anthony.boillot/siotp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: anthony.boillot:bb20f9842cc6213aa2e9bd39c38b8709640f9617
Branches Tags
anthony.boillot:main
anthony.boillot:v0.0.2 anthony.boillot:v0.0.1
...
compare: anthony.boillot:main
Branches Tags
anthony.boillot:main
anthony.boillot:v0.0.2 anthony.boillot:v0.0.1

8 Commits
bb20f9842c ... main

Author SHA1 Message Date
root
9af14787a1 ajout nagios4 2025-09-26 11:25:02 +02:00
Anthony Boillot
bd60ae4c1e tp ids cyber 2025-09-12 11:31:50 +02:00
anthony.boillot
1eafeed5e9 correction script 2025-02-20 14:58:48 +01:00
anthony.boillot
f1011e625f tp03 2025-02-20 14:27:07 +01:00
anthony.boillot
cc63dbf51e tp03 + 04 2025-02-20 14:26:27 +01:00
anthony.boillot
acf9dbc9d0 dns2fini 2025-02-03 11:20:00 +01:00
anthony.boillot
9ad241eb32 Merge branch 'main' of https://gitea.lyc-lecastel.fr/anthony.boillot/siotp 2025-02-03 11:14:10 +01:00
anthony.boillot
28d6879ee8 dns2 2025-02-03 11:12:26 +01:00
39 changed files with 3290 additions and 0 deletions
Expand all files Collapse all files

78
cyber/10-IDS/Vagrantfile vendored Normal file
View File

@@ -0,0 +1,78 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://vagrantcloud.com/search.
config.vm.box = "debian/bookworm64"
config.vm.hostname = "IDS"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# NOTE: This will enable public access to the opened port
# config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine and only allow access
# via 127.0.0.1 to disable public access
# config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
config.vm.network "public_network"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Disable the default share of the current code directory. Doing this
# provides improved isolation between the vagrant box and your host
# by making sure your Vagrantfile isn't accessible to the vagrant box.
# If you use this you may want to enable additional shared subfolders as
# shown above.
# config.vm.synced_folder ".", "/vagrant", disabled: true
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
# config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
#
# # Customize the amount of memory on the VM:
# vb.memory = "1024"
# end
#
# View the documentation for the provider you are using for more
# information on available options.
# Enable provisioning with a shell script. Additional provisioners such as
# Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
# documentation for more information about their specific syntax and use.
config.vm.provision "shell", inline: <<-SHELL
apt-get update
apt-get install -y rkhunter chrootkit
SHELL
end

1391
cyber/20-nagios/nagios.cfg Normal file
View File

File diff suppressed because it is too large Load Diff

297
cyber/20-nagios/objects/commands.cfg Normal file
View File

@@ -0,0 +1,297 @@
###############################################################################
# COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS 4.4.6
#
#
# NOTES: This config file provides you with some example command definitions
# that you can reference in host, service, and contact definitions.
#
# You don't need to keep commands in a separate file from your other
# object definitions. This has been done just to make things easier to
# understand.
#
###############################################################################
################################################################################
#
# SAMPLE NOTIFICATION COMMANDS
#
# These are some example notification commands. They may or may not work on
# your system without modification. As an example, some systems will require
# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below.
#
################################################################################
define command {
command_name notify-host-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
}
define command {
command_name notify-service-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
}
################################################################################
#
# SAMPLE HOST CHECK COMMANDS
#
################################################################################
# Removed in Debian because it conflicts with the command of the same name
# defined in ping.cfg, which is part of monitoring-plugins-basic.
#
## This command checks to see if a host is "alive" by pinging it
## The check must result in a 100% packet loss or 5 second (5000ms) round trip
## average time to produce a critical error.
## Note: Five ICMP echo packets are sent (determined by the '-p 5' argument)
#
#define command {
#
# command_name check-host-alive
# command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
#}
################################################################################
#
# SAMPLE SERVICE CHECK COMMANDS
#
# These are some example service check commands. They may or may not work on
# your system, as they must be modified for your plugins. See the HTML
# documentation on the plugins for examples of how to configure command definitions.
#
# NOTE: The following 'check_local_...' functions are designed to monitor
# various metrics on the host that Nagios is running on (i.e. this one).
################################################################################
define command {
command_name check_local_disk
command_line $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
}
define command {
command_name check_local_load
command_line $USER1$/check_load -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_procs
command_line $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
}
define command {
command_name check_local_users
command_line $USER1$/check_users -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_swap
command_line $USER1$/check_swap -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_mrtgtraf
command_line $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$
}
################################################################################
# NOTE: The following 'check_...' commands are used to monitor services on
# both local and remote hosts.
################################################################################
# Removed in Debian because it conflicts with the command of the same of
# defined in ftp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ftp
# command_line $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in hppjd.cfg, which is part of monitoring-plugins-standard.
#
#define command {
#
# command_name check_hpjd
# command_line $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$
#}
define command {
command_name check_snmp
command_line $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$
}
# Removed in Debian because it conflicts with the command of the same of
# defined in http.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_http
# command_line $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in ssh.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ssh
# command_line $USER1$/check_ssh $ARG1$ $HOSTADDRESS$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in dhcp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_dhcp
# command_line $USER1$/check_dhcp $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in ping.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ping
# command_line $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_pop
# command_line $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_imap
# command_line $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_smtp
# command_line $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_tcp
# command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_udp
# command_line $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in nt.cfg, which is part of monitoring-plugins-standard.
#
#define command {
#
# command_name check_nt
# command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
#}
################################################################################
#
# SAMPLE PERFORMANCE DATA COMMANDS
#
# These are sample performance data commands that can be used to send performance
# data output to two text files (one for hosts, another for services). If you
# plan on simply writing performance data out to a file, consider using the
# host_perfdata_file and service_perfdata_file options in the main config file.
#
################################################################################
define command {
command_name process-host-perfdata
command_line /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/lib/nagios4/host-perfdata.out
}
define command {
command_name process-service-perfdata
command_line /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/lib/nagios4/service-perfdata.out
}
define command {
command_name check_lin_load
command_line $USER1$/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
}

51
cyber/20-nagios/objects/contacts.cfg Normal file
View File

@@ -0,0 +1,51 @@
###############################################################################
# CONTACTS.CFG - SAMPLE CONTACT/CONTACTGROUP DEFINITIONS
#
#
# NOTES: This config file provides you with some example contact and contact
# group definitions that you can reference in host and service
# definitions.
#
# You don't need to keep these definitions in a separate file from your
# other object definitions. This has been done just to make things
# easier to understand.
#
###############################################################################
###############################################################################
#
# CONTACTS
#
###############################################################################
# Just one contact defined by default - the Nagios admin (that's you)
# This contact definition inherits a lot of default values from the
# 'generic-contact' template which is defined elsewhere.
define contact {
contact_name nagiosadmin ; Short name of user
use generic-contact ; Inherit default values from generic-contact template (defined above)
alias Nagios Admin ; Full name of user
email nagios@localhost ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
}
###############################################################################
#
# CONTACT GROUPS
#
###############################################################################
# We only have one contact in this simple configuration file, so there is
# no need to create more than one contact group.
define contactgroup {
contactgroup_name admins
alias Nagios Administrators
members nagiosadmin
}

159
cyber/20-nagios/objects/localhost.cfg Normal file
View File

@@ -0,0 +1,159 @@
###############################################################################
# LOCALHOST.CFG - SAMPLE OBJECT CONFIG FILE FOR MONITORING THIS MACHINE
#
#
# NOTE: This config file is intended to serve as an *extremely* simple
# example of how you can create configuration entries to monitor
# the local (Linux) machine.
#
###############################################################################
###############################################################################
#
# HOST DEFINITION
#
###############################################################################
# Define a host for the local machine
define host {
use linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name localhost
alias localhost
address 127.0.0.1
}
###############################################################################
#
# HOST GROUP DEFINITION
#
###############################################################################
# Define an optional hostgroup for Linux machines
define hostgroup {
hostgroup_name linux-servers ; The name of the hostgroup
alias Linux Servers ; Long name of the group
members localhost ; Comma separated list of hosts that belong to this group
}
###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
# Define a service to "ping" the local machine
define service {
use local-service ; Name of service template to use
host_name localhost
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}
# Define a service to check the disk space of the root partition
# on the local machine. Warning if < 20% free, critical if
# < 10% free space on partition.
define service {
use local-service ; Name of service template to use
host_name localhost
service_description Root Partition
check_command check_local_disk!20%!10%!/
}
# Define a service to check the number of currently logged in
# users on the local machine. Warning if > 20 users, critical
# if > 50 users.
define service {
use local-service ; Name of service template to use
host_name localhost
service_description Current Users
check_command check_local_users!20!50
}
# Define a service to check the number of currently running procs
# on the local machine. Warning if > 250 processes, critical if
# > 400 processes.
define service {
use local-service ; Name of service template to use
host_name localhost
service_description Total Processes
check_command check_local_procs!250!400!RSZDT
}
# Define a service to check the load on the local machine.
define service {
use local-service ; Name of service template to use
host_name localhost
service_description Current Load
check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0
}
# Define a service to check the swap usage the local machine.
# Critical if less than 10% of swap is free, warning if less than 20% is free
define service {
use local-service ; Name of service template to use
host_name localhost
service_description Swap Usage
check_command check_local_swap!20%!10%
}
# Define a service to check SSH on the local machine.
# Disable notifications for this service by default, as not all users may have SSH enabled.
define service {
use local-service ; Name of service template to use
host_name localhost
service_description SSH
check_command check_ssh
notifications_enabled 0
}
# Define a service to check HTTP on the local machine.
# Disable notifications for this service by default, as not all users may have HTTP enabled.
define service {
use local-service ; Name of service template to use
host_name localhost
service_description HTTP
check_command check_http
notifications_enabled 0
}

82
cyber/20-nagios/objects/printer.cfg Normal file
View File

@@ -0,0 +1,82 @@
###############################################################################
# PRINTER.CFG - SAMPLE CONFIG FILE FOR MONITORING A NETWORK PRINTER
#
#
# NOTES: This config file assumes that you are using the sample configuration
# files that get installed with the Nagios quickstart guide.
#
###############################################################################
###############################################################################
#
# HOST DEFINITIONS
#
###############################################################################
# Define a host for the printer we'll be monitoring
# Change the host_name, alias, and address to fit your situation
define host {
use generic-printer ; Inherit default values from a template
host_name hplj2605dn ; The name we're giving to this printer
alias HP LaserJet 2605dn ; A longer name associated with the printer
address 192.168.1.30 ; IP address of the printer
hostgroups network-printers ; Host groups this printer is associated with
}
###############################################################################
#
# HOST GROUP DEFINITIONS
#
###############################################################################
# A hostgroup for network printers
define hostgroup {
hostgroup_name network-printers ; The name of the hostgroup
alias Network Printers ; Long name of the group
}
###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
# Create a service for monitoring the status of the printer
# Change the host_name to match the name of the host you defined above
# If the printer has an SNMP community string other than "public",
# change the check_command directive to reflect that
define service {
use generic-service ; Inherit values from a template
host_name hplj2605dn ; The name of the host the service is associated with
service_description Printer Status ; The service description
check_command check_hpjd!-C public ; The command used to monitor the service
check_interval 10 ; Check the service every 10 minutes under normal conditions
retry_interval 1 ; Re-check the service every minute until its final/hard state is determined
}
# Create a service for "pinging" the printer occasionally.
# Useful for monitoring RTA, packet loss, etc.
define service {
use generic-service
host_name hplj2605dn
service_description PING
check_command check_ping!3000.0,80%!5000.0,100%
check_interval 10
retry_interval 1
}

9
cyber/20-nagios/objects/services.cfg Normal file
View File

@@ -0,0 +1,9 @@
# service de supervision de Load Linux avec SNMP
# 3 valeurs : charge moyenne sur 1 min, 5 min, 15 min
define service{
use generic-service ;Use generic-service template
hostgroup_name linux-servers ; S'applique au groupe en question
service_description chk-lin-load ; Nom du service
check_command check_lin_load!public!--v2c!netsl!3,2,2!3,2,2 ; Command
# servicegroups ser-lin-base ;Service belong servicegroup
}

79
cyber/20-nagios/objects/srv.cfg Normal file
View File

@@ -0,0 +1,79 @@
###############################################################################
# LOCALHOST.CFG - SAMPLE OBJECT CONFIG FILE FOR MONITORING THIS MACHINE
#
#
# NOTE: This config file is intended to serve as an *extremely* simple
# example of how you can create configuration entries to monitor
# the local (Linux) machine.
#
###############################################################################
###############################################################################
#
# HOST DEFINITION
#
###############################################################################
# Define a host for the local machine
define host {
use linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name srv
alias srv
address 192.168.0.25
}
###############################################################################
#
# HOST GROUP DEFINITION
#
###############################################################################
# Define an optional hostgroup for Linux machines
###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
# Define a service to "ping" the local machine
# Define a service to check the disk space of the root partition
# on the local machine. Warning if < 20% free, critical if
# < 10% free space on partition.
# Disable notifications for this service by default, as not all users may have SSH enabled.
define service {
use generic-service ; Name of service template to use
host_name srv
service_description SSH
check_command check_ssh
notifications_enabled 0
}
# Define a service to check HTTP on the local machine.
# Disable notifications for this service by default, as not all users may have HTTP enabled.
define service {
use generic-service ; Name of service template to use
host_name srv
service_description HTTP
check_command check_http
notifications_enabled 0
}

99
cyber/20-nagios/objects/switch.cfg Normal file
View File

@@ -0,0 +1,99 @@
###############################################################################
# SWITCH.CFG - SAMPLE CONFIG FILE FOR MONITORING A SWITCH
#
#
# NOTES: This config file assumes that you are using the sample configuration
# files that get installed with the Nagios quickstart guide.
#
###############################################################################
###############################################################################
#
# HOST DEFINITIONS
#
###############################################################################
# Define the switch that we'll be monitoring
define host {
use generic-switch ; Inherit default values from a template
host_name linksys-srw224p ; The name we're giving to this switch
alias Linksys SRW224P Switch ; A longer name associated with the switch
address 192.168.1.253 ; IP address of the switch
hostgroups switches ; Host groups this switch is associated with
}
###############################################################################
#
# HOST GROUP DEFINITIONS
#
###############################################################################
# Create a new hostgroup for switches
define hostgroup {
hostgroup_name switches ; The name of the hostgroup
alias Network Switches ; Long name of the group
}
###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
# Create a service to PING to switch
define service {
use generic-service ; Inherit values from a template
host_name linksys-srw224p ; The name of the host the service is associated with
service_description PING ; The service description
check_command check_ping!200.0,20%!600.0,60% ; The command used to monitor the service
check_interval 5 ; Check the service every 5 minutes under normal conditions
retry_interval 1 ; Re-check the service every minute until its final/hard state is determined
}
# Monitor uptime via SNMP
define service {
use generic-service ; Inherit values from a template
host_name linksys-srw224p
service_description Uptime
check_command check_snmp!-C public -o sysUpTime.0
}
# Monitor Port 1 status via SNMP
define service {
use generic-service ; Inherit values from a template
host_name linksys-srw224p
service_description Port 1 Link Status
check_command check_snmp!-C public -o ifOperStatus.1 -r 1 -m RFC1213-MIB
}
# Monitor bandwidth via MRTG logs
define service {
use generic-service ; Inherit values from a template
host_name linksys-srw224p
service_description Port 1 Bandwidth Usage
check_command check_local_mrtgtraf!/var/lib/mrtg/192.168.1.253_1.log!AVG!1000000,1000000!5000000,5000000!10
}

198
cyber/20-nagios/objects/templates.cfg Normal file
View File

@@ -0,0 +1,198 @@
###############################################################################
# TEMPLATES.CFG - SAMPLE OBJECT TEMPLATES
#
#
# NOTES: This config file provides you with some example object definition
# templates that are referred by other host, service, contact, etc.
# definitions in other config files.
#
# You don't need to keep these definitions in a separate file from your
# other object definitions. This has been done just to make things
# easier to understand.
#
###############################################################################
###############################################################################
#
# CONTACT TEMPLATES
#
###############################################################################
# Generic contact definition template
# This is NOT a real contact, just a template!
define contact {
name generic-contact ; The name of this contact template
service_notification_period 24x7 ; service notifications can be sent anytime
host_notification_period 24x7 ; host notifications can be sent anytime
service_notification_options w,u,c,r,f,s ; send notifications for all service states, flapping events, and scheduled downtime events
host_notification_options d,u,r,f,s ; send notifications for all host states, flapping events, and scheduled downtime events
service_notification_commands notify-service-by-email ; send service notifications via email
host_notification_commands notify-host-by-email ; send host notifications via email
register 0 ; DON'T REGISTER THIS DEFINITION - ITS NOT A REAL CONTACT, JUST A TEMPLATE!
}
###############################################################################
#
# HOST TEMPLATES
#
###############################################################################
# Generic host definition template
# This is NOT a real host, just a template!
define host {
name generic-host ; The name of this host template
notifications_enabled 1 ; Host notifications are enabled
event_handler_enabled 1 ; Host event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
notification_period 24x7 ; Send host notifications at any time
register 0 ; DON'T REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
}
# Linux host definition template
# This is NOT a real host, just a template!
define host {
name linux-server ; The name of this host template
use generic-host ; This template inherits other values from the generic-host template
check_period 24x7 ; By default, Linux hosts are checked round the clock
check_interval 5 ; Actively check the host every 5 minutes
retry_interval 1 ; Schedule host check retries at 1 minute intervals
max_check_attempts 10 ; Check each Linux host 10 times (max)
check_command check-host-alive ; Default command to check Linux hosts
notification_period workhours ; Linux admins hate to be woken up, so we only notify during the day
; Note that the notification_period variable is being overridden from
; the value that is inherited from the generic-host template!
notification_interval 120 ; Resend notifications every 2 hours
notification_options d,u,r ; Only send notifications for specific host states
contact_groups admins ; Notifications get sent to the admins by default
register 0 ; DON'T REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
}
# Windows host definition template
# This is NOT a real host, just a template!
define host {
name windows-server ; The name of this host template
use generic-host ; Inherit default values from the generic-host template
check_period 24x7 ; By default, Windows servers are monitored round the clock
check_interval 5 ; Actively check the server every 5 minutes
retry_interval 1 ; Schedule host check retries at 1 minute intervals
max_check_attempts 10 ; Check each server 10 times (max)
check_command check-host-alive ; Default command to check if servers are "alive"
notification_period 24x7 ; Send notification out at any time - day or night
notification_interval 30 ; Resend notifications every 30 minutes
notification_options d,r ; Only send notifications for specific host states
contact_groups admins ; Notifications get sent to the admins by default
hostgroups windows-servers ; Host groups that Windows servers should be a member of
register 0 ; DON'T REGISTER THIS - ITS JUST A TEMPLATE
}
# We define a generic printer template that can
# be used for most printers we monitor
define host {
name generic-printer ; The name of this host template
use generic-host ; Inherit default values from the generic-host template
check_period 24x7 ; By default, printers are monitored round the clock
check_interval 5 ; Actively check the printer every 5 minutes
retry_interval 1 ; Schedule host check retries at 1 minute intervals
max_check_attempts 10 ; Check each printer 10 times (max)
check_command check-host-alive ; Default command to check if printers are "alive"
notification_period workhours ; Printers are only used during the workday
notification_interval 30 ; Resend notifications every 30 minutes
notification_options d,r ; Only send notifications for specific host states
contact_groups admins ; Notifications get sent to the admins by default
register 0 ; DON'T REGISTER THIS - ITS JUST A TEMPLATE
}
# Define a template for switches that we can reuse
define host {
name generic-switch ; The name of this host template
use generic-host ; Inherit default values from the generic-host template
check_period 24x7 ; By default, switches are monitored round the clock
check_interval 5 ; Switches are checked every 5 minutes
retry_interval 1 ; Schedule host check retries at 1 minute intervals
max_check_attempts 10 ; Check each switch 10 times (max)
check_command check-host-alive ; Default command to check if routers are "alive"
notification_period 24x7 ; Send notifications at any time
notification_interval 30 ; Resend notifications every 30 minutes
notification_options d,r ; Only send notifications for specific host states
contact_groups admins ; Notifications get sent to the admins by default
register 0 ; DON'T REGISTER THIS - ITS JUST A TEMPLATE
}
###############################################################################
#
# SERVICE TEMPLATES
#
###############################################################################
# Generic service definition template
# This is NOT a real service, just a template!
define service {
name generic-service ; The 'name' of this service template
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems)
obsess_over_service 1 ; We should obsess over this service (if necessary)
check_freshness 0 ; Default is to NOT check service 'freshness'
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
is_volatile 0 ; The service is not volatile
check_period 24x7 ; The service can be checked at any time of the day
max_check_attempts 3 ; Re-check the service up to 3 times in order to determine its final (hard) state
check_interval 10 ; Check the service every 10 minutes under normal conditions
retry_interval 2 ; Re-check the service every two minutes until a hard state can be determined
contact_groups admins ; Notifications get sent out to everyone in the 'admins' group
notification_options w,u,c,r ; Send notifications about warning, unknown, critical, and recovery events
notification_interval 60 ; Re-notify about service problems every hour
notification_period 24x7 ; Notifications can be sent out at any time
register 0 ; DON'T REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!
}
# Local service definition template
# This is NOT a real service, just a template!
define service {
name local-service ; The name of this service template
use generic-service ; Inherit default values from the generic-service definition
max_check_attempts 4 ; Re-check the service up to 4 times in order to determine its final (hard) state
check_interval 5 ; Check the service every 5 minutes under normal conditions
retry_interval 1 ; Re-check the service every minute until a hard state can be determined
register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!
}

112
cyber/20-nagios/objects/timeperiods.cfg Normal file
View File

@@ -0,0 +1,112 @@
###############################################################################
# TIMEPERIODS.CFG - SAMPLE TIMEPERIOD DEFINITIONS
#
#
# NOTES: This config file provides you with some example timeperiod definitions
# that you can reference in host, service, contact, and dependency
# definitions.
#
# You don't need to keep timeperiods in a separate file from your other
# object definitions. This has been done just to make things easier to
# understand.
#
###############################################################################
###############################################################################
#
# TIMEPERIOD DEFINITIONS
#
###############################################################################
# This defines a timeperiod where all times are valid for checks,
# notifications, etc. The classic "24x7" support nightmare. :-)
define timeperiod {
name 24x7
timeperiod_name 24x7
alias 24 Hours A Day, 7 Days A Week
sunday 00:00-24:00
monday 00:00-24:00
tuesday 00:00-24:00
wednesday 00:00-24:00
thursday 00:00-24:00
friday 00:00-24:00
saturday 00:00-24:00
}
# This defines a timeperiod that is normal workhours for
# those of us monitoring networks and such in the U.S.
define timeperiod {
name workhours
timeperiod_name workhours
alias Normal Work Hours
monday 09:00-17:00
tuesday 09:00-17:00
wednesday 09:00-17:00
thursday 09:00-17:00
friday 09:00-17:00
}
# This defines the *perfect* check and notification
# timeperiod
define timeperiod {
name none
timeperiod_name none
alias No Time Is A Good Time
}
# Some U.S. holidays
# Note: The timeranges for each holiday are meant to *exclude* the holidays from being
# treated as a valid time for notifications, etc. You probably don't want your pager
# going off on New Year's. Although your employer might... :-)
define timeperiod {
name us-holidays
timeperiod_name us-holidays
alias U.S. Holidays
january 1 00:00-00:00 ; New Years
monday -1 may 00:00-00:00 ; Memorial Day (last Monday in May)
july 4 00:00-00:00 ; Independence Day
monday 1 september 00:00-00:00 ; Labor Day (first Monday in September)
thursday 4 november 00:00-00:00 ; Thanksgiving (4th Thursday in November)
december 25 00:00-00:00 ; Christmas
}
# This defines a modified "24x7" timeperiod that covers every day of the
# year, except for U.S. holidays (defined in the timeperiod above).
define timeperiod {
name 24x7_sans_holidays
timeperiod_name 24x7_sans_holidays
alias 24x7 Sans Holidays
use us-holidays ; Get holiday exceptions from other timeperiod
sunday 00:00-24:00
monday 00:00-24:00
tuesday 00:00-24:00
wednesday 00:00-24:00
thursday 00:00-24:00
friday 00:00-24:00
saturday 00:00-24:00
}

141
cyber/20-nagios/objects/windows.cfg Normal file
View File

@@ -0,0 +1,141 @@
###############################################################################
# WINDOWS.CFG - SAMPLE CONFIG FILE FOR MONITORING A WINDOWS MACHINE
#
#
# NOTES: This config file assumes that you are using the sample configuration
# files that get installed with the Nagios quickstart guide.
#
###############################################################################
###############################################################################
#
# HOST DEFINITIONS
#
###############################################################################
# Define a host for the Windows machine we'll be monitoring
# Change the host_name, alias, and address to fit your situation
define host {
use windows-server ; Inherit default values from a template
host_name winserver ; The name we're giving to this host
alias My Windows Server ; A longer name associated with the host
address 192.168.1.2 ; IP address of the host
}
###############################################################################
#
# HOST GROUP DEFINITIONS
#
###############################################################################
# Define a hostgroup for Windows machines
# All hosts that use the windows-server template will automatically be a member of this group
define hostgroup {
hostgroup_name windows-servers ; The name of the hostgroup
alias Windows Servers ; Long name of the group
}
###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
# Create a service for monitoring the version of NSCLient++ that is installed
# Change the host_name to match the name of the host you defined above
define service {
use generic-service
host_name winserver
service_description NSClient++ Version
check_command check_nt!CLIENTVERSION
}
# Create a service for monitoring the uptime of the server
# Change the host_name to match the name of the host you defined above
define service {
use generic-service
host_name winserver
service_description Uptime
check_command check_nt!UPTIME
}
# Create a service for monitoring CPU load
# Change the host_name to match the name of the host you defined above
define service {
use generic-service
host_name winserver
service_description CPU Load
check_command check_nt!CPULOAD!-l 5,80,90
}
# Create a service for monitoring memory usage
# Change the host_name to match the name of the host you defined above
define service {
use generic-service
host_name winserver
service_description Memory Usage
check_command check_nt!MEMUSE!-w 80 -c 90
}
# Create a service for monitoring C:\ disk usage
# Change the host_name to match the name of the host you defined above
define service {
use generic-service
host_name winserver
service_description C:\ Drive Space
check_command check_nt!USEDDISKSPACE!-l c -w 80 -c 90
}
# Create a service for monitoring the W3SVC service
# Change the host_name to match the name of the host you defined above
define service {
use generic-service
host_name winserver
service_description W3SVC
check_command check_nt!SERVICESTATE!-d SHOWALL -l W3SVC
}
# Create a service for monitoring the Explorer.exe process
# Change the host_name to match the name of the host you defined above
define service {
use generic-service
host_name winserver
service_description Explorer
check_command check_nt!PROCSTATE!-d SHOWALL -l Explorer.exe
}

1
sisr1/tp02-dns/.: Normal file
View File

@@ -0,0 +1 @@
dns2-ab

20
sisr1/tp02-dns/dns2/db.sio-ab.lan Normal file
View File

@@ -0,0 +1,20 @@
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA dns1-ab.sio-ab.lan. root.dns1-ab.sio-ab.lan. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
NS dns1-ab.sio-ab.lan.
NS dns2-ab.sio-ab.lan.
dns2-ab.sio-ab.lan. A 192.168.0.162
dns1-ab.sio-ab.lan. A 192.168.0.161
;
@ IN NS localhost.
;@ IN A 127.0.0.1
deb-dhcp-ab IN A 192.168.0.160
;@ IN AAAA ::1
;

16
sisr1/tp02-dns/dns2/db.sio-ab.lan.rev Normal file
View File

@@ -0,0 +1,16 @@
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA dns1-ab.sio-ab.lan. root (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
IN NS dns1-ab.sio.lan.
IN NS dns2-ab.sio-.lan.
160 IN PTR deb-dhcp-ab.sio-ab.lan.
161 IN PTR dns1-ab.sio-ab.lan.
162 IN PTR dns2-ab.sio-ab.lan.

1
sisr1/tp02-dns/dns2/hostname Normal file
View File

@@ -0,0 +1 @@
dns2-ab

7
sisr1/tp02-dns/dns2/hosts Normal file
View File

@@ -0,0 +1,7 @@
127.0.0.1 localhost
127.0.1.1 dns2-ab.sio.lan dns2-ab
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

24
sisr1/tp02-dns/dns2/named.conf.local Normal file
View File

@@ -0,0 +1,24 @@
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
// zone directe
zone "sio-ab.lan" {
type slave;
file "/etc/bind/db.sio-ab.lan";
masters { 192.168.0.161; };
masterfile-format text;
};
// zone inverse
zone "0.168.192.in-addr.arpa" {
type slave;
notify no;
file "/etc/bind/db.sio-ab.lan.rev";
masters { 192.168.0.161; };
masterfile-format text;
};

25
sisr1/tp02-dns/dns2/named.conf.options Normal file
View File

@@ -0,0 +1,25 @@
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
10.121.38.7; // ici forwarder 1
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation no;
listen-on-v6 { any; };
};

24
sisr1/tp03-reseau-prive/srv-admin/cartes_reseau/interfaces Normal file
View File

@@ -0,0 +1,24 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug enp0s3
iface enp0s3 inet static
address 192.168.0.140/24
gateway 192.168.0.1
# Assignation static IP adresse
# auto enp0s3
# iface enp0s3 inet static
# address 192.168.0.26/24
# gateway 192.168.0.1
# The seconary network interface
auto enp0s8
iface enp0s8 inet dhcp

6
sisr1/tp03-reseau-prive/srv-admin/nat/README.md Normal file
View File

@@ -0,0 +1,6 @@
* **nat.sh** : script activant la NAT dynamique sans filtrage
* A placer à /root/nat.sh
* Rendre exécutable : <code>chmod +x /root/nat.sh</code>
* **nat.service** : service lançant le script au démarrage
* A placer à /etc/systemd/system/nat.service
* Activer le service : <code>systemctl enable nat.service</code>

13
sisr1/tp03-reseau-prive/srv-admin/nat/nat.service Normal file
View File

@@ -0,0 +1,13 @@
[Unit]
Description=execute /root/nat.sh
After=default.target
[Service]
ExecStart=bash /root/nat.sh
[Install]
WantedBy=default.target

6
sisr1/tp03-reseau-prive/srv-admin/nat/nat.sh Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
echo "1" > /proc/sys/net/ipv4/ip_forward
nft add table basic_nat_table
nft add chain basic_nat_table prerouting {type nat hook prerouting priority 0 \; }
nft add chain basic_nat_table postrouting {type nat hook postrouting priority 0 \; }
nft add rule basic_nat_table postrouting masquerade

2
sisr1/tp03-reseau-prive/srv-dns2/README.md Normal file
View File

@@ -0,0 +1,2 @@
**- fichier named.conf** :
* les fichiers named.conf.local et named.conf.options sont récupérés du srv-service

18
sisr1/tp03-reseau-prive/srv-dns2/cartes_reseau/interfaces Normal file
View File

@@ -0,0 +1,18 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug enp0s3
iface enp0s3 inet dhcp
# Assignation static IP adresse
#auto enp0s3
#iface enp0s3 inet static
# address 172.16.0.200/24
# gateway 172.16.0.1

28
sisr1/tp03-reseau-prive/srv-dns2/dns/db.monlabo.lan Normal file
View File

@@ -0,0 +1,28 @@
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA srv-service.monlabo.lan. root.srv-service.monlabo.lan. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
NS srv-service.monlabo.lan.
NS srv-dns2.monlabo.lan.
srv-service.monlabo.lan. A 172.16.0.254
srv-dns2.monlabo.lan. A 172.16.0.253
srv-admin-jt.monlabo.lan. A 172.16.0.1
srvdhcp IN CNAME srv-service.monlabo.lan.
dhcp IN CNAME srv-service.monlabo.lan.
srvdns IN CNAME srv-service.monlabo.lan.
dns IN CNAME srv-service.monlabo.lan.
srvdns1 IN CNAME srv-service.monlabo.lan.
dns1 IN CNAME srv-service.monlabo.lan.
srvdns2 IN CNAME srv-dns2.monlabo.lan.
dns2 IN CNAME srv-dns2.monlabo.lan.
srvadmin IN CNAME srv-admin-jt.monlabo.lan.
router IN CNAME srv-admin-jt.monlabo.lan.
gateway IN CNAME srv-admin-jt.monlabo.lan.

26
sisr1/tp03-reseau-prive/srv-dns2/dns/db.monlabo.lan.rev Normal file
View File

@@ -0,0 +1,26 @@
$ORIGIN .
$TTL 604800 ; 1 week
0.16.172.in-addr.arpa IN SOA srv-service.monlabo.lan. root.srv-service.monlabo.lan. (
2 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS srv-dns2.monlabo.lan.
NS srv-service.monlabo.lan.
$ORIGIN 0.16.172.in-addr.arpa.
1 PTR srv-admin-jt.monlabo.lan.
253 PTR srv-dns2.monlabo.lan.
254 PTR svr-service.monlabo.lan.
dhcp CNAME srv-service.monlabo.lan.
dns CNAME srv-service.monlabo.lan.
dns1 CNAME srv-service.monlabo.lan.
dns2 CNAME srv-dns2.monlabo.lan.
gateway CNAME srv-admin-jt.monlabo.lan.
router CNAME srv-admin-jt.monlabo.lan.
srvadmin CNAME srv-admin-jt.monlabo.lan.
srvdhcp CNAME srv-service.monlabo.lan.
srvdns CNAME srv-service.monlabo.lan.
srvdns1 CNAME srv-service.monlabo.lan.
srvdns2 CNAME srv-dns2.monlabo.lan.

18
sisr1/tp03-reseau-prive/srv-service/carte_reseau/interfaces Normal file
View File

@@ -0,0 +1,18 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#allow-hotplug enp0s3
#iface enp0s3 inet dhcp
# Assignation static IP adresse
auto enp0s3
iface enp0s3 inet static
address 172.16.0.254/24
gateway 172.16.0.1

113
sisr1/tp03-reseau-prive/srv-service/dhcp/dhcpd.conf Normal file
View File

@@ -0,0 +1,113 @@
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
#option domain-name "example.org";
#option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
#subnet 10.254.239.0 netmask 255.255.255.224 {
# range 10.254.239.10 10.254.239.20;
# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
subnet 172.16.0.0 netmask 255.255.255.0 {
range 172.16.0.20 172.16.0.119;
option routers 172.16.0.1;
option domain-name-servers 172.16.0.254, 172.16.0.253;
option domain-name "monlabo.lan";
}
# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration
#host passacaglia {
# hardware ethernet 0:0:c0:5d:bd:95;
# filename "vmunix.passacaglia";
# server-name "toccata.example.com";
#}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
host srv-admin-jt {
hardware ethernet 08:00:27:0a:1e:8b;
fixed-address 172.16.0.1;
}
host srv-dns2 {
hardware ethernet 08:00:27:91:48:15;
fixed-address 172.16.0.253;
}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#class "foo" {
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}
#shared-network 224-29 {
# subnet 10.17.224.0 netmask 255.255.255.0 {
# option routers rtr-224.example.org;
# }
# subnet 10.0.29.0 netmask 255.255.255.0 {
# option routers rtr-29.example.org;
# }
# pool {
# allow members of "foo";
# range 10.17.224.10 10.17.224.250;
# }
# pool {
# deny members of "foo";
# range 10.0.29.10 10.0.29.230;
# }
#}

29
sisr1/tp03-reseau-prive/srv-service/dns/db.monlabo.lan Normal file
View File

@@ -0,0 +1,29 @@
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA srv-service.monlabo.lan. root.srv-service.monlabo.lan. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
NS srv-service.monlabo.lan.
NS srv-dns2.monlabo.lan.
srv-service.monlabo.lan. A 172.16.0.254
srv-dns2.monlabo.lan. A 172.16.0.253
srv-admin-jt.monlabo.lan. A 172.16.0.1
srvdhcp IN CNAME srv-service.monlabo.lan.
dhcp IN CNAME srv-service.monlabo.lan.
srvdns IN CNAME srv-service.monlabo.lan.
dns IN CNAME srv-service.monlabo.lan.
srvdns1 IN CNAME srv-service.monlabo.lan.
dns1 IN CNAME srv-service.monlabo.lan.
srvdns2 IN CNAME srv-dns2.monlabo.lan.
dns2 IN CNAME srv-dns2.monlabo.lan.
srvadmin IN CNAME srv-admin-jt.monlabo.lan.
router IN CNAME srv-admin-jt.monlabo.lan.
gateway IN CNAME srv-admin-jt.monlabo.lan.

30
sisr1/tp03-reseau-prive/srv-service/dns/db.monlabo.lan.rev Normal file
View File

@@ -0,0 +1,30 @@
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA srv-service.monlabo.lan. root.srv-service.monlabo.lan. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS srv-service.monlabo.lan.
NS srv-dns2.monlabo.lan.
254 IN PTR svr-service.monlabo.lan.
253 IN PTR srv-dns2.monlabo.lan.
1 IN PTR srv-admin-jt.monlabo.lan.
srvdhcp IN CNAME srv-service.monlabo.lan.
dhcp IN CNAME srv-service.monlabo.lan.
srvdns IN CNAME srv-service.monlabo.lan.
dns IN CNAME srv-service.monlabo.lan.
srvdns1 IN CNAME srv-service.monlabo.lan.
dns1 IN CNAME srv-service.monlabo.lan.
srvdns2 IN CNAME srv-dns2.monlabo.lan.
dns2 IN CNAME srv-dns2.monlabo.lan.
srvadmin IN CNAME srv-admin-jt.monlabo.lan.
router IN CNAME srv-admin-jt.monlabo.lan.
gateway IN CNAME srv-admin-jt.monlabo.lan.

21
sisr1/tp03-reseau-prive/srv-service/dns/named.conf.local Normal file
View File

@@ -0,0 +1,21 @@
//
// Do any local configuration here
//
// zone direct
zone "monlabo.lan"{
type master;
file"/etc/bind/db.monlabo.lan";
};
// zone inverse
zone "0.16.172.in-addr.arpa"{
type master;
notify no;
file "/etc/bind/db.monlabo.lan.rev";
};
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

24
sisr1/tp03-reseau-prive/srv-service/dns/named.conf.options Normal file
View File

@@ -0,0 +1,24 @@
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
10.121.38.7; // DNS lycée
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation no;
listen-on-v6 { any; };
};

30
sisr1/tp04_scripts_admin/Users.csv Normal file
View File

@@ -0,0 +1,30 @@
Ermengarde,Berthelmot,eberthelmot0@webmd.com,Female,Accountant,
Kassi,Bunker,kbunker1@xinhuanet.com,Female,Production,
Moises,McCallum,mmccallum2@i2i.jp,Male,Production,
Patrizio,Lune,plune3@upenn.edu,Male,Accountant,
Blanch,Everix,beverix4@php.net,Female,Accountant,
Stafani,Kibbel,skibbel5@marriott.com,Female,Production,
Ignacius,Mosdell,imosdell6@cloudflare.com,Male,Management,
Jeana,Waller-Bridge,jwallerbridge7@mapy.cz,Female,Management,
Elroy,Dressel,edressel8@opera.com,Male,Production,
Thea,Strettell,tstrettell9@nature.com,Female,Production,
Solomon,Insoll,sinsolla@utexas.edu,Male,Accountant,
Carri,Feedome,cfeedomeb@ask.com,Female,Accountant,
Padraic,Chetwind,pchetwindc@last.fm,Male,Management,
Solly,D'Ugo,sdugod@uiuc.edu,Male,Production,
Konstanze,MacCostigan,kmaccostigane@seattletimes.com,Female,Accountant,
Roxane,Powlesland,rpowleslandf@pcworld.com,Female,Management,
Orelle,Kennealy,okennealyg@arstechnica.com,Female,Production,
Sukey,Soitoux,ssoitouxh@shinystat.com,Female,Production,
Nelli,Syce,nsycei@blogger.com,Female,Production,
Clarisse,Shillam,cshillamj@dailymotion.com,Female,Production,
Carin,Gueny,cguenyk@naver.com,Female,Management,
Donny,Riepel,driepell@addtoany.com,Male,Production,
Daniella,Ralfe,dralfem@wunderground.com,Female,Production,
Lexy,Clynmans,lclynmansn@furl.net,Female,Production,
Gardiner,Adamthwaite,gadamthwaiteo@spotify.com,Male,Production,
Woodman,Lippett,wlippettp@purevolume.com,Male,Production,
Nadya,Munnion,nmunnionq@flavors.me,Female,Production,
Llewellyn,Habershon,lhabershonr@alibaba.com,Male,Production,
Isaak,Greatrex,igreatrexs@seesaa.net,Male,Production,
Darill,Frostdyke,dfrostdyket@cafepress.com,Male,Production,
1 Ermengarde Berthelmot eberthelmot0@webmd.com Female Accountant
2 Kassi Bunker kbunker1@xinhuanet.com Female Production
3 Moises McCallum mmccallum2@i2i.jp Male Production
4 Patrizio Lune plune3@upenn.edu Male Accountant
5 Blanch Everix beverix4@php.net Female Accountant
6 Stafani Kibbel skibbel5@marriott.com Female Production
7 Ignacius Mosdell imosdell6@cloudflare.com Male Management
8 Jeana Waller-Bridge jwallerbridge7@mapy.cz Female Management
9 Elroy Dressel edressel8@opera.com Male Production
10 Thea Strettell tstrettell9@nature.com Female Production
11 Solomon Insoll sinsolla@utexas.edu Male Accountant
12 Carri Feedome cfeedomeb@ask.com Female Accountant
13 Padraic Chetwind pchetwindc@last.fm Male Management
14 Solly D'Ugo sdugod@uiuc.edu Male Production
15 Konstanze MacCostigan kmaccostigane@seattletimes.com Female Accountant
16 Roxane Powlesland rpowleslandf@pcworld.com Female Management
17 Orelle Kennealy okennealyg@arstechnica.com Female Production
18 Sukey Soitoux ssoitouxh@shinystat.com Female Production
19 Nelli Syce nsycei@blogger.com Female Production
20 Clarisse Shillam cshillamj@dailymotion.com Female Production
21 Carin Gueny cguenyk@naver.com Female Management
22 Donny Riepel driepell@addtoany.com Male Production
23 Daniella Ralfe dralfem@wunderground.com Female Production
24 Lexy Clynmans lclynmansn@furl.net Female Production
25 Gardiner Adamthwaite gadamthwaiteo@spotify.com Male Production
26 Woodman Lippett wlippettp@purevolume.com Male Production
27 Nadya Munnion nmunnionq@flavors.me Female Production
28 Llewellyn Habershon lhabershonr@alibaba.com Male Production
29 Isaak Greatrex igreatrexs@seesaa.net Male Production
30 Darill Frostdyke dfrostdyket@cafepress.com Male Production

21
sisr1/tp04_scripts_admin/createGroups.sh Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/bash
file='./Users.csv'
while read ligne
do
# A chaque itération, stocker le métier dans $metier
metier=$(echo $ligne | cut -d "," -f5)
# On regarde si les group existe
# tail /etc/group
# Vérification de la présence du groupe -> ajout du group si il n'existe pas
if [[ $(echo $ligne | grep $metier /etc/group) == "" ]] ; then
groupadd $metier
fi
# On regarde si les groups ont été créé
# tail /etc/group
# echo $metier
done < $file

25
sisr1/tp04_scripts_admin/createLogins.sh Normal file
View File

@@ -0,0 +1,25 @@
#!/bin/bash
fichier_a_lire='./Users.csv'
fichier_a_ecrire='./logins.csv'
# Suppression du fichier
rm $fichier_a_ecrire 2> /dev/null # Redirection des erreurs
# Création du fichier login.csv
touch $fichier_a_ecrire
while read ligne
do
aecrire=""
# A chaque itération, stocker le prénom dans $prenom
prenom=$(echo $ligne | cut -d "," -f1)
# A chaque itération, stocker le nom dans $nom
nom=$(echo $ligne | cut -d "," -f2)
# A chaque itération, stocker le métier dans $metier
group=$(echo $ligne | cut -d "," -f5)
login=?
password=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 12; echo)
echo $aecrire >> $fichier_a_ecrire
done < $fichier_a_lire

20
sisr1/tp04_scripts_admin/createUsers.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
fichier='./login.csv'
while read line
do
username=$(echo $line | cut -d ";" -f1)
useradd -m -s "/bin/bash" $username
# permet l'ajout d'un utilisateur
group=$(echo $line | cut -d ";" -f5)
usermod -ag $group $username
password=$(echo $line | cut -d ";" -f2)
#permet de changer le mot de passe
echo $username:$password | chpasswd
chown $username:$username /home/$username

16
sisr1/tp04_scripts_admin/gitpush.sh Normal file
View File

@@ -0,0 +1,16 @@
#!/bin/bash
if [ -z "$1" ] ; then
read -p "Erreur: Ecrivez un message " message
else
message="$1"
fi
# Ajout des fichiers modifiers
git add .
# Commit avec le message
git commit -m "$message"
# Push vers le dépot
git push -u https://anthony.boillot@gitea.lyc-lecastel.fr/anthony.boillot/siotp.git

30
sisr1/tp04_scripts_admin/logins.csv Normal file
View File

@@ -0,0 +1,30 @@