Semester 2 team project scenario required changes

modules/services/unix/http/apache_bash_cgi/secgen_metadata.xml

@@ -14,6 +14,10 @@
   <reference>https://httpd.apache.org/</reference>
   <software_license>Apache v2</software_license>
 
+  <conflict>
+    <type>webapp</type>
+  </conflict>
+
   <requires>
     <module_path>.*apache</module_path>
     <type>httpd</type>

modules/vulnerabilities/unix/bash/shellshock/secgen_metadata.xml

@@ -24,6 +24,10 @@
   <software_name>bash</software_name>
   <software_license>GPLv3+</software_license>
 
+  <conflict>
+    <name>.*Debian.*Stretch.*</name>
+  </conflict>
+
   <requires>
     <type>update</type>
   </requires>

scenarios/security_audit/team_project.xml

@@ -19,7 +19,7 @@
   <!-- Web Server on NIC1 and NIC2 -->
   <system>
     <system_name>web</system_name>
-    <base platform="linux" distro="Debian 7.8" type="server"/>
+    <base platform="linux" type="server"/>
 
     <input into_datastore="IP_addresses">
       <value>172.10.0.2</value>
@@ -42,7 +42,7 @@
       </input>
     </service>
 
-    <vulnerability module_path="" privilege="user_rwx" access="remote" type="(?!.*webapp).*">
+    <vulnerability privilege="user_rwx" access="remote" type="(?!.*webapp|ctf).*">
       <input into="organisation">
         <datastore>organisation</datastore>
       </input>
@@ -130,7 +130,7 @@
       </input>
     </utility>
 
-    <vulnerability access="remote" type="(?!.*webapp).*">
+    <vulnerability access="remote" type="(?!.*webapp|ctf).*">
     <input into="organisation">
         <datastore>organisation</datastore>
       </input>
@@ -139,7 +139,7 @@
       </input>
     </vulnerability>
 
-    <vulnerability type="(?!.*webapp).*">
+    <vulnerability type="(?!.*webapp|ctf).*">
       <input into="organisation" >
         <datastore>organisation</datastore>
       </input>