CyberPatriot: Linux Scoring Engine Instructions

These instructions show how to prepare a vunerable Linux virtual machine with a scoring system for use in gamified learning. I got this from a CyberPatriots workshop at a WASC Faculty Development Week in June, 2017.

Choosing a Linux Version

We tried Ubuntu 14.04 but were unable to get the scoring engine to update automatically.

Ubuntu 16.04, Desktop version, works. I don't know what other Linux versions might also work.

Using ufw

These instructions show you how to score one vulnerability: firewall off. The same procedure can be used for any other vulnerabilities you wish.

To see how ufw works, execute this command:

sudo ufw status
The firewall is inactive, as shown below.

Execute these commands to enable the firewall and see the status message again:

sudo ufw enable
sudo ufw status
The command sudo ufw status returns the message Status: active, as shown below. We'll need that information later.

Execute this command to disable the firewall again.

sudo ufw disable

Installing Java

We need the Java jdk version 8.

On your Ubuntu 16.04 machine, in a Terminal window, execute this command:

sudo add-apt-repository ppa:webupd8team/java
Enter your password when you are prompted to.

A message appears saying "you should continue to use Java 8". Press Enter to install the repository.

Then execute these commands:

sudo apt-get update
sudo apt install oracle-java8-installer -y
Accept the license terms.

Then execute this command:

javac -version
You should see version 1.8, as shown below.

The last step is to set Java environment variables.

Execute this command:

sudo apt install oracle-java8-set-default

Installing Ruby

Execute these commands:
sudo apt install ruby ruby-dev -y
sudo gem install fpm
The screen freezes for a few minutes. That's normal. After a few minutes messages should start to scroll by, ending with "15 gems installed", as shown below.

Installing the Scoring Engine

Execute these commands:
java -jar Engine_062117.jar
The CyberPatriot Linux Engine Generator launches, as shown below.

Accept the terms of service and click Next.

Adding a Command Vulnerability

There are four options, as shown below.

Click "Add Command Vulnerabilities".

On the next screen, enter these values, as shown below. Then click the "Save and create a new Command-based vulnerability" button.

Note: the command will always run as root, so don't include sudo.

A box appears saying "Vulnerabiity confirmed successfully!" Click OK.

At the lower left, click the "Main Menu" button.

Finalizing the Scoring Engine

Click "Review Vulnerabilities and Finalize".

A list appear, containing only one item, as shown below.

Click Continue.

In the next screen, enter these two items, as shown below.

At the lower right, click the "Generate engine" button.

A box pops up saying "Generated successfully! Check the executable location for the files."

Click OK.

Close the "CyberPatriot Linux Engine Generator" window.

Installing the fw1 Package

Execute these commands:
ls -l
A file has appeared named fw1_1.0_all.deb, as shown below.

This is a Debian package containing the generated scoring engine software.

Execute this command:

sudo dpkg -i fw1_1.0_all.deb
The software installs, as shown below.

Testing the Scoring Engine

Reboot your Linux machine, and log in with the same account you used previously.

There are now three icons on the desktop as shown below: ScoreReport.html, Readme, and "Set Teamname".

Double-click the "Set Teamname" icon first to set your team name.

Then double-click the Readme link to see the README page.

Finally, double-click the ScoreReport.html to see your score. You have 0 points, as shown below.

Open a Terminal window and execute this command:

sudo ufw enable
Refresh the Firefox page every few seconds. Within 30 seconds, you should see your score increase, as shown below.

Execute this command:

sudo ufw disable
Refresh the Firefox page every few seconds. Within 30 seconds, your score should go back down to zero.

Removing the Scoring Engine

You obviously want to add more vulnerabilities. Before you can install a revised scoring engine, you must uninstall the current one.

To remove it, execute this command:

sudo dpkg --remove fw1
To create a new scoring engine, return to the "Installing the Scoring Engine" section above.


Installing VMware Tools in an Ubuntu virtual machine
Install Oracle Java 8 / 9 in Ubuntu 16.04, Linux Mint 18
Oracle Java version naming conventions

Last Updated: 6-22-17