 0 ]; then
echo "Checking OCSP for serial=$tls_serial_0" >> /etc/openvpn/server/ocsp.log
if [ -n "$tls_serial_0" ]; then
# é preciso converter o serial para hexadecimal porque o openssl espera em hex
hex_serial=$(printf '%x' "$tls_serial_0")
status=$(openssl ocsp -issuer /etc/openvpn/server/ca.crt -serial "0x$hex_serial" -url http://10.60.0.1:8888 -CAfile /etc/openvpn/server/ca.crt 2>>/etc/openvpn/server/ocsp.log)
echo "OCSP Status: $status" >> /etc/openvpn/server/ocsp.log
if echo "$status" | grep -q "revoked"; then
echo "Result: REVOKED" >> /etc/openvpn/server/ocsp.log
exit 1
fi
if echo "$status" | grep -q "good"; then
echo "Result: GOOD" >> /etc/openvpn/server/ocsp.log
exit 0
fi
echo "Result: UNKNOWN/ERROR" >> /etc/openvpn/server/ocsp.log
exit 1
else
echo "tls_serial_0 is empty!" >> /etc/openvpn/server/ocsp.log
exit 1
fi
fi
echo "ERROR: depth > 0" >> /etc/openvpn/server/ocsp.log
exit 0

0
conf/openssl.cnf
View File

57
conf/ssl.conf
View File

@@ -1,57 +0,0 @@
Listen 443 https
<VirtualHost *:443>
ServerName 10.60.0.1
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key
SSLCACertificateFile /etc/httpd/ssl/ca.crt
# Mutual Authentication (Client Cert)
SSLVerifyClient require
SSLVerifyDepth 1
# OCSP Validation against CA
SSLOCSPEnable on
SSLOCSPDefaultResponder "http://10.60.0.1:8888"
SSLOCSPOverrideResponder on
SSLOCSPUseRequestNonce off
# Session management for Form Auth
Session On
SessionCookieName session path=/;HttpOnly;Secure
# Protected Area
<Location "/">
AuthType Form
AuthName "Coimbra VPN"
AuthFormProvider PAM
AuthPAMService httpd-totp
AuthFormLoginRequiredLocation "/login.html"
Require valid-user
</Location>
# Public Login Page
<Location "/login.html">
AuthType None
Require all granted
</Location>
# Login Handler
<Location "/dologin">
SetHandler form-login-handler
AuthType Form
AuthName "Coimbra VPN"
AuthFormProvider PAM
AuthPAMService httpd-totp
AuthFormLoginSuccessLocation "/index.html"
AuthFormLoginRequiredLocation "/login.html?error=1"
</Location>
# Logout Handler
<Location "/logout">
SetHandler form-logout-handler
AuthFormLogoutLocation "/login.html?loggedout=1"
</Location>
</VirtualHost>

3
conf/totp
View File

@@ -1,3 +0,0 @@
auth required pam_google_authenticator.so forward_pass
auth required pam_unix.so use_first_pass
account required pam_unix.so

29
conf/vpn.conf
View File

@@ -1,29 +0,0 @@
local 193.136.212.1
port 1194
proto udp
dev tun
# Bro is too honorable
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/vpn.crt
key /etc/openvpn/server/vpn.key
dh /etc/openvpn/server/dh2048.pem
server 10.8.0.0 255.255.255.0
verb 4
topology subnet
push "route 10.60.0.0 255.255.255.0"
# OCSP and Revocation
script-security 2
tls-verify /etc/openvpn/server/ocsp-verify.sh
# auth
cipher AES-256-GCM
auth SHA256
# plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so totp
tls-auth /etc/openvpn/server/ta.key 0

BIN
enunciado.pdf
View File

Binary file not shown.

143
enunciado.txt
View File

@@ -1,143 +0,0 @@
FSI 2025/2026
Practical Assignment #2
1. Goals
Configure a VPN tunnel in the “road warrior” scenario.
Enable two-factor user authentication with OpenVPN and Apache services.
Manage PKI: certification authorities, X.509 certificates, revocation and OCSP.
2. General description
Figure 1 illustrates the scenario considered for our practical assignment. As illustrated, secure communications are
supported by a VPN tunnel established between a remote client (road warrior) and the VPN gateway, with the purpose of
enabling accesses to services in the Internal Network, particularly a web server running Apache. To enable the VPN tunnel,
we will use OpenVPN (https://openvpn.net).
Figure 1 Scenario for the Practical Assignment #1
Regarding authentication, the two communication entities participating in the VPN tunnel (road warrior and the VPN
gateway) should possess valid X.509 certificates, which are created with a private Certification Authority (CA). Users
establishing remote connections to the VPN gateway (road warriors), as well as users connecting to the Apache server, will
also use two-factor authentication, as described below. Apache must also implement client authentication via X.509
certificates. Figure 2 provides an illustration of the interactions between all the entities involved in this setup.
Figure 2 X.509 mutual authentication and OCSP
As we can observe in Figure 2, the VPN gateway and the Apache web server must verify the status of validity of certificates
using OCSP (Online Certificate Status Protocol) and revocation information from the CA. OCSP verification in not
required for the road warrior. Next, we describe the configuration requirements for the various components of the
assignment.
3. Configuration requirements
VPN tunnel for remote access (road warriors)
As illustrated in Figure 1, remote clients (road warriors) are able to connect to the Coimbra VPN gateway, and using the
tunnel remotely access hosts in the Internal network. The following configuration requirements should be considered:
In order to establish a VPN tunnel with the Coimbra gateway, the road warrior must be in the possession of a valid
X.509 certificate, issued by the private CA of the scenario.
The road warrior and the Coimbra VPN gateway must perform mutual authentication using X.509 digital certificates.
The Coimbra VPN gateway should verify the validity of the X.509 certificate presented by the road warrior using OCSP
and, in case the certificate is revoked, the gateway should refuse the connection.
In order to authorize the remote user, the Coimbra gateway should also enforce two other authentication steps: the user
must present a valid username and password, plus a one-time password (OTP, or an authentication token).
Web server
2
The road warrior user should be able to contact the Apache web server with HTTPS through the VPN tunnel. The
following configuration requirements should be considered:
Apache should enforce two-factor authentication in order to authorize accesses from clients: the client (browser) should
present a valid X.509 certificate (issued with the private CA of the scenario) and the user should also present a valid onetime password (or authentication token).
As in the VPN, the validity of the X.509 certificate presented by the client should be checked in the CA using OCSP.
Two-factor user authentication
As previously discussed, VPN establishment and HTTPS accesses to Apache make use of one-time passwords
(authentication tokens), which may be generated by an appropriate application. One-time passwords may be generated using
the TOTP (Time-based One-time Password Algorithm). This algorithm employs a secret key shared between the user
(client) and the remote service, plus a timestamp (obtained from the current system time), to obtain a one-time password.
In order to generate a one-time password, the user may use an application such as Google Authenticator, illustrated in
Figure 3. This application periodically generates a new one-time password that can be used to authenticate the user with the
remote service. This application is available for iOS and Android 1.
Certification authority
As already discussed, the goal is to use OpenSSL to configure a private Certification Authority, as well as to issue and revoke
X.509 digital certificates for the VPN gateways and remote users. The following configuration requirements should be
considered:
The Certification Authority is used to issue certificates for the VPN gateway, VPN client and Apache web server.
The Certification Authority allows the revocation of certificates previously issued.
The Certification Authority also supports a OCSP responder.
For Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en and
for Apple iOS: https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8
1
3
Figure 3 Google Authenticator app, to generate a one-time password to access services enabled with two-factor authentication
4. Delivery of the Practical Assignment
With the assignment, please deliver also a report, containing the following information:
Descriptions of the configurations for the implementation of the previous requirements.
A description of how the private Certification Authority was created using OpenSSL.
A description of how X.509 certificates were issued and revoked using the private Certification Authority.
A description of the tests performed to validate the functionalities implemented.
Remaining information considered relevant.
For the delivery of the assignment, put your report, as well as the relevant configuration files, in a single archive. This archive
should be signed using your PGP key and encrypted using the PGP key of your PL teacher.
Note: Assignments without PGP will be accepted, although with a discount of 5% in the final grade.
Delivery deadline:
The deadline for the delivery of the assignment (configuration files and report) is May 3rd 2026.
Submission via Inforestudante.
4

13
assignment1/relatorio.aux → relatorio.aux
View File

@@ -5,9 +5,10 @@
\babel@aux{portuguese}{}
\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {2}Firewall}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {4}Tests utilizados}{5}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusion}{5}{}\protected@file@percent }
\gdef \@abspage@last{5}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Packet fileter with NAT}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Packet filtering without NAT}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {2.3}External Network}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {2.4}Internal Network}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {3}Intrusion Detection}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {4}Conclusion}{2}{}\protected@file@percent }
\gdef \@abspage@last{2}

137
assignment1/relatorio.log → relatorio.log
View File

@@ -1,4 +1,4 @@
This is pdfTeX, Version 3.141592653-2.6-1.40.27 (TeX Live 2026/dev/Arch Linux) (preloaded format=pdflatex 2026.1.17) 22 MAR 2026 22:27
This is pdfTeX, Version 3.141592653-2.6-1.40.27 (TeX Live 2026/dev/Arch Linux) (preloaded format=pdflatex 2026.1.17) 16 MAR 2026 16:24
entering extended mode
\write18 enabled.
%&-line parsing enabled.
@@ -89,80 +89,52 @@ LaTeX Info: Redefining \textulc on input line 49.
LaTeX Info: Redefining \oldstylenums on input line 163.
LaTeX Info: Redefining \textsw on input line 173.
)
(/usr/share/texmf-dist/tex/latex/listings/listings.sty
\lst@mode=\count273
\lst@gtempboxa=\box52
\lst@token=\toks19
\lst@length=\count274
\lst@currlwidth=\dimen143
\lst@column=\count275
\lst@pos=\count276
\lst@lostspace=\dimen144
\lst@width=\dimen145
\lst@newlines=\count277
\lst@lineno=\count278
\lst@maxwidth=\dimen146
(/usr/share/texmf-dist/tex/latex/listings/lstpatch.sty
File: lstpatch.sty 2024/09/23 1.10c (Carsten Heinz)
)
(/usr/share/texmf-dist/tex/latex/listings/lstmisc.sty
File: lstmisc.sty 2024/09/23 1.10c (Carsten Heinz)
\c@lstnumber=\count279
\lst@skipnumbers=\count280
\lst@framebox=\box53
)
(/usr/share/texmf-dist/tex/latex/listings/listings.cfg
File: listings.cfg 2024/09/23 1.10c listings configuration
))
Package: listings 2024/09/23 1.10c (Carsten Heinz)
LaTeX Font Info: Trying to load font information for OT1+EBGaramond-LF on in
put line 28.
put line 11.
(/usr/share/texmf-dist/tex/latex/ebgaramond/OT1EBGaramond-LF.fd
File: OT1EBGaramond-LF.fd 2023/03/19 (autoinst) Font definitions for OT1/EBGara
mond-LF.
)
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
(Font) scaled to size 12.0pt on input line 28.
(Font) scaled to size 12.0pt on input line 11.
(/usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
File: l3backend-pdftex.def 2024-05-08 L3 backend support: PDF output (pdfTeX)
\l__color_backend_stack_int=\count281
\l__pdf_internal_box=\box54
\l__color_backend_stack_int=\count273
\l__pdf_internal_box=\box52
)
(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
\openout1 = `relatorio.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 28.
LaTeX Font Info: ... okay on input line 28.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 28.
LaTeX Font Info: ... okay on input line 28.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 28.
LaTeX Font Info: ... okay on input line 28.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 28.
LaTeX Font Info: ... okay on input line 28.
LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 28.
LaTeX Font Info: ... okay on input line 28.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 28.
LaTeX Font Info: ... okay on input line 28.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 28.
LaTeX Font Info: ... okay on input line 28.
\c@mv@tabular=\count282
\c@mv@boldtabular=\count283
\c@lstlisting=\count284
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 11.
LaTeX Font Info: ... okay on input line 11.
\c@mv@tabular=\count274
\c@mv@boldtabular=\count275
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
(Font) scaled to size 20.74pt on input line 29.
(Font) scaled to size 20.74pt on input line 12.
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
(Font) scaled to size 14.4pt on input line 29.
(Font) scaled to size 14.4pt on input line 12.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <14.4> on input line 29.
(Font) <14.4> on input line 12.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <7> on input line 29.
(Font) <7> on input line 12.
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
(Font) scaled to size 17.28pt on input line 30.
(Font) scaled to size 17.28pt on input line 13.
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be
(Font) scaled to size 17.28pt on input line 30.
(Font) scaled to size 17.28pt on input line 13.
(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.toc
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be
@@ -183,62 +155,31 @@ LaTeX Font Info: External font `cmex10' loaded for size
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texmf-dist/fonts
/enc/dvips/ebgaramond/ebg_dacnth.enc}]
(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
File: lstlang1.sty 2024/09/23 1.10c listings language file
)
(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
File: lstlang1.sty 2024/09/23 1.10c listings language file
)
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
(Font) scaled to size 10.0pt on input line 37.
Overfull \hbox (7.49481pt too wide) in paragraph at lines 42--44
\OT1/EBGaramond-LF/m/n/12 As tr[]es re-des tem va-rios servi[]os, o DMZ tem dns
(23.214.219.130), mail(23.214.219.134),
[]
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be
(Font) scaled to size 14.4pt on input line 45.
(Font) scaled to size 14.4pt on input line 19.
[2]
[3]
LaTeX Font Info: Font shape `OT1/cmtt/bx/n' in size <10> not available
(Font) Font shape `OT1/cmtt/m/n' tried instead on input line 93.
[4{/usr/share/texmf-dist/fonts/enc/dvips/cm-super/cm-super-ts1.enc}]
Overfull \hbox (23.24622pt too wide) in paragraph at lines 125--126
\OT1/EBGaramond-LF/m/n/12 Ao realizar-mos este pro-jeto apren-de-mos so-bre a c
ria[][]ao de sce-na-rios em VMs, a configura[][]ao
[]
[5] (/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
[2] (/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
***********
LaTeX2e <2024-11-01> patch level 2
L3 programming layer <2025-01-18>
***********
)
Here is how much of TeX's memory you used:
4439 strings out of 474546
72779 string characters out of 5749982
968296 words of memory out of 5000000
27469 multiletter control sequences out of 15000+600000
573916 words of font info for 59 fonts, out of 8000000 for 9000
2577 strings out of 474546
48289 string characters out of 5749982
436453 words of memory out of 5000000
25628 multiletter control sequences out of 15000+600000
572213 words of font info for 55 fonts, out of 8000000 for 9000
352 hyphenation exceptions out of 8191
57i,7n,99p,546b,1693s stack positions out of 10000i,1000n,20000p,200000b,200000s
57i,7n,65p,220b,231s stack positions out of 10000i,1000n,20000p,200000b,200000s
</usr/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Bold.pfb></us
r/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Regular.pfb></usr/s
hare/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt10.pfb></usr/share/texmf-dis
t/fonts/type1/public/cm-super/sftt1000.pfb>
r/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Regular.pfb>
Output written on /home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/rela
torio.pdf (5 pages, 78451 bytes).
torio.pdf (2 pages, 42851 bytes).
PDF statistics:
42 PDF objects out of 1000 (max. 8388607)
26 compressed objects within 1 object stream
22 PDF objects out of 1000 (max. 8388607)
13 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
relatorio.pdf Normal file
View File

Binary file not shown.

BIN
relatorio.synctex.gz Normal file
View File

Binary file not shown.

29
relatorio.tex Normal file
View File

@@ -0,0 +1,29 @@
\documentclass[12pt,a4paper]{article}
\usepackage[portuguese]{babel}
\usepackage[lining]{ebgaramond}
\title{Practical Assignment \#1}
\author{
João Neto -- \\[1em]
Vasco Alves -- 2022228207
}
\begin{document}
\maketitle
\tableofcontents
\newpage
\section{Introduction}
\section{Firewall}
Sigmasigmaboy123
\subsection{Packet fileter with NAT}
\subsection{Packet filtering without NAT}
\subsection{External Network}
\subsection{Internal Network}
\section{Intrusion Detection}
\section{Conclusion}
\end{document}

9
relatorio.toc Normal file
View File

@@ -0,0 +1,9 @@
\babel@toc {portuguese}{}\relax
\contentsline {section}{\numberline {1}Introduction}{2}{}%
\contentsline {section}{\numberline {2}Firewall}{2}{}%
\contentsline {subsection}{\numberline {2.1}Packet fileter with NAT}{2}{}%
\contentsline {subsection}{\numberline {2.2}Packet filtering without NAT}{2}{}%
\contentsline {subsection}{\numberline {2.3}External Network}{2}{}%
\contentsline {subsection}{\numberline {2.4}Internal Network}{2}{}%
\contentsline {section}{\numberline {3}Intrusion Detection}{2}{}%
\contentsline {section}{\numberline {4}Conclusion}{2}{}%

BIN
relatorio/google-authenticator.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 22 KiB

24
relatorio/relatorio.aux
View File

@@ -1,24 +0,0 @@
\relax
\providecommand \babel@aux [2]{\global \let \babel@toc \@gobbletwo }
\@nameuse{bbl@beforestart}
\catcode `"\active
\providecommand\hyper@newdestlabel[2]{}
\providecommand\HyField@AuxAddToFields[1]{}
\providecommand\HyField@AuxAddToCoFields[2]{}
\babel@aux{portuguese}{}
\def\@LN@column{1}
\@writefile{toc}{\contentsline {section}{\numberline {1}Introdução}{2}{section.1}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {2}Criação de certificados}{2}{section.2}\protected@file@percent }
\def\@LN@column{1}
\@writefile{toc}{\contentsline {section}{\numberline {3}Configuração geral}{3}{section.3}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {4}Configuração da \textit {Gateway} VPN}{3}{section.4}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Configurar TOTP}{3}{subsection.4.1}\protected@file@percent }
\def\@LN@column{1}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}Encaminhamento e Firewall}{4}{subsection.4.2}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {5}Configuração do Cliente (Road Warrior)}{4}{section.5}\protected@file@percent }
\def\@LN@column{1}
\@writefile{toc}{\contentsline {section}{\numberline {6}Servidor Apache e OCSP}{5}{section.6}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {6.1}Revocation e OCSP}{5}{subsection.6.1}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {7}Conclusão}{5}{section.7}\protected@file@percent }
\xdef \mintedoldcachechecksum{\detokenize{\minted@cachechecksum }}
\gdef \@abspage@last{5}

926
relatorio/relatorio.log
View File

@@ -1,926 +0,0 @@
This is pdfTeX, Version 3.141592653-2.6-1.40.29 (TeX Live 2026/Arch Linux) (preloaded format=pdflatex 2026.4.13) 24 APR 2026 18:42
entering extended mode
\write18 enabled.
%&-line parsing enabled.
**/home/raw/uni/fsi/trabalho/relatorio/relatorio
(/home/raw/uni/fsi/trabalho/relatorio/relatorio.tex
LaTeX2e <2025-11-01>
L3 programming layer <2026-01-19>
(/usr/share/texmf-dist/tex/latex/base/article.cls
Document Class: article 2025/01/22 v1.4n Standard LaTeX document class
(/usr/share/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2025/01/22 v1.4n Standard LaTeX file (size option)
)
\c@part=\count275
\c@section=\count276
\c@subsection=\count277
\c@subsubsection=\count278
\c@paragraph=\count279
\c@subparagraph=\count280
\c@figure=\count281
\c@table=\count282
\abovecaptionskip=\skip49
\belowcaptionskip=\skip50
\bibindent=\dimen148
)
(/usr/share/texmf-dist/tex/generic/babel/babel.sty
Package: babel 2026/02/14 v26.3 The multilingual framework for LuaLaTeX, pdfLaT
eX and XeLaTeX
\babel@savecnt=\count283
LaTeX Encoding Info: Redeclaring text command \ij (encoding OT1) on input li
ne 2078.
LaTeX Encoding Info: Redeclaring text command \IJ (encoding OT1) on input li
ne 2080.
LaTeX Encoding Info: Redeclaring text command \ij (encoding T1) on input lin
e 2082.
LaTeX Encoding Info: Redeclaring text command \IJ (encoding T1) on input lin
e 2083.
LaTeX Encoding Info: Ignoring declaration for text command \ij (encoding ?)
on input line 2084.
LaTeX Encoding Info: Ignoring declaration for text command \IJ (encoding ?)
on input line 2086.
LaTeX Encoding Info: Ignoring declaration for text command \SS (encoding ?)
on input line 2111.
\U@D=\dimen149
\l@unhyphenated=\language4
(/usr/share/texmf-dist/tex/generic/babel/txtbabel.def)
\bbl@readstream=\read2
\bbl@dirlevel=\count284
(/usr/share/texmf-dist/tex/generic/babel/locale/pt/babel-portuguese.tex)
Package babel Info: Importing font and identification data for portuguese
(babel) from babel-pt.ini. Reported on input line 4330.
(/usr/share/texmf-dist/tex/generic/babel-portuges/portuguese.ldf
Language: portuges 2026/01/24 v1.2u Portuguese support from the babel system
Package babel Info: Making " an active character on input line 132.
))
(/usr/share/texmf-dist/tex/latex/ebgaramond/ebgaramond.sty
Package: ebgaramond 2024/04/23 (Bob Tennent and autoinst) Style file for EB Gar
amond fonts.
(/usr/share/texmf-dist/tex/generic/iftex/ifxetex.sty
Package: ifxetex 2019/10/25 v0.7 ifxetex legacy package. Use iftex instead.
(/usr/share/texmf-dist/tex/generic/iftex/iftex.sty
Package: iftex 2024/12/12 v1.0g TeX engine tests
))
(/usr/share/texmf-dist/tex/generic/iftex/ifluatex.sty
Package: ifluatex 2019/10/25 v1.5 ifluatex legacy package. Use iftex instead.
)
(/usr/share/texmf-dist/tex/latex/xkeyval/xkeyval.sty
Package: xkeyval 2025/11/04 v2.10 package option processing (HA)
(/usr/share/texmf-dist/tex/generic/xkeyval/xkeyval.tex
(/usr/share/texmf-dist/tex/generic/xkeyval/xkvutils.tex
\XKV@toks=\toks17
\XKV@tempa@toks=\toks18
\XKV@tempb@toks=\toks19
(/usr/share/texmf-dist/tex/generic/xkeyval/keyval.tex))
\XKV@depth=\count285
File: xkeyval.tex 2014/12/03 v2.7a key=value parser (HA)
))
(/usr/share/texmf-dist/tex/latex/base/textcomp.sty
Package: textcomp 2024/04/24 v2.1b Standard LaTeX package
)
(/usr/share/texmf-dist/tex/latex/base/fontenc.sty
Package: fontenc 2025/07/18 v2.1d Standard LaTeX package
)
(/usr/share/texmf-dist/tex/latex/fontaxes/fontaxes.sty
Package: fontaxes 2026-01-02 v2.0.2 Font selection axes (deprecated)
Applying: [2024-11-01] Use figureversions if present on input line 74.
(/usr/share/texmf-dist/tex/latex/figureversions/figureversions.sty
Package: figureversions 2025-04-29 v1.0.1 Figure versions
)
Already applied: [0000-00-00] Fall back to v1 on input line 76.
)
LaTeX Info: Redefining \oldstylenums on input line 163.
LaTeX Info: Redefining \textsw on input line 173.
)
(/usr/share/texmf-dist/tex/latex/listings/listings.sty
\lst@mode=\count286
\lst@gtempboxa=\box53
\lst@token=\toks20
\lst@length=\count287
\lst@currlwidth=\dimen150
\lst@column=\count288
\lst@pos=\count289
\lst@lostspace=\dimen151
\lst@width=\dimen152
\lst@newlines=\count290
\lst@lineno=\count291
\lst@maxwidth=\dimen153
(/usr/share/texmf-dist/tex/latex/listings/lstpatch.sty
File: lstpatch.sty 2025/11/14 1.11b (Carsten Heinz)
)
(/usr/share/texmf-dist/tex/latex/listings/lstmisc.sty
File: lstmisc.sty 2025/11/14 1.11b (Carsten Heinz)
\c@lstnumber=\count292
\lst@skipnumbers=\count293
\lst@framebox=\box54
)
(/usr/share/texmf-dist/tex/latex/listings/listings.cfg
File: listings.cfg 2025/11/14 1.11b listings configuration
))
Package: listings 2025/11/14 1.11b (Carsten Heinz)
==> First Aid for listings.sty no longer applied!
Expected:
2024/09/23 1.10c (Carsten Heinz)
but found:
2025/11/14 1.11b (Carsten Heinz)
so I'm assuming it got fixed.
(/usr/share/texmf-dist/tex/latex/booktabs/booktabs.sty
Package: booktabs 2020/01/12 v1.61803398 Publication quality tables
\heavyrulewidth=\dimen154
\lightrulewidth=\dimen155
\cmidrulewidth=\dimen156
\belowrulesep=\dimen157
\belowbottomsep=\dimen158
\aboverulesep=\dimen159
\abovetopsep=\dimen160
\cmidrulesep=\dimen161
\cmidrulekern=\dimen162
\defaultaddspace=\dimen163
\@cmidla=\count294
\@cmidlb=\count295
\@aboverulesep=\dimen164
\@belowrulesep=\dimen165
\@thisruleclass=\count296
\@lastruleclass=\count297
\@thisrulewidth=\dimen166
)
(/home/raw/uni/fsi/trabalho/relatorio/style.sty
(/usr/share/texmf-dist/tex/latex/geometry/geometry.sty
Package: geometry 2020/01/02 v5.9 Page Geometry
(/usr/share/texmf-dist/tex/generic/iftex/ifvtex.sty
Package: ifvtex 2019/10/25 v1.7 ifvtex legacy package. Use iftex instead.
)
\Gm@cnth=\count298
\Gm@cntv=\count299
\c@Gm@tempcnt=\count300
\Gm@bindingoffset=\dimen167
\Gm@wd@mp=\dimen168
\Gm@odd@mp=\dimen169
\Gm@even@mp=\dimen170
\Gm@layoutwidth=\dimen171
\Gm@layoutheight=\dimen172
\Gm@layouthoffset=\dimen173
\Gm@layoutvoffset=\dimen174
\Gm@dimlist=\toks21
)
(/usr/share/texmf-dist/tex/latex/raleway/raleway.sty
Package: raleway 2025/04/06 v1.6 Matt McInerneys Raleway family
(/usr/share/texmf-dist/tex/latex/base/fontenc.sty
Package: fontenc 2025/07/18 v2.1d Standard LaTeX package
(/usr/share/texmf-dist/tex/latex/ly1/ly1enc.def
File: ly1enc.def 2022/06/11 v0.8 TeX 'n ANSI encoding (DPC/KB)
Now handling font encoding LY1 ...
... processing UTF-8 mapping file for font encoding LY1
(/usr/share/texmf-dist/tex/latex/base/ly1enc.dfu
File: ly1enc.dfu 2022/06/07 v1.3c UTF-8 support
defining Unicode char U+00A0 (decimal 160)
defining Unicode char U+00A1 (decimal 161)
defining Unicode char U+00A2 (decimal 162)
defining Unicode char U+00A3 (decimal 163)
defining Unicode char U+00A4 (decimal 164)
defining Unicode char U+00A5 (decimal 165)
defining Unicode char U+00A6 (decimal 166)
defining Unicode char U+00A7 (decimal 167)
defining Unicode char U+00AA (decimal 170)
defining Unicode char U+00AB (decimal 171)
defining Unicode char U+00AD (decimal 173)
defining Unicode char U+00AE (decimal 174)
defining Unicode char U+00B0 (decimal 176)
defining Unicode char U+00B5 (decimal 181)
defining Unicode char U+00B6 (decimal 182)
defining Unicode char U+00B7 (decimal 183)
defining Unicode char U+00BA (decimal 186)
defining Unicode char U+00BB (decimal 187)
defining Unicode char U+00BC (decimal 188)
defining Unicode char U+00BD (decimal 189)
defining Unicode char U+00BE (decimal 190)
defining Unicode char U+00BF (decimal 191)
defining Unicode char U+00C0 (decimal 192)
defining Unicode char U+00C1 (decimal 193)
defining Unicode char U+00C2 (decimal 194)
defining Unicode char U+00C3 (decimal 195)
defining Unicode char U+00C4 (decimal 196)
defining Unicode char U+00C5 (decimal 197)
defining Unicode char U+00C6 (decimal 198)
defining Unicode char U+00C7 (decimal 199)
defining Unicode char U+00C8 (decimal 200)
defining Unicode char U+00C9 (decimal 201)
defining Unicode char U+00CA (decimal 202)
defining Unicode char U+00CB (decimal 203)
defining Unicode char U+00CC (decimal 204)
defining Unicode char U+00CD (decimal 205)
defining Unicode char U+00CE (decimal 206)
defining Unicode char U+00CF (decimal 207)
defining Unicode char U+00D0 (decimal 208)
defining Unicode char U+00D1 (decimal 209)
defining Unicode char U+00D2 (decimal 210)
defining Unicode char U+00D3 (decimal 211)
defining Unicode char U+00D4 (decimal 212)
defining Unicode char U+00D5 (decimal 213)
defining Unicode char U+00D6 (decimal 214)
defining Unicode char U+00D8 (decimal 216)
defining Unicode char U+00D9 (decimal 217)
defining Unicode char U+00DA (decimal 218)
defining Unicode char U+00DB (decimal 219)
defining Unicode char U+00DC (decimal 220)
defining Unicode char U+00DD (decimal 221)
defining Unicode char U+00DE (decimal 222)
defining Unicode char U+00DF (decimal 223)
defining Unicode char U+00E0 (decimal 224)
defining Unicode char U+00E1 (decimal 225)
defining Unicode char U+00E2 (decimal 226)
defining Unicode char U+00E3 (decimal 227)
defining Unicode char U+00E4 (decimal 228)
defining Unicode char U+00E5 (decimal 229)
defining Unicode char U+00E6 (decimal 230)
defining Unicode char U+00E7 (decimal 231)
defining Unicode char U+00E8 (decimal 232)
defining Unicode char U+00E9 (decimal 233)
defining Unicode char U+00EA (decimal 234)
defining Unicode char U+00EB (decimal 235)
defining Unicode char U+00EC (decimal 236)
defining Unicode char U+00ED (decimal 237)
defining Unicode char U+00EE (decimal 238)
defining Unicode char U+00EF (decimal 239)
defining Unicode char U+00F0 (decimal 240)
defining Unicode char U+00F1 (decimal 241)
defining Unicode char U+00F2 (decimal 242)
defining Unicode char U+00F3 (decimal 243)
defining Unicode char U+00F4 (decimal 244)
defining Unicode char U+00F5 (decimal 245)
defining Unicode char U+00F6 (decimal 246)
defining Unicode char U+00F8 (decimal 248)
defining Unicode char U+00F9 (decimal 249)
defining Unicode char U+00FA (decimal 250)
defining Unicode char U+00FB (decimal 251)
defining Unicode char U+00FC (decimal 252)
defining Unicode char U+00FD (decimal 253)
defining Unicode char U+00FE (decimal 254)
defining Unicode char U+00FF (decimal 255)
defining Unicode char U+0131 (decimal 305)
defining Unicode char U+0141 (decimal 321)
defining Unicode char U+0142 (decimal 322)
defining Unicode char U+0152 (decimal 338)
defining Unicode char U+0153 (decimal 339)
defining Unicode char U+0160 (decimal 352)
defining Unicode char U+0161 (decimal 353)
defining Unicode char U+0174 (decimal 372)
defining Unicode char U+0175 (decimal 373)
defining Unicode char U+0176 (decimal 374)
defining Unicode char U+0177 (decimal 375)
defining Unicode char U+0178 (decimal 376)
defining Unicode char U+017D (decimal 381)
defining Unicode char U+017E (decimal 382)
defining Unicode char U+0192 (decimal 402)
defining Unicode char U+0218 (decimal 536)
defining Unicode char U+0219 (decimal 537)
defining Unicode char U+021A (decimal 538)
defining Unicode char U+021B (decimal 539)
defining Unicode char U+0237 (decimal 567)
defining Unicode char U+02C6 (decimal 710)
defining Unicode char U+02DC (decimal 732)
defining Unicode char U+2013 (decimal 8211)
defining Unicode char U+2014 (decimal 8212)
defining Unicode char U+201C (decimal 8220)
defining Unicode char U+201D (decimal 8221)
defining Unicode char U+2020 (decimal 8224)
defining Unicode char U+2021 (decimal 8225)
defining Unicode char U+2022 (decimal 8226)
defining Unicode char U+2026 (decimal 8230)
defining Unicode char U+2030 (decimal 8240)
defining Unicode char U+2039 (decimal 8249)
defining Unicode char U+203A (decimal 8250)
defining Unicode char U+2122 (decimal 8482)
defining Unicode char U+FB00 (decimal 64256)
defining Unicode char U+FB01 (decimal 64257)
defining Unicode char U+FB02 (decimal 64258)
defining Unicode char U+FB03 (decimal 64259)
defining Unicode char U+FB04 (decimal 64260)
defining Unicode char U+FB05 (decimal 64261)
defining Unicode char U+FB06 (decimal 64262)
))
LaTeX Font Info: Trying to load font information for T1+EBGaramond-LF on inp
ut line 116.
(/usr/share/texmf-dist/tex/latex/ebgaramond/T1EBGaramond-LF.fd
File: T1EBGaramond-LF.fd 2023/03/19 (autoinst) Font definitions for T1/EBGaramo
nd-LF.
)
LaTeX Font Info: Font shape `T1/EBGaramond-LF/m/n' will be
(Font) scaled to size 10.95pt on input line 116.
))
(/usr/share/texmf-dist/tex/generic/ulem/ulem.sty
\UL@box=\box55
\UL@hyphenbox=\box56
\UL@skip=\skip51
\UL@hook=\toks22
\UL@height=\dimen175
\UL@pe=\count301
\UL@pixel=\dimen176
\ULC@box=\box57
Package: ulem 2019/11/18
\ULdepth=\dimen177
)
(/usr/share/texmf-dist/tex/latex/wrapfig/wrapfig.sty
\wrapoverhang=\dimen178
\WF@size=\dimen179
\c@WF@wrappedlines=\count302
\WF@box=\box58
\WF@everypar=\toks23
Package: wrapfig 2003/01/31 v 3.6
)
(/usr/share/texmf-dist/tex/latex/graphics/graphicx.sty
Package: graphicx 2024/12/31 v1.2e Enhanced LaTeX Graphics (DPC,SPQR)
(/usr/share/texmf-dist/tex/latex/graphics/graphics.sty
Package: graphics 2024/08/06 v1.4g Standard LaTeX Graphics (DPC,SPQR)
(/usr/share/texmf-dist/tex/latex/graphics/trig.sty
Package: trig 2023/12/02 v1.11 sin cos tan (DPC)
)
(/usr/share/texmf-dist/tex/latex/graphics-cfg/graphics.cfg
File: graphics.cfg 2016/06/04 v1.11 sample graphics configuration
)
Package graphics Info: Driver file: pdftex.def on input line 106.
(/usr/share/texmf-dist/tex/latex/graphics-def/pdftex.def
File: pdftex.def 2025/09/29 v1.2d Graphics/color driver for pdftex
))
\Gin@req@height=\dimen180
\Gin@req@width=\dimen181
)
(/usr/share/texmf-dist/tex/latex/tools/tabularx.sty
Package: tabularx 2023/12/11 v2.12a `tabularx' package (DPC)
(/usr/share/texmf-dist/tex/latex/tools/array.sty
Package: array 2025/09/25 v2.6n Tabular extension package (FMi)
\col@sep=\dimen182
\ar@mcellbox=\box59
\extrarowheight=\dimen183
\NC@list=\toks24
\extratabsurround=\skip52
\backup@length=\skip53
\ar@cellbox=\box60
)
\TX@col@width=\dimen184
\TX@old@table=\dimen185
\TX@old@col=\dimen186
\TX@target=\dimen187
\TX@delta=\dimen188
\TX@cols=\count303
\TX@ftn=\toks25
)
(/usr/share/texmf-dist/tex/latex/paracol/paracol.sty
Package: paracol 2025/07/14 1.37 typeset columns in parallel
\pcol@currcol=\count304
\pcol@nextcol=\count305
\pcol@ncol=\count306
\pcol@ncolleft=\count307
\pcol@page=\count308
\pcol@basepage=\count309
\pcol@toppage=\count310
\pcol@footnotebase=\count311
\pcol@nfootnotes=\count312
\pcol@mcid=\count313
\pcol@prevdepth=\dimen189
\pcol@colht=\dimen190
\pcol@textfloatsep=\dimen191
\pcol@lrmargin=\dimen192
\pagerim=\dimen193
\pcol@topskip=\skip54
\belowfootnoteskip=\skip55
\pcol@topfnotes=\box61
\pcol@prespan=\box62
\pcol@rightpage=\box63
\pcol@colorstack@saved=\box64
\pcol@tempboxa=\box65
\pcol@tempboxb=\box66
\pcol@colorins=\insert252
\pcol@everyvbox=\toks26
)
(/usr/share/texmf-dist/tex/latex/xcolor/xcolor.sty
Package: xcolor 2024/09/29 v3.02 LaTeX color extensions (UK)
(/usr/share/texmf-dist/tex/latex/graphics-cfg/color.cfg
File: color.cfg 2016/01/02 v1.6 sample color configuration
)
Package xcolor Info: Driver file: pdftex.def on input line 274.
(/usr/share/texmf-dist/tex/latex/graphics/mathcolor.ltx)
Package xcolor Info: Model `cmy' substituted by `cmy0' on input line 1349.
Package xcolor Info: Model `hsb' substituted by `rgb' on input line 1353.
Package xcolor Info: Model `RGB' extended on input line 1365.
Package xcolor Info: Model `HTML' substituted by `rgb' on input line 1367.
Package xcolor Info: Model `Hsb' substituted by `hsb' on input line 1368.
Package xcolor Info: Model `tHsb' substituted by `hsb' on input line 1369.
Package xcolor Info: Model `HSB' substituted by `hsb' on input line 1370.
Package xcolor Info: Model `Gray' substituted by `gray' on input line 1371.
Package xcolor Info: Model `wave' substituted by `hsb' on input line 1372.
)
(/usr/share/texmf-dist/tex/latex/graphics/dvipsnam.def
File: dvipsnam.def 2016/06/17 v3.0m Driver-dependent file (DPC,SPQR)
)
(/usr/share/texmf-dist/tex/latex/enumitem/enumitem.sty
Package: enumitem 2025/02/06 v3.11 Customized lists
\enitkv@toks@=\toks27
\labelindent=\skip56
\enit@outerparindent=\dimen194
\enit@toks=\toks28
\enit@inbox=\box67
\enit@count@id=\count314
\enitdp@description=\count315
)
(/usr/share/texmf-dist/tex/latex/amsfonts/amssymb.sty
Package: amssymb 2013/01/14 v3.01 AMS font symbols
(/usr/share/texmf-dist/tex/latex/amsfonts/amsfonts.sty
Package: amsfonts 2013/01/14 v3.01 Basic AMSFonts support
\@emptytoks=\toks29
\symAMSa=\mathgroup4
\symAMSb=\mathgroup5
LaTeX Font Info: Redeclaring math symbol \hbar on input line 98.
LaTeX Font Info: Overwriting math alphabet `\mathfrak' in version `bold'
(Font) U/euf/m/n --> U/euf/b/n on input line 106.
))
(/usr/share/texmf-dist/tex/latex/hyperref/hyperref.sty
Package: hyperref 2026-01-29 v7.01p Hypertext links for LaTeX
(/usr/share/texmf-dist/tex/latex/kvsetkeys/kvsetkeys.sty
Package: kvsetkeys 2022-10-05 v1.19 Key value parser (HO)
)
(/usr/share/texmf-dist/tex/generic/kvdefinekeys/kvdefinekeys.sty
Package: kvdefinekeys 2019-12-19 v1.6 Define keys (HO)
)
(/usr/share/texmf-dist/tex/generic/pdfescape/pdfescape.sty
Package: pdfescape 2019/12/09 v1.15 Implements pdfTeX's escape features (HO)
(/usr/share/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty
Package: ltxcmds 2023-12-04 v1.26 LaTeX kernel commands for general use (HO)
)
(/usr/share/texmf-dist/tex/generic/pdftexcmds/pdftexcmds.sty
Package: pdftexcmds 2020-06-27 v0.33 Utility functions of pdfTeX for LuaTeX (HO
)
(/usr/share/texmf-dist/tex/generic/infwarerr/infwarerr.sty
Package: infwarerr 2019/12/03 v1.5 Providing info/warning/error messages (HO)
)
Package pdftexcmds Info: \pdf@primitive is available.
Package pdftexcmds Info: \pdf@ifprimitive is available.
Package pdftexcmds Info: \pdfdraftmode found.
))
(/usr/share/texmf-dist/tex/latex/hycolor/hycolor.sty
Package: hycolor 2020-01-27 v1.10 Color options for hyperref/bookmark (HO)
)
(/usr/share/texmf-dist/tex/latex/hyperref/nameref.sty
Package: nameref 2026-01-29 v2.58 Cross-referencing by name of section
(/usr/share/texmf-dist/tex/latex/refcount/refcount.sty
Package: refcount 2019/12/15 v3.6 Data extraction from label references (HO)
)
(/usr/share/texmf-dist/tex/generic/gettitlestring/gettitlestring.sty
Package: gettitlestring 2019/12/15 v1.6 Cleanup title references (HO)
(/usr/share/texmf-dist/tex/latex/kvoptions/kvoptions.sty
Package: kvoptions 2022-06-15 v3.15 Key value format for package options (HO)
))
\c@section@level=\count316
)
(/usr/share/texmf-dist/tex/latex/etoolbox/etoolbox.sty
Package: etoolbox 2025/10/02 v2.5m e-TeX tools for LaTeX (JAW)
\etb@tempcnta=\count317
)
(/usr/share/texmf-dist/tex/generic/stringenc/stringenc.sty
Package: stringenc 2019/11/29 v1.12 Convert strings between diff. encodings (HO
)
)
\@linkdim=\dimen195
\Hy@linkcounter=\count318
\Hy@pagecounter=\count319
(/usr/share/texmf-dist/tex/latex/hyperref/pd1enc.def
File: pd1enc.def 2026-01-29 v7.01p Hyperref: PDFDocEncoding definition (HO)
Now handling font encoding PD1 ...
... no UTF-8 mapping file for font encoding PD1
)
(/usr/share/texmf-dist/tex/generic/intcalc/intcalc.sty
Package: intcalc 2019/12/15 v1.3 Expandable calculations with integers (HO)
)
\Hy@SavedSpaceFactor=\count320
(/usr/share/texmf-dist/tex/latex/hyperref/puenc.def
File: puenc.def 2026-01-29 v7.01p Hyperref: PDF Unicode definition (HO)
Now handling font encoding PU ...
... no UTF-8 mapping file for font encoding PU
)
Package hyperref Info: Option `colorlinks' set `true' on input line 4072.
Package hyperref Info: Hyper figures OFF on input line 4201.
Package hyperref Info: Link nesting OFF on input line 4206.
Package hyperref Info: Hyper index ON on input line 4209.
Package hyperref Info: Plain pages OFF on input line 4216.
Package hyperref Info: Backreferencing OFF on input line 4221.
Package hyperref Info: Implicit mode ON; LaTeX internals redefined.
Package hyperref Info: Bookmarks ON on input line 4468.
\c@Hy@tempcnt=\count321
(/usr/share/texmf-dist/tex/latex/url/url.sty
\Urlmuskip=\muskip17
Package: url 2013/09/16 ver 3.4 Verb mode for urls, etc.
)
LaTeX Info: Redefining \url on input line 4807.
\XeTeXLinkMargin=\dimen196
(/usr/share/texmf-dist/tex/generic/bitset/bitset.sty
Package: bitset 2019/12/09 v1.3 Handle bit-vector datatype (HO)
(/usr/share/texmf-dist/tex/generic/bigintcalc/bigintcalc.sty
Package: bigintcalc 2019/12/15 v1.5 Expandable calculations on big integers (HO
)
))
\Fld@menulength=\count322
\Field@Width=\dimen197
\Fld@charsize=\dimen198
Package hyperref Info: Hyper figures OFF on input line 6084.
Package hyperref Info: Link nesting OFF on input line 6089.
Package hyperref Info: Hyper index ON on input line 6092.
Package hyperref Info: backreferencing OFF on input line 6099.
Package hyperref Info: Link coloring ON on input line 6102.
Package hyperref Info: Link coloring with OCG OFF on input line 6109.
Package hyperref Info: PDF/A mode OFF on input line 6114.
\Hy@abspage=\count323
\c@Item=\count324
\c@Hfootnote=\count325
)
Package hyperref Info: Driver (autodetected): hpdftex.
(/usr/share/texmf-dist/tex/latex/hyperref/hpdftex.def
File: hpdftex.def 2026-01-29 v7.01p Hyperref driver for pdfTeX
\Fld@listcount=\count326
\c@bookmark@seq@number=\count327
(/usr/share/texmf-dist/tex/latex/rerunfilecheck/rerunfilecheck.sty
Package: rerunfilecheck 2025-06-21 v1.11 Rerun checks for auxiliary files (HO)
(/usr/share/texmf-dist/tex/generic/uniquecounter/uniquecounter.sty
Package: uniquecounter 2019/12/15 v1.4 Provide unlimited unique counter (HO)
)
Package uniquecounter Info: New unique counter `rerunfilecheck' on input line 2
84.
)
\Hy@SectionHShift=\skip57
)
\enitdp@todolist=\count328
(/usr/share/texmf-dist/tex/latex/psnfss/pifont.sty
Package: pifont 2020/03/25 PSNFSS-v9.3 Pi font support (SPQR)
LaTeX Font Info: Trying to load font information for U+pzd on input line 63.
(/usr/share/texmf-dist/tex/latex/psnfss/upzd.fd
File: upzd.fd 2001/06/04 font definitions for U/pzd.
)
LaTeX Font Info: Trying to load font information for U+psy on input line 64.
(/usr/share/texmf-dist/tex/latex/psnfss/upsy.fd
File: upsy.fd 2001/06/04 font definitions for U/psy.
))
(/usr/share/texmf-dist/tex/latex/minted/minted.sty
Package: minted 2026/03/03 v3.8.0 Yet another Pygments shim for LaTeX
(/usr/share/texmf-dist/tex/generic/catchfile/catchfile.sty
Package: catchfile 2019/12/09 v1.8 Catch the contents of a file (HO)
(/usr/share/texmf-dist/tex/generic/etexcmds/etexcmds.sty
Package: etexcmds 2019/12/15 v1.7 Avoid name clashes with e-TeX commands (HO)
))
(/usr/share/texmf-dist/tex/latex/fvextra/fvextra.sty
Package: fvextra 2026/02/25 v1.14.0 fvextra - extensions and patches for fancyv
rb
(/usr/share/texmf-dist/tex/latex/fancyvrb/fancyvrb.sty
Package: fancyvrb 2025/07/28 4.6 verbatim text (tvz,hv)
\FV@CodeLineNo=\count329
\FV@InFile=\read3
\FV@TabBox=\box68
\c@FancyVerbLine=\count330
\FV@StepNumber=\count331
\FV@OutFile=\write3
)
(/usr/share/texmf-dist/tex/latex/upquote/upquote.sty
Package: upquote 2012/04/19 v1.3 upright-quote and grave-accent glyphs in verba
tim
)
(/usr/share/texmf-dist/tex/latex/lineno/lineno.sty
Package: lineno 2026/02/16 line numbers on paragraphs v5.7
\linenopenalty=\count332
\output=\toks30
\linenoprevgraf=\count333
\linenumbersep=\dimen199
\linenumberwidth=\dimen256
\c@linenumber=\count334
\c@pagewiselinenumber=\count335
\c@LN@truepage=\count336
\c@internallinenumber=\count337
\c@internallinenumbers=\count338
\quotelinenumbersep=\dimen257
\bframerule=\dimen258
\bframesep=\dimen259
\bframebox=\box69
)
\c@FancyVerbWriteLine=\count339
\c@FancyVerbBufferLine=\count340
\c@FV@TrueTabGroupLevel=\count341
\c@FV@TrueTabCounter=\count342
\FV@TabBox@Group=\box70
\FV@bgcolorstructbox=\box71
\FV@TmpLength=\skip58
\c@FV@HighlightLinesStart=\count343
\c@FV@HighlightLinesStop=\count344
\FV@LoopCount=\count345
\FV@NCharsBox=\box72
\FV@BreakIndent=\dimen260
\FV@BreakIndentNChars=\count346
\FV@BreakSymbolSepLeft=\dimen261
\FV@BreakSymbolSepLeftNChars=\count347
\FV@BreakSymbolSepRight=\dimen262
\FV@BreakSymbolSepRightNChars=\count348
\FV@BreakSymbolIndentLeft=\dimen263
\FV@BreakSymbolIndentLeftNChars=\count349
\FV@BreakSymbolIndentRight=\dimen264
\FV@BreakSymbolIndentRightNChars=\count350
\c@FancyVerbLineBreakLast=\count351
\FV@LineBox=\box73
\FV@LineIndentBox=\box74
\c@FV@BreakBufferDepth=\count352
\FV@LineWidth=\dimen265
)
(/usr/share/texmf-dist/tex/latex/latex2pydata/latex2pydata.sty
Package: latex2pydata 2026/02/25 v0.7.0 latex2pydata - write data to file in Py
thon literal format
)
(/usr/share/texmf-dist/tex/latex/pgf/utilities/pgfkeys.sty
(/usr/share/texmf-dist/tex/generic/pgf/utilities/pgfkeys.code.tex
\pgfkeys@pathtoks=\toks31
\pgfkeys@temptoks=\toks32
(/usr/share/texmf-dist/tex/generic/pgf/utilities/pgfkeyslibraryfiltered.code.te
x
\pgfkeys@tmptoks=\toks33
))) (/usr/share/texmf-dist/tex/latex/pgfopts/pgfopts.sty
Package: pgfopts 2014/07/10 v2.1a LaTeX package options with pgfkeys
\pgfopts@list@add@a@toks=\toks34
\pgfopts@list@add@b@toks=\toks35
)
(/usr/share/texmf-dist/tex/latex/tools/shellesc.sty
Package: shellesc 2023/07/08 v1.0d unified shell escape interface for LaTeX
Package shellesc Info: Unrestricted shell escape enabled on input line 75.
)
(/usr/share/texmf-dist/tex/latex/float/float.sty
Package: float 2001/11/08 v1.3d Float enhancements (AL)
\c@float@type=\count353
\float@exts=\toks36
\float@box=\box75
\@float@everytoks=\toks37
\@floatcapt=\box76
)
\c@minted@FancyVerbLineTemp=\count354
\@float@every@listing=\toks38
\c@listing=\count355
))
LaTeX Font Info: Trying to load font information for T1+Raleway-OsF on input
line 34.
(/usr/share/texmf-dist/tex/latex/raleway/T1Raleway-OsF.fd
File: T1Raleway-OsF.fd 2025/04/09 (autoinst) Font definitions for T1/Raleway-Os
F.
)
LaTeX Font Info: Font shape `T1/Raleway-OsF/m/n' will be
(Font) scaled to size 10.95pt on input line 34.
(/usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
File: l3backend-pdftex.def 2025-10-09 L3 backend support: PDF output (pdfTeX)
\l__color_backend_stack_int=\count356
)
(/home/raw/uni/fsi/trabalho/relatorio/relatorio.aux
Package babel Info: 'portuguese' activates 'portuges' shorthands.
(babel) Reported on input line 8.
)
\openout1 = `relatorio.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 34.
LaTeX Font Info: ... okay on input line 34.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 34.
LaTeX Font Info: ... okay on input line 34.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 34.
LaTeX Font Info: ... okay on input line 34.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 34.
LaTeX Font Info: ... okay on input line 34.
LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 34.
LaTeX Font Info: ... okay on input line 34.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 34.
LaTeX Font Info: ... okay on input line 34.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 34.
LaTeX Font Info: ... okay on input line 34.
LaTeX Font Info: Checking defaults for LY1/ptm/m/n on input line 34.
LaTeX Font Info: Trying to load font information for LY1+ptm on input line 3
4.
(/usr/share/texmf-dist/tex/latex/ly1/ly1ptm.fd
File: ly1ptm.fd 2001/02/01 font definitions for LY1/ptm using Berry names.
)
LaTeX Font Info: ... okay on input line 34.
LaTeX Font Info: Checking defaults for PD1/pdf/m/n on input line 34.
LaTeX Font Info: ... okay on input line 34.
LaTeX Font Info: Checking defaults for PU/pdf/m/n on input line 34.
LaTeX Font Info: ... okay on input line 34.
\c@mv@tabular=\count357
\c@mv@boldtabular=\count358
\c@lstlisting=\count359
*geometry* driver: auto-detecting
*geometry* detected driver: pdftex
*geometry* verbose mode - [ preamble ] result:
* driver: pdftex
* paper: a4paper
* layout: <same size as paper>
* layoutoffset:(h,v)=(0.0pt,0.0pt)
* modes:
* h-part:(L,W,R)=(72.26999pt, 452.9679pt, 72.26999pt)
* v-part:(T,H,B)=(72.26999pt, 700.50687pt, 72.26999pt)
* \paperwidth=597.50787pt
* \paperheight=845.04684pt
* \textwidth=452.9679pt
* \textheight=700.50687pt
* \oddsidemargin=0.0pt
* \evensidemargin=0.0pt
* \topmargin=-37.0pt
* \headheight=12.0pt
* \headsep=25.0pt
* \topskip=11.0pt
* \footskip=30.0pt
* \marginparwidth=50.0pt
* \marginparsep=10.0pt
* \columnsep=10.0pt
* \skip\footins=10.0pt plus 4.0pt minus 2.0pt
* \hoffset=0.0pt
* \voffset=0.0pt
* \mag=1000
* \@twocolumnfalse
* \@twosidefalse
* \@mparswitchfalse
* \@reversemarginfalse
* (1in=72.27pt=25.4mm, 1cm=28.453pt)
(/usr/share/texmf-dist/tex/context/base/mkii/supp-pdf.mkii
[Loading MPS to PDF converter (version 2006.09.02).]
\scratchcounter=\count360
\scratchdimen=\dimen266
\scratchbox=\box77
\nofMPsegments=\count361
\nofMParguments=\count362
\everyMPshowfont=\toks39
\MPscratchCnt=\count363
\MPscratchDim=\dimen267
\MPnumerator=\count364
\makeMPintoPDFobject=\count365
\everyMPtoPDFconversion=\toks40
) (/usr/share/texmf-dist/tex/latex/epstopdf-pkg/epstopdf-base.sty
Package: epstopdf-base 2020-01-24 v2.11 Base part for package epstopdf
Package epstopdf-base Info: Redefining graphics rule for `.eps' on input line 4
85.
(/usr/share/texmf-dist/tex/latex/latexconfig/epstopdf-sys.cfg
File: epstopdf-sys.cfg 2010/07/13 v1.3 Configuration of (r)epstopdf for TeX Liv
e
))
Package hyperref Info: Link coloring ON on input line 34.
\@outlinefile=\write4
\openout4 = `relatorio.out'.
LaTeX Font Info: Font shape `T1/Raleway-OsF/m/n' will be
(Font) scaled to size 17.28pt on input line 36.
LaTeX Font Info: Font shape `T1/Raleway-OsF/m/n' will be
(Font) scaled to size 12.0pt on input line 36.
LaTeX Font Info: Trying to load font information for U+msa on input line 36.
(/usr/share/texmf-dist/tex/latex/amsfonts/umsa.fd
File: umsa.fd 2013/01/14 v3.01 AMS symbols A
)
LaTeX Font Info: Trying to load font information for U+msb on input line 36.
(/usr/share/texmf-dist/tex/latex/amsfonts/umsb.fd
File: umsb.fd 2013/01/14 v3.01 AMS symbols B
)
LaTeX Font Info: Font shape `T1/Raleway-OsF/m/n' will be
(Font) scaled to size 14.4pt on input line 36.
LaTeX Font Info: Font shape `T1/Raleway-OsF/bold/n' aliased to
(Font) `T1/Raleway-OsF/b/n' on input line 36.
LaTeX Font Info: Font shape `T1/Raleway-OsF/b/n' will be
(Font) scaled to size 14.4pt on input line 36.
(/home/raw/uni/fsi/trabalho/relatorio/relatorio.toc
LaTeX Font Info: Font shape `T1/Raleway-OsF/bold/n' aliased to
(Font) `T1/Raleway-OsF/b/n' on input line 2.
LaTeX Font Info: Font shape `T1/Raleway-OsF/b/n' will be
(Font) scaled to size 10.95pt on input line 2.
LaTeX Font Info: Font shape `T1/Raleway-OsF/bold/it' aliased to
(Font) `T1/Raleway-OsF/b/it' on input line 5.
LaTeX Font Info: Font shape `T1/Raleway-OsF/b/it' will be
(Font) scaled to size 10.95pt on input line 5.
)
\tf@toc=\write5
\openout5 = `relatorio.toc'.
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texmf-dist/fonts
/enc/dvips/raleway/a_itoun2.enc}]
LaTeX Font Info: Font shape `T1/Raleway-OsF/m/it' will be
(Font) scaled to size 10.95pt on input line 42.
(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
File: lstlang1.sty 2025/11/14 1.11b listings language file
)
(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
File: lstlang1.sty 2025/11/14 1.11b listings language file
)
LaTeX Font Info: Font shape `T1/Raleway-OsF/m/n' will be
(Font) scaled to size 9.0pt on input line 86.
LaTeX Font Info: Font shape `T1/cmtt/bx/n' in size <9> not available
(Font) Font shape `T1/cmtt/m/n' tried instead on input line 95.
[2{/usr/share/texmf-dist/fonts/enc/dvips/cm-super/cm-super-t1.enc}]
LaTeX Font Info: Font shape `T1/Raleway-OsF/bold/it' aliased to
(Font) `T1/Raleway-OsF/b/it' on input line 141.
LaTeX Font Info: Font shape `T1/Raleway-OsF/b/it' will be
(Font) scaled to size 14.4pt on input line 141.
LaTeX Font Info: Font shape `T1/Raleway-OsF/bold/n' aliased to
(Font) `T1/Raleway-OsF/b/n' on input line 143.
LaTeX Font Info: Font shape `T1/Raleway-OsF/b/n' will be
(Font) scaled to size 12.0pt on input line 143.
<google-authenticator.jpg, id=60, 225.84375pt x 447.6725pt>
File: google-authenticator.jpg Graphic file (type jpg)
<use google-authenticator.jpg>
Package pdftex.def Info: google-authenticator.jpg used on input line 169.
(pdftex.def) Requested size: 87.59998pt x 173.64207pt.
LaTeX Warning: `h' float specifier changed to `ht'.
[3] [4 </home/raw/uni/fsi/trabalho/relatorio/google-authenticator.jpg>]
[5]
runsystem(latexminted cleantemp --timestamp 20260424184203 C117BC0880C49B7BB81
87B6D1568B650)...executed.
(/home/raw/uni/fsi/trabalho/relatorio/relatorio.aux)
***********
LaTeX2e <2025-11-01>
L3 programming layer <2026-01-19>
***********
Package rerunfilecheck Warning: File `relatorio.out' has changed.
(rerunfilecheck) Rerun to get outlines right
(rerunfilecheck) or use package `bookmark'.
Package rerunfilecheck Info: Checksums for `relatorio.out':
(rerunfilecheck) Before: <no file>
(rerunfilecheck) After: 421D094394457CC27F2EA2D1C1EC716E;1586.
)
Here is how much of TeX's memory you used:
20227 strings out of 469495
373994 string characters out of 5470098
1301885 words of memory out of 5000000
48492 multiletter control sequences out of 15000+600000
830020 words of font info for 92 fonts, out of 8000000 for 9000
16 hyphenation exceptions out of 8191
90i,6n,99p,490b,2124s stack positions out of 10000i,1000n,20000p,200000b,200000s
</usr/share/texmf-dist/fonts/type1/impallari/raleway/Raleway-Bold.pfb></usr/s
hare/texmf-dist/fonts/type1/impallari/raleway/Raleway-BoldItalic.pfb></usr/shar
e/texmf-dist/fonts/type1/impallari/raleway/Raleway-Italic.pfb></usr/share/texmf
-dist/fonts/type1/impallari/raleway/Raleway-Regular.pfb></usr/share/texmf-dist/
fonts/type1/public/cm-super/sfit0900.pfb></usr/share/texmf-dist/fonts/type1/pub
lic/cm-super/sftt0900.pfb></usr/share/texmf-dist/fonts/type1/public/cm-super/sf
tt1095.pfb>
Output written on /home/raw/uni/fsi/trabalho/relatorio/relatorio.pdf (5 pages,
176238 bytes).
PDF statistics:
189 PDF objects out of 1000 (max. 8388607)
165 compressed objects within 2 object streams
97 named destinations out of 1000 (max. 500000)
6 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
relatorio/relatorio.pdf
View File

Binary file not shown.

BIN
relatorio/relatorio.synctex.gz
View File

Binary file not shown.

256
relatorio/relatorio.tex
View File

@@ -1,256 +0,0 @@
\documentclass[11pt,a4paper]{article}
\usepackage[portuguese]{babel}
\usepackage[lining]{ebgaramond}
\usepackage{listings}
\usepackage{booktabs}
\usepackage{style}
\lstdefinestyle{mystyle}{
basicstyle=\ttfamily\footnotesize,
breakatwhitespace=false,
breaklines=true,
captionpos=b,
keepspaces=true,
numbers=left,
numbersep=5pt,
showspaces=false,
showstringspaces=false,
showtabs=false,
tabsize=2
}
\lstset{style=mystyle}
\setlength{\parindent}{0em}
\setlength{\parskip}{2ex}
\title{Practical Assignment \#2}
\author{
João Neto -- 2023234004\\[1em]
Vasco Alves -- 2022228207
}
\begin{document}
\maketitle
\tableofcontents
\newpage
\section{Introdução}
Este projeto tem como âmbito implementar, uma rede virtual privada (VPN) num cenário
de road-warrior, configurar \textit{two-factor authentication} (2FA) com os serviços
OpenVPN e Apache, e gerir certificados X.509 utilizando OCSP.
% NOTE(vasco): Eu acho que basta explicar o cenario e explicar como decidimos
% implementar <- yeah agree, also esta introdução acho que é boa fala sobre o objetivo
% e o cenario, e porque é que o nosso cenario é como é. Não sei se a parte das razões de
%segurança devia estar nesta parte ou na conclusão como perpetiva futura e reflexão, mas aqui
%também não está mal.
% Para tal, foi implementado um servidor e um cliente OpenVPN, certificados por uma
% autoridade central (CA) que em si é \textit{self-signed}. Para além disto, foi implementado
% um sistema de autenticação de dois factores através do plugin
% \textit{google-authenticator} para o OpenVPN e para o servidor de Apache.
Decidimos utilizar apenas três máquinas virtuais: o cliente (ou \textit{road warrior}),
a \textit{gateway} que utiliza OpenVPN e um servidor interno com OpenSSL e Apache.
Isto simplifica a elaboração do projecto, mas por razões de segurança poderia querer
separar a máquina de OpenSSL de outras máquinas destinadas a serviços da rede intera,
pois esta contém o \textit{certificate authority} CA.
% Ambos o OpenVPN eo servidor Apache utilizam 2FA,
% recebendo o utilizador, e uma password que é uma concatenação da palavra-passe do utilizador
% e de uma password temporária (TOTP) de 6 dígitos. O servidor de Apache implementa a mesma autenticação.
\begin{tabular}{l l l}
{\bf Nome} & {\bf Script} & {\bf Rede} \\\toprule
Road Warrior & VM\_ROAD\_WARRIOR.sh & Rede Externa 193.168.0.0/24 \\
VPN Gateway & VM\_OPENVPN\_GATEWAY.sh & Router \\
OpenSSL / Apache & VM\_OPENSSL\_APACHE.sh & Rede Interna 10.60.0.0/24 \\
\end{tabular}
\section{Criação de certificados}
Os certificados utilizados foram auto-certificados por uma autoridade central que "pertence"
à máquina de OpenSSL. Esta mesma faz a gestão da lista de revogação.
Todas as chaves foram criadas no mesmo computador, com as variáveis que estão
neste código, aspetos importantes para mais tarde serão os parâmetros de CN
que precisam de ser passados mais tarde para aceder ao Apache e ao gateway.
Numa situação normal teríamos uma autoridade de certificação para enviar e
no fundo gerir todos, mas para este cenário podemos inicializar as máquinas
com as chaves, requests e certificados necessários.
O código para gerar os certificados X.509:
\begin{lstlisting}[language=bash]
cert_ca="/C=PT/ST=Coimbra/L=Coimbra/O=UC/CN=CoimbraVPN"
cert_vpn="/C=PT/ST=Coimbra/L=Coimbra/O=UC/CN=gateway"
cert_user="/C=PT/ST=Coimbra/L=Coimbra/O=UC/CN=warrior"
cert_apache="/C=PT/ST=Coimbra/L=Coimbra/O=UC/CN=apache.coimbra"
openssl genrsa -out "ca.key" 2048
openssl req -x509 -nodes -days 365 -key "ca.key" -out "ca.crt" -subj "$cert_ca"
openssl genrsa -out "vpn.key" 2048
openssl req -new -key "vpn.key" -out "vpn.csr" -subj "$cert_vpn"
openssl ca -batch -in "vpn.csr" -cert "ca.crt" -keyfile "ca.key" -out "vpn.crt" -config cheese.cfg
openssl dhparam -out "dh2048.pem" 2048
openvpn --genkey secret "ta.key"
openssl genrsa -out user.key
openssl req -new -key user.key -out user.csr -subj "$cert_user"
openssl ca -batch -in "user.csr" -cert "ca.crt" -keyfile "ca.key" -out "user.crt" -config cheese.cfg
openssl genrsa -out apache.key
openssl req -new -key apache.key -out apache.csr -subj "$cert_apache" -addext "subjectAltName = IP:10.60.0.1,DNS:apache"
openssl ca -batch -in "apache.csr" -cert "ca.crt" -keyfile "ca.key" -out "apache.crt" -config cheese.cfg
\end{lstlisting}
% Porque é que precisamos de uma chave secreta?
% Criar chave secreta.
\begin{lstlisting}[language=bash]
openssl --genkey secret ta.key
\end{lstlisting}
\section{Configuração geral}
Para configurar as VMs era preciso introduzir os mesmos comandos várias vezes, o que levava muitas vezes a erros de escrita, ou a correr o mesmo comando várias vezes, por isso criamos vários ficheiros .sh para conseguir facilitar o processo. A utilização de ficheiros .sh também vem com outros positivos pois facilita a testagem, e a recriação do cenário rapidamente.
No entanto para os serviços que configuramos, instalar, desativar e dar flush às iptables não foi suficiente, tivemos que criar pastas e sincronizar os relógios de todas as VMs visto que elas estarem ligeiramente atrasadas nunca conseguíamos acertar na password do google-authenticator que utiliza o tempo local para calcular a sua chave.
\begin{lstlisting}[language=bash]
yum install -y epel-release
yum install -y openvpn iptables-services dhcp-client
systemctl stop firewalld
systemctl disable firewalld
systemctl mask firewalld
systemctl enable iptables
iptables -F
CA_DIR="/etc/pki/CA"
mkdir -p "${CA_DIR}/newcerts"
mkdir -p "${CA_DIR}/private"
touch "${CA_DIR}/index.txt"
cp ca/serial "${CA_DIR}/serial"
mkdir -p /etc/openvpn/server
mkdir -p /etc/openvpn/client
# NOTE(vasco): tive problemas com a sincronizacao de tempo
# se nao tiver sincronizado, o TOTP nao funciona
systemctl stop chronyd
ntpdate pool.ntp.org
systemctl start chronyd
\end{lstlisting}
\subsection{Configurar TOTP}
Foi criado o ficheiro \texttt{totp} com a configuração de autenticação a
ser utilizada pelo plugin de PAM para o openvpn.
\begin{lstlisting}[language=bash]
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so totp
\end{lstlisting}
Adicionalmente, devido às restrições de segurança do \textit{systemd},
foi necessário desativar o \texttt{ProtectHome} no serviço do OpenVPN
para que o plugin PAM consiga ler os ficheiros de segredo do Google Authenticator
localizados nas diretorias \textit{home} dos utilizadores.
\begin{lstlisting}[language=bash]
[Service]
ProtectHome=false
\end{lstlisting}
Primeiro, na gateway, entramos como o utilizador desejado e obtemos a chave
do gerador de palavras passes temporárias. Ao inserir a chave no
\texttt{google authenticator} podemos obter um código QR, a nossa primeira
chave de 6 dígitos.
\begin{figure}[h]
\centering
\includegraphics[width=8em]{google-authenticator}
\end{figure}
\begin{lstlisting}[language=bash]
su john
google-authenticator
\end{lstlisting}
\subsection{Encaminhamento e Firewall}
Para que a gateway funcione como router entre a rede externa e a rede interna,
foi necessário ativar o \textit{IP forwarding} no kernel e configurar as regras
de \textit{iptables} para permitir o tráfego da VPN e realizar o mascaramento
de IP (NAT).
% NOTA(vasco): Não temos regras de DROP a packets
% talvez deviamos mudar isso nao sei <- não diz nada no enunciado ¯\_(ツ)_/¯
% também o trabalho não é sobre ip tables por isso it does make sense não fazer drop
%e utilizar as regras apenas para encaminhar corretamente.
% Colocar isso na conclusão tho
\begin{lstlisting}[language=bash]
# Ativar encaminhamento
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
# Regras de Firewall
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 -i tun0 -o enp0s9 -j ACCEPT
iptables -I FORWARD 1 -i enp0s9 -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o enp0s8 -j MASQUERADE
\end{lstlisting}
\section{Configuração do Cliente (Road Warrior)}
O cliente encontra-se na rede externa (\texttt{193.136.212.10}) e liga-se à VPN
gateway na porta 1194. Para garantir a segurança, utilizamos autenticação mútua (os certificados X.509)
e um \textit{two factor authentication} (2FA) como palavras-passe temporárias, geradas através do
\textit{Google Authenticator}.
\begin{lstlisting}[language=bash]
client
dev tun
proto udp
remote 193.136.212.1 1194
ca ca.crt
cert user.crt
key user.key
auth-user-pass
cipher AES-256-GCM
auth SHA256
\end{lstlisting}
\section{Servidor Apache e OCSP}
O servidor interno (\texttt{10.60.0.1}) alberga o serviço Apache e o responder OCSP
da autoridade de certificação.
\subsection{Revocation e OCSP}
\begin{enumerate}
\item Estabelecer a ligação VPN e verificar a conectividade à rede interna.
\item No diretório da autoridade de certificação (máquina \textit{host}), revogar o certificado do utilizador:
\begin{lstlisting}[language=bash]
openssl ca -revoke user.crt -config cheese.cfg -keyfile ca.key -cert ca.crt
\end{lstlisting}
\item Atualizar o ficheiro \texttt{index.txt} no servidor OCSP e reiniciar o serviço para carregar o novo estado de revogação.
\item Tentar estabelecer uma nova ligação VPN e verificar que a autenticação falha devido à resposta \texttt{revoked} do responder OCSP.
\end{enumerate}
\section{Conclusão}
% Conclusão!!!!
Atingimos o objetivo deste trabalho, conseguimos configurar o VPN tunnel,
o two-factor authentication e conseguimos criar e retirar acesso aos
certificados que emitimos. Utilizar mais maquinas para simular um cenario
maior seria redundante, teriamos que emitir mais certificados mas não iamos
aprender muito mais. Se fossemos aplicar o que fizemos no trabalho anterior
podiamos dar DROP aos pacotes que não nos interessa nesta cenario,
e implementar suricata para identificar possiveis ataques nos serviços.
%È estranho que para uma cadeira de cybersegurança nós implementamos
%pouca you know segurança.
% Para aprofundar (???) yeah
\end{document}

11
relatorio/relatorio.toc
View File

@@ -1,11 +0,0 @@
\babel@toc {portuguese}{}\relax
\contentsline {section}{\numberline {1}Introdução}{2}{section.1}%
\contentsline {section}{\numberline {2}Criação de certificados}{2}{section.2}%
\contentsline {section}{\numberline {3}Configuração geral}{3}{section.3}%
\contentsline {section}{\numberline {4}Configuração da \textit {Gateway} VPN}{3}{section.4}%
\contentsline {subsection}{\numberline {4.1}Configurar TOTP}{3}{subsection.4.1}%
\contentsline {subsection}{\numberline {4.2}Encaminhamento e Firewall}{4}{subsection.4.2}%
\contentsline {section}{\numberline {5}Configuração do Cliente (Road Warrior)}{4}{section.5}%
\contentsline {section}{\numberline {6}Servidor Apache e OCSP}{5}{section.6}%
\contentsline {subsection}{\numberline {6.1}Revocation e OCSP}{5}{subsection.6.1}%
\contentsline {section}{\numberline {7}Conclusão}{5}{section.7}%

24
relatorio/style.sty
View File

@@ -1,24 +0,0 @@
\usepackage[margin=1in]{geometry}
\usepackage{raleway}
\renewcommand{\familydefault}{\sfdefault}
\usepackage{ulem}
\usepackage{wrapfig}
\usepackage{graphicx,tabularx,booktabs}
\usepackage{paracol}
\usepackage[dvipsnames]{xcolor}
\usepackage{enumitem,amssymb}
\usepackage[colorlinks=true,urlcolor=blue,linkcolor=MidnightBlue]{hyperref}
\graphicspath{{./img/}}
\usepackage{enumitem,amssymb}
\newlist{todolist}{itemize}{2}
\setlist[todolist]{noitemsep, topsep=0pt,label=$\square$}
\usepackage{pifont}
\usepackage{amssymb}
\usepackage{minted}
\setlength{\parskip}{1em}%
\setlength{\parindent}{0em}%

0
ucstudent/pl-presentation#1.pdf → ucstudent/pl-apresentação#1 (1).pdf
View File

BIN
ucstudent/pl-apresentação#1.pdf Normal file
View File

Binary file not shown.

0
ucstudent/pl-practical-exercises-#2-resolution-notes.pdf → ucstudent/pl-practical exercises #2-resolution notes.pdf
View File

0
ucstudent/pl-practical-exercises-#2.pdf → ucstudent/pl-practical exercises #2.pdf
View File

0
ucstudent/pl-practical-exercises-#3-resolution-notes.pdf → ucstudent/pl-practical exercises #3-resolution notes.pdf
View File

0
ucstudent/pl-practical-exercises-#3.pdf → ucstudent/pl-practical exercises #3.pdf
View File

0
ucstudent/pl-practical-exercises-#4-resolution-notes.pdf → ucstudent/pl-practical exercises #4-resolution notes.pdf
View File

0
ucstudent/pl-practical-exercises-#4.pdf → ucstudent/pl-practical exercises #4.pdf
View File

BIN
ucstudent/pl-practical-exercises-#5.pdf
View File

Binary file not shown.

BIN
ucstudent/pl-practical-exercises-#6.pdf
View File

Binary file not shown.

BIN
ucstudent/pl-presentation#5.pdf
View File

Binary file not shown.

BIN
ucstudent/pl-presentation#6.pdf
View File

Binary file not shown.

0
ucstudent/pl-suricata-on-centos-installation-notes.txt → ucstudent/pl-suricata on centos - installation notes.txt
View File

BIN
ucstudent/practical assignment 1.pdf Normal file
View File

Binary file not shown.

0
ucstudent/t2-firewalls-and-intrusion-detection.pdf → ucstudent/t2-firewalls and intrusion detection.pdf
View File

0
ucstudent/t3-data-integrity.pdf → ucstudent/t3-data integrity.pdf
View File

0
ucstudent/t4-symmetric-encryption.pdf → ucstudent/t4-symmetric encryption.pdf
View File

BIN
ucstudent/t5-assymetric-ciphers.pdf
View File

Binary file not shown.

BIN
ucstudent/t6-key-management-and-user-authentication.pdf
View File

Binary file not shown.

BIN
user.p12
View File

Binary file not shown.

BIN
user2.p12
View File

Binary file not shown.

13
www/index.html
View File

@@ -1,13 +0,0 @@
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Coimbra VPN</title>
</head>
<body>
<h1>Coimbra VPN</h1>
<p>Lorem ipsum dolor, sit amet consectetur adipisicing elit.
Minima porro unde praesentium sint itaque optio, deserunt eum est voluptatum, natus nihil repellat amet impedit? Fugiat fugit ex quis molestiae sit.</p>
</body>
</html>

25
www/login.html
View File

@@ -1,25 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Coimbra VPN</title>
</head>
<body>
<h1>Two-Factor Auth</h1>
<p>Enter your UNIX credentials and TOTP code</p>
<form action="/dologin" method="POST">
<label for="username">Username</label>
<input type="text" id="username" name="httpd_username" placeholder="username">
<br>
<label for="password">UNIX Password (password + 6 digit TOTP)</label>
<input type="password" id="password" name="httpd_password" placeholder="password + TOTP" required>
<button type="submit">Login</button>
</form>
</body>
</html>