commit d85c082594883bd87c457ff9951aba3d0c06a812
Author: Anthony Lebeau <anthony.lebeau@ip-192-168-0-45>
Date: Tue Jan 30 15:50:52 2024 +0100
nouveau fichier : sisr1/tp01-02/srv-dhcp/dhcpd.conf
nouveau fichier : sisr1/tp01-02/srv-dhcp/interfaces
nouveau fichier : sisr1/tp01-02/srv-dhcp/isc-dhcp-server
nouveau fichier : sisr1/tp01-02/srv-dhcp/nat.sh
nouveau fichier : sisr1/tp01-02/srv-dns1/db.sio1lab.lan
nouveau fichier : sisr1/tp01-02/srv-dns1/db.sio1lab.lan.rev
nouveau fichier : sisr1/tp01-02/srv-dns1/named.conf
nouveau fichier : sisr1/tp01-02/srv-dns1/named.conf.local
nouveau fichier : sisr1/tp01-02/srv-dns1/named.conf.options
nouveau fichier : sisr1/tp01-02/srv-dns1/resolv.conf
nouveau fichier : sisr1/tp01-02/srv-dns2/db.sio1lab.lan
nouveau fichier : sisr1/tp01-02/srv-dns2/db.sio1lab.lan.rev
nouveau fichier : sisr1/tp01-02/srv-dns2/named.conf
nouveau fichier : sisr1/tp01-02/srv-dns2/named.conf.local
nouveau fichier : sisr1/tp01-02/srv-dns2/usr.sbin.named
diff --git a/sisr1/tp01-02/srv-dhcp/dhcpd.conf b/sisr1/tp01-02/srv-dhcp/dhcpd.conf
new file mode 100644
index 0000000..e82306a
--- /dev/null
+++ b/sisr1/tp01-02/srv-dhcp/dhcpd.conf
@@ -0,0 +1,109 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+option domain-name-servers 192.168.0.161;
+
+default-lease-time 600;
+max-lease-time 7200;
+host xp-master {
+ hardware ethernet 08:00:27:77:70:0d;
+ fixed-address 192.168.2.56;
+}
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the
+# DHCP server to understand the network topology.
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+# range 10.254.239.10 10.254.239.20;
+# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+# range dynamic-bootp 10.254.239.40 10.254.239.60;
+# option broadcast-address 10.254.239.31;
+# option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+subnet 192.168.2.0 netmask 255.255.255.0 {
+ range 192.168.2.10 192.168.2.100;
+# option domain-name-servers 10.121.38.7, 10.121.38.8;
+# option domain-name "internal.example.org";
+ option routers 192.168.0.160;
+ option broadcast-address 192.168.2.255;
+ default-lease-time 86400;
+ max-lease-time 86400;
+}
+
+# Hosts which require special configuration options can be listed in
+# host statements. If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+# hardware ethernet 0:0:c0:5d:bd:95;
+# filename "vmunix.passacaglia";
+# server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts. These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP. Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+# hardware ethernet 08:00:07:26:c0:a5;
+# fixed-address fantasia.example.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that. The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+# subnet 10.17.224.0 netmask 255.255.255.0 {
+# option routers rtr-224.example.org;
+# }
+# subnet 10.0.29.0 netmask 255.255.255.0 {
+# option routers rtr-29.example.org;
+# }
+# pool {
+# allow members of "foo";
+# range 10.17.224.10 10.17.224.250;
+# }
+# pool {
+# deny members of "foo";
+# range 10.0.29.10 10.0.29.230;
+# }
+#}
diff --git a/sisr1/tp01-02/srv-dhcp/interfaces b/sisr1/tp01-02/srv-dhcp/interfaces
new file mode 100644
index 0000000..b00b0dd
--- /dev/null
+++ b/sisr1/tp01-02/srv-dhcp/interfaces
@@ -0,0 +1,20 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+allow-hotplug enp0s3
+auto enp0s3
+iface enp0s3 inet static
+ address 192.168.0.160/24
+ gateway 192.168.0.1
+
+auto enp0s8
+iface enp0s8 inet static
+ address 192.168.2.1/24
+
diff --git a/sisr1/tp01-02/srv-dhcp/isc-dhcp-server b/sisr1/tp01-02/srv-dhcp/isc-dhcp-server
new file mode 100644
index 0000000..c59e5e3
--- /dev/null
+++ b/sisr1/tp01-02/srv-dhcp/isc-dhcp-server
@@ -0,0 +1,18 @@
+# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
+#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPDv4_PID=/var/run/dhcpd.pid
+#DHCPDv6_PID=/var/run/dhcpd6.pid
+
+# Additional options to start dhcpd with.
+# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="enp0s8"
+INTERFACESv6=""
diff --git a/sisr1/tp01-02/srv-dhcp/nat.sh b/sisr1/tp01-02/srv-dhcp/nat.sh
new file mode 100755
index 0000000..21f6b8d
--- /dev/null
+++ b/sisr1/tp01-02/srv-dhcp/nat.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+echo "1" > /proc/sys/net/ipv4/ip_forward
+nft add table basic_nat_table
+nft add chain basic_nat_table prerouting {type nat hook prerouting priority 0\;}
+nft add chain basic_nat_table postrouting {type nat hook postrouting priority 0\;}
+nft add rule basic_nat_table postrouting masquerade
diff --git a/sisr1/tp01-02/srv-dns1/db.sio1lab.lan b/sisr1/tp01-02/srv-dns1/db.sio1lab.lan
new file mode 100644
index 0000000..2c967d6
--- /dev/null
+++ b/sisr1/tp01-02/srv-dns1/db.sio1lab.lan
@@ -0,0 +1,20 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL 604800
+@ IN SOA deb-dns1-al.sio1lab.lan. root.sio1lab.lan. (
+ 2 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
+;
+@ IN NS deb-dns1-al.sio1lab.lan.
+@ IN A 172.0.0.1
+deb-dns1-al IN A 192.168.0.161
+deb-dhcp-al IN A 192.168.0.160
+deb-dns2-al IN A 192.168.0.162
+dhcp IN CNAME deb-dhcp-al
+dns1 IN CNAME deb-dns1-al
+dns2 IN CNAME deb-dns2-al
+
diff --git a/sisr1/tp01-02/srv-dns1/db.sio1lab.lan.rev b/sisr1/tp01-02/srv-dns1/db.sio1lab.lan.rev
new file mode 100644
index 0000000..3e0494a
--- /dev/null
+++ b/sisr1/tp01-02/srv-dns1/db.sio1lab.lan.rev
@@ -0,0 +1,22 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL 604800
+@ IN SOA deb-dns1-al.sio1lab.lan. root.sio1lab.lan. (
+ 2 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
+;
+@ IN NS deb-dns1-al.sio1lab.lan.
+@ IN AAAA ::1
+deb-dns1-al IN A 192.168.0.161
+deb-dns2-al IN A 192.168.0.162
+deb-dhcp-al IN A 192.168.0.160
+dhcp IN CNAME deb-dhcp-al
+dns IN CNAME deb-dns1-al
+dns2 IN CNAME deb-dns2-al
+161 IN PTR deb-dns1-al
+160 IN PTR deb-dhcp-al
+162 IN PTR deb-dns2-al
diff --git a/sisr1/tp01-02/srv-dns1/named.conf b/sisr1/tp01-02/srv-dns1/named.conf
new file mode 100644
index 0000000..bc71baa
--- /dev/null
+++ b/sisr1/tp01-02/srv-dns1/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/sisr1/tp01-02/srv-dns1/named.conf.local b/sisr1/tp01-02/srv-dns1/named.conf.local
new file mode 100644
index 0000000..bf859f5
--- /dev/null
+++ b/sisr1/tp01-02/srv-dns1/named.conf.local
@@ -0,0 +1,16 @@
+//
+// Do any local configuration here
+//
+
+// zone directe
+ zone "sio1lab.lan" {
+ type master;
+ file "/etc/bind/db.sio1lab.lan";
+ };
+
+ // zone inverse
+ zone "0.168.192.in-addr.arpa" {
+ type master;
+ notify no;
+ file "/etc/bind/db.sio1lab.lan.rev";
+ };
diff --git a/sisr1/tp01-02/srv-dns1/named.conf.options b/sisr1/tp01-02/srv-dns1/named.conf.options
new file mode 100644
index 0000000..68848d5
--- /dev/null
+++ b/sisr1/tp01-02/srv-dns1/named.conf.options
@@ -0,0 +1,25 @@
+options {
+ directory "/var/cache/bind";
+
+ // If there is a firewall between you and nameservers you want
+ // to talk to, you may need to fix the firewall to allow multiple
+ // ports to talk. See http://www.kb.cert.org/vuls/id/800113
+
+ // If your ISP provided one or more IP addresses for stable
+ // nameservers, you probably want to use them as forwarders.
+ // Uncomment the following block, and insert the addresses replacing
+ // the all-0's placeholder.
+
+ forwarders {
+ 10.121.38.7;
+ 10.121.38.8;
+ };
+
+ //========================================================================
+ // If BIND logs error messages about the root key being expired,
+ // you will need to update your keys. See https://www.isc.org/bind-keys
+ //========================================================================
+ dnssec-validation no;
+
+ listen-on-v6 { any; };
+};
diff --git a/sisr1/tp01-02/srv-dns1/resolv.conf b/sisr1/tp01-02/srv-dns1/resolv.conf
new file mode 100644
index 0000000..2a6163f
--- /dev/null
+++ b/sisr1/tp01-02/srv-dns1/resolv.conf
@@ -0,0 +1,3 @@
+
+search sio1lab.lan
+nameserver 127.0.0.1
diff --git a/sisr1/tp01-02/srv-dns2/db.sio1lab.lan b/sisr1/tp01-02/srv-dns2/db.sio1lab.lan
new file mode 100644
index 0000000..d92884a
--- /dev/null
+++ b/sisr1/tp01-02/srv-dns2/db.sio1lab.lan
@@ -0,0 +1,18 @@
+$ORIGIN .
+$TTL 604800 ; 1 week
+sio1lab.lan IN SOA deb-dns1-al.sio1lab.lan. root.sio1lab.lan. (
+ 2 ; serial
+ 604800 ; refresh (1 week)
+ 86400 ; retry (1 day)
+ 2419200 ; expire (4 weeks)
+ 604800 ; minimum (1 week)
+ )
+ NS deb-dns1-al.sio1lab.lan.
+ A 172.0.0.1
+$ORIGIN sio1lab.lan.
+deb-dhcp-al A 192.168.0.160
+deb-dns1-al A 192.168.0.161
+deb-dns2-al A 192.168.0.162
+dhcp CNAME deb-dhcp-al
+dns1 CNAME deb-dns1-al
+dns2 CNAME deb-dns2-al
diff --git a/sisr1/tp01-02/srv-dns2/db.sio1lab.lan.rev b/sisr1/tp01-02/srv-dns2/db.sio1lab.lan.rev
new file mode 100644
index 0000000..3a10e6b
--- /dev/null
+++ b/sisr1/tp01-02/srv-dns2/db.sio1lab.lan.rev
@@ -0,0 +1,21 @@
+$ORIGIN .
+$TTL 604800 ; 1 week
+0.168.192.in-addr.arpa IN SOA deb-dns1-al.sio1lab.lan. root.sio1lab.lan. (
+ 2 ; serial
+ 604800 ; refresh (1 week)
+ 86400 ; retry (1 day)
+ 2419200 ; expire (4 weeks)
+ 604800 ; minimum (1 week)
+ )
+ NS deb-dns1-al.sio1lab.lan.
+ AAAA ::1
+$ORIGIN 0.168.192.in-addr.arpa.
+160 PTR deb-dhcp-al
+161 PTR deb-dns1-al
+162 PTR deb-dns2-al
+deb-dhcp-al A 192.168.0.160
+deb-dns1-al A 192.168.0.161
+deb-dns2-al A 192.168.0.162
+dhcp CNAME deb-dhcp-al
+dns CNAME deb-dns1-al
+dns2 CNAME deb-dns2-al
diff --git a/sisr1/tp01-02/srv-dns2/named.conf b/sisr1/tp01-02/srv-dns2/named.conf
new file mode 100644
index 0000000..bc71baa
--- /dev/null
+++ b/sisr1/tp01-02/srv-dns2/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/sisr1/tp01-02/srv-dns2/named.conf.local b/sisr1/tp01-02/srv-dns2/named.conf.local
new file mode 100644
index 0000000..114e90a
--- /dev/null
+++ b/sisr1/tp01-02/srv-dns2/named.conf.local
@@ -0,0 +1,20 @@
+//
+// Do any local configuration here
+//
+
+// zone directe
+zone "sio1lab.lan" {
+ type slave;
+ file "/etc/bind/db.sio1lab.lan";
+ masters { 192.168.0.161; };
+ masterfile-format text;
+ };
+
+ // zone inverse
+zone "0.168.192.in-addr.arpa" {
+ type slave;
+ notify no;
+ file "/etc/bind/db.sio1lab.lan.rev";
+ masters { 192.168.0.161; };
+ masterfile-format text;
+ };
diff --git a/sisr1/tp01-02/srv-dns2/usr.sbin.named b/sisr1/tp01-02/srv-dns2/usr.sbin.named
new file mode 100644
index 0000000..4ec3be9
--- /dev/null
+++ b/sisr1/tp01-02/srv-dns2/usr.sbin.named
@@ -0,0 +1,101 @@
+# vim:syntax=apparmor
+# Last Modified: Fri Jun 1 16:43:22 2007
+#include <tunables/global>
+
+profile named /usr/sbin/named flags=(attach_disconnected) {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+
+ capability net_bind_service,
+ capability setgid,
+ capability setuid,
+ capability sys_chroot,
+ capability sys_resource,
+
+ # /etc/bind should be read-only for bind
+ # /var/lib/bind is for dynamically updated zone (and journal) files.
+ # /var/cache/bind is for slave/stub data, since we're not the origin of it.
+ # See /usr/share/doc/bind9/README.Debian.gz
+ /etc/bind/** rw,
+ /var/lib/bind/** rw,
+ /var/lib/bind/ rw,
+ /var/cache/bind/** lrw,
+ /var/cache/bind/ rw,
+
+ # Database file used by allow-new-zones
+ /var/cache/bind/_default.nzd-lock rwk,
+
+ # gssapi
+ /etc/krb5.keytab kr,
+ /etc/bind/krb5.keytab kr,
+
+ # ssl
+ /etc/ssl/*.cnf r,
+ /etc/ssl/*.conf r,
+
+ # root hints from dns-data-root
+ /usr/share/dns/root.* r,
+
+ # GeoIP data files for GeoIP ACLs
+ /usr/share/GeoIP/** r,
+
+ # dnscvsutil package
+ /var/lib/dnscvsutil/compiled/** rw,
+
+ # Allow changing worker thread names
+ owner @{PROC}/@{pid}/task/@{tid}/comm rw,
+
+ # named need to check if hugepages is available
+ /sys/kernel/mm/transparent_hugepage/enabled r,
+
+ @{PROC}/net/if_inet6 r,
+ @{PROC}/*/net/if_inet6 r,
+ @{PROC}/sys/net/ipv4/ip_local_port_range r,
+ /usr/sbin/named mr,
+ /{,var/}run/named/named.pid w,
+ /{,var/}run/named/session.key w,
+ # support for resolvconf
+ /{,var/}run/named/named.options r,
+
+ # some people like to put logs in /var/log/named/ instead of having
+ # syslog do the heavy lifting.
+ /var/log/named/** rw,
+ /var/log/named/ rw,
+
+ # gssapi
+ /var/lib/sss/pubconf/krb5.include.d/** r,
+ /var/lib/sss/pubconf/krb5.include.d/ r,
+ /var/lib/sss/mc/initgroups r,
+ /etc/gss/mech.d/ r,
+
+ # ldap
+ /etc/ldap/ldap.conf r,
+ /{,var/}run/slapd-*.socket rw,
+
+ # dynamic updates
+ /var/tmp/DNS_* rw,
+
+ # dyndb backends
+ /usr/lib/bind/*.so rm,
+
+ # Samba DLZ
+ /{usr/,}lib/@{multiarch}/samba/bind9/*.so rm,
+ /{usr/,}lib/@{multiarch}/samba/gensec/*.so rm,
+ /{usr/,}lib/@{multiarch}/samba/ldb/*.so rm,
+ /{usr/,}lib/@{multiarch}/ldb/modules/ldb/*.so rm,
+ /var/lib/samba/bind-dns/dns.keytab rk,
+ /var/lib/samba/bind-dns/named.conf r,
+ /var/lib/samba/bind-dns/dns/** rwk,
+ /var/lib/samba/private/dns.keytab rk,
+ /var/lib/samba/private/named.conf r,
+ /var/lib/samba/private/dns/** rwk,
+ /etc/samba/smb.conf r,
+ /dev/urandom rwmk,
+ owner /var/tmp/krb5_* rwk,
+
+ # systemd sd_notify
+ /run/systemd/notify w,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.named>
+}