Skip to content

Avoiding Common Issues with Copying Exercise Environment Images

As seen in the Intro to Copying article, the Cyber Range is very convenient for taking an existing Range virtual machine or environment and customizing it with populated software, challenges or flags. However, there are some common issues to consider before copying an environment for your students to use.

Three of the biggest issues regarding copying environments are around inadvertently giving students access to:

  • Your instructor web, google-drive, or LMS authentication tokens & cookies
  • Your instructor (or root) .bash_history file(s)
  • Forgotten files, documents or answer-keys (e.g. in ~/Downloads)

After you get done setting up an OS image or environment to be copied (but before you hit the “Copy” button) in a given VM, you will want to consider running a couple of “sanitizing” operations to ensure your students don’t get more access than you intend them to.

Cleaning Up Web Browser Configs

There are a couple of ways to clean up your to-be-copied web browsing settings. If you just want to sanitize any cached cookies and auth tokens, then simply using the browser’s built in “Clear Browsing Data” feature by hitting Ctrl-Shift-D (in google-chrome and firefox) and select the items and duration of cache you wish to clear.

A more thorough, complete “factory default” method that leaves zero trace that the browser has ever been started is that of completely deleting the student’s main user account’s entire browser config directory. This can be done from the user's command line who has google-chrome with the following command:

rm -rf ~/.config/google-chrome/

or on a system running firefox with:

rm -rf ~/.mozilla/firefox

Both of these commands do a fairly good job at wiping out the whole browser config, taking it back to a pristine, stock, worry free state. That being said, if you want your students to have any preconfigured browser plugins, settings, or bookmarks, etc.. then the previous “Clear Browsing Data” method might be better for your situation.

Now, let's look at a few other filesystem file locations you may want to look into.

Cleaning Up Command Line Histories & File Remnants

Another common oversight when creating a custom student image or environment is that of your bash history, downloaded files or other instructor-only files such as answer keys or similar file remnants that you don’t intend for the students to see or have access to.

DANGER

The following one-liner can be used to delete bash history files. Make sure to type the command EXACTLY as it is shown. Making a mistake when typing this command can lead to unintended lost data or a broken VM. Please start with the echo version of the command first to confirm what will be deleted.

This "echo" version of the one-liner functions as a safer dry run that will show you exactly what will be deleted when running the actual command:

sudo find /home /root -name ".bash_history" -exec echo {} \; 2>/dev/null

From the previous command, you will see a list of directories printed to your terminal (for example: /root/.bash_history and /home/student/.bash_history). Once you have confirmed that the first command is only returning filepaths that you want to have deleted, you can continue to the following command which will actually delete the bash history files identified previously:

sudo find /home /root -name ".bash_history" -exec {} \; 2>/dev/null

For other files, downloads, system config changes or other file artifacts or other things you’ve done on the system in the past 8 hours (for example), use this command to explore what things on the system have changed in the past 480 minutes:

sudo find /home /var /etc -mmin -480 -ls

Which will examine only the /home, /var, and /etc directories for files that have been created or modified within the last 480 minutes (8hrs).

If you find any dangerous cruft (or wanted files), go ahead and delete those files and then you will be in a better place to “Copy” your VM for student use.

Environments Can Have Multiple VMs

If you have multiple VMs, or other operating systems (such as Windows) within a student environment config, be sure to also check them using their native tools & methods (e.g. Windows uses cmd and power shell, etc). Just be aware that copying an environment does not only copy just the one VM you’re logged into, but all VMs within that student (or instructor) environment. For example, if you copy an environment that has both a Kali Linux VM and a Windows VM, then be sure to inspect both VMs for any unwanted cached content, web or filesystem cruft.

Summary

Using the Range’s powerful VM environment “Copy” feature to roll out custom student environments is very convenient. Just be sure to think about and consider everything you’ve done and touched on a given VM or environment before making it available to your students.