Installation Guide, Production

Overview

The FBCTF platform was designed with flexibility in mind, allowing for different types of installations, depending on the needs of the end user. The FBCTF platform can be installed either in Development Mode, or Production Mode. Development is for testing and agility, and production is for better performance and typically used for live events. Production mode utilizes an HHVM web cache, which speed up processing.

Production Installation

Production is intended for live events utilizing the FBCTF platform. Installation of the production platform can be performed either manually, or by using Docker.

Please note that regardless of the installation method, your VM must have at least 2GB of memory. This is required for the Composer part of the installation.

Regardless of your installation method, ensure the date and time is correct on your base system. This will prevent certificate invalidation issues when downloading certain packages. Follow the below instructions to force a time update on Ubuntu 14.04

sudo service ntp stop
sudo ntpd -gq
sudo service ntp start

Manual (Preferred)

Ubuntu 14.04 x64 should first be installed as the hosting system. This is currently the only supported operating system. Ensure that you only install the base system without extras such as LAMP. This will cause issues with the FBCTF installation.

Update repositories on the Ubuntu system, to ensure you are getting the latest packages:

sudo apt-get update

Install the git package which will allow you to clone the FBCTF project to your local system:

sudo apt-get install git

Clone the FBCTF project by running the following command. This will create folder called fbctf in the current directory:

git clone https://github.com/facebook/fbctf

Navigate to the fbctf directory:

cd fbctf

Run the provision script in order to install the FBCTF platform. To perform a default installation, run the command below. However, check the provision script section for custom installations:

./extra/provision.sh -m prod -s $PWD

The provision script will autogenerate an administrative password at the very end. Ensure you document this password, as it will not be provided anywhere else.

If the admin password needs to be reset, run the following commands in the fbctf directory:

source ./extra/lib.sh
set_password [new_password] ctf ctf fbctf $PWD

After installing the FBCTF platform, access it through your web browser using the configured IP address.

Login with the credentials admin and the password generated at the end of the provision script. Access the login screen by clicking the Login link at the top right of the window. You will then be redirected to the administration page. The gameboard can be accessed at the bottom of the navigation bar located on the left side of the window.

Docker (Alternate)

Similar to Vagrant, Docker is a tool for building complete development environments. The DockerFile, generated by the FBCTF team, provides automated instructions to Docker which configure the proper environment.

The Docker VM will automatically run the provision script, which installs the FBCTF platform itself.

First you will need to install Docker.

After installing Docker, clone the FBCTF project as shown below:

git clone https://github.com/facebook/fbctf

Navigate to the fbctf directory:

cd fbctf

Run the following command to initiate a FBCTF Production installation. Do not forget the dot at the end of the line. Additionally, you will need to fill in your domain and email address in order to get a free, valid certificate from Let’s Encrypt:

docker build --build-arg MODE=prod --build-arg DOMAIN=test.mydomain.com --build-arg [email protected] --build-arg TYPE=certbot -t="fbctf_in_prod" .

To bring up the Docker instance, run the below command:

docker run -p 80:80 -p 443:443 fbctf_in_prod

The platform admin password will be autogenerated at the end of the provision script. Ensure you document this password, as it will not be displayed anywhere else. In order to reset the admin password, run the following command in the container:

set_password new_password ctf ctf fbctf /root

You will also need to mount /etc/letsencrypt as a volume to ensure the certificates files are persistent. Without performing this step, the certs will be continuously regenerated. Reference the following command as a guide:

docker run -v /etc/letsencrypt:/etc/letsencrypt ...

After installing the FBCTF platform, access it through your web browser using the configured IP address.

Login with the credentials admin and the password generated at the end of the provision script. Access the login screen by clicking the Login link at the top right of the window. You will then be redirected to the administration page. The gameboard can be accessed at the bottom of the navigation bar located on the left side of the window.

Provision Script Details

Some users may wish to break down the FBCTF platform installation, and perform all steps manually. The instructions can be found below. Note that parameters are left as their default values, but can be changed in many cases. This includes authentication information, certain folder locations, and how SSL certificates are generated.

For any FBCTF installation, it is highly recommended that you utilize the supported operating system, Ubuntu 14.04 x64, and have at least 1GB of memory.

To get started with a manual installation, update your system repositories:

sudo apt-get update

Install git, which will be needed in order to clone the platform:

sudo apt-get install git

Clone the platform files onto your local system:

git clone https://github.com/facebook/fbctf

Browse to the code directory:

cd fbctf

Copy the platform files to the root web directory:

sudo rsync -a --exclude node_modules --exclude vendor $PWD/ /var/www/fbctf/

Disable the cloudguest Message of the Day (MOTD) if it exists:

sudo chmod -x /etc/update-motd.d/51-cloudguest

Set the Message of the Day (MOTD) to the Facebook CTF banner:

sudo cp /var/www/fbctf/extra/motd-ctf.sh /etc/update-motd.d/10-help-text

Check to ensure curl is installed on the system. If not, install it with the below command:

sudo apt-get install curl

Install the english language pack, which is needed by HHVM:

sudo apt-get install language-pack-en

Install Memcached, which will be used for web caching:

sudo apt-get install memcached

Install MySQL, for use as the database. By default the root password can be set to root during the interactive install:

sudo apt-get install mysql-server

Install HHVM, a virtual machine designed to run PHP Hack code:

sudo apt-get install software-properties-common
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449
sudo add-apt-repository "deb http://dl.hhvm.com/ubuntu $(lsb_release -sc) main"
sudo apt-get update
sudo apt-get install hhvm

Parts of HHVM must then be removed, as the present version has an issue rendering it incompatible with FBCTF:

sudo apt-get remove hhvm
sudo rm -Rf /var/run/hhvm/*
sudo rm -Rf /var/cache/hhvm/*

Install HHVM version 3.14.5:

wget -q http://dl.hhvm.com/ubuntu/pool/main/h/hhvm/hhvm_3.14.5~$(lsb_release -sc)_amd64.deb -O /tmp/hhvm_3.14.5~$(lsb_release -sc)_amd64.deb
sudo dpkg -i /tmp/hhvm_3.14.5~$(lsb_release -sc)_amd64.deb

Copy the HHVM configuration over:

Enable HHVM as PHP systemwide:

sudo /usr/bin/update-alternatives --install /usr/bin/php php /usr/bin/hhvm 60

Enable HHVM to start by default on the system:

sudo update-rc.d hhvm defaults

Restart HHVM:

sudo service hhvm restart

Install Composer, a dependency manager for PHP:

cd /var/www/fbctf
curl -sS https://getcomposer.org/installer | php
php composer.phar install
sudo mv composer.phar /usr/bin
sudo chmod +x /usr/bin/composer.phar

Enable HHVM Repo Authoritative mode:

Install npm, a package manager for JavaScript:

sudo apt-get install npm

Update npm:

sudo npm install -g npm@lts

Install nodejs-legacy, a server-side JavaScript environment:

sudo apt-get install nodejs-legacy

Install npm modules required by the platform:

sudo npm install --prefix /var/www/fbctf
sudo npm install -g grunt
sudo npm install -g flow-bin

Run grunt to generate JavaScript files:

cd /var/www/fbctf
grunt

Choose one of the following certificate options, depending on your installation and certificate type preferred:

Generate Self-Signed Certificate:

sudo mkdir /etc/nginx/certs
sudo openssl req -nodes -newkey rsa:2048 -keyout /etc/nginx/certs/fbctf.key -out /etc/nginx/certs/fbctf.csr -subj "/O=Facebook CTF"
sudo openssl x509 -req -days 365 -in /etc/nginx/certs/fbctf.csr -signkey /etc/nginx/certs/fbctf.key -out /etc/nginx/certs/fbctf.crt

Utilize your own SSL Certificate. Note that you will need to replace [Path to SSL Cert PEM File] and [Path to SSL Key File] below:

sudo mkdir /etc/nginx/certs
sudo cp [Path to SSL Cert PEM File] /etc/nginx/certs/fbctf.crt
sudo cp [Path to SSL Key File] /etc/nginx/certs/fbctf.key

Generate Let’s Encrypt Valid SSL Certificate. Note that you will need to replace [Email] and [Domain] below:

sudo mkdir /etc/nginx/certs
wget -q https://dl.eff.org/certbot-auto -O /usr/bin/certbot-auto
sudo chmod a+x /usr/bin/certbot-auto
/usr/bin/certbot-auto certonly -n --agree-tos --standalone --standalone-supported-challenges tls-sni-01 -m "[Email]" -d "[Domain]"
sudo ln -s "/etc/letsencrypt/live/[Domain]/fullchain.pem" /etc/nginx/certs/fbctf.crt || true
sudo ln -s "/etc/letsencrypt/live/[Domain]/privkey.pem" /etc/nginx/certs/fbctf.key || true

Install NGINX, a high performance web server:

sudo apt-get install nginx

Set NGINX configuration options:

sudo openssl dhparam -out /etc/nginx/certs/dhparam.pem 2048

Continue setting NGINX configuration options:

sudo rm -f /etc/nginx/sites-enabled/default
sudo ln -sf /etc/nginx/sites-available/fbctf.conf /etc/nginx/sites-enabled/fbctf.conf

Restart NGINX to finish:

sudo nginx -t
sudo service nginx restart

Install Unison, a file synchronization tool:

cd /
curl -sL https://www.archlinux.org/packages/extra/x86_64/unison/download/ | sudo tar Jx

Create the FBCTF database:

mysql -u root --password=root -e "CREATE DATABASE IF NOT EXISTS fbctf;"

Import the database schema:

mysql -u root --password=root fbctf -e "source /var/www/fbctf/database/schema.sql;"

Import the database countries:

mysql -u root --password=root fbctf -e "source /var/www/fbctf/database/countries.sql;"

Import the database logos:

mysql -u root --password=root fbctf -e "source /var/www/fbctf/database/logos.sql;"

Create a database user. Note that by default you can use user ctf with password ctf:

mysql -u root --password=root -e "CREATE USER 'ctf'@'localhost' IDENTIFIED BY 'ctf';" || true
mysql -u root --password=root -e "GRANT ALL PRIVILEGES ON fbctf.* TO 'ctf'@'localhost';"
mysql -u root --password=root -e "FLUSH PRIVILEGES;"

Create the database connection file:

cat "/var/www/fbctf/extra/settings.ini.example" | sed "s/DATABASE/fbctf/g" | sed "s/MYUSER/ctf/g" | sed "s/MYPWD/ctf/g" > "/var/www/fbctf/settings.ini"

Set admin password for FBCTF platform. Note that you will need to replace [Password] below.

mysql -u root --password=root fbctf -e "DELETE FROM teams WHERE name='admin' AND admin=1"
mysql -u root --password=root fbctf -e "INSERT INTO teams (id, name, password_hash, admin, protected, logo, created_ts) VALUES (1, 'admin', '`hhvm -f /var/www/fbctf/extra/hash.php "[Password]"`', 1, 1, 'admin', NOW())";

Set the attachments folder to be world writable:

sudo chmod 777 "/var/www/fbctf/src/data/attachments"
sudo chmod 777 "/var/www/fbctf/src/data/attachments/deleted"

Create and set the custom logos folder to be world writable:

sudo mkdir -p "/var/www/fbctf/src/data/customlogos"
sudo chmod 777 "/var/www/fbctf/src/data/customlogos"

Your installation should be complete! Access the IP address of the platform in your browser, then login at the upper right hand corner of the window using admin and the password you created.

If you are having any issues, be sure to first examine the following logs for information:

/var/log/nginx/error.log
/var/log/hhvm/error.log

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Installation Guide, Production

Overview

Production Installation

Manual (Preferred)

Docker (Alternate)

Clone this wiki locally