From a01e1a2621c522fc9be979d90d809179277d55c8 Mon Sep 17 00:00:00 2001 From: surtur Date: Thu, 13 May 2021 01:43:46 +0200 Subject: [PATCH] chore: update table, add infra info, reword stuff --- tex/text.tex | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/tex/text.tex b/tex/text.tex index cf0d342..8dec527 100644 --- a/tex/text.tex +++ b/tex/text.tex @@ -664,17 +664,26 @@ Supported proxy programs are \texttt{nginx}, \texttt{apache}. % TODO Broader infrastructure description HERE. +The disk sizes of the VMs were determined by the size of their base image. +The VM naming convention is specified as follows: a prefix \texttt{r\_} for +routers and \texttt{h\_} for other hosts, in our case the attacker, victim and +defenter machines. + \n{2}{VM specifications} -\tab{VM specifications}{tab:vmspecifications}{0.75}{ |c|r|r|r|r|c| }{ +\tab{VM specifications}{tab:vmspecifications}{0.75}{ |c||rrrrc| }{ \hline \bf{VM name} & \bf{vCPU(s)} & \bf{RAM} & \bf{disk space} & \bf{net ifaces} & \bf{operating system} \\ \hline\hline - upstream router & 1 & 1GB & 2GB & {outer,DMZ} & OpenWRT Qemu \\ - edge router & 1 & 1GB & 2GB & {DMZ,inner} & OpenWRT Qemu \\ - victim & 1 & 512MB & 4.3GB & {inner} & Fedora 34 \\ - attacker & 1 & 1GB & 4.3GB & {outer} & Fedora 34 \\ - defender & 1 & 1GB & 5GB & {DMZ} & Fedora 34 \\ + r\_upstream & 1 & 768MB & 4.3GB & {outer,DMZ} & Fedora 33 \\ + \hline + r\_edge& 1 & 768MB & 4.3GB & {DMZ,inner} & Fedora 33 \\ + \hline + h\_victim & 1 & 768MB & 11GB & {inner} & CentOS 8 \\ + \hline + h\_attacker & 1 & 1GB & 5.37GB & {outer} & Fedora 34 \\ + \hline + h\_defender & 1 & 1GB & 5.37GB & {DMZ} & Fedora 34 \\ \hline } The inner (our edge) and the upstream (our transit provider) routers are @@ -744,14 +753,14 @@ The host operating system from the perspective of VMs was \texttt{Fedora\ 34}. It had \texttt{updates} and \texttt{updates-testing} repositories enabled, which allowed us to use latest (at the time) stable Linux kernel Fedora had to offer directly without too much -of a hassle, as of the time of writing in version \texttt{5.11.16}. +of a hassle, as of the time of writing in version \texttt{5.11.19}. File system in use on the host has been Btrfs on top of LVM (LUKS+LVM to be precise) and a Btrfs subvolume has been created specifically for the -libvirt storage pool. Since most of the system images for the VMs come -in a QCOW2 format, the CoW (Copy-on-Write) feature of Btrfs has been -turned off for the subject subvolume, just as recommended in the Arch -wiki [refneeded archwiki btrfs cow]. +libvirt storage pool. Since most of the system images for our VMs have been +downloaded in a QCOW2 format, the CoW (Copy-on-Write) feature of Btrfs has been +turned off for the subject subvolume, just as recommended in the Arch wiki +[refneeded archwiki btrfs cow]. Notably, the system has also been using the \texttt{nftables} backend of \texttt{firewalld}, for which, luckily, \texttt{libvirt} was already