RootWars WarGame Server Request For Proposal. We would like to have a Unix/Linux-based Wargame server very similar to the “Free Hack Zone?? at www.hackerslab.org. Basically the “Free Hack Zone?? is actually a hardened Linux server that users must log into where they are asked to exploit simple Unix-based security vulnerabilities as a means of learning computer security. Tips, and hints must be given to the user along the way to help him accomplish this goal without actually giving him the answer. A user must telnet into the server as user “level0?? password “guest?? and be given a hint for that particular level in the /etc/motd file or similar means. The user must then find and exploit the potential security vulnerability for that level. Exploiting the vulnerability for that particular level is what actually gives the user the password to the next level (Example: level1 password “whateverpass??). I would like this application to have 12 to 15 levels that a user must progress through starting with simple /etc/passwd, and suid exploits, and progressing to making the user write scripts that exploit simple race conditions, and programs that exploit simple buffer overflows. I would like the application developer to have actually completed at least 7 of the levels “Free Hack Zone?? at [url removed, login to view] before bidding on this project. This is a firm requirement, and bidders that haven’t completed these levels will NOT be considered. We are a membership based website that is hosted on a dedicated webserver. We are planning to purchase another dedicated server to host this Wargame application. As a security measure we are planning to use tcpwrappers on the new server to ensure that telnet connections are only allowed to come from the server that our website is hosted on. Website members will log into the members section of the website and will be able to access the Wargame server via a telnet java applet running in the members section of the site. This should ensure that only website members access the Wargame server. We are however open to suggestions if the winning developer would like to handle security differently. The main goal here is to provide a quality product to our customers so they can learn security, and ensure that we can provide this capability securely.
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Installation package that will install the software (in ready-to-run condition) on the platform(s) specified in this bid request.
3) Exclusive and complete copyrights to all work purchased. (No GPL, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site).
Developer's choice however Red Hat 9 is preferred. We will be purchasing a dedicated server for this project. The developer that wins this bid will decide what operating system will run on it, and how the server will be configured. For example the developer will decide if the server will be Unix or Linux and what particular distribution of Unix or Linux that it will run. The developer will also determine how the server will be partitioned, whether certain portions of the file system will be chrooted or not, and how the server will be secured to not only ensure that only website members can access it, but also ensure that users can not gain full administrative privileges on the server itself.