By default, CTFreak allows administrators to create local command and ansible playbook tasks, which execute directly on the server where CTFreak is installed.

This means that a CTFreak administrator could potentially read any file accessible to the CTFreak process, including the configuration file.

If you want to prevent this, you can disable these task types at startup using dedicated command-line flags.

Disabling local command tasks

ctfreak run -disable-local-command-tasks

When this flag is set, no local command task can be created.

Disabling ansible playbook tasks

ctfreak run -disable-ansible-playbook-tasks

When this flag is set, no ansible playbook task can be created.

Note that ansible playbook tasks are always disabled on Windows, regardless of this flag.