hkoeck
225 lines
6.4 KiB
HTML
225 lines
6.4 KiB
HTML
<!doctype html>
|
|
<html lang="de">
|
|
<head>
|
|
<meta charset="UTF-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
<title>HTL Workshop Hint Cheatsheet</title>
|
|
<style>
|
|
:root {
|
|
--bg: #081825;
|
|
--panel: #10273d;
|
|
--panel-soft: #163450;
|
|
--text: #e9f2fb;
|
|
--muted: #b7cbdf;
|
|
--accent: #4ecdc4;
|
|
}
|
|
|
|
* {
|
|
box-sizing: border-box;
|
|
}
|
|
|
|
body {
|
|
margin: 0;
|
|
font-family: "Fira Sans", "Segoe UI", sans-serif;
|
|
color: var(--text);
|
|
background:
|
|
radial-gradient(circle at 100% 0%, #1f4060 0%, transparent 45%),
|
|
radial-gradient(circle at 0% 100%, #14324a 0%, transparent 35%),
|
|
var(--bg);
|
|
min-height: 100vh;
|
|
padding: 1.2rem;
|
|
}
|
|
|
|
main {
|
|
width: min(1100px, 100%);
|
|
margin: 0 auto;
|
|
display: grid;
|
|
gap: 1rem;
|
|
}
|
|
|
|
.panel {
|
|
background: var(--panel);
|
|
border: 1px solid #315678;
|
|
border-radius: 14px;
|
|
padding: 1.1rem;
|
|
}
|
|
|
|
.grid {
|
|
display: grid;
|
|
grid-template-columns: repeat(auto-fit, minmax(260px, 1fr));
|
|
gap: 0.8rem;
|
|
}
|
|
|
|
.card {
|
|
background: var(--panel-soft);
|
|
border: 1px solid #2d5577;
|
|
border-radius: 12px;
|
|
padding: 0.9rem;
|
|
}
|
|
|
|
h1,
|
|
h2,
|
|
h3 {
|
|
margin-top: 0;
|
|
}
|
|
|
|
p,
|
|
li {
|
|
color: var(--muted);
|
|
line-height: 1.5;
|
|
}
|
|
|
|
a {
|
|
color: var(--accent);
|
|
}
|
|
|
|
code {
|
|
font-family: "JetBrains Mono", "Fira Code", "Consolas", "Liberation Mono", monospace;
|
|
font-size: 0.92em;
|
|
background: #0d1f31;
|
|
border: 1px solid #2d4f6e;
|
|
border-radius: 6px;
|
|
padding: 0.1rem 0.35rem;
|
|
}
|
|
|
|
pre {
|
|
background: #0b2133;
|
|
border: 1px solid #2b5578;
|
|
border-radius: 10px;
|
|
padding: 0.75rem 0.85rem;
|
|
overflow-x: auto;
|
|
margin: 0.65rem 0;
|
|
}
|
|
|
|
pre code {
|
|
display: block;
|
|
background: transparent;
|
|
border: 0;
|
|
border-radius: 0;
|
|
padding: 0;
|
|
font-size: 0.92rem;
|
|
line-height: 1.45;
|
|
white-space: pre;
|
|
}
|
|
|
|
.top-links {
|
|
display: flex;
|
|
flex-wrap: wrap;
|
|
gap: 0.5rem;
|
|
}
|
|
|
|
.pill {
|
|
display: inline-block;
|
|
text-decoration: none;
|
|
background: #11314b;
|
|
border: 1px solid #2a5d84;
|
|
border-radius: 999px;
|
|
padding: 0.35rem 0.75rem;
|
|
}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<main>
|
|
<section class="panel">
|
|
<h1>Hint Cheatsheet</h1>
|
|
<p>
|
|
Kompakte Hilfe fuer Setup, TLS und Wireshark. Fuer komplette Aufgaben siehe das
|
|
<a href="/challenges.html">Challenge Board</a> und fuer Korrekturhilfe das
|
|
<a href="/solutions.html">Solutions Board</a>.
|
|
</p>
|
|
<div class="top-links">
|
|
<a class="pill" href="/">Startseite</a>
|
|
<a class="pill" href="/challenges.html">Challenges</a>
|
|
<a class="pill" href="/hints.html">Hints</a>
|
|
<a class="pill" href="/solutions.html">Solutions</a>
|
|
<a class="pill" href="/service/a">Backend A</a>
|
|
<a class="pill" href="/service/b">Backend B</a>
|
|
</div>
|
|
</section>
|
|
|
|
<section class="panel">
|
|
<h2>Deploy & Reset</h2>
|
|
<div class="grid">
|
|
<article class="card">
|
|
<h3>Start</h3>
|
|
<pre><code>./scripts/bootstrap.sh
|
|
./scripts/compose.sh ps</code></pre>
|
|
<p>Windows PowerShell: <code>./scripts/workshop.ps1 -Action bootstrap</code></p>
|
|
</article>
|
|
<article class="card">
|
|
<h3>Neu deployen</h3>
|
|
<pre><code>make redeploy
|
|
make proxy-reload</code></pre>
|
|
<p>PowerShell: <code>./scripts/workshop.ps1 -Action redeploy</code></p>
|
|
</article>
|
|
<article class="card">
|
|
<h3>Reset</h3>
|
|
<pre><code>make reset
|
|
make bootstrap</code></pre>
|
|
<p>PowerShell: <code>./scripts/workshop.ps1 -Action reset</code></p>
|
|
</article>
|
|
</div>
|
|
</section>
|
|
|
|
<section class="panel">
|
|
<h2>Easy-RSA & CA Import</h2>
|
|
<div class="grid">
|
|
<article class="card">
|
|
<h3>PKI Quickstart</h3>
|
|
<pre><code>mkdir -p certs/easyrsa
|
|
cp -r /usr/share/easy-rsa/* certs/easyrsa/
|
|
cd certs/easyrsa
|
|
./easyrsa init-pki
|
|
./easyrsa build-ca nopass
|
|
./easyrsa gen-req localhost nopass
|
|
./easyrsa sign-req server localhost</code></pre>
|
|
</article>
|
|
<article class="card">
|
|
<h3>Fedora CA Import</h3>
|
|
<pre><code>sudo cp certs/easyrsa/pki/ca.crt \
|
|
/etc/pki/ca-trust/source/anchors/htl-workshop-root-ca.crt
|
|
sudo update-ca-trust</code></pre>
|
|
</article>
|
|
<article class="card">
|
|
<h3>HTTPS Check</h3>
|
|
<pre><code>curl https://localhost:8443/service/a
|
|
curl -I https://localhost:8443/service/a
|
|
openssl s_client -connect localhost:8443 -servername localhost</code></pre>
|
|
<p>Bei TLS-Haertung auf <code>Strict-Transport-Security</code> im Header achten.</p>
|
|
<p>Komplettes TLS-Beispiel: <code>proxy/nginx.tls.example.conf</code></p>
|
|
</article>
|
|
<article class="card">
|
|
<h3>Security Header Baseline</h3>
|
|
<pre><code>add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-Frame-Options "DENY" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
|
|
add_header Cross-Origin-Opener-Policy "same-origin" always;
|
|
add_header Cross-Origin-Resource-Policy "same-origin" always;</code></pre>
|
|
</article>
|
|
</div>
|
|
</section>
|
|
|
|
<section class="panel">
|
|
<h2>Wireshark Quick Hints</h2>
|
|
<div class="grid">
|
|
<article class="card">
|
|
<h3>Filter</h3>
|
|
<ul>
|
|
<li><code>http</code></li>
|
|
<li><code>tcp.port == 8443</code></li>
|
|
<li><code>tls.handshake</code></li>
|
|
<li><code>tls.handshake.type == 11</code></li>
|
|
</ul>
|
|
</article>
|
|
<article class="card">
|
|
<h3>TLS Decrypt (optional)</h3>
|
|
<pre><code>export SSLKEYLOGFILE="$HOME/sslkeys.log"</code></pre>
|
|
<p>Browser aus derselben Shell starten und Datei in Wireshark als TLS Key Log setzen.</p>
|
|
</article>
|
|
</div>
|
|
</section>
|
|
</main>
|
|
</body>
|
|
</html>
|