Téléverser les fichiers vers "sio2/CYBER/Journald"

README.md

@@ -1,3 +0,0 @@
-# siotp
-
-Ceci est le répertoire qui servira à accueillir les travaux du BTS SIO 

sio1/sisr1/scripts/maj

@@ -0,0 +1,4 @@
+#!/bin/bash
+cd ap22-d
+git pull
+GIT_WORK_TREE=/var/www/html/ git checkout -f

sio2/AP/apbase.yml

@@ -0,0 +1,25 @@
+---
+- name: apbase
+  hosts: web
+  become: yes
+  tasks:
+  - name: 1. Installer les paquets apache2 php et adminer
+    apt:
+      name:
+        - apache2 
+        - php
+        - adminer
+        - php-mbstring
+      state: present
+        #notify: 2. redémarrer apache et activer adminer
+  
+  - name: 2. redémarrer apache et activer adminer
+    shell: sudo a2enconf adminer
+
+  - name: 3. redémarrer apache et activer adminer
+    shell: sudo systemctl reload apache2    
+
+
+
+
+

sio2/AP/apdb.yml

@@ -0,0 +1,52 @@
+---
+- name: apdb
+  hosts: web
+  become: yes
+  tasks:
+
+    - name: 1. Installer mariadb
+      apt:
+        name:
+          - mariadb-server
+          - python3-pymysql
+        state: present
+
+    - name: 2. s'assurer que mariadb est en fonctionnement
+      service:
+        name: mariadb
+        state: started
+
+    - name: 3. Creer un utilisateur et  lui attribuer tous les droits
+      community.mysql.mysql_user:
+        name: admin
+        password: admin
+        priv: '*.*:ALL,GRANT'
+        state: present
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+
+    - name: 4. Creation de la base de donnee  'sdis2023'
+      community.mysql.mysql_db:
+        name: sdis2023
+        state: present
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+
+    - name: 5. copier la base de donnée sur l'hôte distant
+      copy:
+        src: sdis2023.sql
+        dest: /tmp/sdis2023.sql
+
+    - name: 6. Restore la base de donnée
+      community.mysql.mysql_db:
+        name: sdis2023
+        state: import
+        target: /tmp/sdis2023.sql
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+
+          # - name: 5. Dump multiple databases
+          #community.mysql.mysql_db:
+          #state: dump
+          #name:
+          #- sdis2023
+          #target: sdis2023.sql
+          #login_unix_socket: /var/run/mysqld/mysqld.sock
+

sio2/AP/apdbdump.yml

@@ -0,0 +1,20 @@
+---
+- name: apdbdump
+  hosts: web
+  become: yes
+  tasks:
+
+    
+  - name: 1. Dump multiple databases
+    community.mysql.mysql_db:
+      state: dump
+      name: sdis2023
+      target: /tmp/sdis2023.sql
+      login_unix_socket: /var/run/mysqld/mysqld.sock
+
+  - name: 2. recuperation de sdis2023.sql avec fetch
+    ansible.builtin.fetch:
+      src: /tmp/sdis2023.sql
+      dest: sdis2023-dump.sql
+      flat: yes
+

sio2/AP/drop.yml

@@ -0,0 +1,12 @@
+---
+- name: apdb
+  hosts: web
+  become: yes
+  tasks:
+    - name: 1. Suppression de la base de donnee  'sdis2023'
+      community.mysql.mysql_db:
+        name: sdis2023
+        state: absent
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+
+

sio2/AP/hosts

@@ -0,0 +1,2 @@
+[web]
+ap33prod

sio2/AP4/Vagrantfile

@@ -0,0 +1,22 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  config.vm.provision "shell", inline: <<-SHELL
+#     export http_proxy=http://10.121.38.1:8080
+#     export https_proxy=http://10.121.38.1:8080
+     timedatectl set-timezone Europe/Paris
+     apt-get -y update
+     apt-get -y upgrade 
+  SHELL
+
+  config.vm.define "glpi" do |glpi| # VM No'1
+    glpi.vm.box = "debian/bookworm64" # Type de la machine 
+    glpi.vm.hostname = "glpi" # Nom de la machine
+    glpi.vm.network "public_network" #, ip: "192.168.0.111"# Set static IP
+    glpi.vm.provision "ansible" do |ansible|
+      ansible.playbook = "provision/glpi.yml" # Lance le playbook glpi.yml
+    end
+  end
+end
+

sio2/AP4/hosts

@@ -0,0 +1,2 @@
+[web]
+glpi

sio2/AP4/provision/glpi.yml

@@ -0,0 +1,7 @@
+---
+- hosts: all
+  become: true
+  roles:
+    - web
+    - bdd
+    - glpi

sio2/AP4/provision/roles/bdd/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+  - name: restart mariadb
+    service:
+      name: mariadb.service
+      state: restarted

sio2/AP4/provision/roles/bdd/tasks/main.yml

@@ -0,0 +1,29 @@
+- name: 1. Installer mariadb
+  apt:
+    name:
+      - mariadb-server 
+      - python3-pymysql
+    state: present
+
+- name: 2. s'assurer que mariadb est en fonctionnement
+  service:
+    name: mariadb
+    state: started
+
+- name: 3. Creer un utilisateur et  lui attribuer tous les droits
+  community.mysql.mysql_user:
+    name: glpi
+    password: glpi
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+  notify:
+    - restart mariadb
+
+- name: 4. Creation de la base de donnee  'db_glpi'
+  community.mysql.mysql_db:
+    name: db_glpi
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+  notify:
+    - restart mariadb

sio2/AP4/provision/roles/glpi/tasks/main.yml

@@ -0,0 +1,21 @@
+--- 
+- name: 1. Telechargement de l'archive de glpi 10.0.10
+  get_url:
+    url: http://depl.sio.lan/store/glpi-10.0.10.tgz
+    dest: /tmp
+
+- name: 2.  Extraire glpi 10.0.10.tgz vers /tmp/
+  ansible.builtin.unarchive:
+    src: /tmp/glpi-10.0.10.tgz
+    dest: /var/www/html/
+    remote_src: true 
+
+- name: 3.  Changer propritaire group et permissions
+  file:
+    path: /var/www/html/glpi
+    owner: www-data
+    group: www-data
+    mode: '0755'
+    recurse: yes
+
+

sio2/AP4/provision/roles/web/handlers/main.yml

@@ -0,0 +1,6 @@
+--- 
+- name: restart apache2
+  service: 
+    name: apache2
+    state: restarted
+

sio2/AP4/provision/roles/web/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+- name: 1. Installer apache php 
+  apt:
+    name:
+      - apache2 
+      - php
+      - curl 
+    state: present
+
+      #notify: 2. redémarrer apache et activer adminer 
+- name: 2. Installation des extensions php de GLPI
+  apt:
+    name:
+      - php-xml 
+      - php-common
+      - php-json
+      - php-mysql
+      - php-mbstring
+      - php-curl
+      - php-gd
+      - php-intl
+      - php-imap
+      - php-apcu
+      - php-zip
+      - php-xmlrpc
+      - php-bz2
+      - php-ldap
+    state: present
+  notify:
+    - restart apache2

sio2/CYBER/Cryptage/crypt.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+unn=$1
+utilisateurmdp=$2
+action=$3
+ficcle=$4
+user=$(echo $utilisateurmdp| cut -f1 -d/ )
+mdp=$(echo $utilisateurmdp| cut -f2 -d/ )
+echo $user
+echo $mdp
+[ -e /tmp/share ] ||  mkdir /tmp/share
+mount.cifs -o "username=${user},password=${mdp}" //${unn}  /tmp/share
+if [[ $? == 0 ]] ;then
+	echo "le montage fonctionne cryptage en cours"
+	ccrypt ${action} -r -k ${ficcle} /tmp/share/*
+	umount /tmp/share
+	rm -r /tmp/share
+else
+	echo "erreur montage $?"
+	exit 1
+fi
+exit 0
+
+

sio2/CYBER/IDS/aide

@@ -0,0 +1,8 @@
+#!/bin/bash
+aideinit  #initialisation
+/etc/cron.daily/aide  # on lance aide pour vérifier
+more /var/log/aide/aide.log  # on affiche le compte-rendu : pas de changements
+touch /etc/truc # on créée un fichier
+echo  "#########" >> /etc/hosts # on en modifie un autre
+/etc/cron.daily/aide  # on vérifie à nouveau
+more /var/log/aide/aide.log  # on constate les changements survenus ...

sio2/CYBER/IDS/aide.conf

@@ -0,0 +1,189 @@
+# AIDE conf
+
+# set environment for executable config files included by x_include
+@@x_include_setenv UPAC_settingsd /etc/aide/aide.settings.d
+
+# The daily cron job depends on these paths
+database_in=file:/var/lib/aide/aide.db
+database_out=file:/var/lib/aide/aide.db.new
+database_new=file:/var/lib/aide/aide.db.new
+gzip_dbout=yes
+
+# Set to no to disable report_summarize_changes option.
+report_summarize_changes=yes
+
+# Set to no to disable grouping of files in report.
+report_grouped=yes
+
+# Set verbosity of aide run and reports
+log_level=warning
+report_level=changed_attributes
+
+# Set to yes to print the checksums in the report in hex format
+report_base16 = no
+
+# if you want to sacrifice security for speed, remove some of these
+# checksums.
+Checksums = sha256+sha512+haval
+
+# The checksums of the databases to be printed in the report
+# Set to 'E' to disable.
+database_attrs = Checksums
+
+# check permissions, owner, group and file type
+OwnerMode = p+u+g+ftype
+
+# Check size and block count
+Size = s+b
+
+# Files that stay static
+InodeData = OwnerMode+n+i+Size+l+X
+StaticFile = m+c+Checksums
+
+# Files that stay static but are copied to a ram disk on startup
+# (causing different inode)
+RamdiskData = InodeData-i
+
+# Check everything
+Full = InodeData+StaticFile
+
+# Files that change their mtimes or ctimes but not their contents
+VarTime = InodeData+Checksums
+
+# Files that are recreated regularly but do not change their contents
+VarInode = VarTime-i
+
+# Files that change their contents during system operation
+VarFile = OwnerMode+n+l+X
+
+# Directories that change their contents during system operation
+VarDir = OwnerMode+n+i+X
+
+# Directories that are recreated regularly and change their contents
+VarDirInode = OwnerMode+n+X
+
+# Directories that change their mtimes or ctimes but not their contents
+VarDirTime = InodeData
+
+# Logs are special: they are continously written to, may be compressed
+# have their file name changed in different, mutually incompatibly ways
+# and apprear and vanish at will. Handling this is a a complex and error-
+# prone issue.
+#
+# This is best broken down in a number of small tasks:
+#
+#
+# (A)
+# While a live log is being written to, it doesn't change its mode and
+# inode and its size only increases.
+#
+# (B)
+# When a live log is rotated for the first time, it should not change
+# its mode, may change its inode, and its size decreases. The size
+# decrease may not be noticed by aide if the file had size x at the last
+# aide run, was rotated in the mean time and was written to so that it
+# had a size > x at the next aide run.
+#
+# (C)
+# When a log is compressed, this looks to aide like the uncompressed
+# file vanished (or was replaced by another file) and the compressed
+# file appeared out of the blue. There is (currently) no way to
+# associate the (gone) uncompressed file's contents with the (new)
+# compressed file's contents
+#
+# (D)
+# The actual log rotation may rename foo.{x}.bar to foo.{x+1}.bar without
+# changing the other properties of the file
+#
+# (E)
+# If only a given number of log generations is to be kept, foo.{y}.bar may
+# vanish, but usually only when no foo.{z}.bar exists for z>y.
+#
+# (F)
+# The set of files foo.{x}.bar to foo.{y}.bar is called a "log series"
+# in aide terms, with the lowest x being called the "LoSerMember" element
+# and the highest y being called the "HiSerMember" element, and the z
+# with x<z<y simple called "SerMember". The Lo and Hi members need to
+# be special cased in aide configuration.
+#
+#
+# This is an example of the normal life of a log named foo in a logrotate
+# configuration using a configuration at it is commonly used in Debian
+# (from old to new):
+#     1 logrotate deletes HiSerMember foo.{y}.gz
+#     2 logrotate rotates SerMember foo.{z-1}.gz to foo.{z}.gz for all
+#       z with 3<z<=y. This includes rotation of foo.{y-1}.gz to
+#       foo.{y}.gz and foo.2.gz to foo.3.gz
+#     3 logrotate compresses foo.1 to foo.2.gz, creating LoSerMember foo.2.gz
+#     4 logrotate rotates foo to foo.1 (a simple rename)
+#     5 logrotate creates new, empty foo
+#     6 foo daemon logs to foo - foo grows in size
+#
+# we need the following rules:
+# /var/log/foo$ f Log
+# /var/log/foo$ f FreqRotLog
+#    this takes care of the growing live log (step 7). The "Log" rule
+#    is appropriate for logs that are not rotated daily as rotation
+#    might be reported (if the file size has decreased since the last
+#    aide run). For daily rotated logs, the "FreqRotLog" may be more
+#    appropriate.
+# /var/log/foo\.1$ f LowLog
+#    this takes care of step 5.
+# /var/log/foo\.2\.gz$ f LoSerMemberLog
+#    this allows yet unknown new files to appear with a \.2\.gz extension,
+#    covering step 3.
+# /var/log/foo\.[3..y-1]\.gz$ f SerMemberLog
+#    this watches the log files as they wander through the Series,
+#    changing only their file name but not their contents or metadata,
+#    covering step 2.
+#    Please note that [3..y-1] needs to be a manually crafted regexp covering
+#    all numbers between 3 and y-1.
+# /var/log/foo\.y\.gz$ f HiSerMemberLog
+#    finally, the last element of the Series is allowed to vanish without
+#    being reported, covering step 1.
+#
+# Please note that these example rules need to be adapted to the logrotate
+# configuration for the log. Compression may be disabled or lead to a different
+# extension, the dateext option may be used, old logs might be held in a
+# different place, a log series does not necessarily need to be compressed etc.
+#
+# Please note that savelog rotates the live log to .0 and not to .1 as it
+# is logrotates (changeable) default.
+
+
+# Logs grow in size. Log rotation of these logs will be reported, so
+# this should only be used for logs that are not rotated daily.
+Log = OwnerMode+n+S+X
+
+# Logs that are frequently rotated
+FreqRotLog = Log-S
+
+# The first instance of a rotated log: After the log has stopped being
+# written to, but before rotation
+LowLog = Log-S
+
+# Rotated logs change their file name but retain all their other properties
+SerMemberLog  = Full+I
+
+# The first instance of a compressed, rotated log: After a LowLog was
+# compressed.
+LoSerMemberLog = SerMemberLog+ANF
+
+# The last instance of a compressed, rotated log: After this name, a log
+# will be removed
+HiSerMemberLog = SerMemberLog+ARF
+
+# Not-yet-compressed log created by logrotate's dateext option:
+# These files appear one rotation (renamed from the live log) and are gone
+# the next rotation (being compressed)
+LowDELog = SerMemberLog+ANF+ARF
+
+# Compressed log created by logrotate's dateext option: These files appear
+# once and are not touched any more.
+SerMemberDELog = Full+ANF
+
+# For daemons that log to a variable file name and have the live log
+# hardlinked to a static file name
+LinkedLog = Log-n
+
+@@x_include /etc/aide/aide.conf.d ^[a-zA-Z0-9_-]+$

sio2/CYBER/Journald/journal-upload.conf

@@ -0,0 +1,19 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it under the
+#  terms of the GNU Lesser General Public License as published by the Free
+#  Software Foundation; either version 2.1 of the License, or (at your option)
+#  any later version.
+#
+# Entries in this file show the compile time defaults. Local configuration
+# should be created by either modifying this file, or by creating "drop-ins" in
+# the journal-upload.conf.d/ subdirectory. The latter is generally recommended.
+# Defaults can be restored by simply deleting this file and all drop-ins.
+#
+# See journal-upload.conf(5) for details.
+
+[Upload]
+URL=http://192.168.1.42:19532
+# ServerKeyFile=/etc/ssl/private/journal-upload.pem
+# ServerCertificateFile=/etc/ssl/certs/journal-upload.pem
+# TrustedCertificateFile=/etc/ssl/ca/trusted.pem

sio2/CYBER/Journald/journald-rcv.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+sudo timedatectl set-timezone Europe/Paris
+sudo apt-get update
+sudo apt-get install -y systemd-journal-remote
+sudo systemctl enable --now systemd-journal-remote.socket
+sudo cp /lib/systemd/system/systemd-journal-remote.service /etc/systemd/system
+sudo sed -i 's/--listen-https=-3/--listen-http=-3/' /etc/systemd/system/systemd-journal-remote.service
+[[ -d /var/log/journal/remote ]] || sudo mkdir /var/log/journal/remote
+sudo chown systemd-journal-remote /var/log/journal/remote
+sudo systemctl daemon-reload

sio2/CYBER/Journald/journald-snd.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+# usage : ./journald-snd.sh 192.168.1.100
+sudo timedatectl set-timezone Europe/Paris
+sudo apt-get update
+sudo apt-get install -y systemd-journal-remote
+rpl="s/^# URL=/URL=http:\/\/${1}:19532/"  # $1 represente l'adresse du recepteur
+sudo sed -i "$rpl" /etc/systemd/journal-upload.conf
+sudo systemctl enable --now systemd-journal-upload.service
+sudo systemctl restart systemd-journal-upload.service

sio2/CYBER/Journald/systemd-journal-remote.service

@@ -0,0 +1,46 @@
+#  SPDX-License-Identifier: LGPL-2.1-or-later
+#
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Journal Remote Sink Service
+Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5)
+Requires=systemd-journal-remote.socket
+
+[Service]
+ExecStart=/lib/systemd/systemd-journal-remote --listen-http=-3 --output=/var/log/journal/remote/
+LockPersonality=yes
+LogsDirectory=journal/remote
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateNetwork=yes
+PrivateTmp=yes
+ProtectProc=invisible
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+User=systemd-journal-remote
+WatchdogSec=3min
+
+# If there are many split up journal files we need a lot of fds to access them
+# all in parallel.
+LimitNOFILE=524288
+
+[Install]
+Also=systemd-journal-remote.socket

sio2/CYBER/Nagios/command.cfg

@@ -0,0 +1,303 @@
+###############################################################################
+# COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS 4.4.6
+#
+#
+# NOTES: This config file provides you with some example command definitions
+#        that you can reference in host, service, and contact definitions.
+#
+#        You don't need to keep commands in a separate file from your other
+#        object definitions.  This has been done just to make things easier to
+#        understand.
+#
+###############################################################################
+
+
+
+################################################################################
+#
+# SAMPLE NOTIFICATION COMMANDS
+#
+# These are some example notification commands.  They may or may not work on
+# your system without modification.  As an example, some systems will require
+# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below.
+#
+################################################################################
+
+define command {
+
+    command_name    notify-host-by-email
+    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
+}
+
+
+
+define command {
+
+    command_name    notify-service-by-email
+    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
+}
+
+
+
+################################################################################
+#
+# SAMPLE HOST CHECK COMMANDS
+#
+################################################################################
+
+# Removed in Debian because it conflicts with the command of the same name
+# defined in ping.cfg, which is part of monitoring-plugins-basic.
+#
+## This command checks to see if a host is "alive" by pinging it
+## The check must result in a 100% packet loss or 5 second (5000ms) round trip
+## average time to produce a critical error.
+## Note: Five ICMP echo packets are sent (determined by the '-p 5' argument)
+#
+#define command {
+#
+#    command_name    check-host-alive
+#    command_line    $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
+#}
+
+
+
+################################################################################
+#
+# SAMPLE SERVICE CHECK COMMANDS
+#
+# These are some example service check commands.  They may or may not work on
+# your system, as they must be modified for your plugins.  See the HTML
+# documentation on the plugins for examples of how to configure command definitions.
+#
+# NOTE:  The following 'check_local_...' functions are designed to monitor
+#        various metrics on the host that Nagios is running on (i.e. this one).
+################################################################################
+
+define command {
+
+    command_name    check_local_disk
+    command_line    $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+}
+
+
+
+define command {
+
+    command_name    check_local_load
+    command_line    $USER1$/check_load -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_procs
+    command_line    $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+}
+
+
+
+define command {
+
+    command_name    check_local_users
+    command_line    $USER1$/check_users -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_swap
+    command_line    $USER1$/check_swap -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_mrtgtraf
+    command_line    $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$
+}
+
+
+
+################################################################################
+# NOTE:  The following 'check_...' commands are used to monitor services on
+#        both local and remote hosts.
+################################################################################
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ftp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ftp
+#    command_line    $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in hppjd.cfg, which is part of monitoring-plugins-standard.
+#
+#define command {
+#
+#    command_name    check_hpjd
+#    command_line    $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+define command {
+
+    command_name    check_snmp
+    command_line    $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$
+}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in http.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_http
+#    command_line    $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ssh.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ssh
+#    command_line    $USER1$/check_ssh $ARG1$ $HOSTADDRESS$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in dhcp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_dhcp
+#    command_line    $USER1$/check_dhcp $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ping.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ping
+#    command_line    $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_pop
+#    command_line    $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_imap
+#    command_line    $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_smtp
+#    command_line    $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_tcp
+#    command_line    $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_udp
+#    command_line    $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in nt.cfg, which is part of monitoring-plugins-standard.
+#
+#define command {
+#
+#    command_name    check_nt
+#    command_line    $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
+#}
+
+
+
+################################################################################
+#
+# SAMPLE PERFORMANCE DATA COMMANDS
+#
+# These are sample performance data commands that can be used to send performance
+# data output to two text files (one for hosts, another for services).  If you
+# plan on simply writing performance data out to a file, consider using the
+# host_perfdata_file and service_perfdata_file options in the main config file.
+#
+################################################################################
+
+define command {
+
+    command_name    process-host-perfdata
+    command_line    /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/lib/nagios4/host-perfdata.out
+}
+
+
+
+define command {
+
+    command_name    process-service-perfdata
+    command_line    /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/lib/nagios4/service-perfdata.out
+}
+
+define command {
+	command_name check_lin_load
+	command_line $USER1$/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
+}
+
+define command {
+	command_name check_lin_mem
+	command_line $USER1$/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
+}
+

sio2/CYBER/Nagios/nagios4.conf

@@ -0,0 +1,50 @@
+# apache configuration for nagios 4.x
+
+ScriptAlias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4
+ScriptAlias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4
+
+# Where the stylesheets (config files) reside
+Alias /nagios4/stylesheets /etc/nagios4/stylesheets
+
+# Where the HTML pages live
+Alias /nagios4 /usr/share/nagios4/htdocs
+
+<DirectoryMatch (/usr/share/nagios4/htdocs|/usr/lib/cgi-bin/nagios4|/etc/nagios4/stylesheets)>
+    Options FollowSymLinks
+    DirectoryIndex index.php index.html
+    AllowOverride AuthConfig
+    #
+    # The default Debian nagios4 install sets use_authentication=0 in
+    # /etc/nagios4/cgi.cfg, which turns off nagos's internal authentication.
+    # This is insecure.  As a compromise this default apache2 configuration
+    # only allows private IP addresses access.
+    #
+    # The <Files>...</Files> below shows how you can secure the nagios4
+    # web site so anybody can view it, but only authenticated users can issue
+    # commands (such as silence notifications).  To do that replace the
+    # "Require all granted" with "Require valid-user", and use htdigest
+    # program from the apache2-utils package to add users to
+    # /etc/nagios4/htdigest.users.
+    #
+    # A step up is to insist all users validate themselves by moving
+    # the stanza's in the <Files>..<Files> into the <DirectoryMatch>.
+    # Then by setting use_authentication=1 in /etc/nagios4/cgi.cfg you
+    # can configure which people get to see a particular service from
+    # within the nagios configuration.
+    # 
+    Require ip	::1/128 fc00::/7 fe80::/10 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16
+    <Files "cmd.cgi">
+	AuthDigestDomain "Nagios4"
+	AuthDigestProvider file
+	AuthUserFile	"/etc/nagios4/htdigest.users"
+	AuthGroupFile	"/etc/group"
+	AuthName	"Nagios4"
+	AuthType	Digest
+	Require all	granted
+	#Require	valid-user
+    </Files>
+</DirectoryMatch>
+
+<Directory /usr/share/nagios4/htdocs>
+    Options	+ExecCGI	
+</Directory>

sio2/CYBER/Nagios/srv.cfg

@@ -0,0 +1,30 @@
+define host {
+    use linux-server            ; Name of host template to use
+    host_name               srv
+    alias                   srv
+    address                 172.20.10.11
+}
+  define service{
+        use                             generic-service
+        host_name                       srv
+        service_description             WWW
+        check_command                   check_http
+}
+  define service{
+        use                             generic-service
+        host_name                       srv
+        service_description            SSH
+        check_command                   check_ssh
+}
+
+
+
+
+
+
+
+
+
+
+
+

sio2/CYBER/Wireguard/wg0-a.conf

@@ -0,0 +1,10 @@
+[Interface]
+PrivateKey = iGPtDYyKYCoQVPofdo7KQXfC4OGCGOBXonF44nKUSFw=
+Address = 10.0.0.2/32 # Adresses autorisées dans le VPN
+Listenport = 51820
+
+[Peer]
+PublicKey = sAJc6fITMHs9Entb5upqGMN+4M+fnhIIpcWbQiqW50g= # de machine B
+AllowedIPs = 10.0.0.0/24 # le peer peut acceder au serveur
+Endpoint = 192.168.0.45:51820
+

sio2/CYBER/Wireguard/wg0-b.conf

@@ -0,0 +1,10 @@
+[Interface]
+Address = 10.0.0.1/32 # Adresses autorisées dans le VPN
+Listenport = 51820
+PrivateKey = YH3oUGyt8hXlqRINQIANWsqf7Bd+SJcyLhMLGPwbvHk=
+
+[Peer]
+PublicKey = k2Yzmoz+7e1TT+n2+zK9AHjssgQLp7DW0T3Zi+AtPV0= # de machine B
+AllowedIPs = 10.0.0.0/24 # le peer peut acceder au serveur
+Endpoint = 192.168.0.26:51820
+

sio2/CYBER/postfix/main.cf

@@ -0,0 +1,58 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
+# fresh installs.
+compatibility_level = 3.6
+
+
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_security_level=may
+
+smtp_tls_CApath=/etc/ssl/certs
+smtp_tls_security_level=may
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+myhostname = bookworm
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = $myhostname, postfix.lan, bookworm, localhost.localdomain, localhost
+relayhost = [smtp.gmail.com]:587
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+inet_protocols = all
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+# Disallow methods that allow anonymous authentication
+smtp_sasl_security_options = noanonymous
+# Location of sasl_passwd
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+# Enable STARTTLS encryption
+#smtp_tls_security_level = encrypt
+# Location of CA certificates
+smtp_tls_CAfile = /etc/postfix/ssl/cacert-smtp-gmail.pem

sio2/CYBER/postfix/sasl_passwd

@@ -0,0 +1 @@
+[smtp.gmail.com]:587    akone.alhassane@gmail.com:clnbmfdicvcbvcvt

sio2/SISR/Ansible/dokuw/hosts

@@ -0,0 +1,9 @@
+[adm]
+infra
+ 
+[web]
+web1
+web2
+
+[doc]
+doku

sio2/SISR/Ansible/dokuw/local.yml

@@ -0,0 +1,6 @@
+
+- hosts: doku
+  roles:
+    - web
+    - doku
+  

sio2/SISR/Ansible/dokuw/roles/doku/main.yml

@@ -0,0 +1,18 @@
+vars:
+  - chemin_fichier: /var/www/html/doku
+
+- name: recuperation dokuwiki-stable.tgz depuis machine depl
+  get_url:
+    url: http://depl/store/dokuwiki-stable.tgz
+    dest: /tmp/
+
+- name: Extraction archive
+  ansible.builtin.unarchive:
+    src: /tmp/dokuwiki-stable.tgz
+    dest: /var/www/html/
+
+- name: changer propriétaire du fichier var/www/html/doku
+    file:
+      path: "{{ chemin_fichier }}"
+      owner: www-data:www-data data lib conf
+      become: true

sio2/SISR/Ansible/dokuw/roles/doku/tasks/main.yml

@@ -0,0 +1,37 @@
+- name: 1. recuperation dokuwiki-stable.tgz depuis machine depl
+  get_url:
+    url: http://depl/store/dokuwiki-stable.tgz
+    dest: /tmp
+
+- name: 2. Extraction archive dokuwiki-stage.tgz
+  unarchive:
+    src: /tmp/dokuwiki-stable.tgz
+    dest: /var/www/html/
+    remote_src: yes
+
+- name: 3. stat dokuwiki
+  stat: 
+    path: /var/www/html/dokuwiki-2023-04-04
+  register: doku_stat
+
+- name: 4. On renomme doku-v... en doku
+  command: mv /var/www/html/dokuwiki-2023-04-04 /var/www/html/doku
+  when: doku_stat.stat.exists
+
+- name: 5. Changer propritaire group et permissions
+  file:
+    path: /var/www/html/doku
+    owner: root
+    group: root
+    mode: '0755'
+    recurse: yes
+      
+- name: 6. Changer propritaire. group et permissions
+  file:
+    path: /var/www/html/doku
+    owner: www-data
+    group: www-data
+    recurse: yes
+      #    mode: '755'
+
+

sio2/SISR/Ansible/dokuw/roles/web/tasks/main.yml

@@ -0,0 +1,13 @@
+- name: 1. installe  apache2 php et ces dependances
+  apt:
+    name:
+      - apache2
+      - php
+       #     - php-gd
+      - php-mbstring
+    state: present
+
+- name: 2. lance Apache
+  service:
+    name: apache2
+    state: started

sio2/SISR/Ansible/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+ 
+[web]
+web1
+web2

sio2/SISR/Ansible/squid-j2.yml

@@ -0,0 +1,23 @@
+---
+- name: squid-j2.yml
+  hosts: infra
+  vars:
+  - proxy_port: 8080
+  - proxy_mem: 512
+  tasks:  
+  - name: 1. assurer que squid est installe
+    service:
+      name: squid
+      state: started
+  
+  - name: 2. Copie du squid.conf apres generation dynamique 
+    template:
+      src: squid.conf.j2
+      dest: /etc/squid/squid.conf
+    notify: restart squid
+
+  handlers:
+    - name: restart squid
+      service:
+        name: squid
+        state: restarted

sio2/SISR/Ansible/squid.yml

@@ -0,0 +1,22 @@
+---
+- name: squid.yml
+  hosts: infra
+  vars:
+    proxy_port: 8080
+    proxy_mem: 128
+
+  tasks:
+    - name: 1. installation de squid
+      apt:
+        name: squid
+        state: latest
+
+    - name: 2. recuperation de squid.conf avec fetch
+      ansible.builtin.fetch:
+        src: /etc/squid/squid.conf
+        dest: ./squid.conf
+        flat: yes
+
+
+
+

sio2/SISR/Ansible/syslog-cli.yml

@@ -0,0 +1,45 @@
+---
+- name: syslog.yml
+  hosts: web
+  tasks:
+  - name:  1. installer rsyslog
+    apt:
+      name: rsyslog
+      state: latest
+
+  - name: ajout du serveur syslog distant 
+    lineinfile:
+      path: /etc/rsyslog.conf
+      line: '*.* @172.20.10.4:514'
+      insertbefore: EOF
+      create: yes 
+    notify:
+      - 5. redemarrer rsyslog
+ 
+        # - name: 3. Ajout de la ligne ForwardToSyslog
+      #shell: echo "ForwardToSyslog=yes" >> /etc/systemd/journald.conf
+ 
+  - name: 4. Decommente la ligne ForwardToSyslog
+    replace:
+      path: /etc/systemd/journald.conf
+      regexp: '^#ForwardToSyslog=yes'
+      replace: 'ForwardToSyslog=yes'
+    notify: 6. redemarrer journald.service
+
+        # notify:
+        #- restart rsyslog
+        #- name: redemarrage de syslog
+        #- restart journald.service
+        #- name: redemarrage de journald.service
+
+  handlers:
+  - name: 5. redemarrer rsyslog
+    service:
+      name: rsyslog
+      state: restarted
+      
+  - name: 6. redemarrer journald.service
+    service:
+      name: systemd-journald.service
+      state: restarted
+

sio2/SISR/Ansible/syslog.yml

@@ -0,0 +1,52 @@
+---
+- name: syslog.yml
+  hosts: infra
+  tasks:
+  - name:  1. installer rsyslog
+    apt:
+      name: rsyslog
+      state: latest
+  
+  - name:  2. decommente le chargement du module imudp dans rsyslog.conf
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#module\(load="imudp"\)'
+      replace: 'module(load="imudp")'
+    notify:
+      - 5. redemarrer rsyslog
+ 
+  - name:  3. decommente le chargement du module imudp  port 514 dans rsyslog.conf
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#input\(type="imudp" port="514"\)'
+      replace: 'input(type="imudp" port="514")'
+    notify:
+      - 5. redemarrer rsyslog
+
+        # - name: 3. Ajout de la ligne ForwardToSyslog
+      #shell: echo "ForwardToSyslog=yes" >> /etc/systemd/journald.conf
+ 
+  - name: 4. Decommente la ligne ForwardToSyslog
+    replace:
+      path: /etc/systemd/journald.conf
+      regexp: '^#ForwardToSyslog=yes'
+      replace: 'ForwardToSyslog=yes'
+    notify: 6. redemarrer journald.service
+
+        # notify:
+        #- restart rsyslog
+        #- name: redemarrage de syslog
+        #- restart journald.service
+        #- name: redemarrage de journald.service
+
+  handlers:
+  - name: 5. redemarrer rsyslog
+    service:
+      name: rsyslog
+      state: restarted
+      
+  - name: 6. redemarrer journald.service
+    service:
+      name: systemd-journald.service
+      state: restarted
+

sio2/SISR/Ansible/web.yml

@@ -0,0 +1,20 @@
+---
+- name: web.yml
+  hosts: web
+  tasks:
+  - name: 1. installer apache2
+    apt :
+      name: apache2
+      state: present
+  - name: 2  installer php-mbstring
+    apt:
+      name: php-mbstring
+      state: present
+  - name: 3 assurer Apache tourne
+    service:
+      name: apache2
+      state: started
+  - name: 4 copier le fichier index.html vers /var/www/html      
+    template:
+      src: index.html
+      dest: /var/www/html/

sio2/SISR/FOG/dhcpd.conf

@@ -0,0 +1,72 @@
+# DHCP Server Configuration file\n#see /usr/share/doc/dhcp*/dhcpd.conf.sample
+# This file was created by FOG
+#Definition of PXE-specific options
+# Code 1: Multicast IP Address of bootfile
+# Code 2: UDP Port that client should monitor for MTFTP Responses
+# Code 3: UDP Port that MTFTP servers are using to listen for MTFTP requests
+# Code 4: Number of seconds a client must listen for activity before trying
+#         to start a new MTFTP transfer
+# Code 5: Number of seconds a client must listen before trying to restart
+#         a MTFTP transfer
+option space PXE;
+option PXE.mtftp-ip code 1 = ip-address;
+option PXE.mtftp-cport code 2 = unsigned integer 16;
+option PXE.mtftp-sport code 3 = unsigned integer 16;
+option PXE.mtftp-tmout code 4 = unsigned integer 8;
+option PXE.mtftp-delay code 5 = unsigned integer 8;
+option arch code 93 = unsigned integer 16;
+use-host-decl-names on;
+ddns-update-style interim;
+ignore client-updates;
+# Specify subnet of ether device you do NOT want service.
+# For systems with two or more ethernet devices.
+# subnet 136.165.0.0 netmask 255.255.0.0 {}
+subnet 192.168.1.0 netmask 255.255.255.0{
+    option subnet-mask 255.255.255.0;
+    range dynamic-bootp 192.168.1.10 192.168.1.254;
+    default-lease-time 21600;
+    max-lease-time 43200;
+    option routers 192.168.1.1;
+    option domain-name-servers 10.121.38.7;
+    next-server 192.168.1.10;
+}
+class "Legacy" {
+    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
+    filename "undionly.kkpxe";
+}
+class "UEFI-32-2" {
+    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
+    filename "i386-efi/snponly.efi";
+}
+class "UEFI-32-1" {
+    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
+    filename "i386-efi/snponly.efi";
+}
+class "UEFI-64-1" {
+    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
+    filename "snponly.efi";
+}
+class "UEFI-64-2" {
+    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
+    filename "snponly.efi";
+}
+class "UEFI-64-3" {
+    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
+    filename "snponly.efi";
+}
+class "SURFACE-PRO-4" {
+    match if substring(option vendor-class-identifier, 0, 32) = "PXEClient:Arch:00007:UNDI:003016";
+    filename "snponly.efi";
+}
+class "Apple-Intel-Netboot" {
+    match if substring(option vendor-class-identifier, 0, 14) = "AAPLBSDPC/i386";
+    option dhcp-parameter-request-list 1,3,17,43,60;
+    if (option dhcp-message-type = 8) {
+        option vendor-class-identifier "AAPLBSDPC";
+        if (substring(option vendor-encapsulated-options, 0, 3) = 01:01:01) {
+            # BSDP List
+            option vendor-encapsulated-options 01:01:01:04:02:80:00:07:04:81:00:05:2a:09:0D:81:00:05:2a:08:69:50:58:45:2d:46:4f:47;
+            filename "snponly.efi";
+        }
+    }
+}

sio2/SISR/HAPROXY/haproxy.cfg

@@ -0,0 +1,42 @@
+global
+	log /dev/log	local0
+	log /dev/log	local1 notice
+	chroot /var/lib/haproxy
+	stats socket /run/haproxy/admin.sock mode 660 level admin
+	stats timeout 30s
+	user haproxy
+	group haproxy
+	daemon
+
+	# Default SSL material locations
+	ca-base /etc/ssl/certs
+	crt-base /etc/ssl/private
+
+	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
+        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
+
+defaults
+	log	global
+	mode	http
+	option	httplog
+	option	dontlognull
+        timeout connect 5000
+        timeout client  50000
+        timeout server  50000
+	errorfile 400 /etc/haproxy/errors/400.http
+	errorfile 403 /etc/haproxy/errors/403.http
+	errorfile 408 /etc/haproxy/errors/408.http
+	errorfile 500 /etc/haproxy/errors/500.http
+	errorfile 502 /etc/haproxy/errors/502.http
+	errorfile 503 /etc/haproxy/errors/503.http
+	errorfile 504 /etc/haproxy/errors/504.http
+
+listen httpProxy
+bind 192.168.0.140:80
+balance roundrobin
+option httpclose
+option httpchk HEAD / HTTP/1.0
+server web1 172.16.1.11:80 check
+server web2 172.16.1.12:80 check

sio2/SISR/LB/ipvsadm

@@ -0,0 +1,9 @@
+#!/bin/bash
+echo "1" > /proc/sys/net/ipv4/ip_forward
+ipvsadm -A -t 192.168.0.140:80 -s rr
+
+ipvsadm -a -t 192.168.0.140:80 -r 172.16.1.11:80 -m
+ipvsadm -a -t 192.168.0.140:80 -r 172.16.1.12:80 -m
+
+
+

sio2/SISR/Nagios/commands.cfg

@@ -0,0 +1,303 @@
+###############################################################################
+# COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS 4.4.6
+#
+#
+# NOTES: This config file provides you with some example command definitions
+#        that you can reference in host, service, and contact definitions.
+#
+#        You don't need to keep commands in a separate file from your other
+#        object definitions.  This has been done just to make things easier to
+#        understand.
+#
+###############################################################################
+
+
+
+################################################################################
+#
+# SAMPLE NOTIFICATION COMMANDS
+#
+# These are some example notification commands.  They may or may not work on
+# your system without modification.  As an example, some systems will require
+# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below.
+#
+################################################################################
+
+define command {
+
+    command_name    notify-host-by-email
+    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
+}
+
+
+
+define command {
+
+    command_name    notify-service-by-email
+    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
+}
+
+
+
+################################################################################
+#
+# SAMPLE HOST CHECK COMMANDS
+#
+################################################################################
+
+# Removed in Debian because it conflicts with the command of the same name
+# defined in ping.cfg, which is part of monitoring-plugins-basic.
+#
+## This command checks to see if a host is "alive" by pinging it
+## The check must result in a 100% packet loss or 5 second (5000ms) round trip
+## average time to produce a critical error.
+## Note: Five ICMP echo packets are sent (determined by the '-p 5' argument)
+#
+#define command {
+#
+#    command_name    check-host-alive
+#    command_line    $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
+#}
+
+
+
+################################################################################
+#
+# SAMPLE SERVICE CHECK COMMANDS
+#
+# These are some example service check commands.  They may or may not work on
+# your system, as they must be modified for your plugins.  See the HTML
+# documentation on the plugins for examples of how to configure command definitions.
+#
+# NOTE:  The following 'check_local_...' functions are designed to monitor
+#        various metrics on the host that Nagios is running on (i.e. this one).
+################################################################################
+
+define command {
+
+    command_name    check_local_disk
+    command_line    $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+}
+
+
+
+define command {
+
+    command_name    check_local_load
+    command_line    $USER1$/check_load -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_procs
+    command_line    $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+}
+
+
+
+define command {
+
+    command_name    check_local_users
+    command_line    $USER1$/check_users -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_swap
+    command_line    $USER1$/check_swap -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_mrtgtraf
+    command_line    $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$
+}
+
+
+
+################################################################################
+# NOTE:  The following 'check_...' commands are used to monitor services on
+#        both local and remote hosts.
+################################################################################
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ftp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ftp
+#    command_line    $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in hppjd.cfg, which is part of monitoring-plugins-standard.
+#
+#define command {
+#
+#    command_name    check_hpjd
+#    command_line    $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+define command {
+
+    command_name    check_snmp
+    command_line    $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$
+}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in http.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_http
+#    command_line    $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ssh.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ssh
+#    command_line    $USER1$/check_ssh $ARG1$ $HOSTADDRESS$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in dhcp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_dhcp
+#    command_line    $USER1$/check_dhcp $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ping.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ping
+#    command_line    $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_pop
+#    command_line    $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_imap
+#    command_line    $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_smtp
+#    command_line    $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_tcp
+#    command_line    $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_udp
+#    command_line    $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in nt.cfg, which is part of monitoring-plugins-standard.
+#
+#define command {
+#
+#    command_name    check_nt
+#    command_line    $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
+#}
+
+
+
+################################################################################
+#
+# SAMPLE PERFORMANCE DATA COMMANDS
+#
+# These are sample performance data commands that can be used to send performance
+# data output to two text files (one for hosts, another for services).  If you
+# plan on simply writing performance data out to a file, consider using the
+# host_perfdata_file and service_perfdata_file options in the main config file.
+#
+################################################################################
+
+define command {
+
+    command_name    process-host-perfdata
+    command_line    /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/lib/nagios4/host-perfdata.out
+}
+
+
+
+define command {
+
+    command_name    process-service-perfdata
+    command_line    /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/lib/nagios4/service-perfdata.out
+}
+
+define command {
+	command_name check_lin_load
+	command_line $USER1$/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
+}
+
+define command {
+	command_name check_lin_mem
+	command_line $USER1$/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
+}
+

sio2/SISR/Nagios/groups.cfg

@@ -0,0 +1,42 @@
+#
+# HOST GROUP DEFINITION
+#
+###############################################################################
+
+# Define an optional hostgroup for Linux machines
+
+define hostgroup {
+
+    hostgroup_name          snmp-servers           ; The name of the hostgroup
+    alias                   snmp Servers           ; Long name of the group
+    members                 srv               ; Comma separated list of hosts that belong to this group
+}
+
+
+
+###############################################################################
+#
+# SERVICE DEFINITIONS
+#
+###############################################################################
+
+# Define a service to "ping" the local machine
+
+# service de supervision de Load Linux avec SNMP
+# 3 valeurs : charge moyenne sur 1 min, 5 min, 15 min   
+define service{
+        use              generic-service   ;Use generic-service template
+        hostgroup_name   snmp-servers     ; S'applique au groupe en question
+        service_description     chk-lin-load ; Nom du service
+        check_command    check_lin_load!public!--v2c!netsl!3,2,2!3,2,2 ; Command
+   #     servicegroups    ser-lin-base      ;Service belong servicegroup
+        }
+
+
+define service{
+        use              generic-service   ;Use generic-service template
+        hostgroup_name   snmp-servers     ; S'applique au groupe en question
+        service_description     chk-lin-mem ; Nom du service
+        check_command    check_lin_mem!public!--v2c!80,20,2!100,30 ; Command
+   #     servicegroups    ser-lin-base      ;Service belong servicegroup
+        }

sio2/SISR/PXE/dhcpd.conf

@@ -0,0 +1,109 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+option domain-name "192.168.1.1";
+option domain-name-servers 192.168.1.1;
+
+default-lease-time 600;
+max-lease-time 7200;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+subnet 192.168.1.0 netmask 255.255.255.0 {
+  range 192.168.1.20 192.168.1.50;
+  option routers 192.168.1.1;
+  option domain-name "sio.lan";
+  filename "pxelinux.0";
+  next-server 192.168.1.1;
+}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+# server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.example.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}

sio2/SISR/PXE/enp0s3

@@ -0,0 +1,3 @@
+# generated by FAI
+auto enp0s3
+iface enp0s3 inet dhcp

sio2/SISR/PXE/enp0s8

@@ -0,0 +1,5 @@
+# generated by FAI
+auto enp0s8
+iface enp0s8 inet static
+	address 192.168.1.1/24
+	up /root/nat.sh

sio2/SISR/PXE/isc-dhcp-server

@@ -0,0 +1,18 @@
+# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
+#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPDv4_PID=/var/run/dhcpd.pid
+#DHCPDv6_PID=/var/run/dhcpd6.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="enp0s8"
+INTERFACESv6=""

sio2/SISR/PXE/nat.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+echo "1"> /proc/sys/net/ipv4/ip_forward
+iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
+iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE

sio2/SISR/Python/analog

@@ -0,0 +1,27 @@
+#!/usr/bin/python3
+import sys
+import re
+#tab = []
+volume = {}
+
+regexp = "^(\S+) (\S+) (\S+) \[([^]]+)\] \"(\w+) (\S+).*\" (\d+) (\S+)"
+for line in sys.stdin: # on lit sur l’entrée standard
+    line = line.rstrip () # on enleve le retour ligne
+    res = re.match (regexp, line)
+    if res:
+        (host, rfc931, user, date, request, url, status, byte) = res.groups()
+        host = res.group (1)
+        byte =int(res.group (8))
+        if host in volume:
+            volume[host]= volume[host] + byte
+        else: 
+            volume[host] = byte 
+
+for host in volume.keys():
+    print(host, ":", volume[host])
+
+
+
+
+
+

sio2/SISR/Python/creatusr

@@ -0,0 +1,19 @@
+#!/usr/bin/python3
+
+try:
+    fh = open("user.txt", "r")
+except:
+    print ("Fichier user.txt inconnu")
+else:
+    line = fh.readline ()
+    while line:
+        # use realine() to read next line
+        maligne = line.rstrip()
+        (login,complet)=maligne.split(":")
+        print(login , complet)
+        cmd = "useradd -m -c \""+ complet + "\" " + login + "-s /bin/bash/ "+login
+        print (cmd)
+        line = fh.readline()
+
+    fh.close()
+

sio2/SISR/Python/remplace

@@ -0,0 +1,27 @@
+import re
+import os
+
+def remplacer_avec_regex(nom_fichier, ancien_motif, nouveau_motif):
+    # Renommer le fichier d'origine
+    nouveau_nom = nom_fichier + ".old"
+    os.rename(nom_fichier, nouveau_nom)
+
+    # Lire le contenu du fichier original
+    with open(nouveau_nom, 'r') as fichier_in:
+        contenu = fichier_in.read()
+
+    # Utiliser une expression régulière pour effectuer le remplacement
+    contenu_modifie = re.sub(ancien_motif, nouveau_motif, contenu)
+
+    # Écrire le contenu modifié dans le fichier d'origine
+    with open(nom_fichier, 'w') as fichier_out:
+        fichier_out.write(contenu_modifie)
+
+# Demander à l'utilisateur les informations nécessaires
+nom_fichier = input("Entrez le nom du fichier : ")
+ancien_motif = input("Entrez l'ancien motif à remplacer (expression régulière) : ")
+nouveau_motif = input("Entrez le nouveau motif : ")
+
+# Appeler la fonction
+remplacer_avec_regex(nom_fichier, ancien_motif, nouveau_motif)
+

sio2/SISR/RSYSLOG/rsyslog.con.emeteur

@@ -0,0 +1,71 @@
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+#module(load="imudp") MACHINE DE RECEPTION
+#input(type="imudp" port="514") MACHINE DE RECEPTION
+
+# provides TCP syslog reception
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# Log anything besides private authentication messages to a single log file
+#
+*.*;auth,authpriv.none		-/var/log/syslog
+
+#
+# Log commonly used facilities to their own log file
+#
+auth,authpriv.*			/var/log/auth.log
+cron.*				-/var/log/cron.log
+kern.*				-/var/log/kern.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*
+*.* @192.168.0.21:514 # exporte tous les logs de toute gravité et de toute origine vers l'adresse 192.168.100 port UDP 514
+*.* @192.168.0.32:514 # exporte tous les logs de toute gravité et de toute origine vers l'adresse 192.168.100 port UDP 514

sio2/SISR/SNMP/snmpd.conf

@@ -0,0 +1,90 @@
+###########################################################################
+#
+# snmpd.conf
+# An example configuration file for configuring the Net-SNMP agent ('snmpd')
+# See snmpd.conf(5) man page for details
+#
+###########################################################################
+# SECTION: System Information Setup
+#
+
+# syslocation: The [typically physical] location of the system.
+#   Note that setting this value here means that when trying to
+#   perform an snmp SET operation to the sysLocation.0 variable will make
+#   the agent return the "notWritable" error code.  IE, including
+#   this token in the snmpd.conf file will disable write access to
+#   the variable.
+#   arguments:  location_string
+sysLocation    Sitting on the Dock of the Bay
+sysContact     Me <me@example.org>
+
+# sysservices: The proper value for the sysServices object.
+#   arguments:  sysservices_number
+sysServices    72
+
+
+
+###########################################################################
+# SECTION: Agent Operating Mode
+#
+#   This section defines how the agent will operate when it
+#   is running.
+
+# master: Should the agent operate as a master agent or not.
+#   Currently, the only supported master agent type for this token
+#   is "agentx".
+#   
+#   arguments: (on|yes|agentx|all|off|no)
+
+master  agentx
+
+# agentaddress: The IP address and port number that the agent will listen on.
+#   By default the agent listens to any and all traffic from any
+#   interface on the default SNMP port (161).  This allows you to
+#   specify which address, interface, transport type and port(s) that you
+#   want the agent to listen on.  Multiple definitions of this token
+#   are concatenated together (using ':'s).
+#   arguments: [transport:]port[@interface/address],...
+
+#agentaddress  127.0.0.1,[::1]
+agentAddress udp:161
+
+
+
+###########################################################################
+# SECTION: Access Control Setup
+#
+#   This section defines who is allowed to talk to your running
+#   snmp agent.
+
+# Views 
+#   arguments viewname included [oid]
+
+#  system + hrSystem groups only
+view   systemonly  included   .1.3.6.1.2.1.1
+view   systemonly  included   .1.3.6.1.2.1.25.1
+
+
+# rocommunity: a SNMPv1/SNMPv2c read-only access community name
+#   arguments:  community [default|hostname|network/bits] [oid | -V view]
+
+# Read-only access to everyone to the systemonly view
+rocommunity  public default
+rocommunity6 public default -V systemonly
+
+# SNMPv3 doesn't use communities, but users with (optionally) an
+# authentication and encryption string. This user needs to be created
+# with what they can view with rouser/rwuser lines in this file.
+#
+# createUser username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES] [privpassphrase]
+# e.g.
+# createuser authPrivUser SHA-512 myauthphrase AES myprivphrase
+#
+# This should be put into /var/lib/snmp/snmpd.conf 
+#
+# rouser: a SNMPv3 read-only access username
+#    arguments: username [noauth|auth|priv [OID | -V VIEW [CONTEXT]]]
+rouser authPrivUser authpriv -V systemonly
+
+# include a all *.conf files in a directory
+includeDir /etc/snmp/snmpd.conf.d

sio2/VAGRANT/Vagrantfile

@@ -0,0 +1,32 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "nagios4"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  config.vm.network "public_network"
+
+   config.vm.provision "shell", inline: <<-SHELL
+      apt-get update
+      apt-get install -y vim curl wget apache2 php nagios4 nagios-plugins-contrib
+      cp /etc/nagios4/apache2.conf /etc/apache2/sites-available/nagios4.conf
+      a2ensite nagios4.conf
+      a2enmod rewrite cgi
+      systemctl reload apache2
+   SHELL
+end

sio2/VAGRANT/Vagrantfile2

@@ -0,0 +1,14 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+Vagrant.configure("2") do |config|
+  config.vm.provision "shell", inline: "apt-get update -y" # execute pour chacune des machines
+ 
+  config.vm.define "IDS" do |ids|#VM No'1
+    ids.vm.box = "debian/bookworm64" #Setting machine type
+    ids.vm.hostname = "IDS" #Setting machine type
+    ids.vm.network "public_network"#Set DHCP
+    ids.vm.provision "shell", inline: <<-SHELL
+     apt-get install -y wget curl vim unzip chkrootkit rkhunter fail2ban
+   SHELL
+  end
+end