alhassane.kone/siotp
2
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: alhassane.kone:main
Branches Tags
alhassane.kone:main
alhassane.kone:v3.3
alhassane.kone:v3.2
alhassane.kone:v3.1
alhassane.kone:v3.0
alhassane.kone:v2.9
alhassane.kone:v2.8
alhassane.kone:v2.7
alhassane.kone:v2.6
alhassane.kone:v2.5
alhassane.kone:v2.2
alhassane.kone:v2.1
alhassane.kone:v2.0
alhassane.kone:v1.9
alhassane.kone:v1.8
alhassane.kone:v1.6
alhassane.kone:v1.5
alhassane.kone:v1.4
alhassane.kone:v1.3
alhassane.kone:v1.2
alhassane.kone:v1.7
alhassane.kone:v1.1
alhassane.kone:v1.0
alhassane.kone:v0.9
alhassane.kone:v0.8
alhassane.kone:v0.7
alhassane.kone:v0.6
alhassane.kone:v0.5
alhassane.kone:v0.4
alhassane.kone:0.3
alhassane.kone:v0.3
alhassane.kone:v0.2
alhassane.kone:v0.1
alhassane.kone:0.1
..
compare: alhassane.kone:v0.8
Branches Tags
alhassane.kone:main
alhassane.kone:v3.3
alhassane.kone:v3.2
alhassane.kone:v3.1
alhassane.kone:v3.0
alhassane.kone:v2.9
alhassane.kone:v2.8
alhassane.kone:v2.7
alhassane.kone:v2.6
alhassane.kone:v2.5
alhassane.kone:v2.2
alhassane.kone:v2.1
alhassane.kone:v2.0
alhassane.kone:v1.9
alhassane.kone:v1.8
alhassane.kone:v1.6
alhassane.kone:v1.5
alhassane.kone:v1.4
alhassane.kone:v1.3
alhassane.kone:v1.2
alhassane.kone:v1.7
alhassane.kone:v1.1
alhassane.kone:v1.0
alhassane.kone:v0.9
alhassane.kone:v0.8
alhassane.kone:v0.7
alhassane.kone:v0.6
alhassane.kone:v0.5
alhassane.kone:v0.4
alhassane.kone:0.3
alhassane.kone:v0.3
alhassane.kone:v0.2
alhassane.kone:v0.1
alhassane.kone:0.1

No commits in common. "main" and "v0.8" have entirely different histories.
main ... v0.8

45 changed files with 4 additions and 2949 deletions
Show Stats Expand all files Collapse all files

3
README.md Normal file
View File

@ -0,0 +1,3 @@
# siotp
Ceci est le répertoire qui servira à accueillir les travaux du BTS SIO

4
sio1/sisr1/scripts/maj
View File

@ -1,4 +0,0 @@
#!/bin/bash
cd ap22-d
git pull
GIT_WORK_TREE=/var/www/html/ git checkout -f

25
sio2/AP/apbase.yml
View File

@ -1,25 +0,0 @@
---
- name: apbase
hosts: web
become: yes
tasks:
- name: 1. Installer les paquets apache2 php et adminer
apt:
name:
- apache2
- php
- adminer
- php-mbstring
state: present
#notify: 2. redémarrer apache et activer adminer
- name: 2. redémarrer apache et activer adminer
shell: sudo a2enconf adminer
- name: 3. redémarrer apache et activer adminer
shell: sudo systemctl reload apache2

52
sio2/AP/apdb.yml
View File

@ -1,52 +0,0 @@
---
- name: apdb
hosts: web
become: yes
tasks:
- name: 1. Installer mariadb
apt:
name:
- mariadb-server
- python3-pymysql
state: present
- name: 2. s'assurer que mariadb est en fonctionnement
service:
name: mariadb
state: started
- name: 3. Creer un utilisateur et lui attribuer tous les droits
community.mysql.mysql_user:
name: admin
password: admin
priv: '*.*:ALL,GRANT'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: 4. Creation de la base de donnee 'sdis2023'
community.mysql.mysql_db:
name: sdis2023
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: 5. copier la base de donnée sur l'hôte distant
copy:
src: sdis2023.sql
dest: /tmp/sdis2023.sql
- name: 6. Restore la base de donnée
community.mysql.mysql_db:
name: sdis2023
state: import
target: /tmp/sdis2023.sql
login_unix_socket: /var/run/mysqld/mysqld.sock
# - name: 5. Dump multiple databases
#community.mysql.mysql_db:
#state: dump
#name:
#- sdis2023
#target: sdis2023.sql
#login_unix_socket: /var/run/mysqld/mysqld.sock

20
sio2/AP/apdbdump.yml
View File

@ -1,20 +0,0 @@
---
- name: apdbdump
hosts: web
become: yes
tasks:
- name: 1. Dump multiple databases
community.mysql.mysql_db:
state: dump
name: sdis2023
target: /tmp/sdis2023.sql
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: 2. recuperation de sdis2023.sql avec fetch
ansible.builtin.fetch:
src: /tmp/sdis2023.sql
dest: sdis2023-dump.sql
flat: yes

12
sio2/AP/drop.yml
View File

@ -1,12 +0,0 @@
---
- name: apdb
hosts: web
become: yes
tasks:
- name: 1. Suppression de la base de donnee 'sdis2023'
community.mysql.mysql_db:
name: sdis2023
state: absent
login_unix_socket: /var/run/mysqld/mysqld.sock

2
sio2/AP/hosts
View File

@ -1,2 +0,0 @@
[web]
ap33prod

22
sio2/AP4/Vagrantfile vendored
View File

@ -1,22 +0,0 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.provision "shell", inline: <<-SHELL
# export http_proxy=http://10.121.38.1:8080
# export https_proxy=http://10.121.38.1:8080
timedatectl set-timezone Europe/Paris
apt-get -y update
apt-get -y upgrade
SHELL
config.vm.define "glpi" do |glpi| # VM No'1
glpi.vm.box = "debian/bookworm64" # Type de la machine
glpi.vm.hostname = "glpi" # Nom de la machine
glpi.vm.network "public_network" #, ip: "192.168.0.111"# Set static IP
glpi.vm.provision "ansible" do |ansible|
ansible.playbook = "provision/glpi.yml" # Lance le playbook glpi.yml
end
end
end

2
sio2/AP4/hosts
View File

@ -1,2 +0,0 @@
[web]
glpi

7
sio2/AP4/provision/glpi.yml
View File

@ -1,7 +0,0 @@
---
- hosts: all
become: true
roles:
- web
- bdd
- glpi

5
sio2/AP4/provision/roles/bdd/handlers/main.yml
View File

@ -1,5 +0,0 @@
---
- name: restart mariadb
service:
name: mariadb.service
state: restarted

29
sio2/AP4/provision/roles/bdd/tasks/main.yml
View File

@ -1,29 +0,0 @@
- name: 1. Installer mariadb
apt:
name:
- mariadb-server
- python3-pymysql
state: present
- name: 2. s'assurer que mariadb est en fonctionnement
service:
name: mariadb
state: started
- name: 3. Creer un utilisateur et lui attribuer tous les droits
community.mysql.mysql_user:
name: glpi
password: glpi
priv: '*.*:ALL,GRANT'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
notify:
- restart mariadb
- name: 4. Creation de la base de donnee 'db_glpi'
community.mysql.mysql_db:
name: db_glpi
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
notify:
- restart mariadb

21
sio2/AP4/provision/roles/glpi/tasks/main.yml
View File

@ -1,21 +0,0 @@
---
- name: 1. Telechargement de l'archive de glpi 10.0.10
get_url:
url: http://depl.sio.lan/store/glpi-10.0.10.tgz
dest: /tmp
- name: 2. Extraire glpi 10.0.10.tgz vers /tmp/
ansible.builtin.unarchive:
src: /tmp/glpi-10.0.10.tgz
dest: /var/www/html/
remote_src: true
- name: 3. Changer propritaire group et permissions
file:
path: /var/www/html/glpi
owner: www-data
group: www-data
mode: '0755'
recurse: yes

6
sio2/AP4/provision/roles/web/handlers/main.yml
View File

@ -1,6 +0,0 @@
---
- name: restart apache2
service:
name: apache2
state: restarted

30
sio2/AP4/provision/roles/web/tasks/main.yml
View File

@ -1,30 +0,0 @@
---
- name: 1. Installer apache php
apt:
name:
- apache2
- php
- curl
state: present
#notify: 2. redémarrer apache et activer adminer
- name: 2. Installation des extensions php de GLPI
apt:
name:
- php-xml
- php-common
- php-json
- php-mysql
- php-mbstring
- php-curl
- php-gd
- php-intl
- php-imap
- php-apcu
- php-zip
- php-xmlrpc
- php-bz2
- php-ldap
state: present
notify:
- restart apache2

23
sio2/CYBER/Cryptage/crypt.sh
View File

@ -1,23 +0,0 @@
#!/bin/bash
unn=$1
utilisateurmdp=$2
action=$3
ficcle=$4
user=$(echo $utilisateurmdp| cut -f1 -d/ )
mdp=$(echo $utilisateurmdp| cut -f2 -d/ )
echo $user
echo $mdp
[ -e /tmp/share ] || mkdir /tmp/share
mount.cifs -o "username=${user},password=${mdp}" //${unn} /tmp/share
if [[ $? == 0 ]] ;then
echo "le montage fonctionne cryptage en cours"
ccrypt ${action} -r -k ${ficcle} /tmp/share/*
umount /tmp/share
rm -r /tmp/share
else
echo "erreur montage $?"
exit 1
fi
exit 0

19
sio2/CYBER/Journald/journal-upload.conf
View File

@ -1,19 +0,0 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the journal-upload.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# See journal-upload.conf(5) for details.
[Upload]
URL=http://192.168.1.42:19532
# ServerKeyFile=/etc/ssl/private/journal-upload.pem
# ServerCertificateFile=/etc/ssl/certs/journal-upload.pem
# TrustedCertificateFile=/etc/ssl/ca/trusted.pem

10
sio2/CYBER/Journald/journald-rcv.sh
View File

@ -1,10 +0,0 @@
#!/bin/bash
sudo timedatectl set-timezone Europe/Paris
sudo apt-get update
sudo apt-get install -y systemd-journal-remote
sudo systemctl enable --now systemd-journal-remote.socket
sudo cp /lib/systemd/system/systemd-journal-remote.service /etc/systemd/system
sudo sed -i 's/--listen-https=-3/--listen-http=-3/' /etc/systemd/system/systemd-journal-remote.service
[[ -d /var/log/journal/remote ]] || sudo mkdir /var/log/journal/remote
sudo chown systemd-journal-remote /var/log/journal/remote
sudo systemctl daemon-reload

9
sio2/CYBER/Journald/journald-snd.sh
View File

@ -1,9 +0,0 @@
#!/bin/bash
# usage : ./journald-snd.sh 192.168.1.100
sudo timedatectl set-timezone Europe/Paris
sudo apt-get update
sudo apt-get install -y systemd-journal-remote
rpl="s/^# URL=/URL=http:\/\/${1}:19532/" # $1 represente l'adresse du recepteur
sudo sed -i "$rpl" /etc/systemd/journal-upload.conf
sudo systemctl enable --now systemd-journal-upload.service
sudo systemctl restart systemd-journal-upload.service

46
sio2/CYBER/Journald/systemd-journal-remote.service
View File

@ -1,46 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Journal Remote Sink Service
Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5)
Requires=systemd-journal-remote.socket
[Service]
ExecStart=/lib/systemd/systemd-journal-remote --listen-http=-3 --output=/var/log/journal/remote/
LockPersonality=yes
LogsDirectory=journal/remote
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateNetwork=yes
PrivateTmp=yes
ProtectProc=invisible
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
User=systemd-journal-remote
WatchdogSec=3min
# If there are many split up journal files we need a lot of fds to access them
# all in parallel.
LimitNOFILE=524288
[Install]
Also=systemd-journal-remote.socket

303
sio2/CYBER/Nagios/command.cfg
View File

@ -1,303 +0,0 @@
###############################################################################
# COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS 4.4.6
#
#
# NOTES: This config file provides you with some example command definitions
# that you can reference in host, service, and contact definitions.
#
# You don't need to keep commands in a separate file from your other
# object definitions. This has been done just to make things easier to
# understand.
#
###############################################################################
################################################################################
#
# SAMPLE NOTIFICATION COMMANDS
#
# These are some example notification commands. They may or may not work on
# your system without modification. As an example, some systems will require
# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below.
#
################################################################################
define command {
command_name notify-host-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
}
define command {
command_name notify-service-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
}
################################################################################
#
# SAMPLE HOST CHECK COMMANDS
#
################################################################################
# Removed in Debian because it conflicts with the command of the same name
# defined in ping.cfg, which is part of monitoring-plugins-basic.
#
## This command checks to see if a host is "alive" by pinging it
## The check must result in a 100% packet loss or 5 second (5000ms) round trip
## average time to produce a critical error.
## Note: Five ICMP echo packets are sent (determined by the '-p 5' argument)
#
#define command {
#
# command_name check-host-alive
# command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
#}
################################################################################
#
# SAMPLE SERVICE CHECK COMMANDS
#
# These are some example service check commands. They may or may not work on
# your system, as they must be modified for your plugins. See the HTML
# documentation on the plugins for examples of how to configure command definitions.
#
# NOTE: The following 'check_local_...' functions are designed to monitor
# various metrics on the host that Nagios is running on (i.e. this one).
################################################################################
define command {
command_name check_local_disk
command_line $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
}
define command {
command_name check_local_load
command_line $USER1$/check_load -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_procs
command_line $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
}
define command {
command_name check_local_users
command_line $USER1$/check_users -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_swap
command_line $USER1$/check_swap -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_mrtgtraf
command_line $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$
}
################################################################################
# NOTE: The following 'check_...' commands are used to monitor services on
# both local and remote hosts.
################################################################################
# Removed in Debian because it conflicts with the command of the same of
# defined in ftp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ftp
# command_line $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in hppjd.cfg, which is part of monitoring-plugins-standard.
#
#define command {
#
# command_name check_hpjd
# command_line $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$
#}
define command {
command_name check_snmp
command_line $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$
}
# Removed in Debian because it conflicts with the command of the same of
# defined in http.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_http
# command_line $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in ssh.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ssh
# command_line $USER1$/check_ssh $ARG1$ $HOSTADDRESS$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in dhcp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_dhcp
# command_line $USER1$/check_dhcp $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in ping.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ping
# command_line $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_pop
# command_line $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_imap
# command_line $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_smtp
# command_line $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_tcp
# command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_udp
# command_line $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in nt.cfg, which is part of monitoring-plugins-standard.
#
#define command {
#
# command_name check_nt
# command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
#}
################################################################################
#
# SAMPLE PERFORMANCE DATA COMMANDS
#
# These are sample performance data commands that can be used to send performance
# data output to two text files (one for hosts, another for services). If you
# plan on simply writing performance data out to a file, consider using the
# host_perfdata_file and service_perfdata_file options in the main config file.
#
################################################################################
define command {
command_name process-host-perfdata
command_line /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/lib/nagios4/host-perfdata.out
}
define command {
command_name process-service-perfdata
command_line /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/lib/nagios4/service-perfdata.out
}
define command {
command_name check_lin_load
command_line $USER1$/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
}
define command {
command_name check_lin_mem
command_line $USER1$/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
}

10
sio2/CYBER/Wireguard/wg0-a.conf
View File

@ -1,10 +0,0 @@
[Interface]
PrivateKey = iGPtDYyKYCoQVPofdo7KQXfC4OGCGOBXonF44nKUSFw=
Address = 10.0.0.2/32 # Adresses autorisées dans le VPN
Listenport = 51820
[Peer]
PublicKey = sAJc6fITMHs9Entb5upqGMN+4M+fnhIIpcWbQiqW50g= # de machine B
AllowedIPs = 10.0.0.0/24 # le peer peut acceder au serveur
Endpoint = 192.168.0.45:51820

10
sio2/CYBER/Wireguard/wg0-b.conf
View File

@ -1,10 +0,0 @@
[Interface]
Address = 10.0.0.1/32 # Adresses autorisées dans le VPN
Listenport = 51820
PrivateKey = YH3oUGyt8hXlqRINQIANWsqf7Bd+SJcyLhMLGPwbvHk=
[Peer]
PublicKey = k2Yzmoz+7e1TT+n2+zK9AHjssgQLp7DW0T3Zi+AtPV0= # de machine B
AllowedIPs = 10.0.0.0/24 # le peer peut acceder au serveur
Endpoint = 192.168.0.26:51820

58
sio2/CYBER/postfix/main.cf
View File

@ -1,58 +0,0 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = bookworm
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, postfix.lan, bookworm, localhost.localdomain, localhost
relayhost = [smtp.gmail.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Disallow methods that allow anonymous authentication
smtp_sasl_security_options = noanonymous
# Location of sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Enable STARTTLS encryption
#smtp_tls_security_level = encrypt
# Location of CA certificates
smtp_tls_CAfile = /etc/postfix/ssl/cacert-smtp-gmail.pem

1
sio2/CYBER/postfix/sasl_passwd
View File

@ -1 +0,0 @@
[smtp.gmail.com]:587 akone.alhassane@gmail.com:clnbmfdicvcbvcvt

9
sio2/SISR/Ansible/dokuw/hosts
View File

@ -1,9 +0,0 @@
[adm]
infra
[web]
web1
web2
[doc]
doku

6
sio2/SISR/Ansible/dokuw/local.yml
View File

@ -1,6 +0,0 @@
- hosts: doku
roles:
- web
- doku

18
sio2/SISR/Ansible/dokuw/roles/doku/main.yml
View File

@ -1,18 +0,0 @@
vars:
- chemin_fichier: /var/www/html/doku
- name: recuperation dokuwiki-stable.tgz depuis machine depl
get_url:
url: http://depl/store/dokuwiki-stable.tgz
dest: /tmp/
- name: Extraction archive
ansible.builtin.unarchive:
src: /tmp/dokuwiki-stable.tgz
dest: /var/www/html/
- name: changer propriétaire du fichier var/www/html/doku
file:
path: "{{ chemin_fichier }}"
owner: www-data:www-data data lib conf
become: true

37
sio2/SISR/Ansible/dokuw/roles/doku/tasks/main.yml
View File

@ -1,37 +0,0 @@
- name: 1. recuperation dokuwiki-stable.tgz depuis machine depl
get_url:
url: http://depl/store/dokuwiki-stable.tgz
dest: /tmp
- name: 2. Extraction archive dokuwiki-stage.tgz
unarchive:
src: /tmp/dokuwiki-stable.tgz
dest: /var/www/html/
remote_src: yes
- name: 3. stat dokuwiki
stat:
path: /var/www/html/dokuwiki-2023-04-04
register: doku_stat
- name: 4. On renomme doku-v... en doku
command: mv /var/www/html/dokuwiki-2023-04-04 /var/www/html/doku
when: doku_stat.stat.exists
- name: 5. Changer propritaire group et permissions
file:
path: /var/www/html/doku
owner: root
group: root
mode: '0755'
recurse: yes
- name: 6. Changer propritaire. group et permissions
file:
path: /var/www/html/doku
owner: www-data
group: www-data
recurse: yes
# mode: '755'

13
sio2/SISR/Ansible/dokuw/roles/web/tasks/main.yml
View File

@ -1,13 +0,0 @@
- name: 1. installe apache2 php et ces dependances
apt:
name:
- apache2
- php
# - php-gd
- php-mbstring
state: present
- name: 2. lance Apache
service:
name: apache2
state: started

6
sio2/SISR/Ansible/hosts
View File

@ -1,6 +0,0 @@
[adm]
infra
[web]
web1
web2

23
sio2/SISR/Ansible/squid-j2.yml
View File

@ -1,23 +0,0 @@
---
- name: squid-j2.yml
hosts: infra
vars:
- proxy_port: 8080
- proxy_mem: 512
tasks:
- name: 1. assurer que squid est installe
service:
name: squid
state: started
- name: 2. Copie du squid.conf apres generation dynamique
template:
src: squid.conf.j2
dest: /etc/squid/squid.conf
notify: restart squid
handlers:
- name: restart squid
service:
name: squid
state: restarted

22
sio2/SISR/Ansible/squid.yml
View File

@ -1,22 +0,0 @@
---
- name: squid.yml
hosts: infra
vars:
proxy_port: 8080
proxy_mem: 128
tasks:
- name: 1. installation de squid
apt:
name: squid
state: latest
- name: 2. recuperation de squid.conf avec fetch
ansible.builtin.fetch:
src: /etc/squid/squid.conf
dest: ./squid.conf
flat: yes

45
sio2/SISR/Ansible/syslog-cli.yml
View File

@ -1,45 +0,0 @@
---
- name: syslog.yml
hosts: web
tasks:
- name: 1. installer rsyslog
apt:
name: rsyslog
state: latest
- name: ajout du serveur syslog distant
lineinfile:
path: /etc/rsyslog.conf
line: '*.* @172.20.10.4:514'
insertbefore: EOF
create: yes
notify:
- 5. redemarrer rsyslog
# - name: 3. Ajout de la ligne ForwardToSyslog
#shell: echo "ForwardToSyslog=yes" >> /etc/systemd/journald.conf
- name: 4. Decommente la ligne ForwardToSyslog
replace:
path: /etc/systemd/journald.conf
regexp: '^#ForwardToSyslog=yes'
replace: 'ForwardToSyslog=yes'
notify: 6. redemarrer journald.service
# notify:
#- restart rsyslog
#- name: redemarrage de syslog
#- restart journald.service
#- name: redemarrage de journald.service
handlers:
- name: 5. redemarrer rsyslog
service:
name: rsyslog
state: restarted
- name: 6. redemarrer journald.service
service:
name: systemd-journald.service
state: restarted

52
sio2/SISR/Ansible/syslog.yml
View File

@ -1,52 +0,0 @@
---
- name: syslog.yml
hosts: infra
tasks:
- name: 1. installer rsyslog
apt:
name: rsyslog
state: latest
- name: 2. decommente le chargement du module imudp dans rsyslog.conf
replace:
path: /etc/rsyslog.conf
regexp: '^#module\(load="imudp"\)'
replace: 'module(load="imudp")'
notify:
- 5. redemarrer rsyslog
- name: 3. decommente le chargement du module imudp port 514 dans rsyslog.conf
replace:
path: /etc/rsyslog.conf
regexp: '^#input\(type="imudp" port="514"\)'
replace: 'input(type="imudp" port="514")'
notify:
- 5. redemarrer rsyslog
# - name: 3. Ajout de la ligne ForwardToSyslog
#shell: echo "ForwardToSyslog=yes" >> /etc/systemd/journald.conf
- name: 4. Decommente la ligne ForwardToSyslog
replace:
path: /etc/systemd/journald.conf
regexp: '^#ForwardToSyslog=yes'
replace: 'ForwardToSyslog=yes'
notify: 6. redemarrer journald.service
# notify:
#- restart rsyslog
#- name: redemarrage de syslog
#- restart journald.service
#- name: redemarrage de journald.service
handlers:
- name: 5. redemarrer rsyslog
service:
name: rsyslog
state: restarted
- name: 6. redemarrer journald.service
service:
name: systemd-journald.service
state: restarted

20
sio2/SISR/Ansible/web.yml
View File

@ -1,20 +0,0 @@
---
- name: web.yml
hosts: web
tasks:
- name: 1. installer apache2
apt :
name: apache2
state: present
- name: 2 installer php-mbstring
apt:
name: php-mbstring
state: present
- name: 3 assurer Apache tourne
service:
name: apache2
state: started
- name: 4 copier le fichier index.html vers /var/www/html
template:
src: index.html
dest: /var/www/html/

72
sio2/SISR/FOG/dhcpd.conf
View File

@ -1,72 +0,0 @@
# DHCP Server Configuration file\n#see /usr/share/doc/dhcp*/dhcpd.conf.sample
# This file was created by FOG
#Definition of PXE-specific options
# Code 1: Multicast IP Address of bootfile
# Code 2: UDP Port that client should monitor for MTFTP Responses
# Code 3: UDP Port that MTFTP servers are using to listen for MTFTP requests
# Code 4: Number of seconds a client must listen for activity before trying
# to start a new MTFTP transfer
# Code 5: Number of seconds a client must listen before trying to restart
# a MTFTP transfer
option space PXE;
option PXE.mtftp-ip code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;
option arch code 93 = unsigned integer 16;
use-host-decl-names on;
ddns-update-style interim;
ignore client-updates;
# Specify subnet of ether device you do NOT want service.
# For systems with two or more ethernet devices.
# subnet 136.165.0.0 netmask 255.255.0.0 {}
subnet 192.168.1.0 netmask 255.255.255.0{
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.1.10 192.168.1.254;
default-lease-time 21600;
max-lease-time 43200;
option routers 192.168.1.1;
option domain-name-servers 10.121.38.7;
next-server 192.168.1.10;
}
class "Legacy" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
filename "undionly.kkpxe";
}
class "UEFI-32-2" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
filename "i386-efi/snponly.efi";
}
class "UEFI-32-1" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
filename "i386-efi/snponly.efi";
}
class "UEFI-64-1" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
filename "snponly.efi";
}
class "UEFI-64-2" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
filename "snponly.efi";
}
class "UEFI-64-3" {
match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
filename "snponly.efi";
}
class "SURFACE-PRO-4" {
match if substring(option vendor-class-identifier, 0, 32) = "PXEClient:Arch:00007:UNDI:003016";
filename "snponly.efi";
}
class "Apple-Intel-Netboot" {
match if substring(option vendor-class-identifier, 0, 14) = "AAPLBSDPC/i386";
option dhcp-parameter-request-list 1,3,17,43,60;
if (option dhcp-message-type = 8) {
option vendor-class-identifier "AAPLBSDPC";
if (substring(option vendor-encapsulated-options, 0, 3) = 01:01:01) {
# BSDP List
option vendor-encapsulated-options 01:01:01:04:02:80:00:07:04:81:00:05:2a:09:0D:81:00:05:2a:08:69:50:58:45:2d:46:4f:47;
filename "snponly.efi";
}
}
}

303
sio2/SISR/Nagios/commands.cfg
View File

@ -1,303 +0,0 @@
###############################################################################
# COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS 4.4.6
#
#
# NOTES: This config file provides you with some example command definitions
# that you can reference in host, service, and contact definitions.
#
# You don't need to keep commands in a separate file from your other
# object definitions. This has been done just to make things easier to
# understand.
#
###############################################################################
################################################################################
#
# SAMPLE NOTIFICATION COMMANDS
#
# These are some example notification commands. They may or may not work on
# your system without modification. As an example, some systems will require
# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below.
#
################################################################################
define command {
command_name notify-host-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
}
define command {
command_name notify-service-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
}
################################################################################
#
# SAMPLE HOST CHECK COMMANDS
#
################################################################################
# Removed in Debian because it conflicts with the command of the same name
# defined in ping.cfg, which is part of monitoring-plugins-basic.
#
## This command checks to see if a host is "alive" by pinging it
## The check must result in a 100% packet loss or 5 second (5000ms) round trip
## average time to produce a critical error.
## Note: Five ICMP echo packets are sent (determined by the '-p 5' argument)
#
#define command {
#
# command_name check-host-alive
# command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
#}
################################################################################
#
# SAMPLE SERVICE CHECK COMMANDS
#
# These are some example service check commands. They may or may not work on
# your system, as they must be modified for your plugins. See the HTML
# documentation on the plugins for examples of how to configure command definitions.
#
# NOTE: The following 'check_local_...' functions are designed to monitor
# various metrics on the host that Nagios is running on (i.e. this one).
################################################################################
define command {
command_name check_local_disk
command_line $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
}
define command {
command_name check_local_load
command_line $USER1$/check_load -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_procs
command_line $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
}
define command {
command_name check_local_users
command_line $USER1$/check_users -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_swap
command_line $USER1$/check_swap -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_mrtgtraf
command_line $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$
}
################################################################################
# NOTE: The following 'check_...' commands are used to monitor services on
# both local and remote hosts.
################################################################################
# Removed in Debian because it conflicts with the command of the same of
# defined in ftp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ftp
# command_line $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in hppjd.cfg, which is part of monitoring-plugins-standard.
#
#define command {
#
# command_name check_hpjd
# command_line $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$
#}
define command {
command_name check_snmp
command_line $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$
}
# Removed in Debian because it conflicts with the command of the same of
# defined in http.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_http
# command_line $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in ssh.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ssh
# command_line $USER1$/check_ssh $ARG1$ $HOSTADDRESS$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in dhcp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_dhcp
# command_line $USER1$/check_dhcp $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in ping.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ping
# command_line $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_pop
# command_line $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_imap
# command_line $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_smtp
# command_line $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_tcp
# command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_udp
# command_line $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in nt.cfg, which is part of monitoring-plugins-standard.
#
#define command {
#
# command_name check_nt
# command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
#}
################################################################################
#
# SAMPLE PERFORMANCE DATA COMMANDS
#
# These are sample performance data commands that can be used to send performance
# data output to two text files (one for hosts, another for services). If you
# plan on simply writing performance data out to a file, consider using the
# host_perfdata_file and service_perfdata_file options in the main config file.
#
################################################################################
define command {
command_name process-host-perfdata
command_line /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/lib/nagios4/host-perfdata.out
}
define command {
command_name process-service-perfdata
command_line /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/lib/nagios4/service-perfdata.out
}
define command {
command_name check_lin_load
command_line $USER1$/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
}
define command {
command_name check_lin_mem
command_line $USER1$/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
}

42
sio2/SISR/Nagios/groups.cfg
View File

@ -1,42 +0,0 @@
#
# HOST GROUP DEFINITION
#
###############################################################################
# Define an optional hostgroup for Linux machines
define hostgroup {
hostgroup_name snmp-servers ; The name of the hostgroup
alias snmp Servers ; Long name of the group
members srv ; Comma separated list of hosts that belong to this group
}
###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
# Define a service to "ping" the local machine
# service de supervision de Load Linux avec SNMP
# 3 valeurs : charge moyenne sur 1 min, 5 min, 15 min
define service{
use generic-service ;Use generic-service template
hostgroup_name snmp-servers ; S'applique au groupe en question
service_description chk-lin-load ; Nom du service
check_command check_lin_load!public!--v2c!netsl!3,2,2!3,2,2 ; Command
# servicegroups ser-lin-base ;Service belong servicegroup
}
define service{
use generic-service ;Use generic-service template
hostgroup_name snmp-servers ; S'applique au groupe en question
service_description chk-lin-mem ; Nom du service
check_command check_lin_mem!public!--v2c!80,20,2!100,30 ; Command
# servicegroups ser-lin-base ;Service belong servicegroup
}

1392
sio2/SISR/Nagios/nagios.cfg
View File

File diff suppressed because it is too large Load Diff

1
sio2/SISR/Nagios/test Normal file
View File

@ -0,0 +1 @@
OK

27
sio2/SISR/Python/analog
View File

@ -1,27 +0,0 @@
#!/usr/bin/python3
import sys
import re
#tab = []
volume = {}
regexp = "^(\S+) (\S+) (\S+) \[([^]]+)\] \"(\w+) (\S+).*\" (\d+) (\S+)"
for line in sys.stdin: # on lit sur lentrée standard
line = line.rstrip () # on enleve le retour ligne
res = re.match (regexp, line)
if res:
(host, rfc931, user, date, request, url, status, byte) = res.groups()
host = res.group (1)
byte =int(res.group (8))
if host in volume:
volume[host]= volume[host] + byte
else:
volume[host] = byte
for host in volume.keys():
print(host, ":", volume[host])

19
sio2/SISR/Python/creatusr
View File

@ -1,19 +0,0 @@
#!/usr/bin/python3
try:
fh = open("user.txt", "r")
except:
print ("Fichier user.txt inconnu")
else:
line = fh.readline ()
while line:
# use realine() to read next line
maligne = line.rstrip()
(login,complet)=maligne.split(":")
print(login , complet)
cmd = "useradd -m -c \""+ complet + "\" " + login + "-s /bin/bash/ "+login
print (cmd)
line = fh.readline()
fh.close()

27
sio2/SISR/Python/remplace
View File

@ -1,27 +0,0 @@
import re
import os
def remplacer_avec_regex(nom_fichier, ancien_motif, nouveau_motif):
# Renommer le fichier d'origine
nouveau_nom = nom_fichier + ".old"
os.rename(nom_fichier, nouveau_nom)
# Lire le contenu du fichier original
with open(nouveau_nom, 'r') as fichier_in:
contenu = fichier_in.read()
# Utiliser une expression régulière pour effectuer le remplacement
contenu_modifie = re.sub(ancien_motif, nouveau_motif, contenu)
# Écrire le contenu modifié dans le fichier d'origine
with open(nom_fichier, 'w') as fichier_out:
fichier_out.write(contenu_modifie)
# Demander à l'utilisateur les informations nécessaires
nom_fichier = input("Entrez le nom du fichier : ")
ancien_motif = input("Entrez l'ancien motif à remplacer (expression régulière) : ")
nouveau_motif = input("Entrez le nouveau motif : ")
# Appeler la fonction
remplacer_avec_regex(nom_fichier, ancien_motif, nouveau_motif)

90
sio2/SISR/SNMP/snmpd.conf
View File

@ -1,90 +0,0 @@
###########################################################################
#
# snmpd.conf
# An example configuration file for configuring the Net-SNMP agent ('snmpd')
# See snmpd.conf(5) man page for details
#
###########################################################################
# SECTION: System Information Setup
#
# syslocation: The [typically physical] location of the system.
# Note that setting this value here means that when trying to
# perform an snmp SET operation to the sysLocation.0 variable will make
# the agent return the "notWritable" error code. IE, including
# this token in the snmpd.conf file will disable write access to
# the variable.
# arguments: location_string
sysLocation Sitting on the Dock of the Bay
sysContact Me <me@example.org>
# sysservices: The proper value for the sysServices object.
# arguments: sysservices_number
sysServices 72
###########################################################################
# SECTION: Agent Operating Mode
#
# This section defines how the agent will operate when it
# is running.
# master: Should the agent operate as a master agent or not.
# Currently, the only supported master agent type for this token
# is "agentx".
#
# arguments: (on|yes|agentx|all|off|no)
master agentx
# agentaddress: The IP address and port number that the agent will listen on.
# By default the agent listens to any and all traffic from any
# interface on the default SNMP port (161). This allows you to
# specify which address, interface, transport type and port(s) that you
# want the agent to listen on. Multiple definitions of this token
# are concatenated together (using ':'s).
# arguments: [transport:]port[@interface/address],...
#agentaddress 127.0.0.1,[::1]
agentAddress udp:161
###########################################################################
# SECTION: Access Control Setup
#
# This section defines who is allowed to talk to your running
# snmp agent.
# Views
# arguments viewname included [oid]
# system + hrSystem groups only
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
# rocommunity: a SNMPv1/SNMPv2c read-only access community name
# arguments: community [default|hostname|network/bits] [oid | -V view]
# Read-only access to everyone to the systemonly view
rocommunity public default
rocommunity6 public default -V systemonly
# SNMPv3 doesn't use communities, but users with (optionally) an
# authentication and encryption string. This user needs to be created
# with what they can view with rouser/rwuser lines in this file.
#
# createUser username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES] [privpassphrase]
# e.g.
# createuser authPrivUser SHA-512 myauthphrase AES myprivphrase
#
# This should be put into /var/lib/snmp/snmpd.conf
#
# rouser: a SNMPv3 read-only access username
# arguments: username [noauth|auth|priv [OID | -V VIEW [CONTEXT]]]
rouser authPrivUser authpriv -V systemonly
# include a all *.conf files in a directory
includeDir /etc/snmp/snmpd.conf.d