APPENDIX A - Haofei’s “simple” process to set up the assignment environment. 

My understanding about how Deterlab works:

Firstly, we can find all the instructions and questions here: https://www.isi.deterlab.net/file.php?file=/groups/LnuITSec/LnuITSec/284&mid=284

You can find this link after you login your account and it is under the “My Classes” section.


In the instruction, we had a configuration path “/share/education/ComputerForensics_UCLA/forensics.ns”. We need to use this to create our own experiment.


There are two status in deterlab experiment. “Swap in” means that loading your pre-configured ubuntu to a idle server. “Swap out” means that moving your pre-configured ubuntu out of the server. Then the server can be used by other user or other experiment. In this way, I think the experiment operating system will not save any of your data for next use. In the instruction, the suggest “swap out idle time” is 1 hour. This means if you don’t do anything in 1 hour, the server will swap out your ubuntu server. You have to do everything again (you don’t need to create a new experiment, but you need to “swap in” the experiment which cost about 5 minutes). 


Also, we only can run 6 experiments at same time. For now, I find only one user can do things in his experiment.


By the way, every swap in and out, we had alerts by emails. We do not need to stare at the page refreshing smile.


Process

At the beginning, we need to do the create the experiment itself for ourselves. We just need to do it once. Later, we just need to swap it in before every time we do the assignment. I took a video in shared folder showing the exact process for this part.


Then, we need to create a SSH key locally and upload the public key. For me in mac, I did like this:

After this, go to your profile page in deterlab.

Click “Edit SSH Keys” and upload your public SSH key.


Then come back to command console. Do the command line like this 

“ssh lnuitsag@users.isi.deterlab.net” Replace my username “lnuitsag” to yourself’s


Now we are in the deterlab system.


Let us go to the experiments section.

The pic above shows “swapped” for now, means not working.



Click the EID.If the state is “active”, you can see the following status:


Then in command line use “ssh pc116” to login the actual machine.



Then, we just need to follow the instruction link.


Notice:

The process here is simple like:

  1. load actN.img to /dev/loop0

  2. load /dev/loop0 to sda1 (sda1 is a directory and empty at first before loading)

  3. at last, cd sda1 (you can see that sda1 is not empty now) 

NOTICE: some parameters in screenshot above are wrong. For example, that 1497000960. Remember to change it to right number according to the actual case.




Last modified: Monday, 3 February 2020, 3:55 PM