tp ansible

sio2/CYBER/Ansible/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+ 
+[web]
+web1
+web2

sio2/CYBER/Ansible/squid-j2.yml

@@ -0,0 +1,23 @@
+---
+- name: squid-j2.yml
+  hosts: infra
+  vars:
+  - proxy_port: 8080
+  - proxy_mem: 512
+  tasks:  
+  - name: 1. assurer que squid est installe
+    service:
+      name: squid
+      state: started
+  
+  - name: 2. Copie du squid.conf apres generation dynamique 
+    template:
+      src: squid.conf.j2
+      dest: /etc/squid/squid.conf
+    notify: restart squid
+
+  handlers:
+    - name: restart squid
+      service:
+        name: squid
+        state: restarted

sio2/CYBER/Ansible/squid.yml

@@ -0,0 +1,22 @@
+---
+- name: squid.yml
+  hosts: infra
+  vars:
+    proxy_port: 8080
+    proxy_mem: 128
+
+  tasks:
+    - name: 1. installation de squid
+      apt:
+        name: squid
+        state: latest
+
+    - name: 2. recuperation de squid.conf avec fetch
+      ansible.builtin.fetch:
+        src: /etc/squid/squid.conf
+        dest: ./squid.conf
+        flat: yes
+
+
+
+

sio2/CYBER/Ansible/syslog-cli.yml

@@ -0,0 +1,45 @@
+---
+- name: syslog.yml
+  hosts: web
+  tasks:
+  - name:  1. installer rsyslog
+    apt:
+      name: rsyslog
+      state: latest
+
+  - name: ajout du serveur syslog distant 
+    lineinfile:
+      path: /etc/rsyslog.conf
+      line: '*.* @172.20.10.4:514'
+      insertbefore: EOF
+      create: yes 
+    notify:
+      - 5. redemarrer rsyslog
+ 
+        # - name: 3. Ajout de la ligne ForwardToSyslog
+      #shell: echo "ForwardToSyslog=yes" >> /etc/systemd/journald.conf
+ 
+  - name: 4. Decommente la ligne ForwardToSyslog
+    replace:
+      path: /etc/systemd/journald.conf
+      regexp: '^#ForwardToSyslog=yes'
+      replace: 'ForwardToSyslog=yes'
+    notify: 6. redemarrer journald.service
+
+        # notify:
+        #- restart rsyslog
+        #- name: redemarrage de syslog
+        #- restart journald.service
+        #- name: redemarrage de journald.service
+
+  handlers:
+  - name: 5. redemarrer rsyslog
+    service:
+      name: rsyslog
+      state: restarted
+      
+  - name: 6. redemarrer journald.service
+    service:
+      name: systemd-journald.service
+      state: restarted
+

sio2/CYBER/Ansible/syslog.yml

@@ -0,0 +1,52 @@
+---
+- name: syslog.yml
+  hosts: infra
+  tasks:
+  - name:  1. installer rsyslog
+    apt:
+      name: rsyslog
+      state: latest
+  
+  - name:  2. decommente le chargement du module imudp dans rsyslog.conf
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#module\(load="imudp"\)'
+      replace: 'module(load="imudp")'
+    notify:
+      - 5. redemarrer rsyslog
+ 
+  - name:  3. decommente le chargement du module imudp  port 514 dans rsyslog.conf
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#input\(type="imudp" port="514"\)'
+      replace: 'input(type="imudp" port="514")'
+    notify:
+      - 5. redemarrer rsyslog
+
+        # - name: 3. Ajout de la ligne ForwardToSyslog
+      #shell: echo "ForwardToSyslog=yes" >> /etc/systemd/journald.conf
+ 
+  - name: 4. Decommente la ligne ForwardToSyslog
+    replace:
+      path: /etc/systemd/journald.conf
+      regexp: '^#ForwardToSyslog=yes'
+      replace: 'ForwardToSyslog=yes'
+    notify: 6. redemarrer journald.service
+
+        # notify:
+        #- restart rsyslog
+        #- name: redemarrage de syslog
+        #- restart journald.service
+        #- name: redemarrage de journald.service
+
+  handlers:
+  - name: 5. redemarrer rsyslog
+    service:
+      name: rsyslog
+      state: restarted
+      
+  - name: 6. redemarrer journald.service
+    service:
+      name: systemd-journald.service
+      state: restarted
+

sio2/CYBER/Ansible/web.yml

@@ -0,0 +1,20 @@
+---
+- name: web.yml
+  hosts: web
+  tasks:
+  - name: 1. installer apache2
+    apt :
+      name: apache2
+      state: present
+  - name: 2  installer php-mbstring
+    apt:
+      name: php-mbstring
+      state: present
+  - name: 3 assurer Apache tourne
+    service:
+      name: apache2
+      state: started
+  - name: 4 copier le fichier index.html vers /var/www/html      
+    template:
+      src: index.html
+      dest: /var/www/html/

sio2/CYBER/Nagios/command.cfg

@@ -0,0 +1,303 @@
+###############################################################################
+# COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS 4.4.6
+#
+#
+# NOTES: This config file provides you with some example command definitions
+#        that you can reference in host, service, and contact definitions.
+#
+#        You don't need to keep commands in a separate file from your other
+#        object definitions.  This has been done just to make things easier to
+#        understand.
+#
+###############################################################################
+
+
+
+################################################################################
+#
+# SAMPLE NOTIFICATION COMMANDS
+#
+# These are some example notification commands.  They may or may not work on
+# your system without modification.  As an example, some systems will require
+# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below.
+#
+################################################################################
+
+define command {
+
+    command_name    notify-host-by-email
+    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
+}
+
+
+
+define command {
+
+    command_name    notify-service-by-email
+    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
+}
+
+
+
+################################################################################
+#
+# SAMPLE HOST CHECK COMMANDS
+#
+################################################################################
+
+# Removed in Debian because it conflicts with the command of the same name
+# defined in ping.cfg, which is part of monitoring-plugins-basic.
+#
+## This command checks to see if a host is "alive" by pinging it
+## The check must result in a 100% packet loss or 5 second (5000ms) round trip
+## average time to produce a critical error.
+## Note: Five ICMP echo packets are sent (determined by the '-p 5' argument)
+#
+#define command {
+#
+#    command_name    check-host-alive
+#    command_line    $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
+#}
+
+
+
+################################################################################
+#
+# SAMPLE SERVICE CHECK COMMANDS
+#
+# These are some example service check commands.  They may or may not work on
+# your system, as they must be modified for your plugins.  See the HTML
+# documentation on the plugins for examples of how to configure command definitions.
+#
+# NOTE:  The following 'check_local_...' functions are designed to monitor
+#        various metrics on the host that Nagios is running on (i.e. this one).
+################################################################################
+
+define command {
+
+    command_name    check_local_disk
+    command_line    $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+}
+
+
+
+define command {
+
+    command_name    check_local_load
+    command_line    $USER1$/check_load -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_procs
+    command_line    $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+}
+
+
+
+define command {
+
+    command_name    check_local_users
+    command_line    $USER1$/check_users -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_swap
+    command_line    $USER1$/check_swap -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_mrtgtraf
+    command_line    $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$
+}
+
+
+
+################################################################################
+# NOTE:  The following 'check_...' commands are used to monitor services on
+#        both local and remote hosts.
+################################################################################
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ftp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ftp
+#    command_line    $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in hppjd.cfg, which is part of monitoring-plugins-standard.
+#
+#define command {
+#
+#    command_name    check_hpjd
+#    command_line    $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+define command {
+
+    command_name    check_snmp
+    command_line    $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$
+}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in http.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_http
+#    command_line    $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ssh.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ssh
+#    command_line    $USER1$/check_ssh $ARG1$ $HOSTADDRESS$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in dhcp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_dhcp
+#    command_line    $USER1$/check_dhcp $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ping.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ping
+#    command_line    $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_pop
+#    command_line    $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_imap
+#    command_line    $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_smtp
+#    command_line    $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_tcp
+#    command_line    $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_udp
+#    command_line    $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in nt.cfg, which is part of monitoring-plugins-standard.
+#
+#define command {
+#
+#    command_name    check_nt
+#    command_line    $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
+#}
+
+
+
+################################################################################
+#
+# SAMPLE PERFORMANCE DATA COMMANDS
+#
+# These are sample performance data commands that can be used to send performance
+# data output to two text files (one for hosts, another for services).  If you
+# plan on simply writing performance data out to a file, consider using the
+# host_perfdata_file and service_perfdata_file options in the main config file.
+#
+################################################################################
+
+define command {
+
+    command_name    process-host-perfdata
+    command_line    /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/lib/nagios4/host-perfdata.out
+}
+
+
+
+define command {
+
+    command_name    process-service-perfdata
+    command_line    /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/lib/nagios4/service-perfdata.out
+}
+
+define command {
+	command_name check_lin_load
+	command_line $USER1$/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
+}
+
+define command {
+	command_name check_lin_mem
+	command_line $USER1$/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
+}
+

sio2/CYBER/Wireguard/wg0-a.conf

@@ -0,0 +1,15 @@
+# local settings for Endpoint A
+[Interface]
+PrivateKey = aLihTWpe3bt3XwNPGOVS0mB9vfr4JqeZPyzhlgQ052k=
+Address = 10.0.0.1/32
+ListenPort = 51820
+
+# IP forwarding
+PreUp = sysctl -w net.ipv4.ip_forward=1
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = 8bEwgf4jUaIvZslBNwQSP3sNrJPZg1YDiFqyMCvJszo=
+Endpoint = 192.168.3.2:51820
+AllowedIPs = 10.0.0.2/32, 192.168.2.0/24
+

sio2/CYBER/wg0-b.conf

@@ -0,0 +1,15 @@
+# local settings for Endpoint B
+[Interface]
+PrivateKey = eLqg4jQCId97MOdcP5k0FIlxnaMBArlPPEaTVmRPWFk=
+Address = 10.0.0.2/32
+ListenPort = 51820
+
+# IP forwarding
+PreUp = sysctl -w net.ipv4.ip_forward=1
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = 5UQzcels7MqDXWdt2oDvfbjykISpYl4i8uYFytHijUc=
+Endpoint = 192.168.3.2:51820
+AllowedIPs = 10.0.0.1/32, 192.168.1.0/24
+