Olympiad


Setting up the contest’s environment

The contest environment of the Balkan Olympiad in Informatics 2016 (BOI 2016) that will be hosted in Cyprus will have the following configuration.

For the contestants:

The operating system of the competition will be Ubuntu 16.04 LTS (XenialXerus) Desktop edition x64 bit architecture.

On the system we have two accounts:

  • contestant – this is the account the contestants will use. It is set to auto-login, to not have a password and be a normal account.
  • maintenance – this is the account the administrators will use. It is an administrative account.

Using the administrative account:

Before proceeding with any changes, we updated the whole system.

sudo apt-get -y update; 
sudo apt-get -y upgrade;

Later, some applications that are not needed for the competition, were removed from the installation environment in an attempt to keep the installation less than 5.5GB.

sudo apt-get remove transmission-* thunderbird* shotwell* rhythmbox* gnome-mines gnome-sudoku simple-scan remmina* gnome-mahjongg cheese* aisleriot libreoffice-*;

After that, we installed the additional software that is needed for the competition from the Ubuntu repositories.

sudo apt-get -y install build-essential codeblocks codeblocks-contrib ddd emacs geany gedit nano scite vim mc stl-manual valgrind fpc fp-docs lazarus terminator;

Some cleanup on the disk was needed at this point which we did with the commands below.

#Please note that the following commands will remove applications and services, be sure to read what it is about to be removed.
#You might want to keep some of the stuff that are being deleted.
sudo apt autoremove;
sudo apt-get autoclean;
sudo apt-get clean;

Using the contestant’s account:

Following, we created the desktop shortcuts of the applications that should be used by the contestants, making it easier for them to find.

for name in codeblocks ddd emacs firefox geany gedit gnome-calculator gnome-terminal lazarus mc python SciTE  terminator vim; do
	cp /usr/share/applications/$name*.desktop ~/contestant/Desktop;
done

One last step that we had to take to finish the setup on what a contestant needs, we started Firefox and set the homepages to be http://alpha:8888/|file:///usr/share/doc/stl-manual/html/index.html|http://alpha:8890/. alpha is the hostname of our grading environment.

For maintainers:

On the contestant’s machine:

The machines have ssh servers enabled to allow administrating personnel to perform maintenance operations.

#The following command installs and enables ssh server on an Ubuntu 16.04 desktop installation.
sudo apt-get install openssh-server;
#We will create a read only copy of the original configuration.
#Everybody should do this to make sure if they do not manage to configure properly their sshd to be able to restore the default configuration.
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults;
sudo chmod a-w /etc/ssh/sshd_config.factory-defaults;

On the administration machine:

We created a new public/private rsa key pair using the command ssh-keygen, which we uploaded to the contestant’s machine using ssh-copy-id [email protected]. We will use this key to connect to the contestant’s machine without using a password.

On the contestant’s machine:

Using a text editor (like gedit, nano, vi etc) we edited the /etc/ssh/sshd_config configuration file to reflect some security changes.

  • We changed the #PasswordAuthentication yes to PasswordAuthentication no to disable logins using password. Only users holding our private ssh key will be able to login.
  • At the end of the file we added AllowTcpForwarding no and X11Forwarding no to disable forwarding.
  • At the end of the file we added AllowUsers maintenance, to whitelist maintenance on the ssh service, while at the same time blocking everyone else from using it. In other words, only user maintenance will be able to use the ssh service.

When we are done with the changes, we saved the file and issued the following command to restart the ssh service.

sudo systemctl restart ssh

Next, we had to block any network activity the contestants should not have.

To do so, we installed squid on the contestant’s machine and configured it to allow access only to the STL documentation, the contest environment and the results page.

sudo apt-get install squid;
#We will create a read only copy of the original configuration.
#Everybody should do this to make sure if they do not manage to configure properly their squid to be able to restore the default configuration.
#We used move instead of copy here, the reason is that the original file is HUGE (~8K lines).
#We moved the file to create a new one that will contain only what we need.
sudo mv /etc/squid/squid.conf /etc/squid/squid.conf.factory-defaults;
sudo chmod a-w /etc/squid/squid.conf.factory-defaults;

Afterwards, we created a new configuration file /etc/squid/squid.conf and used the following as content.

acl Safe_ports port 8888	# competition
acl Safe_ports port 8890	# ranking

acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT all
http_access allow localhost manager
http_access deny manager
http_access allow localhost
acl whitelist dstdomain .alpha .beta
http_access allow whitelist
http_access deny all

http_port 3128 transparent

coredump_dir /var/spool/squid
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .		0	20%	4320

cache deny all

To redirect all outgoing traffic to our squid proxy server and complete the procedure we used the following iptables command.

sudo squid -k reconfigure;
sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner proxy --dport 1:65535 -j REDIRECT --to-port 3128;
#The simplest method to make the change permanent is to use iptables-save and iptables-restore to save the currently-defined iptables rules to a file and (re)load them (e.g., upon reboot).
sudo sh -c "iptables-save > /etc/iptables.conf";
#Then modify file /etc/rc.local and add right above the 'exit 0' command the following:
# Load iptables rules from this file
iptables-restore < /etc/iptables.conf

Following, we disabled the guest account as it would cause trouble if used since it does not have permanent storage, so on restart all files of the contestant would be deleted.

Everybody should do this to make sure if they do not manage to configure properly their lightdm to be able to restore the default configuration.
sudo cp /etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf.factory-defaults;
sudo chmod a-w /etc/lightdm/lightdm.conf.factory-defaults;

To disable guest session edit the file /etc/lightdm/lightdm.conf using a text editor and add at the end of the file the following allow-guest=false. Save the file and close it.
To make the change become active you either have to restart the machine or lightdm itself, in any case all all open graphical programs will close and you’ll lose unsaved work in all of them.

sudo restart lightdm;

 

Pending

disable mounting other disks

disable usb

back up data

block any connection outside the specific labs

To copy the flash drive

sudo dd if=/dev/sdd of=/dev/sdc bs=64K conv=noerror,sync

Advertisements

Contest Management System (CMS) How to change the ranking system logo

To replace the Ranking page logo:
logo
In case you installed the ContestCMS (version 1.2.0) already, you will find the image here:
/usr/local/lib/python2.7/dist-packages/cms-1.2.0-py2.7.egg/cmsranking/static/img/logo.png
If not, assuming you downloaded the project code to the folder cms:
cms/cmsranking/static/img/logo.png
Your new picture should be 200 pixels wide and 160 pixels tall.

Contest Management System (CMS) How to assign photographs to user profiles

The purpose of this post is to show how to assign profile pictures to the users of the Contest Management System (http://cms-dev.github.io/ https://github.com/cms-dev/).

First of all, make sure that the folder /var/local/lib/cms/ranking/faces exists. If it does not, then create it with mkdir /var/local/lib/cms/ranking/faces (most probably you will need to have root access rights to complete this command).

Then, for each contestant (user) you want to assign a photograph, place in the faces folder an image that has the same name as the username of the contestant. For example, if you want to assign a PNG image to user admin, then you need to copy the image in the faces folder using the name admin.png . Note that the image type can be any of the following .png, .jpg, .gif and .bmp.


Contest Management System (CMS) How to create and assign teams with their flags to users

The purpose of this post is to show how to create teams, assign flag images to them and then group users to those teams for the Contest Management System (http://cms-dev.github.io/ https://github.com/cms-dev/).

According to the documentation (https://cms.readthedocs.org/en/v1.2/RankingWebServer.html?highlight=teams#logo-flags-and-faces) flags and faces are part of the cmsRankingWebServer so the first thing to do is to identify the location where cmsRankingWebServer stores its data. Again, according to the documentation (https://cms.readthedocs.org/en/v1.2/RankingWebServer.html?highlight=teams#managing-it) the location we need is /var/local/lib/cms/ranking .

Please note that if you create a new team, while the cmsRankingWebServer is active, the change will not appear in the ranking website. Be sure to restart cmsRankingWebServer when you create new teams.

 

Teams

First of all, make sure that the folder /var/local/lib/cms/ranking/teams exists. If it does not, then create it with mkdir /var/local/lib/cms/ranking/teams (most probably you will need to have root access rights to complete this command).

Then, for each team you want to create follow these steps:

  1. In the folder teams create JSON a file using the name of the team (e.g. if the team is named ‘rocket‘ then create the file rocket.json in the folder teams)
  2. In the JSON file you need to write the configuration for the team and define the name of the team in a JSON object that has one property called name (e.g. for team rocket the contents of the rocket.json file should be {"name": "rocket"} )

Flags

Similar to before, make sure that the folder /var/local/lib/cms/ranking/flags exists. If it does not, then create it with mkdir /var/local/lib/cms/ranking/flags (most probably you will need to have root access rights to complete this command).

Then, for each team you want to assign a flag, make sure you created the configuration file described above and place in the flags folder an image that has the same name as the team. For example, if you want to assign a PNG image to team rocket, then you need to copy the image in the flags folder using the name rocket.png . Note that the image type can be any of the following .png, .jpg, .gif and .bmp.

Assigning users to teams

To assign a user to a team, you need to modify the configuration file of the user in /var/local/lib/cms/ranking/users . The files are JSON files named using the username of each user (e.g. The configuration file for the user admin would be /var/local/lib/cms/ranking/users/admin.json).

In the file there is some basic information for the user. The following are sample contents from a random competition: {"l_name": "Shimura", "f_name": "Shinpachi", "team": null} . You will notice that there is a field called team in the object but is set to null. We need to update that field to the name of the team we want to assign the user to (e.g. if we want to assign the user admin to team rocket, then we modify the contents of the configuration file admin.json to {"l_name": "Shimura", "f_name": "Shinpachi", "team": "rocket"} )