alhassane.kone/siotp
2
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: alhassane.kone:0.1
Branches Tags
alhassane.kone:main
alhassane.kone:v3.3
alhassane.kone:v3.2
alhassane.kone:v3.1
alhassane.kone:v3.0
alhassane.kone:v2.9
alhassane.kone:v2.8
alhassane.kone:v2.7
alhassane.kone:v2.6
alhassane.kone:v2.5
alhassane.kone:v2.2
alhassane.kone:v2.1
alhassane.kone:v2.0
alhassane.kone:v1.9
alhassane.kone:v1.8
alhassane.kone:v1.6
alhassane.kone:v1.5
alhassane.kone:v1.4
alhassane.kone:v1.3
alhassane.kone:v1.2
alhassane.kone:v1.7
alhassane.kone:v1.1
alhassane.kone:v1.0
alhassane.kone:v0.9
alhassane.kone:v0.8
alhassane.kone:v0.7
alhassane.kone:v0.6
alhassane.kone:v0.5
alhassane.kone:v0.4
alhassane.kone:0.3
alhassane.kone:v0.3
alhassane.kone:v0.2
alhassane.kone:v0.1
alhassane.kone:0.1
...
compare: alhassane.kone:main
Branches Tags
alhassane.kone:main
alhassane.kone:v3.3
alhassane.kone:v3.2
alhassane.kone:v3.1
alhassane.kone:v3.0
alhassane.kone:v2.9
alhassane.kone:v2.8
alhassane.kone:v2.7
alhassane.kone:v2.6
alhassane.kone:v2.5
alhassane.kone:v2.2
alhassane.kone:v2.1
alhassane.kone:v2.0
alhassane.kone:v1.9
alhassane.kone:v1.8
alhassane.kone:v1.6
alhassane.kone:v1.5
alhassane.kone:v1.4
alhassane.kone:v1.3
alhassane.kone:v1.2
alhassane.kone:v1.7
alhassane.kone:v1.1
alhassane.kone:v1.0
alhassane.kone:v0.9
alhassane.kone:v0.8
alhassane.kone:v0.7
alhassane.kone:v0.6
alhassane.kone:v0.5
alhassane.kone:v0.4
alhassane.kone:0.3
alhassane.kone:v0.3
alhassane.kone:v0.2
alhassane.kone:v0.1
alhassane.kone:0.1

57 Commits
0.1 ... main

Author SHA1 Message Date
alhassane.kone
993ae82b02 Téléverser les fichiers vers "sio2/CYBER/Journald" 2023-12-25 11:38:14 +01:00
sio user
bdc9b72e1b fichier de config journald snd et rcv 2023-12-25 11:36:20 +01:00
alhassane.kone
c62514d799 Actualiser sio2/AP4/provision/glpi.yml 2023-12-19 10:35:58 +01:00
Alhassane Kone
759f7a3d03 maj projet AP4 2023-12-15 08:28:03 +01:00
root
db7640bd5c mise a jour playbook installation glpi 2023-12-13 19:02:53 +01:00
Alhassane Kone
fc7d4de480 projet AP4 ansible glpi 2023-12-07 14:10:44 +01:00
Alhassane Kone
4f6469cd98 maj 2023-12-07 11:25:50 +01:00
root
d78881a752 ajout fichier config wireguard 2023-12-04 09:25:21 +01:00
root
777067579f mise a jour wireguard 2023-12-04 09:20:51 +01:00
alhassane.kone
5ac3c137f6 Supprimer sio2/AP/sdis2023.sql 2023-11-30 09:23:20 +01:00
Alhassane Kone
9e35ca41c6 maj 2023-11-30 08:42:38 +01:00
Alhassane Kone
a2e4e13f0e encore une maj 2023-11-24 15:34:30 +01:00
Alhassane Kone
c4f16ca274 maj 2023-11-24 15:05:57 +01:00
Alhassane Kone
e8cf17309b mise à jour 2023-11-23 11:57:30 +01:00
root
9a9122c181 correction playbook 2023-11-22 13:04:40 +01:00
Alhassane Kone
9bdbe30539 maj AP 2023-11-21 11:27:27 +01:00
ak
fa3a3a8731 maj 2023-11-10 08:33:18 +01:00
root
e88bb6e440 ajout tp doku 2023-10-20 11:01:22 +02:00
root
365ac0717a tp ansible 2023-10-16 17:55:25 +02:00
root
d86d83103d ajout playboook syslog 2023-10-15 19:24:15 +02:00
root
ceece5a13c reorganisation des repertoires 2023-10-15 12:26:59 +02:00
root
d18f102841 playbook ansible 2023-10-13 13:03:04 +02:00
root
32d6b7dbd1 tp wireguard 2023-10-12 15:52:38 +02:00
Your Name
63fd73b56c Merge branch 'main' of https://gitea.lyc-lecastel.fr/alhassane.kone/siotp 2023-10-12 06:12:19 +00:00
Your Name
a77e3691e5 ajout nagios 2023-10-12 06:10:56 +00:00
Votre Nom
8b71aef87b TP python 2023-10-09 17:11:49 +02:00
root
ce7de1abb0 ajout fichier conf postfix 2023-10-01 20:05:20 +02:00
alhassane.kone
7731dae2bb Supprimer sio2/SISR/Nagios/test 2023-10-01 19:47:22 +02:00
root
5d16f39587 script snmpd.conf 2023-09-29 08:43:17 +02:00
root
d619de090c fichier config SNMP 2023-09-29 08:38:24 +02:00
Your Name
919cb894aa Ajout fichier tp snmp_check 2023-09-29 06:26:51 +00:00
Alhassane Kone
da00fbf02a script 2023-09-28 08:29:41 +02:00
root
2435899033 fichier config dhcp FOG 2023-09-25 17:30:06 +02:00
Your Name
e53bb1eadd fichiers de config Nagios 2023-09-24 16:00:59 +00:00
Alhassane Kone
1bfdc82fd2 ajout vagrantfile 2023-09-22 13:57:41 +02:00
root
589b5b28af fichier conf rsyslog 2023-09-22 13:11:24 +02:00
root
14b12f22ac fichier dhcpd.conf 2023-09-20 11:16:43 +02:00
alhassane.kone
17f138d550 Supprimer sio2/SISR/PXE/dhcpd.conf 2023-09-20 10:59:08 +02:00
root
5aa06c1d6a Fichiers de configuration du TP PXE 2023-09-18 21:03:14 +02:00
root
d1a456482a Merge branch 'main' of https://gitea.lyc-lecastel.fr/alhassane.kone/siotp 2023-09-18 15:04:11 +02:00
root
3c555f62b8 HAPROXY: fichier de configuration 2023-09-18 15:01:47 +02:00
alhassco
1904a6b194 TP AIDE et autres IDS 2023-09-17 21:03:32 +02:00
root
79af6d8a29 fichier vagrant machine simple 2023-09-15 15:06:42 +02:00
root
864d415eea TP Load Balancer 2023-09-15 12:59:31 +02:00
Alhassane Kone
0a1f8f7e05 test 2023-09-14 10:20:31 +02:00
Alhassane Kone
fcb632e759 creation du répertoire CYBER 2023-09-14 10:16:46 +02:00
root
aef55f6b9e TP HEARTBEATH 2023-09-11 17:53:23 +02:00
AK
8328a8a625 script routage NAT 2023-06-15 18:25:11 +02:00
sio user
d948d805e0 clé publique machine salle 213 2023-05-26 11:27:33 +02:00
sio user
74a658e86f script récupération vm 2023-05-26 11:22:11 +02:00
alhassco
7ec360e162 Dossier tp DHCP 2023-05-18 22:51:39 +02:00
alhassane
ebbf4bed76 deuxième dépot 2023-03-31 11:47:41 +02:00
alhassane
7ecd234375 ajout script 2023-03-30 15:57:22 +02:00
alhassane
3524a54647 Script iptables 2023-03-30 15:14:54 +02:00
KONE
3300602f9c scripts tp crsamba 2023-03-27 16:47:20 +02:00
Kone
d506a19c31 ajout fichier SQUID 2023-03-24 11:25:14 +01:00
KONE
d1443e4d60 ajout fichier … 2023-03-24 11:16:37 +01:00
86 changed files with 14454 additions and 3 deletions
Show Stats Expand all files Collapse all files

3
README.md
View File

@ -1,3 +0,0 @@
# siotp
Ceci est le répertoire qui servira à accueillir les travaux du BTS SIO

39
autres/id_rsa Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBhYC3EYr
1OcnfMoctOu4QPAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCnA1B4j9lB
Y+nE+pzchM+EX9rMqxVm/duQQDJPiLcnrj39Lx25o1l1O74okFXEWnJO4Q/NKDlH+B1qY4
0FQvZ3iJr4p7YMoBz6+ygi3Zbh3hwuxe6ioqsX7k7/DV5ecmZa0DfBg4ZZ5q1FkRD7x0MZ
PMFxsNYpRtHstb+fVEFQ1jhJH2YMSqGcCemndYvc7s80j1Myyydwf1fuwBteyX8YviCTIT
sl5iWebI8kF70u3sepkJq152fKh1kAYiWm+yRKwy6N1MTfOgCax3mF734zGg3GXcdrPeuE
xBn02EnQ6GZQfxAp9/8vAcIBR6gvbgVzp+ENYkgoq2nZ41JS2EWd6ARXapa9OmokKJ/BX2
JqjmU0Br2h/f0AYjc7PmKbsgd292809etRQLcjy4C7AsDZNW0etedzwuwAr+yWLPhzhV+x
Ba0eZ+7rN6xSuHup/wsjTXfX0NrtojRybY7qPCWIPGtneV3Sm65FW+MK66Je+fBNoPcr6l
+HyP6v2OcwBOsAAAWQwmNuDv3Kz11CVOIfBiLVl3SC7bBurNcOqmGQONQ1MnQaKtNo/zwL
3jbZ1aAZohLxKiFXcHhRJGcD6sl9BTZZnqC6Qjym9SXdpfJpVKzzHBBvMifmX5P/IGHgJo
L/A4vbSjuyu/OSfwlnGY+EBeTrlmMG599mj2XClfUGwdrVH9NLJHZV3DX9TbA8I/ZiOK/U
sKqUjqKu6LQ5dPXRxCRdKsMUkB0s6lt1hwMt9CPOWciAfyuY2+/0BIQEWM14q/0BiLx3F3
7qs/XrTJV0Ay/lQWszI6FLb9b+9Nfvwl6FmUlGjXFAN+R/LIjJURFRBBD0tKmF5ji6BLTA
/1ZiTCgJZGaG5X4elUNXEm+EhuXyqz1QeoUZsDnshp843374vAjSesB43c4GAF/PgZaAK2
RJXHcavYQoRvsBF/5SSt3yD1fuhJqh5MLsqywXa/mMCZaGlkUo3wnbzdnWBTfwH9vWnGR9
9279kzemNfQF/Gqp+kWcgi5SW4KHSEvatooCnKwJlRg6BqBGX0zfMLqCbGpEQU76xn/qJx
OuZpnKiLU0hnjDBDVXTq3Bshc9aZsLFtyZav7YgbaA8s960vMB9M2qK1IwW2r9JWP0MkZh
5ab8281Rka8pxtgZ1iIRsz9LfnBAHxHTNClXxpY0re4RZHr77mi/a2b6A9nkDGgcPmakX/
8cciTLK3w588sEvBolEceHkF1UyJ3TuUd4jYFJMXS8lVhLcY9ikZub+hMqKYaycvtwG1Bv
zcO2gEf0X9sBMbLwa+/f8QCglmHnvU0EqCj6rET3LRVZVDjkVv162FLB+CWyWk89PPr6JP
3HUV6/8Np/Icnt2hjXdm3e+W1iE3iYQG3oQ6exwwQp5QkTyDVmbi9FSKrRMzy+TrICS7qr
jYOph9vNhWN4cM5R3miQOJ1IWUN2eo5W6eWyRo92nKnetqKfv1hdKJ9iAsQB5FqtSc1OOW
QSsfzAs3qSWYQBbfmelX9egH2W3vww82+ljggIXg0CiVVIsUWS9JCdjupzE+mBoo8J3pWA
6aT6tEnYoF3VmIulyouy7PoVWJpA2bsv09lTGemUTPHk9TeRmbkNsHdEhutiych6jfY+iW
kzsL5u8Dp1BGFywrUMzMkI2qGFikCt8qgLttqNN5AZZPATaNESvKCZjwQtf1NcnLlQQR5w
1EcyPXAudJqZd9BVyUrS7YnzeeyaP+u9DqmGUXvZENYeiqS6Pe24eLQ2njVfIfuWiF6tZ9
5HvjwWbG863awVCiS9N6aj39V3dTrCzGKJy+ROXBE6OXdYXT9gHfu7oq7INJcsxpN2ahBS
AEqbaz6V2UEqr6dotAA0zpMTMCNKbZ1iWCa3B+WjVEScw4u0fjcSQ5DrmL6gjZf5VWCa6L
DUXNjeErMjd9O9TF6EXs66M2ntOZRcpV0A9moR5CPJmGx/LAgH6voTRYntWfldmqVucXaJ
amUPLmUSRrLyu7/pCX3rJCF4hHll/1jPr6jHA9Wu8WfI0i9mHL3CnmMsKAj5QWmor1WQlk
yd6snBodZ6jGP/lXopz82tgcZfS+k3vxflVElNZY8a8hWxbuP1O6u1ivtqWF0uFIApzPvz
vWaCNgaAsloxjjbLfLyQFJ/m2TSSGsJwDVvLH/46Cb+t8AdujEHoCcSHTPSYzIxytSyhAP
8TZnebzwN4YyOmOJ6Gm/tHV3tquIWOBDR2CUKUo6Psnxhw5aGLZO1QI+XIQZoDunYYNub3
/si9dHme47OTlsdyRNLlgLYqewuMSRUGS1e4JsdvrGxToVmIA+v0ojCBJnTL8tT0gAbHn3
jhZPRYbCKhLnI0e3qygtktbfkJKPwFWTXqn1ZEJksKP5tSGco+EUmrmO8XjcRpSgSqkFn0
ftjvjtFZBdjb2/E3KAWcBio8eMQ=
-----END OPENSSH PRIVATE KEY-----

15
autres/vm Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
# Chemin de destination pour les fichiers OVA
destination="/home/sio/mes_vm/"
# Récupérer la liste des noms de machines virtuelles
vms=$(VBoxManage list vms | awk -F '"' '{print $2}')
# Exporter chaque machine virtuelle au format OVA
for vm in $vms; do
echo "Exportation de la machine virtuelle : $vm"
VBoxManage export "$vm" -o "$destination/$vm.ova"
done
echo "Exportation terminée."

6
sio1/sisr1/18-bash/tpbash/crsamba Executable file
View File

@ -0,0 +1,6 @@
#!/bin/bash
fich=users.txt
while read ligne
do
echo $ligne
done < $fich

22
sio1/sisr1/18-bash/tpbash/crsamba3 Executable file
View File

@ -0,0 +1,22 @@
#!/bin/bash
usage() {
echo "usage : $0 <users.txt>"
exit 1
}
if [[ $# != 1 ]] ; then
usage
fi
fich=$1
if [[ ! -r $fich ]] ; then
echo "i$0: erreur ouverture fichier $fich"
exit 2
fi
while read ligne
do
echo $ligne
done < $fich

25
sio1/sisr1/18-bash/tpbash/crsamba4 Executable file
View File

@ -0,0 +1,25 @@
#!/bin/bash
usage() {
echo "usage : $0 <users.txt>"
exit 1
}
if [[ $# != 1 ]] ; then
usage
fi
fich=$1
if [[ ! -r $fich ]] ; then
echo "i$0: erreur ouverture fichier $fich"
exit 2
fi
while read ligne
do
login=$(echo "${ligne}"|cut -f1 -d:)
echo $login
nom=$(echo "${ligne}"|cut -f2 -d:)
echo $nom
done < $fich

34
sio1/sisr1/18-bash/tpbash/crsamba5 Executable file
View File

@ -0,0 +1,34 @@
#!/bin/bash
usage() {
echo "usage : $0 <users.txt>"
exit 1
}
if [[ $# != 1 ]] ; then
usage
fi
fich=$1
if [[ ! -r $fich ]] ; then
echo "i$0: erreur ouverture fichier $fich"
exit 2
fi
while read ligne
do
login=$(echo "${ligne}"|cut -f1 -d:)
#echo $login
nom=$(echo "${ligne}"|cut -f2 -d:)
#echo $nom
if ! getent passwd "${nom}" > /dev/null 2 >&1
then
sudo useradd -m -c "${nom}" -s /bin/bash "${login}"
mdp=$(pwgen 6 1)
echo "${login}:${mdp}"|sudo chpasswd
echo "${login}:${mdp}">>${fich}.pw
else
echo "${nom}" existe déja
fi
done < $fich

29
sio1/sisr1/18-bash/tpbash/crsamba6 Executable file
View File

@ -0,0 +1,29 @@
#!/bin/bash
usage() {
echo "usage : $0 <users.txt>"
exit 1
}
if [[ $# != 1 ]] ; then
usage
fi
fich=$1
if [[ ! -r $fich ]] ; then
echo "i$0: erreur ouverture fichier $fich"
exit 2
fi
while read ligne
do
login=$(echo "${ligne}"|cut -f1 -d:)
#echo $login
nom=$(echo "${ligne}"|cut -f2 -d:)
#echo $nom
if getent passwd "${login}" > /dev/null 2 >&1
then
sudo userdel -r -f "${login}"
fi
#echo $ligne
done < $fich

29
sio1/sisr1/18-bash/tpbash/crsamba7 Executable file
View File

@ -0,0 +1,29 @@
#!/bin/bash
usage() {
echo "usage : $0 <users.txt>"
exit 1
}
if [[ $# != 1 ]] ; then
usage
fi
fich=$1
if [[ ! -r $fich ]] ; then
echo "i$0: erreur ouverture fichier $fich"
exit 2
fi
while read ligne
do
login=$(echo "${ligne}"|cut -f1 -d:)
#echo $login
nom=$(echo "${ligne}"|cut -f2 -d:)
#echo $nom
if getent passwd "${login}" > /dev/null 2 >&1
then
sudo userdel -r -f "${login}"
fi
#echo $ligne
done < $fich

34
sio1/sisr1/18-bash/tpbash/sio@192.168.0.100 Executable file
View File

@ -0,0 +1,34 @@
#!/bin/bash
usage() {
echo "usage : $0 <users.txt>"
exit 1
}
if [[ $# != 1 ]] ; then
usage
fi
fich=$1
if [[ ! -r $fich ]] ; then
echo "i$0: erreur ouverture fichier $fich"
exit 2
fi
while read ligne
do
login=$(echo "${ligne}"|cut -f1 -d:)
#echo $login
nom=$(echo "${ligne}"|cut -f2 -d:)
#echo $nom
if ! getent passwd "${nom}" > /dev/null 2 >&1
then
sudo useradd -m -c "${nom}" -s /bin/bash "${login}"
mdp=$(pwgen 6 1)
echo "${login}:${mdp}"|sudo chpasswd
echo "${login}:${mdp}">>${fich}.pw
else
echo "${nom}" existe déja
fi
done < $fich

4
sio1/sisr1/18-bash/tpbash/users.txt Normal file
View File

@ -0,0 +1,4 @@
laymar:Lucien Aymar
cperier:Claudine Perier
rdubois:Robert Dubois
mlefebvre:Marcelle Lefebvre

12
sio1/sisr1/18-bash/tpbash/users.txt.pw Normal file
View File

@ -0,0 +1,12 @@
laymar:uomeM8
cperier:za2Iez
rdubois:an6ahJ
mlefebvre:Aque8E
laymar:Eimai2
cperier:Iesoo9
rdubois:loo6Ac
mlefebvre:guCh0s
laymar:reY9ze
cperier:eR7iel
rdubois:Bee7Ee
mlefebvre:Ook3fe

8573
sio1/sisr1/19-squid/squid.conf Normal file
View File

File diff suppressed because it is too large Load Diff

22
sio1/sisr1/20-dns/srv1/db.domaine.lan Normal file
View File

@ -0,0 +1,22 @@
$ORIGIN .
$TTL 38400 ; 10 hours 40 minutes
domaine.lan IN SOA serv1.domaine.lan. root.serv1.domaine.lan. (
2023030201 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
38400 ; minimum (10 hours 40 minutes)
)
NS serv1.domaine.lan.
NS serv2.domaine.lan.
serv1.domaine.lan. A 192.168.0.161
serv2.domaine.lan. A 192.168.0.160
$ORIGIN domaine.lan.
poste1 A 192.168.0.100
poste2 A 192.168.0.101
www CNAME poste1.domaine.lan.

14
sio1/sisr1/20-dns/srv1/db.domaine.lan.rev Normal file
View File

@ -0,0 +1,14 @@
$TTL 38400 ; 10 hours 40 minutes
@ IN SOA serv1.domaine.lan. root.serv1.domaine.lan. (
2016091501 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
38400 ; minimum (10 hours 40 minutes)
)
IN NS serv1.domaine.lan.
IN NS serv2.domaine.lan.
61 IN PTR serv1.sio.lan.
60 IN PTR serv2.sio.lan.
14 IN PTR wd.sio.lan.

11
sio1/sisr1/20-dns/srv1/named.conf Normal file
View File

@ -0,0 +1,11 @@
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

19
sio1/sisr1/20-dns/srv1/named.conf.local Normal file
View File

@ -0,0 +1,19 @@
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
// zone directe
zone "domaine.lan" {
type master;
file "/etc/bind/db.domaine.lan";
};
// zone inverse
zone "0.168.192.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.domaine.lan.rev";
};

4
sio1/sisr1/20-dns/srv1/resolv.conf Normal file
View File

@ -0,0 +1,4 @@
search domaine.lan
nameserver 10.121.38.7
nameserver 127.0.0.1 #on ressoud localement

107
sio1/sisr1/21-dhcp/dhcpd.conf Normal file
View File

@ -0,0 +1,107 @@
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "alhassco.lan";
option domain-name-servers ns1.alhassco.lan, ns2.alhassco.lan;
default-lease-time 600;
max-lease-time 7200;
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
#subnet 192.168.2.0 netmask 255.255.255.0 {
#range 192.168.2.11 192.168.2.252;
# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
#subnet 10.254.239.32 netmask 255.255.255.224 {
# range dynamic-bootp 10.254.239.40 10.254.239.60;
# option broadcast-address 10.254.239.31;
# option routers rtr-239-32-1.example.org;
#}
# A slightly different configuration for an internal subnet.
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.15 192.168.2.250;
option domain-name-servers 192.168.2.2, 192.168.2.3;
option domain-name "alhassco.lan";
option routers 192.168.2.253;
option broadcast-address 192.168.2.255;
default-lease-time 600;
max-lease-time 7200;
}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
#host passacaglia {
# hardware ethernet 0:0:c0:5d:bd:95;
# filename "vmunix.passacaglia";
# server-name "toccata.example.com";
#}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
host pcXp {
hardware ethernet 08:00:27:00:53:76;
fixed-address 192.168.2.20;
}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#class "foo" {
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}
#shared-network 224-29 {
# subnet 10.17.224.0 netmask 255.255.255.0 {
# option routers rtr-224.example.org;
# }
# subnet 10.0.29.0 netmask 255.255.255.0 {
# option routers rtr-29.example.org;
# }
# pool {
# allow members of "foo";
# range 10.17.224.10 10.17.224.250;
# }
# pool {
# deny members of "foo";
# range 10.0.29.10 10.0.29.230;
# }
#}

17
sio1/sisr1/40-filtrage/fw0.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
IFEXT=enp0s3
IFDMZ=enp0s8
IFINT=enp0s9
# ici instruction pour activer le routage
echo "1" > /proc/sys/net/ipv4/ip_forward
# ici instructions pour definir les stratégies par defaut (etape 1)
# ici instructions pour remettre a zero les chaines filter et nat (etape 1)

16
sio1/sisr1/40-filtrage/fw1.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
IFEXT=enp0s3
IFDMZ=enp0s8
IFINT=enp0s9
# ici instruction pour activer le routage
# ici instructions pour definir les stratégies par defaut (etape 1)
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -F -t nat #remise à 0 de la table nat
# ici instructions pour remettre a zero les chaines filter et nat (etape 1)

18
sio1/sisr1/40-filtrage/fw2.sh Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
IFEXT=enp0s3
IFDMZ=enp0s8
IFINT=enp0s9
# ici instruction pour activer le routage
# ici instructions pour definir les stratégies par defaut (etape 1)
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# ici instructions pour remettre a zero les chaines filter et nat (etape 1)
iptables -F -t nat #remise à 0 de la table nat
# On autorise la connexion SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT # en entrée
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT #en sortie

34
sio1/sisr1/40-filtrage/fw3.sh Executable file
View File

@ -0,0 +1,34 @@
#!/bin/bash
IFEXT=enp0s3
IFDMZ=enp0s8
IFINT=enp0s9
# ici instruction pour activer le routage
echo "1" > /proc/sys/net/ipv4/ip_forward
# ici instructions pour definir les stratégies par defaut (etape 1)
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# ici instructions pour remettre a zero les chaines filter et nat (etape 1)
iptables -F -t nat #remise à 0 de la table nat
# On autorise la connexion SSH coté serveur
iptables -A INPUT -p tcp --dport 22 -j ACCEPT # en entrée
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT #en sortie
#on autorise les requetes DNS coté client
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT # en sortie
iptables -A INPUT -p udp --sport 53 -j ACCEPT # en entrée
#on définit le proxy du lyéce
#export http_proxy=http://10.121.38.1:8080
# on autorise les requête émise en http coté client
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT #en sortie
iptables -A INPUT -p tcp --sport 80 -j ACCEPT #en entrée
#on autorise les requetes émisent en ftp
iptables -A OUTPUT -p tcp --sport 21 -j ACCEPT #en entrée
iptables -A INPUT -p tcp --sport 21 -j ACCEPT #en entrée

46
sio1/sisr1/40-filtrage/fw4.sh Executable file
View File

@ -0,0 +1,46 @@
#!/bin/bash
IFEXT=enp0s3
IFDMZ=enp0s8
IFINT=enp0s9
# ici instruction pour activer le routage
echo "1" > /proc/sys/net/ipv4/ip_forward
# ici instructions pour definir les stratégies par defaut (etape 1)
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# ici instructions pour remettre a zero les chaines filter et nat (etape 1)
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -F -t nat #remise à 0 de la table nat
# On autorise la connexion SSH coté serveur
iptables -A INPUT -p tcp --dport 22 -j ACCEPT # en entrée
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT #en sortie
#on autorise les requetes DNS coté client
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT # en sortie
iptables -A INPUT -p udp --sport 53 -j ACCEPT # en entrée
#on définit le proxy du lyéce
#export http_proxy=http://10.121.38.1:8080
# on autorise les requête émise en http coté client
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT #en sortie
iptables -A INPUT -p tcp --sport 80 -j ACCEPT #en entrée
#on autorise les requetes émisent en ftp
#iptables -A OUTPUT -p tcp --sport 21 -j ACCEPT #en entrée
#iptables -A INPUT -p tcp --sport 21 -j ACCEPT #en entrée
# on vérifie l'accès a une page web :
#curl http://10.121.38.10
iptables -A FORWARD -o ${IFEXT} -s 10.0.0.0/24 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i ${IFEXT} -d 10.0.0.0/24 -p tcp --sport 80 -j ACCEPT
iptables -A FORWARD -o ${IFEXT} -s 10.0.0.0/24 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -i ${IFEXT} -d 10.0.0.0/24 -p udp --sport 53 -j ACCEPT
#iptables -A FORWARD -i ${IFEXT} -s 192.168.0.0/24 -p tcp --sport 80 -j DROP
iptables -t nat -A POSTROUTING -o${IFEXT} -j MASQUERADE #translation d'adresse

4
sio1/sisr1/scripts/maj Normal file
View File

@ -0,0 +1,4 @@
#!/bin/bash
cd ap22-d
git pull
GIT_WORK_TREE=/var/www/html/ git checkout -f

4
sio1/sisr1/scripts/nat.sh Executable file
View File

@ -0,0 +1,4 @@
#!/bin/bash
echo 1 | sudo dd of=/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE

25
sio2/AP/apbase.yml Normal file
View File

@ -0,0 +1,25 @@
---
- name: apbase
hosts: web
become: yes
tasks:
- name: 1. Installer les paquets apache2 php et adminer
apt:
name:
- apache2
- php
- adminer
- php-mbstring
state: present
#notify: 2. redémarrer apache et activer adminer
- name: 2. redémarrer apache et activer adminer
shell: sudo a2enconf adminer
- name: 3. redémarrer apache et activer adminer
shell: sudo systemctl reload apache2

52
sio2/AP/apdb.yml Normal file
View File

@ -0,0 +1,52 @@
---
- name: apdb
hosts: web
become: yes
tasks:
- name: 1. Installer mariadb
apt:
name:
- mariadb-server
- python3-pymysql
state: present
- name: 2. s'assurer que mariadb est en fonctionnement
service:
name: mariadb
state: started
- name: 3. Creer un utilisateur et lui attribuer tous les droits
community.mysql.mysql_user:
name: admin
password: admin
priv: '*.*:ALL,GRANT'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: 4. Creation de la base de donnee 'sdis2023'
community.mysql.mysql_db:
name: sdis2023
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: 5. copier la base de donnée sur l'hôte distant
copy:
src: sdis2023.sql
dest: /tmp/sdis2023.sql
- name: 6. Restore la base de donnée
community.mysql.mysql_db:
name: sdis2023
state: import
target: /tmp/sdis2023.sql
login_unix_socket: /var/run/mysqld/mysqld.sock
# - name: 5. Dump multiple databases
#community.mysql.mysql_db:
#state: dump
#name:
#- sdis2023
#target: sdis2023.sql
#login_unix_socket: /var/run/mysqld/mysqld.sock

20
sio2/AP/apdbdump.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: apdbdump
hosts: web
become: yes
tasks:
- name: 1. Dump multiple databases
community.mysql.mysql_db:
state: dump
name: sdis2023
target: /tmp/sdis2023.sql
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: 2. recuperation de sdis2023.sql avec fetch
ansible.builtin.fetch:
src: /tmp/sdis2023.sql
dest: sdis2023-dump.sql
flat: yes

12
sio2/AP/drop.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: apdb
hosts: web
become: yes
tasks:
- name: 1. Suppression de la base de donnee 'sdis2023'
community.mysql.mysql_db:
name: sdis2023
state: absent
login_unix_socket: /var/run/mysqld/mysqld.sock

2
sio2/AP/hosts Normal file
View File

@ -0,0 +1,2 @@
[web]
ap33prod

22
sio2/AP4/Vagrantfile vendored Normal file
View File

@ -0,0 +1,22 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.provision "shell", inline: <<-SHELL
# export http_proxy=http://10.121.38.1:8080
# export https_proxy=http://10.121.38.1:8080
timedatectl set-timezone Europe/Paris
apt-get -y update
apt-get -y upgrade
SHELL
config.vm.define "glpi" do |glpi| # VM No'1
glpi.vm.box = "debian/bookworm64" # Type de la machine
glpi.vm.hostname = "glpi" # Nom de la machine
glpi.vm.network "public_network" #, ip: "192.168.0.111"# Set static IP
glpi.vm.provision "ansible" do |ansible|
ansible.playbook = "provision/glpi.yml" # Lance le playbook glpi.yml
end
end
end

2
sio2/AP4/hosts Normal file
View File

@ -0,0 +1,2 @@
[web]
glpi

7
sio2/AP4/provision/glpi.yml Normal file
View File

@ -0,0 +1,7 @@
---
- hosts: all
become: true
roles:
- web
- bdd
- glpi

5
sio2/AP4/provision/roles/bdd/handlers/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
- name: restart mariadb
service:
name: mariadb.service
state: restarted

29
sio2/AP4/provision/roles/bdd/tasks/main.yml Normal file
View File

@ -0,0 +1,29 @@
- name: 1. Installer mariadb
apt:
name:
- mariadb-server
- python3-pymysql
state: present
- name: 2. s'assurer que mariadb est en fonctionnement
service:
name: mariadb
state: started
- name: 3. Creer un utilisateur et lui attribuer tous les droits
community.mysql.mysql_user:
name: glpi
password: glpi
priv: '*.*:ALL,GRANT'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
notify:
- restart mariadb
- name: 4. Creation de la base de donnee 'db_glpi'
community.mysql.mysql_db:
name: db_glpi
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
notify:
- restart mariadb

21
sio2/AP4/provision/roles/glpi/tasks/main.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: 1. Telechargement de l'archive de glpi 10.0.10
get_url:
url: http://depl.sio.lan/store/glpi-10.0.10.tgz
dest: /tmp
- name: 2. Extraire glpi 10.0.10.tgz vers /tmp/
ansible.builtin.unarchive:
src: /tmp/glpi-10.0.10.tgz
dest: /var/www/html/
remote_src: true
- name: 3. Changer propritaire group et permissions
file:
path: /var/www/html/glpi
owner: www-data
group: www-data
mode: '0755'
recurse: yes

6
sio2/AP4/provision/roles/web/handlers/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: restart apache2
service:
name: apache2
state: restarted

30
sio2/AP4/provision/roles/web/tasks/main.yml Normal file
View File

@ -0,0 +1,30 @@
---
- name: 1. Installer apache php
apt:
name:
- apache2
- php
- curl
state: present
#notify: 2. redémarrer apache et activer adminer
- name: 2. Installation des extensions php de GLPI
apt:
name:
- php-xml
- php-common
- php-json
- php-mysql
- php-mbstring
- php-curl
- php-gd
- php-intl
- php-imap
- php-apcu
- php-zip
- php-xmlrpc
- php-bz2
- php-ldap
state: present
notify:
- restart apache2

23
sio2/CYBER/Cryptage/crypt.sh Executable file
View File

@ -0,0 +1,23 @@
#!/bin/bash
unn=$1
utilisateurmdp=$2
action=$3
ficcle=$4
user=$(echo $utilisateurmdp| cut -f1 -d/ )
mdp=$(echo $utilisateurmdp| cut -f2 -d/ )
echo $user
echo $mdp
[ -e /tmp/share ] || mkdir /tmp/share
mount.cifs -o "username=${user},password=${mdp}" //${unn} /tmp/share
if [[ $? == 0 ]] ;then
echo "le montage fonctionne cryptage en cours"
ccrypt ${action} -r -k ${ficcle} /tmp/share/*
umount /tmp/share
rm -r /tmp/share
else
echo "erreur montage $?"
exit 1
fi
exit 0

8
sio2/CYBER/IDS/aide Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
aideinit #initialisation
/etc/cron.daily/aide # on lance aide pour vérifier
more /var/log/aide/aide.log # on affiche le compte-rendu : pas de changements
touch /etc/truc # on créée un fichier
echo "#########" >> /etc/hosts # on en modifie un autre
/etc/cron.daily/aide # on vérifie à nouveau
more /var/log/aide/aide.log # on constate les changements survenus ...

189
sio2/CYBER/IDS/aide.conf Normal file
View File

@ -0,0 +1,189 @@
# AIDE conf
# set environment for executable config files included by x_include
@@x_include_setenv UPAC_settingsd /etc/aide/aide.settings.d
# The daily cron job depends on these paths
database_in=file:/var/lib/aide/aide.db
database_out=file:/var/lib/aide/aide.db.new
database_new=file:/var/lib/aide/aide.db.new
gzip_dbout=yes
# Set to no to disable report_summarize_changes option.
report_summarize_changes=yes
# Set to no to disable grouping of files in report.
report_grouped=yes
# Set verbosity of aide run and reports
log_level=warning
report_level=changed_attributes
# Set to yes to print the checksums in the report in hex format
report_base16 = no
# if you want to sacrifice security for speed, remove some of these
# checksums.
Checksums = sha256+sha512+haval
# The checksums of the databases to be printed in the report
# Set to 'E' to disable.
database_attrs = Checksums
# check permissions, owner, group and file type
OwnerMode = p+u+g+ftype
# Check size and block count
Size = s+b
# Files that stay static
InodeData = OwnerMode+n+i+Size+l+X
StaticFile = m+c+Checksums
# Files that stay static but are copied to a ram disk on startup
# (causing different inode)
RamdiskData = InodeData-i
# Check everything
Full = InodeData+StaticFile
# Files that change their mtimes or ctimes but not their contents
VarTime = InodeData+Checksums
# Files that are recreated regularly but do not change their contents
VarInode = VarTime-i
# Files that change their contents during system operation
VarFile = OwnerMode+n+l+X
# Directories that change their contents during system operation
VarDir = OwnerMode+n+i+X
# Directories that are recreated regularly and change their contents
VarDirInode = OwnerMode+n+X
# Directories that change their mtimes or ctimes but not their contents
VarDirTime = InodeData
# Logs are special: they are continously written to, may be compressed
# have their file name changed in different, mutually incompatibly ways
# and apprear and vanish at will. Handling this is a a complex and error-
# prone issue.
#
# This is best broken down in a number of small tasks:
#
#
# (A)
# While a live log is being written to, it doesn't change its mode and
# inode and its size only increases.
#
# (B)
# When a live log is rotated for the first time, it should not change
# its mode, may change its inode, and its size decreases. The size
# decrease may not be noticed by aide if the file had size x at the last
# aide run, was rotated in the mean time and was written to so that it
# had a size > x at the next aide run.
#
# (C)
# When a log is compressed, this looks to aide like the uncompressed
# file vanished (or was replaced by another file) and the compressed
# file appeared out of the blue. There is (currently) no way to
# associate the (gone) uncompressed file's contents with the (new)
# compressed file's contents
#
# (D)
# The actual log rotation may rename foo.{x}.bar to foo.{x+1}.bar without
# changing the other properties of the file
#
# (E)
# If only a given number of log generations is to be kept, foo.{y}.bar may
# vanish, but usually only when no foo.{z}.bar exists for z>y.
#
# (F)
# The set of files foo.{x}.bar to foo.{y}.bar is called a "log series"
# in aide terms, with the lowest x being called the "LoSerMember" element
# and the highest y being called the "HiSerMember" element, and the z
# with x<z<y simple called "SerMember". The Lo and Hi members need to
# be special cased in aide configuration.
#
#
# This is an example of the normal life of a log named foo in a logrotate
# configuration using a configuration at it is commonly used in Debian
# (from old to new):
# 1 logrotate deletes HiSerMember foo.{y}.gz
# 2 logrotate rotates SerMember foo.{z-1}.gz to foo.{z}.gz for all
# z with 3<z<=y. This includes rotation of foo.{y-1}.gz to
# foo.{y}.gz and foo.2.gz to foo.3.gz
# 3 logrotate compresses foo.1 to foo.2.gz, creating LoSerMember foo.2.gz
# 4 logrotate rotates foo to foo.1 (a simple rename)
# 5 logrotate creates new, empty foo
# 6 foo daemon logs to foo - foo grows in size
#
# we need the following rules:
# /var/log/foo$ f Log
# /var/log/foo$ f FreqRotLog
# this takes care of the growing live log (step 7). The "Log" rule
# is appropriate for logs that are not rotated daily as rotation
# might be reported (if the file size has decreased since the last
# aide run). For daily rotated logs, the "FreqRotLog" may be more
# appropriate.
# /var/log/foo\.1$ f LowLog
# this takes care of step 5.
# /var/log/foo\.2\.gz$ f LoSerMemberLog
# this allows yet unknown new files to appear with a \.2\.gz extension,
# covering step 3.
# /var/log/foo\.[3..y-1]\.gz$ f SerMemberLog
# this watches the log files as they wander through the Series,
# changing only their file name but not their contents or metadata,
# covering step 2.
# Please note that [3..y-1] needs to be a manually crafted regexp covering
# all numbers between 3 and y-1.
# /var/log/foo\.y\.gz$ f HiSerMemberLog
# finally, the last element of the Series is allowed to vanish without
# being reported, covering step 1.
#
# Please note that these example rules need to be adapted to the logrotate
# configuration for the log. Compression may be disabled or lead to a different
# extension, the dateext option may be used, old logs might be held in a
# different place, a log series does not necessarily need to be compressed etc.
#
# Please note that savelog rotates the live log to .0 and not to .1 as it
# is logrotates (changeable) default.
# Logs grow in size. Log rotation of these logs will be reported, so
# this should only be used for logs that are not rotated daily.
Log = OwnerMode+n+S+X
# Logs that are frequently rotated
FreqRotLog = Log-S
# The first instance of a rotated log: After the log has stopped being
# written to, but before rotation
LowLog = Log-S
# Rotated logs change their file name but retain all their other properties
SerMemberLog = Full+I
# The first instance of a compressed, rotated log: After a LowLog was
# compressed.
LoSerMemberLog = SerMemberLog+ANF
# The last instance of a compressed, rotated log: After this name, a log
# will be removed
HiSerMemberLog = SerMemberLog+ARF
# Not-yet-compressed log created by logrotate's dateext option:
# These files appear one rotation (renamed from the live log) and are gone
# the next rotation (being compressed)
LowDELog = SerMemberLog+ANF+ARF
# Compressed log created by logrotate's dateext option: These files appear
# once and are not touched any more.
SerMemberDELog = Full+ANF
# For daemons that log to a variable file name and have the live log
# hardlinked to a static file name
LinkedLog = Log-n
@@x_include /etc/aide/aide.conf.d ^[a-zA-Z0-9_-]+$

19
sio2/CYBER/Journald/journal-upload.conf Normal file
View File

@ -0,0 +1,19 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the journal-upload.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# See journal-upload.conf(5) for details.
[Upload]
URL=http://192.168.1.42:19532
# ServerKeyFile=/etc/ssl/private/journal-upload.pem
# ServerCertificateFile=/etc/ssl/certs/journal-upload.pem
# TrustedCertificateFile=/etc/ssl/ca/trusted.pem

10
sio2/CYBER/Journald/journald-rcv.sh Normal file
View File

@ -0,0 +1,10 @@
#!/bin/bash
sudo timedatectl set-timezone Europe/Paris
sudo apt-get update
sudo apt-get install -y systemd-journal-remote
sudo systemctl enable --now systemd-journal-remote.socket
sudo cp /lib/systemd/system/systemd-journal-remote.service /etc/systemd/system
sudo sed -i 's/--listen-https=-3/--listen-http=-3/' /etc/systemd/system/systemd-journal-remote.service
[[ -d /var/log/journal/remote ]] || sudo mkdir /var/log/journal/remote
sudo chown systemd-journal-remote /var/log/journal/remote
sudo systemctl daemon-reload

9
sio2/CYBER/Journald/journald-snd.sh Normal file
View File

@ -0,0 +1,9 @@
#!/bin/bash
# usage : ./journald-snd.sh 192.168.1.100
sudo timedatectl set-timezone Europe/Paris
sudo apt-get update
sudo apt-get install -y systemd-journal-remote
rpl="s/^# URL=/URL=http:\/\/${1}:19532/" # $1 represente l'adresse du recepteur
sudo sed -i "$rpl" /etc/systemd/journal-upload.conf
sudo systemctl enable --now systemd-journal-upload.service
sudo systemctl restart systemd-journal-upload.service

46
sio2/CYBER/Journald/systemd-journal-remote.service Normal file
View File

@ -0,0 +1,46 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Journal Remote Sink Service
Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5)
Requires=systemd-journal-remote.socket
[Service]
ExecStart=/lib/systemd/systemd-journal-remote --listen-http=-3 --output=/var/log/journal/remote/
LockPersonality=yes
LogsDirectory=journal/remote
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateNetwork=yes
PrivateTmp=yes
ProtectProc=invisible
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
User=systemd-journal-remote
WatchdogSec=3min
# If there are many split up journal files we need a lot of fds to access them
# all in parallel.
LimitNOFILE=524288
[Install]
Also=systemd-journal-remote.socket

303
sio2/CYBER/Nagios/command.cfg Normal file
View File

@ -0,0 +1,303 @@
###############################################################################
# COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS 4.4.6
#
#
# NOTES: This config file provides you with some example command definitions
# that you can reference in host, service, and contact definitions.
#
# You don't need to keep commands in a separate file from your other
# object definitions. This has been done just to make things easier to
# understand.
#
###############################################################################
################################################################################
#
# SAMPLE NOTIFICATION COMMANDS
#
# These are some example notification commands. They may or may not work on
# your system without modification. As an example, some systems will require
# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below.
#
################################################################################
define command {
command_name notify-host-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
}
define command {
command_name notify-service-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
}
################################################################################
#
# SAMPLE HOST CHECK COMMANDS
#
################################################################################
# Removed in Debian because it conflicts with the command of the same name
# defined in ping.cfg, which is part of monitoring-plugins-basic.
#
## This command checks to see if a host is "alive" by pinging it
## The check must result in a 100% packet loss or 5 second (5000ms) round trip
## average time to produce a critical error.
## Note: Five ICMP echo packets are sent (determined by the '-p 5' argument)
#
#define command {
#
# command_name check-host-alive
# command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
#}
################################################################################
#
# SAMPLE SERVICE CHECK COMMANDS
#
# These are some example service check commands. They may or may not work on
# your system, as they must be modified for your plugins. See the HTML
# documentation on the plugins for examples of how to configure command definitions.
#
# NOTE: The following 'check_local_...' functions are designed to monitor
# various metrics on the host that Nagios is running on (i.e. this one).
################################################################################
define command {
command_name check_local_disk
command_line $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
}
define command {
command_name check_local_load
command_line $USER1$/check_load -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_procs
command_line $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
}
define command {
command_name check_local_users
command_line $USER1$/check_users -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_swap
command_line $USER1$/check_swap -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_mrtgtraf
command_line $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$
}
################################################################################
# NOTE: The following 'check_...' commands are used to monitor services on
# both local and remote hosts.
################################################################################
# Removed in Debian because it conflicts with the command of the same of
# defined in ftp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ftp
# command_line $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in hppjd.cfg, which is part of monitoring-plugins-standard.
#
#define command {
#
# command_name check_hpjd
# command_line $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$
#}
define command {
command_name check_snmp
command_line $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$
}
# Removed in Debian because it conflicts with the command of the same of
# defined in http.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_http
# command_line $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in ssh.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ssh
# command_line $USER1$/check_ssh $ARG1$ $HOSTADDRESS$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in dhcp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_dhcp
# command_line $USER1$/check_dhcp $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in ping.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ping
# command_line $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_pop
# command_line $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_imap
# command_line $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_smtp
# command_line $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_tcp
# command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_udp
# command_line $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in nt.cfg, which is part of monitoring-plugins-standard.
#
#define command {
#
# command_name check_nt
# command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
#}
################################################################################
#
# SAMPLE PERFORMANCE DATA COMMANDS
#
# These are sample performance data commands that can be used to send performance
# data output to two text files (one for hosts, another for services). If you
# plan on simply writing performance data out to a file, consider using the
# host_perfdata_file and service_perfdata_file options in the main config file.
#
################################################################################
define command {
command_name process-host-perfdata
command_line /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/lib/nagios4/host-perfdata.out
}
define command {
command_name process-service-perfdata
command_line /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/lib/nagios4/service-perfdata.out
}
define command {
command_name check_lin_load
command_line $USER1$/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
}
define command {
command_name check_lin_mem
command_line $USER1$/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
}

1391
sio2/CYBER/Nagios/nagios.cfg Normal file
View File

File diff suppressed because it is too large Load Diff

50
sio2/CYBER/Nagios/nagios4.conf Normal file
View File

@ -0,0 +1,50 @@
# apache configuration for nagios 4.x
ScriptAlias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4
ScriptAlias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4
# Where the stylesheets (config files) reside
Alias /nagios4/stylesheets /etc/nagios4/stylesheets
# Where the HTML pages live
Alias /nagios4 /usr/share/nagios4/htdocs
<DirectoryMatch (/usr/share/nagios4/htdocs|/usr/lib/cgi-bin/nagios4|/etc/nagios4/stylesheets)>
Options FollowSymLinks
DirectoryIndex index.php index.html
AllowOverride AuthConfig
#
# The default Debian nagios4 install sets use_authentication=0 in
# /etc/nagios4/cgi.cfg, which turns off nagos's internal authentication.
# This is insecure. As a compromise this default apache2 configuration
# only allows private IP addresses access.
#
# The <Files>...</Files> below shows how you can secure the nagios4
# web site so anybody can view it, but only authenticated users can issue
# commands (such as silence notifications). To do that replace the
# "Require all granted" with "Require valid-user", and use htdigest
# program from the apache2-utils package to add users to
# /etc/nagios4/htdigest.users.
#
# A step up is to insist all users validate themselves by moving
# the stanza's in the <Files>..<Files> into the <DirectoryMatch>.
# Then by setting use_authentication=1 in /etc/nagios4/cgi.cfg you
# can configure which people get to see a particular service from
# within the nagios configuration.
#
Require ip ::1/128 fc00::/7 fe80::/10 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16
<Files "cmd.cgi">
AuthDigestDomain "Nagios4"
AuthDigestProvider file
AuthUserFile "/etc/nagios4/htdigest.users"
AuthGroupFile "/etc/group"
AuthName "Nagios4"
AuthType Digest
Require all granted
#Require valid-user
</Files>
</DirectoryMatch>
<Directory /usr/share/nagios4/htdocs>
Options +ExecCGI
</Directory>

30
sio2/CYBER/Nagios/srv.cfg Normal file
View File

@ -0,0 +1,30 @@
define host {
use linux-server ; Name of host template to use
host_name srv
alias srv
address 172.20.10.11
}
define service{
use generic-service
host_name srv
service_description WWW
check_command check_http
}
define service{
use generic-service
host_name srv
service_description SSH
check_command check_ssh
}

1
sio2/CYBER/README Normal file
View File

@ -0,0 +1 @@
Ceci est une notice

10
sio2/CYBER/Wireguard/wg0-a.conf Normal file
View File

@ -0,0 +1,10 @@
[Interface]
PrivateKey = iGPtDYyKYCoQVPofdo7KQXfC4OGCGOBXonF44nKUSFw=
Address = 10.0.0.2/32 # Adresses autorisées dans le VPN
Listenport = 51820
[Peer]
PublicKey = sAJc6fITMHs9Entb5upqGMN+4M+fnhIIpcWbQiqW50g= # de machine B
AllowedIPs = 10.0.0.0/24 # le peer peut acceder au serveur
Endpoint = 192.168.0.45:51820

10
sio2/CYBER/Wireguard/wg0-b.conf Normal file
View File

@ -0,0 +1,10 @@
[Interface]
Address = 10.0.0.1/32 # Adresses autorisées dans le VPN
Listenport = 51820
PrivateKey = YH3oUGyt8hXlqRINQIANWsqf7Bd+SJcyLhMLGPwbvHk=
[Peer]
PublicKey = k2Yzmoz+7e1TT+n2+zK9AHjssgQLp7DW0T3Zi+AtPV0= # de machine B
AllowedIPs = 10.0.0.0/24 # le peer peut acceder au serveur
Endpoint = 192.168.0.26:51820

58
sio2/CYBER/postfix/main.cf Normal file
View File

@ -0,0 +1,58 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = bookworm
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, postfix.lan, bookworm, localhost.localdomain, localhost
relayhost = [smtp.gmail.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Disallow methods that allow anonymous authentication
smtp_sasl_security_options = noanonymous
# Location of sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Enable STARTTLS encryption
#smtp_tls_security_level = encrypt
# Location of CA certificates
smtp_tls_CAfile = /etc/postfix/ssl/cacert-smtp-gmail.pem

1
sio2/CYBER/postfix/sasl_passwd Normal file
View File

@ -0,0 +1 @@
[smtp.gmail.com]:587 akone.alhassane@gmail.com:clnbmfdicvcbvcvt

9
sio2/SISR/Ansible/dokuw/hosts Normal file
View File

@ -0,0 +1,9 @@
[adm]
infra
[web]
web1
web2
[doc]
doku

6
sio2/SISR/Ansible/dokuw/local.yml Normal file
View File

@ -0,0 +1,6 @@
- hosts: doku
roles:
- web
- doku

18
sio2/SISR/Ansible/dokuw/roles/doku/main.yml Normal file
View File

@ -0,0 +1,18 @@
vars:
- chemin_fichier: /var/www/html/doku
- name: recuperation dokuwiki-stable.tgz depuis machine depl
get_url:
url: http://depl/store/dokuwiki-stable.tgz
dest: /tmp/
- name: Extraction archive
ansible.builtin.unarchive:
src: /tmp/dokuwiki-stable.tgz
dest: /var/www/html/
- name: changer propriétaire du fichier var/www/html/doku
file:
path: "{{ chemin_fichier }}"
owner: www-data:www-data data lib conf
become: true

37
sio2/SISR/Ansible/dokuw/roles/doku/tasks/main.yml Normal file
View File

@ -0,0 +1,37 @@
- name: 1. recuperation dokuwiki-stable.tgz depuis machine depl
get_url:
url: http://depl/store/dokuwiki-stable.tgz
dest: /tmp
- name: 2. Extraction archive dokuwiki-stage.tgz
unarchive:
src: /tmp/dokuwiki-stable.tgz
dest: /var/www/html/
remote_src: yes
- name: 3. stat dokuwiki
stat:
path: /var/www/html/dokuwiki-2023-04-04
register: doku_stat
- name: 4. On renomme doku-v... en doku
command: mv /var/www/html/dokuwiki-2023-04-04 /var/www/html/doku
when: doku_stat.stat.exists
- name: 5. Changer propritaire group et permissions
file:
path: /var/www/html/doku
owner: root
group: root
mode: '0755'
recurse: yes
- name: 6. Changer propritaire. group et permissions
file:
path: /var/www/html/doku
owner: www-data
group: www-data
recurse: yes
# mode: '755'

13
sio2/SISR/Ansible/dokuw/roles/web/tasks/main.yml Normal file
View File

@ -0,0 +1,13 @@
- name: 1. installe apache2 php et ces dependances
apt:
name:
- apache2
- php
# - php-gd
- php-mbstring
state: present
- name: 2. lance Apache
service:
name: apache2
state: started

6
sio2/SISR/Ansible/hosts Normal file
View File

@ -0,0 +1,6 @@
[adm]
infra
[web]
web1
web2

23
sio2/SISR/Ansible/squid-j2.yml Normal file
View File

@ -0,0 +1,23 @@
---
- name: squid-j2.yml
hosts: infra
vars:
- proxy_port: 8080
- proxy_mem: 512
tasks:
- name: 1. assurer que squid est installe
service:
name: squid
state: started
- name: 2. Copie du squid.conf apres generation dynamique
template:
src: squid.conf.j2
dest: /etc/squid/squid.conf
notify: restart squid
handlers:
- name: restart squid
service:
name: squid
state: restarted

22
sio2/SISR/Ansible/squid.yml Normal file
View File

@ -0,0 +1,22 @@
---
- name: squid.yml
hosts: infra
vars:
proxy_port: 8080
proxy_mem: 128
tasks:
- name: 1. installation de squid
apt:
name: squid
state: latest
- name: 2. recuperation de squid.conf avec fetch
ansible.builtin.fetch:
src: /etc/squid/squid.conf
dest: ./squid.conf
flat: yes

45
sio2/SISR/Ansible/syslog-cli.yml Normal file
View File

@ -0,0 +1,45 @@
---
- name: syslog.yml
hosts: web
tasks:
- name: 1. installer rsyslog
apt:
name: rsyslog
state: latest
- name: ajout du serveur syslog distant
lineinfile:
path: /etc/rsyslog.conf
line: '*.* @172.20.10.4:514'
insertbefore: EOF
create: yes
notify:
- 5. redemarrer rsyslog
# - name: 3. Ajout de la ligne ForwardToSyslog
#shell: echo "ForwardToSyslog=yes" >> /etc/systemd/journald.conf
- name: 4. Decommente la ligne ForwardToSyslog
replace:
path: /etc/systemd/journald.conf
regexp: '^#ForwardToSyslog=yes'
replace: 'ForwardToSyslog=yes'
notify: 6. redemarrer journald.service
# notify:
#- restart rsyslog
#- name: redemarrage de syslog
#- restart journald.service
#- name: redemarrage de journald.service
handlers:
- name: 5. redemarrer rsyslog
service:
name: rsyslog
state: restarted
- name: 6. redemarrer journald.service
service:
name: systemd-journald.service
state: restarted

52
sio2/SISR/Ansible/syslog.yml Normal file
View File

@ -0,0 +1,52 @@
---
- name: syslog.yml
hosts: infra
tasks:
- name: 1. installer rsyslog
apt:
name: rsyslog
state: latest
- name: 2. decommente le chargement du module imudp dans rsyslog.conf
replace:
path: /etc/rsyslog.conf
regexp: '^#module\(load="imudp"\)'
replace: 'module(load="imudp")'
notify:
- 5. redemarrer rsyslog
- name: 3. decommente le chargement du module imudp port 514 dans rsyslog.conf
replace:
path: /etc/rsyslog.conf
regexp: '^#input\(type="imudp" port="514"\)'
replace: 'input(type="imudp" port="514")'
notify:
- 5. redemarrer rsyslog
# - name: 3. Ajout de la ligne ForwardToSyslog
#shell: echo "ForwardToSyslog=yes" >> /etc/systemd/journald.conf
- name: 4. Decommente la ligne ForwardToSyslog
replace:
path: /etc/systemd/journald.conf
regexp: '^#ForwardToSyslog=yes'
replace: 'ForwardToSyslog=yes'
notify: 6. redemarrer journald.service
# notify:
#- restart rsyslog
#- name: redemarrage de syslog
#- restart journald.service
#- name: redemarrage de journald.service
handlers:
- name: 5. redemarrer rsyslog
service:
name: rsyslog
state: restarted
- name: 6. redemarrer journald.service
service:
name: systemd-journald.service
state: restarted

20
sio2/SISR/Ansible/web.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: web.yml
hosts: web
tasks:
- name: 1. installer apache2
apt :
name: apache2
state: present
- name: 2 installer php-mbstring
apt:
name: php-mbstring
state: present
- name: 3 assurer Apache tourne
service:
name: apache2
state: started
- name: 4 copier le fichier index.html vers /var/www/html
template:
src: index.html
dest: /var/www/html/

72
sio2/SISR/FOG/dhcpd.conf Normal file
View File

@ -0,0 +1,72 @@
# DHCP Server Configuration file\n#see /usr/share/doc/dhcp*/dhcpd.conf.sample
# This file was created by FOG
#Definition of PXE-specific options
# Code 1: Multicast IP Address of bootfile
# Code 2: UDP Port that client should monitor for MTFTP Responses
# Code 3: UDP Port that MTFTP servers are using to listen for MTFTP requests
# Code 4: Number of seconds a client must listen for activity before trying
# to start a new MTFTP transfer
# Code 5: Number of seconds a client must listen before trying to restart
# a MTFTP transfer
option space PXE;
option PXE.mtftp-ip code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;
option arch code 93 = unsigned integer 16;
use-host-decl-names on;
ddns-update-style interim;
ignore client-updates;
# Specify subnet of ether device you do NOT want service.
# For systems with two or more ethernet devices.
# subnet 136.165.0.0 netmask 255.255.0.0 {}
subnet 192.168.1.0 netmask 255.255.255.0{
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.1.10 192.168.1.254;
default-lease-time 21600;
max-lease-time 43200;
option routers 192.168.1.1;
option domain-name-servers 10.121.38.7;
next-server 192.168.1.10;
}
class "Legacy" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
filename "undionly.kkpxe";
}
class "UEFI-32-2" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
filename "i386-efi/snponly.efi";
}
class "UEFI-32-1" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
filename "i386-efi/snponly.efi";
}
class "UEFI-64-1" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
filename "snponly.efi";
}
class "UEFI-64-2" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
filename "snponly.efi";
}
class "UEFI-64-3" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
filename "snponly.efi";
}
class "SURFACE-PRO-4" {
match if substring(option vendor-class-identifier, 0, 32) = "PXEClient:Arch:00007:UNDI:003016";
filename "snponly.efi";
}
class "Apple-Intel-Netboot" {
match if substring(option vendor-class-identifier, 0, 14) = "AAPLBSDPC/i386";
option dhcp-parameter-request-list 1,3,17,43,60;
if (option dhcp-message-type = 8) {
option vendor-class-identifier "AAPLBSDPC";
if (substring(option vendor-encapsulated-options, 0, 3) = 01:01:01) {
# BSDP List
option vendor-encapsulated-options 01:01:01:04:02:80:00:07:04:81:00:05:2a:09:0D:81:00:05:2a:08:69:50:58:45:2d:46:4f:47;
filename "snponly.efi";
}
}
}

42
sio2/SISR/HAPROXY/haproxy.cfg Normal file
View File

@ -0,0 +1,42 @@
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
listen httpProxy
bind 192.168.0.140:80
balance roundrobin
option httpclose
option httpchk HEAD / HTTP/1.0
server web1 172.16.1.11:80 check
server web2 172.16.1.12:80 check

344
sio2/SISR/HB/ha.cf Normal file
View File

@ -0,0 +1,344 @@
#
# There are lots of options in this file. All you have to have is a set
# of nodes listed {"node ...} one of {serial, bcast, mcast, or ucast},
# and a value for "auto_failback".
#
# ATTENTION: As the configuration file is read line by line,
# THE ORDER OF DIRECTIVE MATTERS!
#
# In particular, make sure that the udpport, serial baud rate
# etc. are set before the heartbeat media are defined!
# debug and log file directives go into effect when they
# are encountered.
#
# All will be fine if you keep them ordered as in this example.
#
#
# Note on logging:
# If all of debugfile, logfile and logfacility are not defined,
# logging is the same as use_logd yes. In other case, they are
# respectively effective. if detering the logging to syslog,
# logfacility must be "none".
#
# File to write debug messages to
#debugfile /var/log/ha-debug
#
#
# File to write other messages to
#
#logfile /var/log/ha-log
#
#
# Facility to use for syslog()/logger
#
logfacility local0
#
#
# A note on specifying "how long" times below...
#
# The default time unit is seconds
# 10 means ten seconds
#
# You can also specify them in milliseconds
# 1500ms means 1.5 seconds
#
#
# keepalive: how long between heartbeats?
#
#keepalive 2
#
# deadtime: how long-to-declare-host-dead?
#
# If you set this too low you will get the problematic
# split-brain (or cluster partition) problem.
# See the FAQ for how to use warntime to tune deadtime.
#
#deadtime 30
#
# warntime: how long before issuing "late heartbeat" warning?
# See the FAQ for how to use warntime to tune deadtime.
#
#warntime 10
#
#
# Very first dead time (initdead)
#
# On some machines/OSes, etc. the network takes a while to come up
# and start working right after you've been rebooted. As a result
# we have a separate dead time for when things first come up.
# It should be at least twice the normal dead time.
#
#initdead 120
#
#
# What UDP port to use for bcast/ucast communication?
#
#udpport 694
#
# Baud rate for serial ports...
#
#baud 19200
#
# serial serialportname ...
#serial /dev/ttyS0 # Linux
#serial /dev/cuaa0 # FreeBSD
#serial /dev/cuad0 # FreeBSD 6.x
#serial /dev/cua/a # Solaris
#
#
# What interfaces to broadcast heartbeats over?
#
#bcast eth0 # Linux
#bcast eth1 eth2 # Linux
#bcast le0 # Solaris
#bcast le1 le2 # Solaris
#
# Set up a multicast heartbeat medium
# mcast [dev] [mcast group] [port] [ttl] [loop]
#
# [dev] device to send/rcv heartbeats on
# [mcast group] multicast group to join (class D multicast address
# 224.0.0.0 - 239.255.255.255)
# [port] udp port to sendto/rcvfrom (set this value to the
# same value as "udpport" above)
# [ttl] the ttl value for outbound heartbeats. this effects
# how far the multicast packet will propagate. (0-255)
# Must be greater than zero.
# [loop] toggles loopback for outbound multicast heartbeats.
# if enabled, an outbound packet will be looped back and
# received by the interface it was sent on. (0 or 1)
# Set this value to zero.
#
#
#mcast eth0 225.0.0.1 694 1 0
#
# Set up a unicast / udp heartbeat medium
# ucast [dev] [peer-ip-addr]
#
# [dev] device to send/rcv heartbeats on
# [peer-ip-addr] IP address of peer to send packets to
#
#ucast eth0 192.168.1.2
#
#
# About boolean values...
#
# Any of the following case-insensitive values will work for true:
# true, on, yes, y, 1
# Any of the following case-insensitive values will work for false:
# false, off, no, n, 0
#
#
#
# auto_failback: determines whether a resource will
# automatically fail back to its "primary" node, or remain
# on whatever node is serving it until that node fails, or
# an administrator intervenes.
#
# The possible values for auto_failback are:
# on - enable automatic failbacks
# off - disable automatic failbacks
# legacy - enable automatic failbacks in systems
# where all nodes do not yet support
# the auto_failback option.
#
# auto_failback "on" and "off" are backwards compatible with the old
# "nice_failback on" setting.
#
# See the FAQ for information on how to convert
# from "legacy" to "on" without a flash cut.
# (i.e., using a "rolling upgrade" process)
#
# The default value for auto_failback is "legacy", which
# will issue a warning at startup. So, make sure you put
# an auto_failback directive in your ha.cf file.
# (note: auto_failback can be any boolean or "legacy")
#
auto_failback on
#
#
# Basic STONITH support
# Using this directive assumes that there is one stonith
# device in the cluster. Parameters to this device are
# read from a configuration file. The format of this line is:
#
# stonith <stonith_type> <configfile>
#
# NOTE: it is up to you to maintain this file on each node in the
# cluster!
#
#stonith baytech /etc/ha.d/conf/stonith.baytech
#
# STONITH support
# You can configure multiple stonith devices using this directive.
# The format of the line is:
# stonith_host <hostfrom> <stonith_type> <params...>
# <hostfrom> is the machine the stonith device is attached
# to or * to mean it is accessible from any host.
# <stonith_type> is the type of stonith device (a list of
# supported drives is in /usr/lib/stonith.)
# <params...> are driver specific parameters. To see the
# format for a particular device, run:
# stonith -l -t <stonith_type>
#
#
# Note that if you put your stonith device access information in
# here, and you make this file publically readable, you're asking
# for a denial of service attack ;-)
#
# To get a list of supported stonith devices, run
# stonith -L
# For detailed information on which stonith devices are supported
# and their detailed configuration options, run this command:
# stonith -h
#
#stonith_host * baytech 10.0.0.3 mylogin mysecretpassword
#stonith_host ken3 rps10 /dev/ttyS1 kathy 0
#stonith_host kathy rps10 /dev/ttyS1 ken3 0
#
# Watchdog is the watchdog timer. If our own heart doesn't beat for
# a minute, then our machine will reboot.
# NOTE: If you are using the software watchdog, you very likely
# wish to load the module with the parameter "nowayout=0" or
# compile it without CONFIG_WATCHDOG_NOWAYOUT set. Otherwise even
# an orderly shutdown of heartbeat will trigger a reboot, which is
# very likely NOT what you want.
#
#watchdog /dev/watchdog
#
# Tell what machines are in the cluster
# node nodename ... -- must match uname -n
#node ken3
#node kathy
#
# Less common options...
#
# Treats 10.10.10.254 as a psuedo-cluster-member
# Used together with ipfail below...
# note: don't use a cluster node as ping node
#
#ping 10.10.10.254
#
# Treats 10.10.10.254 and 10.10.10.253 as a psuedo-cluster-member
# called group1. If either 10.10.10.254 or 10.10.10.253 are up
# then group1 is up
# Used together with ipfail below...
#
#ping_group group1 10.10.10.254 10.10.10.253
#
# HBA ping derective for Fiber Channel
# Treats fc-card-name as psudo-cluster-member
# used with ipfail below ...
#
# You can obtain HBAAPI from http://hbaapi.sourceforge.net. You need
# to get the library specific to your HBA directly from the vender
# To install HBAAPI stuff, all You need to do is to compile the common
# part you obtained from the sourceforge. This will produce libHBAAPI.so
# which you need to copy to /usr/lib. You need also copy hbaapi.h to
# /usr/include.
#
# The fc-card-name is the name obtained from the hbaapitest program
# that is part of the hbaapi package. Running hbaapitest will produce
# a verbose output. One of the first line is similar to:
# Apapter number 0 is named: qlogic-qla2200-0
# Here fc-card-name is qlogic-qla2200-0.
#
#hbaping fc-card-name
#
#
# Processes started and stopped with heartbeat. Restarted unless
# they exit with rc=100
#
#respawn userid /path/name/to/run
#respawn hacluster /usr/lib/heartbeat/ipfail
#
# Access control for client api
# default is no access
#
#apiauth client-name gid=gidlist uid=uidlist
#apiauth ipfail gid=haclient uid=hacluster
###########################
#
# Unusual options.
#
###########################
#
# hopfudge maximum hop count minus number of nodes in config
#hopfudge 1
#
# deadping - dead time for ping nodes
#deadping 30
#
# hbgenmethod - Heartbeat generation number creation method
# Normally these are stored on disk and incremented as needed.
#hbgenmethod time
#
# realtime - enable/disable realtime execution (high priority, etc.)
# defaults to on
#realtime off
#
# debug - set debug level
# defaults to zero
#debug 1
#
# API Authentication - replaces the fifo-permissions-based system of the past
#
#
# You can put a uid list and/or a gid list.
# If you put both, then a process is authorized if it qualifies under either
# the uid list, or under the gid list.
#
# The groupname "default" has special meaning. If it is specified, then
# this will be used for authorizing groupless clients, and any client groups
# not otherwise specified.
#
# There is a subtle exception to this. "default" will never be used in the
# following cases (actual default auth directives noted in brackets)
# ipfail (uid=HA_CCMUSER)
# ccm (uid=HA_CCMUSER)
# ping (gid=HA_APIGROUP)
# cl_status (gid=HA_APIGROUP)
#
# This is done to avoid creating a gaping security hole and matches the most
# likely desired configuration.
#
#apiauth ipfail uid=hacluster
#apiauth ccm uid=hacluster
#apiauth cms uid=hacluster
#apiauth ping gid=haclient uid=alanr,root
#apiauth default gid=haclient
# message format in the wire, it can be classic or netstring,
# default: classic
#msgfmt classic/netstring
# Do we use logging daemon?
# If logging daemon is used, logfile/debugfile/logfacility in this file
# are not meaningful any longer. You should check the config file for logging
# daemon (the default is /etc/logd.cf)
# more infomartion can be fould in the man page.
# Setting use_logd to "yes" is recommended
#
# use_logd yes/no
#
# the interval we reconnect to logging daemon if the previous connection failed
# default: 60 seconds
#conn_logd_time 60
#
#
# Configure compression module
# It could be zlib or bz2, depending on whether u have the corresponding
# library in the system.
#compression bz2
#
# Confiugre compression threshold
# This value determines the threshold to compress a message,
# e.g. if the threshold is 1, then any message with size greater than 1 KB
# will be compressed, the default is 2 (KB)
#compression_threshold 2
bcast enp0s8
node hb1
node hb2
pacemaker off

51
sio2/SISR/HB/inst Normal file
View File

@ -0,0 +1,51 @@
#!/bin/bash
# les bases
# noeud hb1 : 192.168.0.140
# noeud hb2 : 192.168.0.142
# addr virt. : 192.168.0.143
sed -i 's/bookworm/hb1/g' /etc/host{s,name}
apt update
apt install -y heartbeat apache2 net-tools
systemctl disable apache2
cat <<EOT> /etc/network/interfaces.d/enp0s3
allow-hotplug enp0s3
iface enp0s3 inet static
address 192.168.0.140/24 # a adapter pour hb2
EOT
cat <<EOT> /etc/network/interfaces.d/enp0s8
allow-hotplug enp0s8
iface enp0s8 inet static
address 10.0.0.1/24 # a adapter pour hb2
EOT
cd /usr/share/doc/heartbeat
gunzip *.gz
cp ha.cf /etc/ha.d
cp haresources /etc/ha.d
cp authkeys /etc/ha.d
cd /etc/ha.d
echo "192.168.0.142 hb2" >> /etc/hosts # a adapter pour hb2
cat <<EOT >> /etc/ha.d/ha.cf
bcast enp0s8
node hb1
node hb2
pacemaker off
EOT
# echo " hb1 192.168.0.143 apache2" >> /etc/ha.d/haresources pou Debian buster
echo " hb1 192.168.0.143/24/enp0s3 apache2" >> /etc/ha.d/haresources
cat <<EOT >> /etc/ha.d/authkeys
auth 1
1 crc
EOT
chmod 600 /etc/ha.d/authkeys
echo hb1 > /var/www/html/index.html # a adapter pour hb2
#

9
sio2/SISR/LB/ipvsadm Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash
echo "1" > /proc/sys/net/ipv4/ip_forward
ipvsadm -A -t 192.168.0.140:80 -s rr
ipvsadm -a -t 192.168.0.140:80 -r 172.16.1.11:80 -m
ipvsadm -a -t 192.168.0.140:80 -r 172.16.1.12:80 -m

303
sio2/SISR/Nagios/commands.cfg Normal file
View File

@ -0,0 +1,303 @@
###############################################################################
# COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS 4.4.6
#
#
# NOTES: This config file provides you with some example command definitions
# that you can reference in host, service, and contact definitions.
#
# You don't need to keep commands in a separate file from your other
# object definitions. This has been done just to make things easier to
# understand.
#
###############################################################################
################################################################################
#
# SAMPLE NOTIFICATION COMMANDS
#
# These are some example notification commands. They may or may not work on
# your system without modification. As an example, some systems will require
# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below.
#
################################################################################
define command {
command_name notify-host-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
}
define command {
command_name notify-service-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
}
################################################################################
#
# SAMPLE HOST CHECK COMMANDS
#
################################################################################
# Removed in Debian because it conflicts with the command of the same name
# defined in ping.cfg, which is part of monitoring-plugins-basic.
#
## This command checks to see if a host is "alive" by pinging it
## The check must result in a 100% packet loss or 5 second (5000ms) round trip
## average time to produce a critical error.
## Note: Five ICMP echo packets are sent (determined by the '-p 5' argument)
#
#define command {
#
# command_name check-host-alive
# command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
#}
################################################################################
#
# SAMPLE SERVICE CHECK COMMANDS
#
# These are some example service check commands. They may or may not work on
# your system, as they must be modified for your plugins. See the HTML
# documentation on the plugins for examples of how to configure command definitions.
#
# NOTE: The following 'check_local_...' functions are designed to monitor
# various metrics on the host that Nagios is running on (i.e. this one).
################################################################################
define command {
command_name check_local_disk
command_line $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
}
define command {
command_name check_local_load
command_line $USER1$/check_load -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_procs
command_line $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
}
define command {
command_name check_local_users
command_line $USER1$/check_users -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_swap
command_line $USER1$/check_swap -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_mrtgtraf
command_line $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$
}
################################################################################
# NOTE: The following 'check_...' commands are used to monitor services on
# both local and remote hosts.
################################################################################
# Removed in Debian because it conflicts with the command of the same of
# defined in ftp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ftp
# command_line $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in hppjd.cfg, which is part of monitoring-plugins-standard.
#
#define command {
#
# command_name check_hpjd
# command_line $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$
#}
define command {
command_name check_snmp
command_line $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$
}
# Removed in Debian because it conflicts with the command of the same of
# defined in http.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_http
# command_line $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in ssh.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ssh
# command_line $USER1$/check_ssh $ARG1$ $HOSTADDRESS$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in dhcp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_dhcp
# command_line $USER1$/check_dhcp $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in ping.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ping
# command_line $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_pop
# command_line $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_imap
# command_line $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_smtp
# command_line $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_tcp
# command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_udp
# command_line $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in nt.cfg, which is part of monitoring-plugins-standard.
#
#define command {
#
# command_name check_nt
# command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
#}
################################################################################
#
# SAMPLE PERFORMANCE DATA COMMANDS
#
# These are sample performance data commands that can be used to send performance
# data output to two text files (one for hosts, another for services). If you
# plan on simply writing performance data out to a file, consider using the
# host_perfdata_file and service_perfdata_file options in the main config file.
#
################################################################################
define command {
command_name process-host-perfdata
command_line /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/lib/nagios4/host-perfdata.out
}
define command {
command_name process-service-perfdata
command_line /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/lib/nagios4/service-perfdata.out
}
define command {
command_name check_lin_load
command_line $USER1$/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
}
define command {
command_name check_lin_mem
command_line $USER1$/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
}

42
sio2/SISR/Nagios/groups.cfg Normal file
View File

@ -0,0 +1,42 @@
#
# HOST GROUP DEFINITION
#
###############################################################################
# Define an optional hostgroup for Linux machines
define hostgroup {
hostgroup_name snmp-servers ; The name of the hostgroup
alias snmp Servers ; Long name of the group
members srv ; Comma separated list of hosts that belong to this group
}
###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
# Define a service to "ping" the local machine
# service de supervision de Load Linux avec SNMP
# 3 valeurs : charge moyenne sur 1 min, 5 min, 15 min
define service{
use generic-service ;Use generic-service template
hostgroup_name snmp-servers ; S'applique au groupe en question
service_description chk-lin-load ; Nom du service
check_command check_lin_load!public!--v2c!netsl!3,2,2!3,2,2 ; Command
# servicegroups ser-lin-base ;Service belong servicegroup
}
define service{
use generic-service ;Use generic-service template
hostgroup_name snmp-servers ; S'applique au groupe en question
service_description chk-lin-mem ; Nom du service
check_command check_lin_mem!public!--v2c!80,20,2!100,30 ; Command
# servicegroups ser-lin-base ;Service belong servicegroup
}

1392
sio2/SISR/Nagios/nagios.cfg Normal file
View File

File diff suppressed because it is too large Load Diff

109
sio2/SISR/PXE/dhcpd.conf Normal file
View File

@ -0,0 +1,109 @@
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "192.168.1.1";
option domain-name-servers 192.168.1.1;
default-lease-time 600;
max-lease-time 7200;
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.20 192.168.1.50;
option routers 192.168.1.1;
option domain-name "sio.lan";
filename "pxelinux.0";
next-server 192.168.1.1;
}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
#subnet 10.254.239.32 netmask 255.255.255.224 {
# range dynamic-bootp 10.254.239.40 10.254.239.60;
# option broadcast-address 10.254.239.31;
# option routers rtr-239-32-1.example.org;
#}
# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
#host passacaglia {
# hardware ethernet 0:0:c0:5d:bd:95;
# server-name "toccata.example.com";
#}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
# hardware ethernet 08:00:07:26:c0:a5;
# fixed-address fantasia.example.com;
#}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#class "foo" {
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}
#shared-network 224-29 {
# subnet 10.17.224.0 netmask 255.255.255.0 {
# option routers rtr-224.example.org;
# }
# subnet 10.0.29.0 netmask 255.255.255.0 {
# option routers rtr-29.example.org;
# }
# pool {
# allow members of "foo";
# range 10.17.224.10 10.17.224.250;
# }
# pool {
# deny members of "foo";
# range 10.0.29.10 10.0.29.230;
# }
#}

3
sio2/SISR/PXE/enp0s3 Normal file
View File

@ -0,0 +1,3 @@
# generated by FAI
auto enp0s3
iface enp0s3 inet dhcp

5
sio2/SISR/PXE/enp0s8 Normal file
View File

@ -0,0 +1,5 @@
# generated by FAI
auto enp0s8
iface enp0s8 inet static
address 192.168.1.1/24
up /root/nat.sh

18
sio2/SISR/PXE/isc-dhcp-server Normal file
View File

@ -0,0 +1,18 @@
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid
# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="enp0s8"
INTERFACESv6=""

4
sio2/SISR/PXE/nat.sh Normal file
View File

@ -0,0 +1,4 @@
#!/bin/bash
echo "1"> /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE

27
sio2/SISR/Python/analog Executable file
View File

@ -0,0 +1,27 @@
#!/usr/bin/python3
import sys
import re
#tab = []
volume = {}
regexp = "^(\S+) (\S+) (\S+) \[([^]]+)\] \"(\w+) (\S+).*\" (\d+) (\S+)"
for line in sys.stdin: # on lit sur lentrée standard
line = line.rstrip () # on enleve le retour ligne
res = re.match (regexp, line)
if res:
(host, rfc931, user, date, request, url, status, byte) = res.groups()
host = res.group (1)
byte =int(res.group (8))
if host in volume:
volume[host]= volume[host] + byte
else:
volume[host] = byte
for host in volume.keys():
print(host, ":", volume[host])

19
sio2/SISR/Python/creatusr Executable file
View File

@ -0,0 +1,19 @@
#!/usr/bin/python3
try:
fh = open("user.txt", "r")
except:
print ("Fichier user.txt inconnu")
else:
line = fh.readline ()
while line:
# use realine() to read next line
maligne = line.rstrip()
(login,complet)=maligne.split(":")
print(login , complet)
cmd = "useradd -m -c \""+ complet + "\" " + login + "-s /bin/bash/ "+login
print (cmd)
line = fh.readline()
fh.close()

27
sio2/SISR/Python/remplace Executable file
View File

@ -0,0 +1,27 @@
import re
import os
def remplacer_avec_regex(nom_fichier, ancien_motif, nouveau_motif):
# Renommer le fichier d'origine
nouveau_nom = nom_fichier + ".old"
os.rename(nom_fichier, nouveau_nom)
# Lire le contenu du fichier original
with open(nouveau_nom, 'r') as fichier_in:
contenu = fichier_in.read()
# Utiliser une expression régulière pour effectuer le remplacement
contenu_modifie = re.sub(ancien_motif, nouveau_motif, contenu)
# Écrire le contenu modifié dans le fichier d'origine
with open(nom_fichier, 'w') as fichier_out:
fichier_out.write(contenu_modifie)
# Demander à l'utilisateur les informations nécessaires
nom_fichier = input("Entrez le nom du fichier : ")
ancien_motif = input("Entrez l'ancien motif à remplacer (expression régulière) : ")
nouveau_motif = input("Entrez le nouveau motif : ")
# Appeler la fonction
remplacer_avec_regex(nom_fichier, ancien_motif, nouveau_motif)

71
sio2/SISR/RSYSLOG/rsyslog.con.emeteur Normal file
View File

@ -0,0 +1,71 @@
# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # provides kernel logging support
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
#module(load="imudp") MACHINE DE RECEPTION
#input(type="imudp" port="514") MACHINE DE RECEPTION
# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
###############
#### RULES ####
###############
#
# Log anything besides private authentication messages to a single log file
#
*.*;auth,authpriv.none -/var/log/syslog
#
# Log commonly used facilities to their own log file
#
auth,authpriv.* /var/log/auth.log
cron.* -/var/log/cron.log
kern.* -/var/log/kern.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
#
# Emergencies are sent to everybody logged in.
#
*.emerg :omusrmsg:*
*.* @192.168.0.21:514 # exporte tous les logs de toute gravité et de toute origine vers l'adresse 192.168.100 port UDP 514
*.* @192.168.0.32:514 # exporte tous les logs de toute gravité et de toute origine vers l'adresse 192.168.100 port UDP 514

90
sio2/SISR/SNMP/snmpd.conf Normal file
View File

@ -0,0 +1,90 @@
###########################################################################
#
# snmpd.conf
# An example configuration file for configuring the Net-SNMP agent ('snmpd')
# See snmpd.conf(5) man page for details
#
###########################################################################
# SECTION: System Information Setup
#
# syslocation: The [typically physical] location of the system.
# Note that setting this value here means that when trying to
# perform an snmp SET operation to the sysLocation.0 variable will make
# the agent return the "notWritable" error code. IE, including
# this token in the snmpd.conf file will disable write access to
# the variable.
# arguments: location_string
sysLocation Sitting on the Dock of the Bay
sysContact Me <me@example.org>
# sysservices: The proper value for the sysServices object.
# arguments: sysservices_number
sysServices 72
###########################################################################
# SECTION: Agent Operating Mode
#
# This section defines how the agent will operate when it
# is running.
# master: Should the agent operate as a master agent or not.
# Currently, the only supported master agent type for this token
# is "agentx".
#
# arguments: (on|yes|agentx|all|off|no)
master agentx
# agentaddress: The IP address and port number that the agent will listen on.
# By default the agent listens to any and all traffic from any
# interface on the default SNMP port (161). This allows you to
# specify which address, interface, transport type and port(s) that you
# want the agent to listen on. Multiple definitions of this token
# are concatenated together (using ':'s).
# arguments: [transport:]port[@interface/address],...
#agentaddress 127.0.0.1,[::1]
agentAddress udp:161
###########################################################################
# SECTION: Access Control Setup
#
# This section defines who is allowed to talk to your running
# snmp agent.
# Views
# arguments viewname included [oid]
# system + hrSystem groups only
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
# rocommunity: a SNMPv1/SNMPv2c read-only access community name
# arguments: community [default|hostname|network/bits] [oid | -V view]
# Read-only access to everyone to the systemonly view
rocommunity public default
rocommunity6 public default -V systemonly
# SNMPv3 doesn't use communities, but users with (optionally) an
# authentication and encryption string. This user needs to be created
# with what they can view with rouser/rwuser lines in this file.
#
# createUser username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES] [privpassphrase]
# e.g.
# createuser authPrivUser SHA-512 myauthphrase AES myprivphrase
#
# This should be put into /var/lib/snmp/snmpd.conf
#
# rouser: a SNMPv3 read-only access username
# arguments: username [noauth|auth|priv [OID | -V VIEW [CONTEXT]]]
rouser authPrivUser authpriv -V systemonly
# include a all *.conf files in a directory
includeDir /etc/snmp/snmpd.conf.d

32
sio2/VAGRANT/Vagrantfile vendored Normal file
View File

@ -0,0 +1,32 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://vagrantcloud.com/search.
config.vm.box = "debian/bookworm64"
config.vm.hostname = "nagios4"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
config.vm.network "public_network"
config.vm.provision "shell", inline: <<-SHELL
apt-get update
apt-get install -y vim curl wget apache2 php nagios4 nagios-plugins-contrib
cp /etc/nagios4/apache2.conf /etc/apache2/sites-available/nagios4.conf
a2ensite nagios4.conf
a2enmod rewrite cgi
systemctl reload apache2
SHELL
end

14
sio2/VAGRANT/Vagrantfile2 Normal file
View File

@ -0,0 +1,14 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.provision "shell", inline: "apt-get update -y" # execute pour chacune des machines
config.vm.define "IDS" do |ids|#VM No'1
ids.vm.box = "debian/bookworm64" #Setting machine type
ids.vm.hostname = "IDS" #Setting machine type
ids.vm.network "public_network"#Set DHCP
ids.vm.provision "shell", inline: <<-SHELL
apt-get install -y wget curl vim unzip chkrootkit rkhunter fail2ban
SHELL
end
end