Compare commits
	
		
			5 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | 338f2079d2 | ||
|  | 90e7dd49e1 | ||
|  | d8c2e77297 | ||
|  | d13fd49d51 | ||
|  | 12d5112d55 | 
							
								
								
									
										43
									
								
								Ansible/confsrv.yml
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										43
									
								
								Ansible/confsrv.yml
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,43 @@ | ||||
| --- | ||||
| - hosts: srv | ||||
|   remote_user: root | ||||
|   tasks: | ||||
|   - name: création de sioadm | ||||
|     user: | ||||
|       name: sioadm | ||||
|       state: present | ||||
|       generate_ssh_key: yes | ||||
|       password: "{{ 'sioadm' | password_hash('sha512') }}" | ||||
|       uid: 1200 | ||||
|       groups: sudo | ||||
|       append: yes | ||||
|     register: mavar | ||||
|   - name: debug | ||||
|     debug: | ||||
|       msg: "{{ mavar }}" | ||||
|   - name: export clé publique | ||||
|     authorized_key: | ||||
|       user: "{{ sioadm }}" | ||||
|       key: /sioadm/.ssh/id_rsa.pub  | ||||
|       state: present  | ||||
|   - name: désinstaller paquets wpasupplicant | ||||
|     apt : | ||||
|       name : wpasupplicant | ||||
|       state: absent | ||||
|   - name: désinstaller paquets rpcbindd | ||||
|     apt : | ||||
|       name : rpcbind | ||||
|       state: absent | ||||
|   - name: copie fichier resolv.conf | ||||
|     copy: | ||||
|       src:resolv.conf | ||||
|       dest:/etc | ||||
|   - name: disable SSH access for root | ||||
|     lineinfile: | ||||
|       path: /etc/ssh/sshd_config | ||||
|       regexp: '^(.*)#PermitRootLogin prohibit-password(.*)$" | ||||
|       replace: "PermitRootLogin prohibit-password" | ||||
|   - name: copie fichier sshd_config | ||||
|     copy: | ||||
|       src:sshd_config | ||||
|       dest:/etc/ssh/ | ||||
							
								
								
									
										21
									
								
								Ansible/cr-ansible.txt
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								Ansible/cr-ansible.txt
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | ||||
| Script démarré sur 2021-11-24 09:49:54+01:00 [TERM="xterm-256color" TTY="/dev/pts/0" COLUMNS="126" LINES="45"] | ||||
| [?2004hroot@ansible:~# sed -i 's/srv/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cip -br a[Knano resolv.confsed -i 's/ansible/srv/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[27Papt install ansible -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[14Pip -br ased -i 's/test/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cpoweroff[Kapt update && apt upgrade -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Csed -i 's/bullseye/test/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[23Papt update && apt upgrade -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cpoweroff[Ksed -i 's/test/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cip -br a[Kapt install ansible -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Csed -i 's/ansible/srv/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cnano resolv.conf[K[8Pip -br ased -i 's/srv/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Ksed -i 's/srv/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cip -br a[Knano resolv.confsed -i 's/ansible/srv/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[27Papt install ansible -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[14Pip -br ased -i 's/test/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cpoweroff[Kapt update && apt upgrade -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Csed -i 's/bullseye/test/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cpoweroff[Knano /etc/ssh/sshd_config | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cls[K[Kpoweroff[4Pip rnlapoweroffapt autoremove[1Pcleaninstall vim curl mc sudo [K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[Kansible-playbook -i hi[Kosr[Kts confsrv.yml | ||||
| [?2004l | ||||
							
								
								
									
										2
									
								
								Ansible/hosts
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								Ansible/hosts
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,2 @@ | ||||
| [srv] | ||||
| srv | ||||
							
								
								
									
										4
									
								
								Ansible/resolv.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								Ansible/resolv.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| search sio.lan | ||||
| domain sio.lan | ||||
| nameserver 10.121.38.7 | ||||
| nameserver 10.121.38.8 | ||||
							
								
								
									
										124
									
								
								Ansible/sshd_config
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										124
									
								
								Ansible/sshd_config
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,124 @@ | ||||
| #	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ | ||||
|  | ||||
| # This is the sshd server system-wide configuration file.  See | ||||
| # sshd_config(5) for more information. | ||||
|  | ||||
| # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin | ||||
|  | ||||
| # The strategy used for options in the default sshd_config shipped with | ||||
| # OpenSSH is to specify options with their default value where | ||||
| # possible, but leave them commented.  Uncommented options override the | ||||
| # default value. | ||||
|  | ||||
| Include /etc/ssh/sshd_config.d/*.conf | ||||
|  | ||||
| #Port 22 | ||||
| #AddressFamily any | ||||
| #ListenAddress 0.0.0.0 | ||||
| #ListenAddress :: | ||||
|  | ||||
| #HostKey /etc/ssh/ssh_host_rsa_key | ||||
| #HostKey /etc/ssh/ssh_host_ecdsa_key | ||||
| #HostKey /etc/ssh/ssh_host_ed25519_key | ||||
|  | ||||
| # Ciphers and keying | ||||
| #RekeyLimit default none | ||||
|  | ||||
| # Logging | ||||
| #SyslogFacility AUTH | ||||
| #LogLevel INFO | ||||
|  | ||||
| # Authentication: | ||||
|  | ||||
| #LoginGraceTime 2m | ||||
| #PermitRootLogin prohibit-password | ||||
| #StrictModes yes | ||||
| #MaxAuthTries 6 | ||||
| #MaxSessions 10 | ||||
|  | ||||
| #PubkeyAuthentication yes | ||||
|  | ||||
| # Expect .ssh/authorized_keys2 to be disregarded by default in future. | ||||
| #AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2 | ||||
|  | ||||
| #AuthorizedPrincipalsFile none | ||||
|  | ||||
| #AuthorizedKeysCommand none | ||||
| #AuthorizedKeysCommandUser nobody | ||||
|  | ||||
| # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | ||||
| #HostbasedAuthentication no | ||||
| # Change to yes if you don't trust ~/.ssh/known_hosts for | ||||
| # HostbasedAuthentication | ||||
| #IgnoreUserKnownHosts no | ||||
| # Don't read the user's ~/.rhosts and ~/.shosts files | ||||
| #IgnoreRhosts yes | ||||
|  | ||||
| # To disable tunneled clear text passwords, change to no here! | ||||
| #PasswordAuthentication yes | ||||
| #PermitEmptyPasswords no | ||||
|  | ||||
| # Change to yes to enable challenge-response passwords (beware issues with | ||||
| # some PAM modules and threads) | ||||
| ChallengeResponseAuthentication no | ||||
|  | ||||
| # Kerberos options | ||||
| #KerberosAuthentication no | ||||
| #KerberosOrLocalPasswd yes | ||||
| #KerberosTicketCleanup yes | ||||
| #KerberosGetAFSToken no | ||||
|  | ||||
| # GSSAPI options | ||||
| #GSSAPIAuthentication no | ||||
| #GSSAPICleanupCredentials yes | ||||
| #GSSAPIStrictAcceptorCheck yes | ||||
| #GSSAPIKeyExchange no | ||||
|  | ||||
| # Set this to 'yes' to enable PAM authentication, account processing, | ||||
| # and session processing. If this is enabled, PAM authentication will | ||||
| # be allowed through the ChallengeResponseAuthentication and | ||||
| # PasswordAuthentication.  Depending on your PAM configuration, | ||||
| # PAM authentication via ChallengeResponseAuthentication may bypass | ||||
| # the setting of "PermitRootLogin without-password". | ||||
| # If you just want the PAM account and session checks to run without | ||||
| # PAM authentication, then enable this but set PasswordAuthentication | ||||
| # and ChallengeResponseAuthentication to 'no'. | ||||
| UsePAM yes | ||||
|  | ||||
| #AllowAgentForwarding yes | ||||
| #AllowTcpForwarding yes | ||||
| #GatewayPorts no | ||||
| X11Forwarding yes | ||||
| #X11DisplayOffset 10 | ||||
| #X11UseLocalhost yes | ||||
| #PermitTTY yes | ||||
| PrintMotd no | ||||
| #PrintLastLog yes | ||||
| #TCPKeepAlive yes | ||||
| #PermitUserEnvironment no | ||||
| #Compression delayed | ||||
| #ClientAliveInterval 0 | ||||
| #ClientAliveCountMax 3 | ||||
| #UseDNS no | ||||
| #PidFile /var/run/sshd.pid | ||||
| #MaxStartups 10:30:100 | ||||
| #PermitTunnel no | ||||
| #ChrootDirectory none | ||||
| #VersionAddendum none | ||||
|  | ||||
| # no default banner path | ||||
| #Banner none | ||||
|  | ||||
| # Allow client to pass locale environment variables | ||||
| AcceptEnv LANG LC_* | ||||
|  | ||||
| # override default of no subsystems | ||||
| Subsystem	sftp	/usr/lib/openssh/sftp-server | ||||
|  | ||||
| # Example of overriding settings on a per-user basis | ||||
| #Match User anoncvs | ||||
| #	X11Forwarding no | ||||
| #	AllowTcpForwarding no | ||||
| #	PermitTTY no | ||||
| #	ForceCommand cvs server | ||||
| PermitRootLogin prohibit-password | ||||
							
								
								
									
										11
									
								
								Python/Python/exotp2-exprregu
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										11
									
								
								Python/Python/exotp2-exprregu
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,11 @@ | ||||
| #!/usr/bin/python3 | ||||
| import sys | ||||
| import re | ||||
|  | ||||
| regexp = '^(\S+) (\S+) (\S+) \[([^]]+)\] "(\w+) (\S+).*" (\d+) (\S+)' | ||||
| for line in sys.stdin: | ||||
|     line = line.rstrip () | ||||
|     match =re.match (regexp, line) | ||||
|     if match : | ||||
|         print (match.group(1)," ",match.group(8)) | ||||
| #        for line in | ||||
							
								
								
									
										23
									
								
								Python/analog.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								Python/analog.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| #!/usr/bin/python3 | ||||
| import sys | ||||
| import re | ||||
|  | ||||
| cptip = {} | ||||
|  | ||||
|  | ||||
| regexp = '^(\S+) (\S+) (\S+) \[([^]]+)\] "(\w+) (\S+).*" (\d+) (\S+)' | ||||
| for line in sys.stdin: | ||||
|         line = line.rstrip () | ||||
|         match =re.match (regexp, line) | ||||
|         if match : | ||||
|             print (match.group(1)," ",match.group(8)) | ||||
|             #print {match.group(1)} | ||||
|             ip = match.group(1) | ||||
|             vol = int(match.group(8)) | ||||
|             if ip in cptip : | ||||
|                 cptip[ip] = cptip[ip] + vol | ||||
|             else: | ||||
|                 cptip[ip] = vol | ||||
|  | ||||
| for key in cptip.keys(): | ||||
|     print(key, ":", cptip[key])  | ||||
							
								
								
									
										4
									
								
								tp_loadbalancing/recup
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										4
									
								
								tp_loadbalancing/recup
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| #!/bin/sh | ||||
| while true ; do | ||||
| 	curl -s http://192.168.0.151 -o /dev/null | ||||
| done | ||||
							
								
								
									
										114
									
								
								tp_pxe/dhcpd.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										114
									
								
								tp_pxe/dhcpd.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,114 @@ | ||||
| # dhcpd.conf | ||||
| # | ||||
| # Sample configuration file for ISC dhcpd | ||||
| # | ||||
|  | ||||
| # option definitions common to all supported networks... | ||||
| option domain-name "192.168.1.1"; | ||||
| option domain-name-servers 192.168.1.1; | ||||
|  | ||||
| default-lease-time 600; | ||||
| max-lease-time 7200; | ||||
|  | ||||
| # The ddns-updates-style parameter controls whether or not the server will | ||||
| # attempt to do a DNS update when a lease is confirmed. We default to the | ||||
| # behavior of the version 2 packages ('none', since DHCP v2 didn't | ||||
| # have support for DDNS.) | ||||
| ddns-update-style none; | ||||
|  | ||||
| # If this DHCP server is the official DHCP server for the local | ||||
| # network, the authoritative directive should be uncommented. | ||||
| #authoritative; | ||||
|  | ||||
| # Use this to send dhcp log messages to a different log file (you also | ||||
| # have to hack syslog.conf to complete the redirection). | ||||
| #log-facility local7; | ||||
|  | ||||
| # No service will be given on this subnet, but declaring it helps the  | ||||
| # DHCP server to understand the network topology. | ||||
|  | ||||
| subnet 192.168.1.0 netmask 255.255.255.0 { | ||||
| 	range 192.168.1.10 192.168.1.30; | ||||
| 	option routers 192.168.1.1; | ||||
| 	option broadcast-address 192.168.1.254; | ||||
| 	default-lease-time 600; | ||||
| 	max-lease-time 7200; | ||||
| 	filename "pxelinux.0"; | ||||
| 	next-server 192.168.1.1; | ||||
| } | ||||
|  | ||||
| # This is a very basic subnet declaration. | ||||
|  | ||||
| #subnet 10.254.239.0 netmask 255.255.255.224 { | ||||
| #  range 10.254.239.10 10.254.239.20; | ||||
| #  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; | ||||
| #} | ||||
|  | ||||
| # This declaration allows BOOTP clients to get dynamic addresses, | ||||
| # which we don't really recommend. | ||||
|  | ||||
| #subnet 10.254.239.32 netmask 255.255.255.224 { | ||||
| #  range dynamic-bootp 10.254.239.40 10.254.239.60; | ||||
| #  option broadcast-address 10.254.239.31; | ||||
| #  option routers rtr-239-32-1.example.org; | ||||
| #} | ||||
|  | ||||
| # A slightly different configuration for an internal subnet. | ||||
| #subnet 10.5.5.0 netmask 255.255.255.224 { | ||||
| #  range 10.5.5.26 10.5.5.30; | ||||
| #  option domain-name-servers ns1.internal.example.org; | ||||
| #  option domain-name "internal.example.org"; | ||||
| #  option routers 10.5.5.1; | ||||
| #  option broadcast-address 10.5.5.31; | ||||
| #  default-lease-time 600; | ||||
| #  max-lease-time 7200; | ||||
| #} | ||||
|  | ||||
| # Hosts which require special configuration options can be listed in | ||||
| # host statements.   If no address is specified, the address will be | ||||
| # allocated dynamically (if possible), but the host-specific information | ||||
| # will still come from the host declaration. | ||||
|  | ||||
| #host passacaglia { | ||||
| #  hardware ethernet 0:0:c0:5d:bd:95; | ||||
| #  filename "vmunix.passacaglia"; | ||||
| #  server-name "toccata.example.com"; | ||||
| #} | ||||
|  | ||||
| # Fixed IP addresses can also be specified for hosts.   These addresses | ||||
| # should not also be listed as being available for dynamic assignment. | ||||
| # Hosts for which fixed IP addresses have been specified can boot using | ||||
| # BOOTP or DHCP.   Hosts for which no fixed address is specified can only | ||||
| # be booted with DHCP, unless there is an address range on the subnet | ||||
| # to which a BOOTP client is connected which has the dynamic-bootp flag | ||||
| # set. | ||||
| #host fantasia { | ||||
| #  hardware ethernet 08:00:07:26:c0:a5; | ||||
| #  fixed-address fantasia.example.com; | ||||
| #} | ||||
|  | ||||
| # You can declare a class of clients and then do address allocation | ||||
| # based on that.   The example below shows a case where all clients | ||||
| # in a certain class get addresses on the 10.17.224/24 subnet, and all | ||||
| # other clients get addresses on the 10.0.29/24 subnet. | ||||
|  | ||||
| #class "foo" { | ||||
| #  match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; | ||||
| #} | ||||
|  | ||||
| #shared-network 224-29 { | ||||
| #  subnet 10.17.224.0 netmask 255.255.255.0 { | ||||
| #    option routers rtr-224.example.org; | ||||
| #  } | ||||
| #  subnet 10.0.29.0 netmask 255.255.255.0 { | ||||
| #    option routers rtr-29.example.org; | ||||
| #  } | ||||
| #  pool { | ||||
| #    allow members of "foo"; | ||||
| #    range 10.17.224.10 10.17.224.250; | ||||
| #  } | ||||
| #  pool { | ||||
| #    deny members of "foo"; | ||||
| #    range 10.0.29.10 10.0.29.230; | ||||
| #  } | ||||
| #} | ||||
							
								
								
									
										18
									
								
								tp_pxe/interfaces
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								tp_pxe/interfaces
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | ||||
| # This file describes the network interfaces available on your system | ||||
| # and how to activate them. For more information, see interfaces(5). | ||||
|  | ||||
| source /etc/network/interfaces.d/* | ||||
|  | ||||
| # The loopback network interface | ||||
| auto lo | ||||
| iface lo inet loopback | ||||
|  | ||||
| # The primary network interface | ||||
| allow-hotplug enp0s3 | ||||
| iface enp0s3 inet dhcp | ||||
|  | ||||
| allow-hotplug enp0s8 | ||||
| iface enp0s8 inet static | ||||
| 	address 192.168.1.1/24 | ||||
| 	up /root/nat.sh | ||||
|  | ||||
							
								
								
									
										18
									
								
								tp_pxe/isc-dhcp-server
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								tp_pxe/isc-dhcp-server
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | ||||
| # Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server) | ||||
|  | ||||
| # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). | ||||
| #DHCPDv4_CONF=/etc/dhcp/dhcpd.conf | ||||
| #DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf | ||||
|  | ||||
| # Path to dhcpd's PID file (default: /var/run/dhcpd.pid). | ||||
| #DHCPDv4_PID=/var/run/dhcpd.pid | ||||
| #DHCPDv6_PID=/var/run/dhcpd6.pid | ||||
|  | ||||
| # Additional options to start dhcpd with. | ||||
| #	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead | ||||
| #OPTIONS="" | ||||
|  | ||||
| # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? | ||||
| #	Separate multiple interfaces with spaces, e.g. "eth0 eth1". | ||||
| INTERFACESv4="enp0s8" | ||||
| #INTERFACESv6="" | ||||
							
								
								
									
										3
									
								
								tp_pxe/nat.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										3
									
								
								tp_pxe/nat.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,3 @@ | ||||
| #!/bin/bash | ||||
| echo "1" > /proc/sys/net/ipv4/ip_forward | ||||
| iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE # eth0 est l'interface externe | ||||
		Reference in New Issue
	
	Block a user