lab updates

modules/generators/structured_content/hackerbot_config/hb_assignment_spec/templates/assignment_spec.md.erb

@@ -2,11 +2,11 @@
 
 Your task is to design and implement technical security defenses, to achieve the required functionality as specified below in this requirements specification, and you will describe your approach in a technical report (which is decribed in the module handbook).
 
-You need to make your actual system configuration changes to the VMs you are provided with.
+You need to make your actual system configuration changes to the VMs provided.
 
-The systems you are provided with includes insecure settings and/or software.
+The systems you are provided includes insecure settings and/or software.
 
-In report's contents should follow the structure of the below headings (plus executive summary, limitations, conclusion, and references) to describe the changes you have made, including describing any insecure settings or software you find and fix in the systems you have been provided. Describe every change that was necessary, with screenshots showing the changes and demonstrating whether the security works as intended.
+Your report's contents should follow the structure of the below headings (plus Executive Summary, Limitations, Conclusion, and References sections) to describe the changes you make, including describing any insecure settings or software you find and fix in the systems you have been provided. Describe every change that was necessary, with screenshots showing the changes and demonstrating whether the security functions as intended.
 
 ## Users
 username: user1
@@ -40,36 +40,36 @@ Phone extension: 2344
 group: staff,developer
 
 ### Authentication
-You need to use authentication of your choice to enable these Users to log into systems and services.
+You need to use **authentication schemes of your choice** to enable these Users to log into systems and services. Justify your approach and describe how well it achieves the security requirements documented below.
 
 In your report describe what it would take for a new user to be added, or for a user to change their password. Describe the affect of network eavesdropping on the authentication.
 
 **SSH settings:** Disable SSH access for user1, user2, user3, user4, and user5, on the server and desktop VMs. This change is important to make as soon as you add these users to your VMs. Leave the SSH access settings otherwise unchanged; for example, <%= $main_user %> should be able to SSH to these VMs. (When marking your work we may SSH to your VMs).
 
 ## Systems
-You are provided with VMs, which you are required to configure, and leave in a state for review (with persistent settings that survive reboot).
+You are provided with VMs, which you are required to configure, and leave in a state for review, with persistent settings that survive reboot.
 
-**To install software:** For temporary access to the Internet, run `sudo dhclient ens3` so you can install additional software via `apt-get` as required. Then run `sudo service networking restart` to reset your IP address which will restore access to your other VMs.
+**To install software:** For temporary access to the Internet, run `sudo dhclient ens3` so you can install additional software via `apt-get` as required. Then run `sudo service networking restart` to reset your IP address which will restore network connectivity between your other VMs.
 
 ### server
 **Web server**
 The server VM needs to be running an Apache web server, hosting a website.
 
 **FTP server**
-A FTP server needs to be running, accepting connections from any of the Users. Users should have their own directory for saving backups, which should not be available to other users. A shared directory should be avaiable to all users. A "code" directory should only be available to users in the "developers" group.
+An FTP server needs to be running, accepting connections from any of the Users, with their credentials. Users should have their own directory for saving backups, which should not be available to other users. A shared directory should be avaiable to all authenticated users. A "code" directory should only be available to users in the "developers" group.
 
 **SMB server**
-A centralised Windows file share (Samba) should be hosted on this VM and available to all Users.
+A centralised Windows file share (Samba) should be hosted on this VM and available to all Users with their credentials.
 
 **Identified security problems**
-In your report describe any insecure settings and/or software you found and document how you made the system secure.
+In your report describe any insecure settings and/or software you found on the server and document how you made the server secure.
 
 **Security controls**
-The server system should be locked down, in a way that limits the potential damage caused by a vulnerability in either of the file sharing services or the webserver (Hint: consider sandboxing, containerisation, and/or MAC restrictions). In your report make it clear how much protection there is against malicious users, or software vulnerabilities.
+The server system should be locked down, in a way that limits the potential damage caused by a vulnerability in the file sharing services or the webserver (Hint: consider sandboxing, containerisation, and/or MAC restrictions). In your report make it clear how much protection there is against malicious users, or software vulnerabilities.
 
 All network services should be configured to provide secure communication. In your report describe the information an eavesdropper could capture from the network.
 
-Use network-based authentication to enable Users to access the services. Only the Admin user need to be able to log directly into the system. In your report describe what it would take for a new user to be added, or for a user to change their password.
+Use network-based authentication to enable Users to access the services using their credentials. Only the Admin user (user1 above, a member of the admin group) should be able to log directly into the server. In your report describe what it would take for a new user to be granted access, or for a user to change their password.
 
 ### developer_desktop
 **Authentication**
@@ -83,10 +83,10 @@ In your report describe any insecure settings and/or software you found and docu
 
 ### staff_desktop
 **Authentication**
-This desktop system should be available for any User to login. They should not have superuser access. Admin users should have superuser access. Use network-based authentication.
+This staff_desktop system should be available for any valid User to login. They should not have superuser access. Only users in the admin group should have superuser access. Use network-based authentication.
 
 **Access controls**
-New files created by users should not be automatically shared with other users on the system. There should be a shared directory "/opt/shared" for users to share files locally.
+New files created by users should not be automatically shared with other users on the system. There should be a shared directory "/srv/shared" for users to share files locally.
 
 **Directory service**
 Users should have some way to query phone numbers and room numbers of any Users. Users should also be able to use Firefox to access the website on the server; and have access to the FTP and Samba server via Dolphin.
@@ -98,4 +98,4 @@ Lock down the system to limit damage that could be caused by vulnerabilities. In
 In your report describe any insecure settings and/or software you found and document how you made the system secure.
 
 ### auth_server
-This server is intended to be used to host network-authentication, such as LDAP, Kerberos, or Active Directory (such as via Samba DC). If you wish to create a Windows VM to act as a domain controller, that may also be possible via oVirt. In that case, visit <aet-ovirt.aet.leedsbeckett.ac.uk> and create a VM on the Internal network); login with your student id, create a VM, and configure the networking. It will be your own responsibility to figure out how to get the networking correct and you need to make sure that any external oVirt VMs are kept running so that when we test your VMs the authentication works.
+This server is intended to be used to host network-authentication, such as LDAP, Kerberos, and/or Active Directory (such as via Samba DC). If you wish to create a Windows VM to act as a domain controller, that may also be possible via oVirt. In that case, visit <aet-ovirt.aet.leedsbeckett.ac.uk> and create a VM on the Internal network); login with your student id, create a VM, and configure the networking. It will be your own responsibility to figure out how to get the networking correct and you need to make sure that any external oVirt VMs are kept running so that when we test your VMs the authentication works.

modules/generators/structured_content/hackerbot_config/hb_assignment_spec/templates/lab.xml.erb

@@ -82,7 +82,10 @@
 
 	<tutorial_info>
 		<title>Access Controls: ACLs</title>
-		<tutorial><%= ERB.new(File.read self.templates_path + 'intro.md.erb').result(self.get_binding) %></tutorial>
+		<tutorial>
+      <%= ERB.new(File.read self.templates_path + 'intro.md.erb').result(self.get_binding) %>
+      <%= ERB.new(File.read self.templates_path + 'assignment_spec.md.erb').result(self.get_binding) %>
+    </tutorial>
 		<footer>
 <%= File.read self.templates_path + 'resources.md.erb' %>
 
@@ -94,14 +97,13 @@
 
 	</tutorial_info>
 
-  <attack>
+  <!-- <attack>
 		<prompt>Nothing to see here...</prompt>
 
     <tutorial>
-      <%= ERB.new(File.read self.templates_path + 'assignment_spec.md.erb').result(self.get_binding) %>
     </tutorial>
 
-	</attack>
+	</attack> -->
 
 
 </hackerbot>

modules/generators/structured_content/hackerbot_config/hb_assignment_spec/templates/license.md.erb

@@ -1,6 +0,0 @@
-## License
-This lab by [*Z. Cliffe Schreuders*](http://z.cliffe.schreuders.org) at Leeds Beckett University is licensed under a [*Creative Commons Attribution-ShareAlike 3.0 Unported License*](http://creativecommons.org/licenses/by-sa/3.0/deed.en_GB).
-
-Included software source code is also licensed under the GNU General Public License, either version 3 of the License, or (at your option) any later version.
-
-![small](images/leedsbeckett-logo.png)