Merge branch 'main' into terraform-guide-gokuworks

.github/workflows/pre-commit.yaml

@@ -0,0 +1,18 @@
+---
+name: pre-commit
+
+on: [pull_request, push]
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          cache: pip
+      - run: python -m pip install pre-commit
+      - uses: actions/cache@v4
+        with:
+          path: ~/.cache/pre-commit/
+          key: pre-commit-4|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
+      - run: pre-commit run --show-diff-on-failure --color=always --all-files

.pre-commit-config.yaml

@@ -0,0 +1,7 @@
+---
+repos:
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.18.4
+    hooks:
+      - id: gitleaks
+        args: [--baseline-path, .github/workflows/gitleaks-baseline.json]

docs/guides/How to access Windows Instances.md

@@ -0,0 +1,112 @@
+# How to access Windows Instances on Openstack #
+
+There are 2 main ways to get access and control a Windows Instance on Openstack. This tutorial will cover both methods.
+
+## Prerequesites ##
+
+* A newly created Windows Server Instance on Openstack
+* Access to Infra via OpenVPN OR On the Cyberlab Secure Network
+
+
+
+## Method 1: Using the Openstack Console (Must be used for initial Windows Setup) ##
+
+Openstack has a built-in console viewer for Instances which allows you to get a true console view of the Instance allowing for easier debugging of the Instance. You will have to use this method to initially setup Windows Server.
+
+### Steps: ###
+1. On the left plane, choose `Compute` and then `Instances`
+![Instance page](../img/win-guide/instancespage.png)
+2. Click on the Instance to view
+![Instance page](../img/win-guide/instancespage2.png)
+3. Click on the `Console` tab
+![Instance page](../img/win-guide/consoletab.png)
+4. You now have a console view of the Instance! From here you can add an Administrator password to Windows and use the Instance!
+![Instance page](../img/win-guide/consoleview.png)
+
+## Method 2: Using Remote Desktop Connection ##
+
+Remote Desktop Connection (Also known as RDP somtimes) is a program in Microsoft Windows that allows you to access another Windows computer over a network. Using this method has added benefits such as easy folder sharing, viewing the Instance in full-screen mode, clipboard sharing and more!
+
+By default, Openstack blocks all inbound connections to Instances and therefore we need to make a security group to allow inbound RDP access
+
+Important Note: You cannot directly use this method on the very first time you startup your Instance as Windows requires you to set an Administrator password upon Instance creation. Follow Method 1 to gain initial access to the machine and add a password.
+
+### Step 1: Creating a security group ###
+1. Connect to Infra via OpenVPN or `Cyberlab Secure`
+2. Go to `horizon.hackucf.cloud` and log into your account
+3. Click on `Network` on the left-hand pane and then `Security Groups`
+![Instance page](../img/win-guide/network_secgroup.png)
+4. On the right-hand side, click on `Create Security Group` and give it a name and description, then press `Create Security Group`
+![Instance page](../img/win-guide/creategroup.png)
+![Instance page](../img/win-guide/creategroup2.png)
+5. On the Manage Security Group Rules screen, click `Add rule`
+![Instance page](../img/win-guide/addrule.png)
+6. Choose the `RDP` Rule in the Rule dropdown, leave all other options as default and click `Add`
+![Instance page](../img/win-guide/addrule2.png)
+
+This new group can be applied to any future Windows Instances to quickly allow RDP access
+
+### Step 2: Adding the security group to your Instance ###
+1. On the left plane, choose `Compute` and then `Instances`
+![Instance page](../img/win-guide/instancespage.png)
+
+
+2. Click on the Instance to add the security group to
+![Instance page](../img/win-guide/instancespage2.png)
+
+
+3. Click the dropdown arrow on the right and select `Edit Security Groups`
+![Instance page](../img/win-guide/editsecgroup.png)
+
+
+4. Select the appropriate security group and select `Save`
+
+![Instance page](../img/win-guide/choosesecgroup.png)
+
+
+RDP will now be allowed through the Openstack firewall for the instance!
+
+### Step 3: Connecting to the instance ###
+1. Open your remote desktop client
+    * Windows Clients: Open Start Menu > type in "Remote Desktop Connection"
+    * MacOS Clients: [Windows App](https://apps.apple.com/us/app/microsoft-remote-desktop/id1295203466?mt=12)
+    * Linux Clients: [Remmina](https://remmina.org/)
+2. Enter the IP address of your Instance and press `Connect` (You can find this in Compute > Instances)
+
+![Instance page](../img/win-guide/rdp.png)
+
+3. Enter the credentials for the Instance and select OK
+
+![Instance page](../img/win-guide/rdp2.png)
+
+4. You will be successfully connected to the Instance!
+
+![Instance page](../img/win-guide/rdp_final.png)
+
+
+## Retrieving Windows Password #
+
+To retrieve the Windows password for an instance in OpenStack Horizon, you need to follow these steps. This process assumes that you have created the instance with an SSH key, which is necessary for decrypting the password.
+
+### Step 1: Creating an Instance with an SSH Key ##
+
+1. On the left pane, choose `Compute` and then `Instances`.
+2. Click on `Launch Instance`.
+3. Fill in the necessary details for your instance, such as the instance name and flavor.
+4. Under the `Key Pair` section, select an existing key pair or create a new one. This key pair will be used to decrypt the Windows password. **Ensure the key is a RSA key.**
+![RSA_key](../img/win-guide/rsa_key.png)
+
+
+### Step 2: Retrieving the Windows Password ##
+
+1. On the left pane, choose `Compute` and then `Instances`.
+![Instance page](../img/win-guide/instancespage.png)
+2. Click on the instance for which you want to retrieve the password.
+![Instance page](../img/win-guide/instancespage2.png)
+3. Click on the `Actions` dropdown menu on the right and select `Retrieve Password`.
+![dropdown password](../img/win-guide/dropdown_password.png)
+4. In the `Retrieve Password` dialog, click on `Choose File` and upload the private key file associated with the SSH key pair used during instance creation.
+![retrieve password](../img/win-guide/retrieve_password.png)
+5. Click on `Decrypt Password`. The decrypted password will be displayed.
+
+You can now use this password to log in to your Windows instance via the OpenStack console or Remote Desktop Connection.

docs/guides/Linux Cyberlab Secure.md

@@ -0,0 +1,81 @@
+# How to use Cyberlab Secure on Linux
+
+1. Install nm-connection-editor
+      - **Ubuntu**
+      ```
+      sudo apt update &&
+      sudo apt install network-manager-gnome
+      ```
+
+      - **Fedora**
+      ```
+      sudo dnf install nm-connection-editor
+      ```
+
+      - **Arch**
+      ```
+      sudo pacman -S network-manager-applet
+      ```
+
+
+??? note "Note about compatibility"
+
+    This should work on most distributions that use NetworkManager and wpa_supplicant. If you are using a different network manager, you may need to use a different tool to connect to Cyberlab Secure.
+    Other distros are officially unsupported, but you can try to use the nm-connection-editor tool to connect to Cyberlab Secure.
+
+
+2. Run nm-connection-editor
+```bash
+sudo nm-connection-editor
+```
+
+3. Click on the + button to add a new connection
+    - ![Select the plus on the bottom left](../img/linux-cyberlab-secure/nm-step-1.png)
+
+4. Select Wifi and click Create
+    - ![Select Wifi and click Create](../img/linux-cyberlab-secure/nm-step-2.png)
+
+5. In the wifi tab fill in the following:
+    * Connection Name: `Cyberlab Secure`
+    * SSID: `Cyberlab Secure`
+    * Mode: `Client`
+    * Band: `Automatic`
+    * Device: `leave blank`
+    * MAC Address: `leave blank`
+    * Cloned MAC Address: `leave blank`
+    * MTU: `Automatic`
+    * Available to all users: `checked`
+    * All other fields can be left as default
+    * ![Fill in the fields](../img/linux-cyberlab-secure/nm-step-3.png)
+
+6. In the wifi security tab fill in the following:
+      * Security: `WPA & WPA2 Enterprise`
+      * Authentication: `Protected EAP (PEAP)`
+      * Anonymous Identity: `leave blank`
+      * Domain: `leave blank`
+      * CA Certificate: `leave blank`
+      * Check box for No CA certificate is required
+      * PEAP Version: `Automatic`
+      * Inner Authentication: `MSCHAPv
+      * Username: `Your SSO Username`
+      * Password: `Your SSO Password`
+      * ![Fill in the fields](../img/linux-cyberlab-secure/nm-step-4.png)
+
+7. Select Save
+
+8. Connect to the network
+The Cyberlab Secure network should be available where you normally connect to Wi-Fi. If not, run
+```bash
+nmcli connection up "Cyberlab Secure"
+```
+
+
+### Troubleshooting
+
+If you are having trouble connecting to the network, try the following steps:
+
+1. Run ``sudo journaclctl -u NetworkManager`` to see if there are any errors
+
+2. Run ``sudo journalctl -u wpa_supplicant`` to see if there are any errors
+
+3. Create ticket in infra help desk

docs/guides/OpenStack Setup Guide.md

@@ -11,7 +11,7 @@
 1. Go to [https://openvpn.net/client/](https://openvpn.net/client/).
 2. Download the appropriate version of OpenVPN for your operating system and install it.
 
-   ### For Windows:
+### For Windows:
 
    - Press the Windows key and search for OpenVPN.
    - Run OpenVPN.
@@ -25,14 +25,14 @@
    - Press "Connect".
    - In the future, navigate to the OpenVPN client and select the on switch labeled "vpn.hackucf.org".
 
-   ### For Windows 10 Users:
+### For Windows 10 Users:
 
    - If you don't already have the new Windows Terminal, download it from [https://aka.ms/terminal](https://aka.ms/terminal).
 
 ## Step 3: Create SSH Key
 
 1. Open a terminal.
-2. Run `ssh-keygen`.
+2. Run `ssh-keygen -t rsa`.
 3. Press Enter to save the key in the default location.
 4. Press Enter for an empty passphrase.
 5. Press Enter again to confirm.

docs/guides/Troubleshooting.md

@@ -0,0 +1,25 @@
+# Troubleshooting
+
+This page provides methods for troubleshooting problems the end user may run into.
+
+## Hackucf DNS records not resolving:
+
+## Recommended Fix
+  Set your DNS to cloudflare's dns servers. Follow the instructions [located on their website](https://one.one.one.one/dns/)
+
+### Fix for Custom DNS Users
+
+   If you run your own local DNS and you cannot resolve horizon.hackucf.cloud with nslookup, then you will need to add the following to your Records.
+
+   **DNS Records:**
+
+   | Domain         | IP Address |
+   |----------------|------------|
+   | cloud.hackucf  | 10.4.4.10  |
+
+   **CNAME Records:**
+
+   | FQDN                | Domain        |
+   |---------------------|---------------|
+   | horizon.hackucf.cloud | cloud.hackucf |
+   | api.hackucf.cloud     | cloud.hackucf |

docs/misc/aup.md

@@ -22,50 +22,60 @@ This Acceptable Use Policy ("Agreement") is entered into between the user ("User
 - Users shall not engage in any activities that violate ethical standards or compromise the integrity of the Platform.
 - User must comply with Hack@UCF’s ethics code
 
-## 4. Software Piracy:
+## 4. Comply with UCF Policies 
+- Users agree to follow UCF policies including [4-002 Use of Information Technologies and
+Resources](https://policies.ucf.edu/documents/4-002.pdf)
+> A.1. Users must comply with all applicable conduct codes and rules, laws, andregulations governing the use of computer and telecommunications resources. Examples include laws regarding libel, privacy, copyright, trademark, obscenity, and child pornography; the Florida Computer Crimes Act; the Electronic Communications Privacy Act; and the Computer Fraud and Abuse Act.
+
+> B.3. The computing and telecommunications resources of the university must not be used for unapproved commercial purposes, or for personal financial gain, without express written approval from the provost and executive vice president or his or her designee.
+
+
+- Full list of policies can be found at [https://www.policies.ucf.edu/](https://www.policies.ucf.edu/)
+
+## 5. Software Piracy:
 - Users must not engage in the unauthorized distribution or use of copyrighted software. Don't Pirate.
 
-## 5. Resource Usage:
+## 6. Resource Usage:
 - Users are prohibited from engaging in excessive network traffic or resource usage that may impact the performance of the Platform for others.
 
-## 6. Access Control:
+## 7. Access Control:
 - Users may only access machines and IP addresses explicitly permitted by the Platform administrators.
 
-## 7. Data Guarantees:
+## 8. Data Guarantees:
 - The Platform provides no uptime guarantees, and there are no assurances of the existence of data. Users are responsible for regular backups.
 
-## 8. Data Access:
+## 9. Data Access:
 - Platform administrators, Hack@UCF executives, authorized UCF personnel, and law enforcement may access any data stored on the Platform.
 
-## 9. Network Restrictions:
+## 10. Network Restrictions:
 - Users are not allowed to set up TOR relay nodes, engage in torrent seeding or other public relay systems.
 - An exemption to the above restriction may be requested from platform administrators for educational or research purposes. 
 - Users may not access any part of the UCF network.
 - Users may not access any machines, virtual machines, networking equipment or any other components of the private cloud without explicit permission
 
-## 10. Public IP Addresses:
+## 11. Public IP Addresses:
 - The Platform does not provide public IP addresses for users.
 
-## 11. Security Responsibility:
+## 12. Security Responsibility:
 - Users are responsible for securing their instances connected to the public network.
 
-## 12. Account Management:
+## 13. Account Management:
 - User accounts are disabled and removed at the end of each academic year unless specified otherwise (Fall to Spring).
 
-## 13. Logging:
+## 14. Logging:
 - All activities on the Platform are logged for security and accountability purposes.
 
-## 14. Cryptocurrency:
+## 15. Cryptocurrency:
 - Users are prohibited from engaging in cryptocurrency-related activities on the Platform.
 - An exemption to the above restriction may be requested from platform administrators for educational or research purposes. 
 
-## 15. Credential Sharing
+## 16. Credential Sharing
 - Users are prohibited from sharing login credentials, including VPN access, with any other persons
 
-## 16. Other Prohibited Activity
+## 17. Other Prohibited Activity
 - The Platform Administrators or Hack@UCF’s Execs may at any time request that you temporarily or permanently cease certain activities on the Platform, these requests must be complied with. 
 
-## 17. Responsible Disclosure of Security Issues
+## 18. Responsible Disclosure of Security Issues
 - The User shall promptly and confidentially report any identified Security Issues to the Platform administrators or Hack@UCF via a designated contact method provided by the Platform.
 - In the context of the Hack@UCF Private Cloud, a security issue refers to any vulnerability, weakness, or flaw in the system's design, implementation, or configuration that could potentially lead to unauthorized access, data breaches, service disruptions, or other compromises of the platform's integrity, confidentiality, or availability. Security issues may arise from software bugs, misconfigurations, inadequate access controls, or other factors that could be exploited by malicious actors to compromise the security and functionality of the private cloud infrastructure.
 - The User shall refrain from attempting to exploit any identified Security Issues beyond what is necessary to validate and demonstrate the vulnerability. Unauthorized access to data, systems, or networks is strictly prohibited.

mkdocs.yml

@@ -1,4 +1,5 @@
 site_name: HackUCF Private Cloud Docs
+copyright: CC-BY - Copyright © 2024 Collegiate Cyber Defense Club
 repo_url: https://github.com/HackUCF/PCV2-Wiki
 repo_name: HackUCF/PCV2-Wiki
 edit_uri: edit/main/docs/
@@ -48,5 +49,12 @@ nav:
       - "How to Launch an Instance": "guides/How to Launch an Instance.md"
       - "Migration Guide": "guides/Migrate Instance.md"
       - "OpenStack with Terraform": "guides/OpenStack with Terraform.md"
+      - "Windows Instances": "guides/How to access Windows Instances.md"
+      - "Troubleshooting": "guides/Troubleshooting.md"
+      - "Linux Cyberlab Secure": "guides/Linux Cyberlab Secure.md"
 #extra_css:
 #  - stylesheets/extra.css
+markdown_extensions:
+  - admonition
+  - pymdownx.details
+  - pymdownx.superfences