pongo
CTF Session Manager Daemon (ctfsmd).
Table of contents
Installation
Dependencies
- Go +1.19
- Docker:
- Server: Docker Engine 20.10.18 (API 1.41)
- Client: Docker Engine 20.10.18 (API 1.41)
- (optional) Prometheus +2.38
- (optional) Grafana +9.1.6
Installation steps
- Check that the host system has all the required dependencies.
- Run
./main_configuration.sh --install
with sudo rights.
- Take into consideration the IP ranges of Docker containers already running in the system (check this section for more details.).
Firewall configuration
If ufw
is running in Ubuntu as a firewall, add the following rule to allow clients to access the HTTP website to acquire sessions:
$ ufw allow proto tcp from any to any port <PORT>
<PORT>: the port at which the service can be accessed.
Running/stopping pongo
- Start/stop daemon with
systemctl
$ systemctl start pongo
$ systemctl stop pongo
Important notice: sometimes some of the containers of a session are not properly stopped when pongo
is shut down. In that case, run docker ps -a
to see which containers are still active, and stop the containers with docker stop
. Finally, after all containers have been properly stopped, execute docker network prune -f
to remove all unused Docker networks.
You can close all currently running Docker containers with the command: docker stop $(docker ps -q)
.
Logs with journalctl
In order to see the logs of the daemon use journalctl
.
- See a periodically updated log of the most current events:
$ journalctl -f -t pongo
-f : Show most current logs and update periodically.
-t : Show only the logs of this particular service.
IP ranges expansion in Docker
- Copy the file
daemon.json
at /etc/docker/
on the Docker host to expand the range of available private IPs for all the containers running services, otherwise the session manager runs out of available IPs for the containers.
- Restart the Docker daemon afterwards, either with:
systemctl restart docker
, or systemctl reload docker
or service docker restart
.
Important considerations
-
If a Docker daemon is already using part of the IP range declared on the new /etc/docker/daemon.json
file, there will be an unsolvable conflict which will prevent the Docker daemon from correctly running.
-
In order to fix this:
a. Run route -n
and check the current routing table in the system. If some current Docker containers are assigned to the IPs that you want to use, there will be a problem.
b. Change the IP ranges declared on /etc/docker/daemon.json
, so that they do not collide with the IP ranges of other already running Docker containers, as discovered in the previous step.