creation du répertoire CYBER

autres/id_rsa

@@ -0,0 +1,39 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBhYC3EYr
+1OcnfMoctOu4QPAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCnA1B4j9lB
+Y+nE+pzchM+EX9rMqxVm/duQQDJPiLcnrj39Lx25o1l1O74okFXEWnJO4Q/NKDlH+B1qY4
+0FQvZ3iJr4p7YMoBz6+ygi3Zbh3hwuxe6ioqsX7k7/DV5ecmZa0DfBg4ZZ5q1FkRD7x0MZ
+PMFxsNYpRtHstb+fVEFQ1jhJH2YMSqGcCemndYvc7s80j1Myyydwf1fuwBteyX8YviCTIT
+sl5iWebI8kF70u3sepkJq152fKh1kAYiWm+yRKwy6N1MTfOgCax3mF734zGg3GXcdrPeuE
+xBn02EnQ6GZQfxAp9/8vAcIBR6gvbgVzp+ENYkgoq2nZ41JS2EWd6ARXapa9OmokKJ/BX2
+JqjmU0Br2h/f0AYjc7PmKbsgd292809etRQLcjy4C7AsDZNW0etedzwuwAr+yWLPhzhV+x
+Ba0eZ+7rN6xSuHup/wsjTXfX0NrtojRybY7qPCWIPGtneV3Sm65FW+MK66Je+fBNoPcr6l
++HyP6v2OcwBOsAAAWQwmNuDv3Kz11CVOIfBiLVl3SC7bBurNcOqmGQONQ1MnQaKtNo/zwL
+3jbZ1aAZohLxKiFXcHhRJGcD6sl9BTZZnqC6Qjym9SXdpfJpVKzzHBBvMifmX5P/IGHgJo
+L/A4vbSjuyu/OSfwlnGY+EBeTrlmMG599mj2XClfUGwdrVH9NLJHZV3DX9TbA8I/ZiOK/U
+sKqUjqKu6LQ5dPXRxCRdKsMUkB0s6lt1hwMt9CPOWciAfyuY2+/0BIQEWM14q/0BiLx3F3
+7qs/XrTJV0Ay/lQWszI6FLb9b+9Nfvwl6FmUlGjXFAN+R/LIjJURFRBBD0tKmF5ji6BLTA
+/1ZiTCgJZGaG5X4elUNXEm+EhuXyqz1QeoUZsDnshp843374vAjSesB43c4GAF/PgZaAK2
+RJXHcavYQoRvsBF/5SSt3yD1fuhJqh5MLsqywXa/mMCZaGlkUo3wnbzdnWBTfwH9vWnGR9
+9279kzemNfQF/Gqp+kWcgi5SW4KHSEvatooCnKwJlRg6BqBGX0zfMLqCbGpEQU76xn/qJx
+OuZpnKiLU0hnjDBDVXTq3Bshc9aZsLFtyZav7YgbaA8s960vMB9M2qK1IwW2r9JWP0MkZh
+5ab8281Rka8pxtgZ1iIRsz9LfnBAHxHTNClXxpY0re4RZHr77mi/a2b6A9nkDGgcPmakX/
+8cciTLK3w588sEvBolEceHkF1UyJ3TuUd4jYFJMXS8lVhLcY9ikZub+hMqKYaycvtwG1Bv
+zcO2gEf0X9sBMbLwa+/f8QCglmHnvU0EqCj6rET3LRVZVDjkVv162FLB+CWyWk89PPr6JP
+3HUV6/8Np/Icnt2hjXdm3e+W1iE3iYQG3oQ6exwwQp5QkTyDVmbi9FSKrRMzy+TrICS7qr
+jYOph9vNhWN4cM5R3miQOJ1IWUN2eo5W6eWyRo92nKnetqKfv1hdKJ9iAsQB5FqtSc1OOW
+QSsfzAs3qSWYQBbfmelX9egH2W3vww82+ljggIXg0CiVVIsUWS9JCdjupzE+mBoo8J3pWA
+6aT6tEnYoF3VmIulyouy7PoVWJpA2bsv09lTGemUTPHk9TeRmbkNsHdEhutiych6jfY+iW
+kzsL5u8Dp1BGFywrUMzMkI2qGFikCt8qgLttqNN5AZZPATaNESvKCZjwQtf1NcnLlQQR5w
+1EcyPXAudJqZd9BVyUrS7YnzeeyaP+u9DqmGUXvZENYeiqS6Pe24eLQ2njVfIfuWiF6tZ9
+5HvjwWbG863awVCiS9N6aj39V3dTrCzGKJy+ROXBE6OXdYXT9gHfu7oq7INJcsxpN2ahBS
+AEqbaz6V2UEqr6dotAA0zpMTMCNKbZ1iWCa3B+WjVEScw4u0fjcSQ5DrmL6gjZf5VWCa6L
+DUXNjeErMjd9O9TF6EXs66M2ntOZRcpV0A9moR5CPJmGx/LAgH6voTRYntWfldmqVucXaJ
+amUPLmUSRrLyu7/pCX3rJCF4hHll/1jPr6jHA9Wu8WfI0i9mHL3CnmMsKAj5QWmor1WQlk
+yd6snBodZ6jGP/lXopz82tgcZfS+k3vxflVElNZY8a8hWxbuP1O6u1ivtqWF0uFIApzPvz
+vWaCNgaAsloxjjbLfLyQFJ/m2TSSGsJwDVvLH/46Cb+t8AdujEHoCcSHTPSYzIxytSyhAP
+8TZnebzwN4YyOmOJ6Gm/tHV3tquIWOBDR2CUKUo6Psnxhw5aGLZO1QI+XIQZoDunYYNub3
+/si9dHme47OTlsdyRNLlgLYqewuMSRUGS1e4JsdvrGxToVmIA+v0ojCBJnTL8tT0gAbHn3
+jhZPRYbCKhLnI0e3qygtktbfkJKPwFWTXqn1ZEJksKP5tSGco+EUmrmO8XjcRpSgSqkFn0
+ftjvjtFZBdjb2/E3KAWcBio8eMQ=
+-----END OPENSSH PRIVATE KEY-----

autres/vm

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Chemin de destination pour les fichiers OVA
+destination="/home/sio/mes_vm/"
+
+# Récupérer la liste des noms de machines virtuelles
+vms=$(VBoxManage list vms | awk -F '"' '{print $2}')
+
+# Exporter chaque machine virtuelle au format OVA
+for vm in $vms; do
+    echo "Exportation de la machine virtuelle : $vm"
+    VBoxManage export "$vm" -o "$destination/$vm.ova"
+done
+
+echo "Exportation terminée."

sio1/sisr1/18-bash/tpbash/crsamba

@@ -0,0 +1,6 @@
+#!/bin/bash
+fich=users.txt
+while read ligne
+do
+	echo $ligne
+done < $fich

sio1/sisr1/18-bash/tpbash/crsamba3

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+
+usage() {
+	echo "usage : $0 <users.txt>"
+	exit 1
+}
+
+if [[ $# != 1 ]] ; then
+	usage
+fi
+
+fich=$1
+if [[ ! -r $fich ]] ; then
+	echo "i$0: erreur ouverture fichier $fich"
+	exit 2
+fi
+while read ligne
+do
+	echo $ligne
+done < $fich
+

sio1/sisr1/18-bash/tpbash/crsamba4

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+
+usage() {
+	echo "usage : $0 <users.txt>"
+	exit 1
+}
+
+if [[ $# != 1 ]] ; then
+	usage
+fi
+
+fich=$1
+if [[ ! -r $fich ]] ; then
+	echo "i$0: erreur ouverture fichier $fich"
+	exit 2
+fi
+while read ligne
+do
+	login=$(echo "${ligne}"|cut -f1 -d:)
+        echo $login	
+	nom=$(echo "${ligne}"|cut -f2  -d:)
+	echo $nom
+done < $fich
+

sio1/sisr1/18-bash/tpbash/crsamba5

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+
+usage() {
+	echo "usage : $0 <users.txt>"
+	exit 1
+}
+
+if [[ $# != 1 ]] ; then
+	usage
+fi
+
+fich=$1
+if [[ ! -r $fich ]] ; then
+	echo "i$0: erreur ouverture fichier $fich"
+	exit 2
+fi
+while read ligne
+do
+	login=$(echo "${ligne}"|cut -f1 -d:)
+        #echo $login	
+	nom=$(echo "${ligne}"|cut -f2  -d:)
+	#echo $nom
+	if ! getent passwd "${nom}" > /dev/null 2 >&1
+	then
+		sudo useradd -m -c "${nom}" -s /bin/bash "${login}"
+		mdp=$(pwgen 6 1) 
+		echo "${login}:${mdp}"|sudo chpasswd
+		echo "${login}:${mdp}">>${fich}.pw
+
+	else
+		echo "${nom}" existe déja	
+	fi
+done < $fich 

sio1/sisr1/18-bash/tpbash/crsamba6

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+
+usage() {
+	echo "usage : $0 <users.txt>"
+	exit 1
+}
+
+if [[ $# != 1 ]] ; then
+	usage
+fi
+
+fich=$1
+if [[ ! -r $fich ]] ; then
+	echo "i$0: erreur ouverture fichier $fich"
+	exit 2
+fi
+while read ligne
+do
+	login=$(echo "${ligne}"|cut -f1 -d:)
+        #echo $login	
+	nom=$(echo "${ligne}"|cut -f2  -d:)
+	#echo $nom
+	if  getent passwd "${login}" > /dev/null 2 >&1
+	then
+		sudo userdel -r -f  "${login}"
+	fi
+	#echo $ligne
+done < $fich 

sio1/sisr1/18-bash/tpbash/crsamba7

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+
+usage() {
+	echo "usage : $0 <users.txt>"
+	exit 1
+}
+
+if [[ $# != 1 ]] ; then
+	usage
+fi
+
+fich=$1
+if [[ ! -r $fich ]] ; then
+	echo "i$0: erreur ouverture fichier $fich"
+	exit 2
+fi
+while read ligne
+do
+	login=$(echo "${ligne}"|cut -f1 -d:)
+        #echo $login	
+	nom=$(echo "${ligne}"|cut -f2  -d:)
+	#echo $nom
+	if  getent passwd "${login}" > /dev/null 2 >&1
+	then
+		sudo userdel -r -f  "${login}"
+	fi
+	#echo $ligne
+done < $fich 

sio1/sisr1/18-bash/tpbash/sio@192.168.0.100

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+
+usage() {
+	echo "usage : $0 <users.txt>"
+	exit 1
+}
+
+if [[ $# != 1 ]] ; then
+	usage
+fi
+
+fich=$1
+if [[ ! -r $fich ]] ; then
+	echo "i$0: erreur ouverture fichier $fich"
+	exit 2
+fi
+while read ligne
+do
+	login=$(echo "${ligne}"|cut -f1 -d:)
+        #echo $login	
+	nom=$(echo "${ligne}"|cut -f2  -d:)
+	#echo $nom
+	if ! getent passwd "${nom}" > /dev/null 2 >&1
+	then
+		sudo useradd -m -c "${nom}" -s /bin/bash "${login}"
+		mdp=$(pwgen 6 1) 
+		echo "${login}:${mdp}"|sudo chpasswd
+		echo "${login}:${mdp}">>${fich}.pw
+
+	else
+		echo "${nom}" existe déja	
+	fi
+done < $fich 

sio1/sisr1/18-bash/tpbash/users.txt

@@ -0,0 +1,4 @@
+laymar:Lucien Aymar
+cperier:Claudine Perier
+rdubois:Robert Dubois
+mlefebvre:Marcelle Lefebvre

sio1/sisr1/18-bash/tpbash/users.txt.pw

@@ -0,0 +1,12 @@
+laymar:uomeM8
+cperier:za2Iez
+rdubois:an6ahJ
+mlefebvre:Aque8E
+laymar:Eimai2
+cperier:Iesoo9
+rdubois:loo6Ac
+mlefebvre:guCh0s
+laymar:reY9ze
+cperier:eR7iel
+rdubois:Bee7Ee
+mlefebvre:Ook3fe

sio1/sisr1/20-dns/srv1/db.domaine.lan

@@ -0,0 +1,22 @@
+$ORIGIN .
+$TTL 38400      ; 10 hours 40 minutes
+domaine.lan         IN SOA  serv1.domaine.lan. root.serv1.domaine.lan. (
+                                2023030201 ; serial
+                                10800      ; refresh (3 hours)
+                                3600       ; retry (1 hour)
+                                604800     ; expire (1 week)
+                                38400      ; minimum (10 hours 40 minutes)
+                                )
+                        NS      serv1.domaine.lan.
+                        NS      serv2.domaine.lan.
+                      
+serv1.domaine.lan.     A 192.168.0.161
+serv2.domaine.lan.     A 192.168.0.160
+
+$ORIGIN domaine.lan.
+poste1             A       192.168.0.100
+poste2             A       192.168.0.101
+
+
+www            CNAME poste1.domaine.lan.
+

sio1/sisr1/20-dns/srv1/db.domaine.lan.rev

@@ -0,0 +1,14 @@
+$TTL 38400	; 10 hours 40 minutes 
+@	IN SOA	serv1.domaine.lan. root.serv1.domaine.lan. (
+		2016091501 ; serial
+		10800      ; refresh (3 hours)
+		3600       ; retry (1 hour)
+		604800     ; expire (1 week)
+		38400      ; minimum (10 hours 40 minutes)
+	)
+	IN	NS	serv1.domaine.lan.
+	IN	NS	serv2.domaine.lan.
+
+61	IN	PTR	serv1.sio.lan.
+60	IN	PTR	serv2.sio.lan.
+14	IN      PTR     wd.sio.lan.

sio1/sisr1/20-dns/srv1/named.conf

@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";

sio1/sisr1/20-dns/srv1/named.conf.local

@@ -0,0 +1,19 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+// zone directe
+        zone "domaine.lan" {
+             type master;
+             file "/etc/bind/db.domaine.lan";
+        };
+
+	// zone inverse 
+	zone "0.168.192.in-addr.arpa" {
+	     type master;
+             notify no;
+             file "/etc/bind/db.domaine.lan.rev";
+	};

sio1/sisr1/20-dns/srv1/resolv.conf

@@ -0,0 +1,4 @@
+search domaine.lan
+nameserver 10.121.38.7
+nameserver 127.0.0.1 #on ressoud localement
+

sio1/sisr1/21-dhcp/dhcpd.conf

@@ -0,0 +1,107 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+option domain-name "alhassco.lan";
+option domain-name-servers ns1.alhassco.lan, ns2.alhassco.lan;
+
+default-lease-time 600;
+max-lease-time 7200;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 192.168.2.0 netmask 255.255.255.0 {
+#range 192.168.2.11 192.168.2.252;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+subnet 192.168.2.0 netmask 255.255.255.0 {
+  range 192.168.2.15 192.168.2.250;
+  option domain-name-servers 192.168.2.2, 192.168.2.3;
+  option domain-name "alhassco.lan";
+  option routers 192.168.2.253;
+  option broadcast-address 192.168.2.255;
+  default-lease-time 600;
+  max-lease-time 7200;
+}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+host pcXp {
+  hardware ethernet 08:00:27:00:53:76;
+  fixed-address 192.168.2.20;
+}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}

sio1/sisr1/40-filtrage/fw0.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+ 
+IFEXT=enp0s3
+IFDMZ=enp0s8
+IFINT=enp0s9
+ 
+# ici instruction pour activer le routage
+echo "1" > /proc/sys/net/ipv4/ip_forward
+ 
+# ici instructions pour definir les stratégies par defaut (etape 1)
+ 
+
+ 
+# ici instructions pour remettre a zero les chaines filter et nat (etape 1)
+
+ 
+

sio1/sisr1/40-filtrage/fw1.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+ 
+IFEXT=enp0s3
+IFDMZ=enp0s8
+IFINT=enp0s9
+ 
+# ici instruction pour activer le routage
+ 
+# ici instructions pour definir les stratégies par defaut (etape 1)
+iptables -F 
+iptables -P INPUT DROP
+iptables -P OUTPUT DROP
+iptables -P FORWARD DROP
+iptables -F -t nat #remise à 0 de la table nat 
+# ici instructions pour remettre a zero les chaines filter et nat (etape 1)
+ 

sio1/sisr1/40-filtrage/fw2.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+ 
+IFEXT=enp0s3
+IFDMZ=enp0s8
+IFINT=enp0s9
+ 
+# ici instruction pour activer le routage
+ 
+# ici instructions pour definir les stratégies par defaut (etape 1)
+iptables -F 
+iptables -P INPUT DROP
+iptables -P OUTPUT DROP
+iptables -P FORWARD DROP
+# ici instructions pour remettre a zero les chaines filter et nat (etape 1)
+iptables -F -t nat #remise à 0 de la table nat 
+# On autorise la connexion SSH
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT # en entrée
+iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT #en sortie

sio1/sisr1/40-filtrage/fw3.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+ 
+IFEXT=enp0s3
+IFDMZ=enp0s8
+IFINT=enp0s9
+ 
+# ici instruction pour activer le routage
+echo "1" > /proc/sys/net/ipv4/ip_forward 
+# ici instructions pour definir les stratégies par defaut (etape 1)
+iptables -F 
+iptables -P INPUT DROP
+iptables -P OUTPUT DROP
+iptables -P FORWARD DROP
+# ici instructions pour remettre a zero les chaines filter et nat (etape 1)
+iptables -F -t nat #remise à 0 de la table nat 
+# On autorise la connexion SSH coté serveur
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT # en entrée
+iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT #en sortie
+
+#on autorise les requetes DNS coté client 
+iptables -A OUTPUT -p udp --dport 53 -j ACCEPT # en sortie 
+iptables -A INPUT -p udp --sport 53 -j ACCEPT # en entrée
+
+#on définit le proxy du lyéce
+#export http_proxy=http://10.121.38.1:8080
+# on autorise les requête émise  en http coté client
+iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT #en sortie
+iptables -A INPUT -p tcp --sport 80 -j ACCEPT #en entrée
+
+#on autorise les requetes émisent en ftp
+iptables -A OUTPUT -p tcp --sport 21 -j ACCEPT #en entrée
+iptables -A INPUT -p tcp --sport 21 -j ACCEPT #en entrée
+
+

sio1/sisr1/40-filtrage/fw4.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+ 
+IFEXT=enp0s3
+IFDMZ=enp0s8
+IFINT=enp0s9
+ 
+# ici instruction pour activer le routage
+echo "1" > /proc/sys/net/ipv4/ip_forward 
+# ici instructions pour definir les stratégies par defaut (etape 1)
+iptables -F 
+iptables -P INPUT DROP
+iptables -P OUTPUT DROP
+iptables -P FORWARD DROP
+# ici instructions pour remettre a zero les chaines filter et nat (etape 1)
+iptables -A INPUT -i lo -j ACCEPT
+iptables -A OUTPUT -o lo -j ACCEPT
+iptables -F -t nat #remise à 0 de la table nat
+# On autorise la connexion SSH coté serveur
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT # en entrée
+iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT #en sortie
+
+#on autorise les requetes DNS coté client 
+iptables -A OUTPUT -p udp --dport 53 -j ACCEPT # en sortie 
+iptables -A INPUT -p udp --sport 53 -j ACCEPT # en entrée
+
+#on définit le proxy du lyéce
+#export http_proxy=http://10.121.38.1:8080
+# on autorise les requête émise  en http coté client
+iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT #en sortie
+iptables -A INPUT -p tcp --sport 80 -j ACCEPT #en entrée
+
+#on autorise les requetes émisent en ftp
+#iptables -A OUTPUT -p tcp --sport 21 -j ACCEPT #en entrée
+#iptables -A INPUT -p tcp --sport 21 -j ACCEPT #en entrée
+
+# on vérifie l'accès a une page web :
+#curl http://10.121.38.10
+
+iptables -A FORWARD -o ${IFEXT} -s 10.0.0.0/24 -p tcp --dport 80 -j ACCEPT
+iptables -A FORWARD -i ${IFEXT} -d 10.0.0.0/24 -p tcp --sport 80 -j ACCEPT
+iptables -A FORWARD -o ${IFEXT} -s 10.0.0.0/24 -p udp --dport 53 -j ACCEPT
+iptables -A FORWARD -i ${IFEXT} -d 10.0.0.0/24 -p udp --sport 53 -j ACCEPT
+#iptables -A FORWARD -i ${IFEXT} -s 192.168.0.0/24 -p tcp --sport 80 -j DROP
+
+iptables -t nat -A POSTROUTING -o${IFEXT} -j MASQUERADE #translation d'adresse
+

sio1/sisr1/scripts/nat.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+echo 1 | sudo dd of=/proc/sys/net/ipv4/ip_forward
+iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
+iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE

sio2/CYBER/README

@@ -0,0 +1 @@
+Ceci est une notice

sio2/SISR/HB/ha.cf

@@ -0,0 +1,344 @@
+#
+#	There are lots of options in this file.  All you have to have is a set
+#	of nodes listed {"node ...} one of {serial, bcast, mcast, or ucast},
+#	and a value for "auto_failback".
+#
+#	ATTENTION: As the configuration file is read line by line,
+#		   THE ORDER OF DIRECTIVE MATTERS!
+#
+#	In particular, make sure that the udpport, serial baud rate
+#	etc. are set before the heartbeat media are defined!
+#	debug and log file directives go into effect when they
+#	are encountered.
+#
+#	All will be fine if you keep them ordered as in this example.
+#
+#
+#       Note on logging:
+#       If all of debugfile, logfile and logfacility are not defined, 
+#       logging is the same as use_logd yes. In other case, they are
+#       respectively effective. if detering the logging to syslog,
+#       logfacility must be "none".
+#
+#	File to write debug messages to
+#debugfile /var/log/ha-debug
+#
+#
+# 	File to write other messages to
+#
+#logfile	/var/log/ha-log
+#
+#
+#	Facility to use for syslog()/logger 
+#
+logfacility	local0
+#
+#
+#	A note on specifying "how long" times below...
+#
+#	The default time unit is seconds
+#		10 means ten seconds
+#
+#	You can also specify them in milliseconds
+#		1500ms means 1.5 seconds
+#
+#
+#	keepalive: how long between heartbeats?
+#
+#keepalive 2
+#
+#	deadtime: how long-to-declare-host-dead?
+#
+#		If you set this too low you will get the problematic
+#		split-brain (or cluster partition) problem.
+#		See the FAQ for how to use warntime to tune deadtime.
+#
+#deadtime 30
+#
+#	warntime: how long before issuing "late heartbeat" warning?
+#	See the FAQ for how to use warntime to tune deadtime.
+#
+#warntime 10
+#
+#
+#	Very first dead time (initdead)
+#
+#	On some machines/OSes, etc. the network takes a while to come up
+#	and start working right after you've been rebooted.  As a result
+#	we have a separate dead time for when things first come up.
+#	It should be at least twice the normal dead time.
+#
+#initdead 120
+#
+#
+#	What UDP port to use for bcast/ucast communication?
+#
+#udpport	694
+#
+#	Baud rate for serial ports...
+#
+#baud	19200
+#	
+#	serial	serialportname ...
+#serial	/dev/ttyS0	# Linux
+#serial	/dev/cuaa0	# FreeBSD
+#serial /dev/cuad0      # FreeBSD 6.x
+#serial	/dev/cua/a	# Solaris
+#
+#
+#	What interfaces to broadcast heartbeats over?
+#
+#bcast	eth0		# Linux
+#bcast	eth1 eth2	# Linux
+#bcast	le0		# Solaris
+#bcast	le1 le2		# Solaris
+#
+#	Set up a multicast heartbeat medium
+#	mcast [dev] [mcast group] [port] [ttl] [loop]
+#
+#	[dev]		device to send/rcv heartbeats on
+#	[mcast group]	multicast group to join (class D multicast address
+#			224.0.0.0 - 239.255.255.255)
+#	[port]		udp port to sendto/rcvfrom (set this value to the
+#			same value as "udpport" above)
+#	[ttl]		the ttl value for outbound heartbeats.  this effects
+#			how far the multicast packet will propagate.  (0-255)
+#			Must be greater than zero.
+#	[loop]		toggles loopback for outbound multicast heartbeats.
+#			if enabled, an outbound packet will be looped back and
+#			received by the interface it was sent on. (0 or 1)
+#			Set this value to zero.
+#		
+#
+#mcast eth0 225.0.0.1 694 1 0
+#
+#	Set up a unicast / udp heartbeat medium
+#	ucast [dev] [peer-ip-addr]
+#
+#	[dev]		device to send/rcv heartbeats on
+#	[peer-ip-addr]	IP address of peer to send packets to
+#
+#ucast eth0 192.168.1.2
+#
+#
+#	About boolean values...
+#
+#	Any of the following case-insensitive values will work for true:
+#		true, on, yes, y, 1
+#	Any of the following case-insensitive values will work for false:
+#		false, off, no, n, 0
+#
+#
+#
+#	auto_failback:  determines whether a resource will
+#	automatically fail back to its "primary" node, or remain
+#	on whatever node is serving it until that node fails, or
+#	an administrator intervenes.
+#
+#	The possible values for auto_failback are:
+#		on	- enable automatic failbacks
+#		off	- disable automatic failbacks
+#		legacy	- enable automatic failbacks in systems
+#			where all nodes do not yet support
+#			the auto_failback option.
+#
+#	auto_failback "on" and "off" are backwards compatible with the old
+#		"nice_failback on" setting.
+#
+#	See the FAQ for information on how to convert
+#		from "legacy" to "on" without a flash cut.
+#		(i.e., using a "rolling upgrade" process)
+#
+#	The default value for auto_failback is "legacy", which
+#	will issue a warning at startup.  So, make sure you put
+#	an auto_failback directive in your ha.cf file.
+#	(note: auto_failback can be any boolean or "legacy")
+#
+auto_failback on
+#
+#
+#       Basic STONITH support
+#       Using this directive assumes that there is one stonith 
+#       device in the cluster.  Parameters to this device are 
+#       read from a configuration file. The format of this line is:
+#
+#         stonith <stonith_type> <configfile>
+#
+#       NOTE: it is up to you to maintain this file on each node in the
+#       cluster!
+#
+#stonith baytech /etc/ha.d/conf/stonith.baytech
+#
+#       STONITH support
+#       You can configure multiple stonith devices using this directive.
+#       The format of the line is:
+#         stonith_host <hostfrom> <stonith_type> <params...>
+#         <hostfrom> is the machine the stonith device is attached
+#              to or * to mean it is accessible from any host. 
+#         <stonith_type> is the type of stonith device (a list of
+#              supported drives is in /usr/lib/stonith.)
+#         <params...> are driver specific parameters.  To see the
+#              format for a particular device, run:
+#           stonith -l -t <stonith_type> 
+#
+#
+#	Note that if you put your stonith device access information in
+#	here, and you make this file publically readable, you're asking
+#	for a denial of service attack ;-)
+#
+#	To get a list of supported stonith devices, run
+#		stonith -L
+#	For detailed information on which stonith devices are supported
+#	and their detailed configuration options, run this command:
+#		stonith -h
+#
+#stonith_host *     baytech 10.0.0.3 mylogin mysecretpassword
+#stonith_host ken3  rps10 /dev/ttyS1 kathy 0 
+#stonith_host kathy rps10 /dev/ttyS1 ken3 0 
+#
+#	Watchdog is the watchdog timer.  If our own heart doesn't beat for
+#	a minute, then our machine will reboot.
+#	NOTE: If you are using the software watchdog, you very likely
+#	wish to load the module with the parameter "nowayout=0" or
+#	compile it without CONFIG_WATCHDOG_NOWAYOUT set. Otherwise even
+#	an orderly shutdown of heartbeat will trigger a reboot, which is
+#	very likely NOT what you want.
+#
+#watchdog /dev/watchdog
+#       
+#	Tell what machines are in the cluster
+#	node	nodename ...	-- must match uname -n
+#node	ken3
+#node	kathy
+#
+#	Less common options...
+#
+#	Treats 10.10.10.254 as a psuedo-cluster-member
+#	Used together with ipfail below...
+#	note: don't use a cluster node as ping node	
+#
+#ping 10.10.10.254
+#
+#	Treats 10.10.10.254 and 10.10.10.253 as a psuedo-cluster-member
+#       called group1. If either 10.10.10.254 or 10.10.10.253 are up
+#       then group1 is up
+#	Used together with ipfail below...
+#
+#ping_group group1 10.10.10.254 10.10.10.253
+#
+#	HBA ping derective for Fiber Channel
+#	Treats fc-card-name as psudo-cluster-member
+#	used with ipfail below ...
+#
+#	You can obtain HBAAPI from http://hbaapi.sourceforge.net.  You need 
+#	to get the library specific to your HBA directly from the vender
+#	To install HBAAPI stuff, all You need to do is to compile the common
+#	part you obtained from the sourceforge. This will produce libHBAAPI.so 
+#	which you need to copy to /usr/lib. You need also copy hbaapi.h to 
+#	/usr/include.
+#	
+#	The fc-card-name is the name obtained from the hbaapitest program 
+#	that is part of the hbaapi package. Running hbaapitest will produce
+#	a verbose output. One of the first line is similar to:
+#		Apapter number 0 is named: qlogic-qla2200-0
+#	Here fc-card-name is qlogic-qla2200-0. 	
+#
+#hbaping fc-card-name
+#
+#
+#	Processes started and stopped with heartbeat.  Restarted unless
+#		they exit with rc=100
+#
+#respawn userid /path/name/to/run
+#respawn hacluster /usr/lib/heartbeat/ipfail
+#
+#	Access control for client api
+#       	default is no access
+#
+#apiauth client-name gid=gidlist uid=uidlist
+#apiauth ipfail gid=haclient uid=hacluster
+
+###########################
+#
+#	Unusual options.
+#
+###########################
+#
+#	hopfudge maximum hop count minus number of nodes in config
+#hopfudge 1
+#
+#	deadping - dead time for ping nodes
+#deadping 30
+#
+#	hbgenmethod - Heartbeat generation number creation method
+#		Normally these are stored on disk and incremented as needed.
+#hbgenmethod time
+#
+#	realtime - enable/disable realtime execution (high priority, etc.)
+#		defaults to on
+#realtime off
+#
+#	debug - set debug level
+#		defaults to zero
+#debug 1
+#
+#	API Authentication - replaces the fifo-permissions-based system of the past
+#
+#
+#	You can put a uid list and/or a gid list.
+#	If you put both, then a process is authorized if it qualifies under either
+#	the uid list, or under the gid list.
+#
+#	The groupname "default" has special meaning.  If it is specified, then
+#	this will be used for authorizing groupless clients, and any client groups
+#	not otherwise specified.
+#	
+#	There is a subtle exception to this.  "default" will never be used in the 
+#	following cases (actual default auth directives noted in brackets)
+#		  ipfail 	(uid=HA_CCMUSER)
+#		  ccm 	 	(uid=HA_CCMUSER)
+#		  ping		(gid=HA_APIGROUP)
+#		  cl_status	(gid=HA_APIGROUP)
+#
+#	This is done to avoid creating a gaping security hole and matches the most
+#	likely desired configuration.
+#
+#apiauth ipfail uid=hacluster
+#apiauth ccm uid=hacluster
+#apiauth cms uid=hacluster
+#apiauth ping gid=haclient uid=alanr,root
+#apiauth default gid=haclient
+
+# 	message format in the wire, it can be classic or netstring, 
+#	default: classic
+#msgfmt  classic/netstring
+
+#	Do we use logging daemon?
+#	If logging daemon is used, logfile/debugfile/logfacility in this file
+#	are not meaningful any longer. You should check the config file for logging
+#	daemon (the default is /etc/logd.cf)
+#	more infomartion can be fould in the man page.
+#	Setting use_logd to "yes" is recommended
+#	
+# use_logd yes/no
+#
+#	the interval we  reconnect to logging daemon if the previous connection failed
+#	default: 60 seconds
+#conn_logd_time 60
+#
+#
+#	Configure compression module
+#	It could be zlib or bz2, depending on whether u have the corresponding 
+#	library	in the system.
+#compression	bz2
+#
+#	Confiugre compression threshold
+#	This value determines the threshold to compress a message,
+#	e.g. if the threshold is 1, then any message with size greater than 1 KB
+#	will be compressed, the default is 2 (KB)
+#compression_threshold 2
+
+bcast enp0s8
+node hb1
+node hb2
+pacemaker off

sio2/SISR/HB/inst

@@ -0,0 +1,51 @@
+#!/bin/bash
+# les bases 
+#  noeud hb1  : 192.168.0.140
+#  noeud hb2  : 192.168.0.142 
+#  addr virt. : 192.168.0.143 
+ 
+sed -i 's/bookworm/hb1/g' /etc/host{s,name}
+apt update
+apt install -y heartbeat apache2 net-tools
+systemctl disable apache2
+ 
+cat <<EOT> /etc/network/interfaces.d/enp0s3
+allow-hotplug enp0s3
+iface enp0s3 inet static
+address 192.168.0.140/24 # a adapter pour hb2
+EOT
+ 
+cat <<EOT> /etc/network/interfaces.d/enp0s8
+allow-hotplug enp0s8
+iface enp0s8 inet static
+address 10.0.0.1/24      # a adapter pour hb2
+EOT
+ 
+cd /usr/share/doc/heartbeat
+gunzip *.gz
+cp ha.cf /etc/ha.d
+cp haresources /etc/ha.d
+cp authkeys /etc/ha.d
+cd /etc/ha.d
+echo "192.168.0.142 hb2" >> /etc/hosts # a adapter pour hb2
+ 
+cat <<EOT >> /etc/ha.d/ha.cf
+bcast enp0s8
+node hb1
+node hb2
+pacemaker off
+EOT
+ 
+# echo " hb1 192.168.0.143 apache2" >> /etc/ha.d/haresources pou Debian buster
+echo " hb1 192.168.0.143/24/enp0s3 apache2" >> /etc/ha.d/haresources 
+ 
+cat <<EOT >> /etc/ha.d/authkeys
+auth 1
+1 crc
+EOT
+ 
+chmod 600 /etc/ha.d/authkeys
+echo hb1 > /var/www/html/index.html # a adapter pour hb2
+ #
+
+