Compare commits
	
		
			1 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | 338f2079d2 | 
							
								
								
									
										43
									
								
								Ansible/confsrv.yml
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										43
									
								
								Ansible/confsrv.yml
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,43 @@ | ||||
| --- | ||||
| - hosts: srv | ||||
|   remote_user: root | ||||
|   tasks: | ||||
|   - name: création de sioadm | ||||
|     user: | ||||
|       name: sioadm | ||||
|       state: present | ||||
|       generate_ssh_key: yes | ||||
|       password: "{{ 'sioadm' | password_hash('sha512') }}" | ||||
|       uid: 1200 | ||||
|       groups: sudo | ||||
|       append: yes | ||||
|     register: mavar | ||||
|   - name: debug | ||||
|     debug: | ||||
|       msg: "{{ mavar }}" | ||||
|   - name: export clé publique | ||||
|     authorized_key: | ||||
|       user: "{{ sioadm }}" | ||||
|       key: /sioadm/.ssh/id_rsa.pub  | ||||
|       state: present  | ||||
|   - name: désinstaller paquets wpasupplicant | ||||
|     apt : | ||||
|       name : wpasupplicant | ||||
|       state: absent | ||||
|   - name: désinstaller paquets rpcbindd | ||||
|     apt : | ||||
|       name : rpcbind | ||||
|       state: absent | ||||
|   - name: copie fichier resolv.conf | ||||
|     copy: | ||||
|       src:resolv.conf | ||||
|       dest:/etc | ||||
|   - name: disable SSH access for root | ||||
|     lineinfile: | ||||
|       path: /etc/ssh/sshd_config | ||||
|       regexp: '^(.*)#PermitRootLogin prohibit-password(.*)$" | ||||
|       replace: "PermitRootLogin prohibit-password" | ||||
|   - name: copie fichier sshd_config | ||||
|     copy: | ||||
|       src:sshd_config | ||||
|       dest:/etc/ssh/ | ||||
							
								
								
									
										21
									
								
								Ansible/cr-ansible.txt
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								Ansible/cr-ansible.txt
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | ||||
| Script démarré sur 2021-11-24 09:49:54+01:00 [TERM="xterm-256color" TTY="/dev/pts/0" COLUMNS="126" LINES="45"] | ||||
| [?2004hroot@ansible:~# sed -i 's/srv/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cip -br a[Knano resolv.confsed -i 's/ansible/srv/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[27Papt install ansible -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[14Pip -br ased -i 's/test/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cpoweroff[Kapt update && apt upgrade -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Csed -i 's/bullseye/test/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[23Papt update && apt upgrade -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cpoweroff[Ksed -i 's/test/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cip -br a[Kapt install ansible -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Csed -i 's/ansible/srv/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cnano resolv.conf[K[8Pip -br ased -i 's/srv/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Ksed -i 's/srv/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cip -br a[Knano resolv.confsed -i 's/ansible/srv/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[27Papt install ansible -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[14Pip -br ased -i 's/test/ansible/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cpoweroff[Kapt update && apt upgrade -y | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Csed -i 's/bullseye/test/g' /etc/host{s,name};reboot | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cpoweroff[Knano /etc/ssh/sshd_config | ||||
| [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cls[K[Kpoweroff[4Pip rnlapoweroffapt autoremove[1Pcleaninstall vim curl mc sudo [K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[K[Kansible-playbook -i hi[Kosr[Kts confsrv.yml | ||||
| [?2004l | ||||
							
								
								
									
										2
									
								
								Ansible/hosts
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								Ansible/hosts
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,2 @@ | ||||
| [srv] | ||||
| srv | ||||
							
								
								
									
										4
									
								
								Ansible/resolv.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								Ansible/resolv.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| search sio.lan | ||||
| domain sio.lan | ||||
| nameserver 10.121.38.7 | ||||
| nameserver 10.121.38.8 | ||||
							
								
								
									
										124
									
								
								Ansible/sshd_config
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										124
									
								
								Ansible/sshd_config
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,124 @@ | ||||
| #	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ | ||||
|  | ||||
| # This is the sshd server system-wide configuration file.  See | ||||
| # sshd_config(5) for more information. | ||||
|  | ||||
| # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin | ||||
|  | ||||
| # The strategy used for options in the default sshd_config shipped with | ||||
| # OpenSSH is to specify options with their default value where | ||||
| # possible, but leave them commented.  Uncommented options override the | ||||
| # default value. | ||||
|  | ||||
| Include /etc/ssh/sshd_config.d/*.conf | ||||
|  | ||||
| #Port 22 | ||||
| #AddressFamily any | ||||
| #ListenAddress 0.0.0.0 | ||||
| #ListenAddress :: | ||||
|  | ||||
| #HostKey /etc/ssh/ssh_host_rsa_key | ||||
| #HostKey /etc/ssh/ssh_host_ecdsa_key | ||||
| #HostKey /etc/ssh/ssh_host_ed25519_key | ||||
|  | ||||
| # Ciphers and keying | ||||
| #RekeyLimit default none | ||||
|  | ||||
| # Logging | ||||
| #SyslogFacility AUTH | ||||
| #LogLevel INFO | ||||
|  | ||||
| # Authentication: | ||||
|  | ||||
| #LoginGraceTime 2m | ||||
| #PermitRootLogin prohibit-password | ||||
| #StrictModes yes | ||||
| #MaxAuthTries 6 | ||||
| #MaxSessions 10 | ||||
|  | ||||
| #PubkeyAuthentication yes | ||||
|  | ||||
| # Expect .ssh/authorized_keys2 to be disregarded by default in future. | ||||
| #AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2 | ||||
|  | ||||
| #AuthorizedPrincipalsFile none | ||||
|  | ||||
| #AuthorizedKeysCommand none | ||||
| #AuthorizedKeysCommandUser nobody | ||||
|  | ||||
| # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | ||||
| #HostbasedAuthentication no | ||||
| # Change to yes if you don't trust ~/.ssh/known_hosts for | ||||
| # HostbasedAuthentication | ||||
| #IgnoreUserKnownHosts no | ||||
| # Don't read the user's ~/.rhosts and ~/.shosts files | ||||
| #IgnoreRhosts yes | ||||
|  | ||||
| # To disable tunneled clear text passwords, change to no here! | ||||
| #PasswordAuthentication yes | ||||
| #PermitEmptyPasswords no | ||||
|  | ||||
| # Change to yes to enable challenge-response passwords (beware issues with | ||||
| # some PAM modules and threads) | ||||
| ChallengeResponseAuthentication no | ||||
|  | ||||
| # Kerberos options | ||||
| #KerberosAuthentication no | ||||
| #KerberosOrLocalPasswd yes | ||||
| #KerberosTicketCleanup yes | ||||
| #KerberosGetAFSToken no | ||||
|  | ||||
| # GSSAPI options | ||||
| #GSSAPIAuthentication no | ||||
| #GSSAPICleanupCredentials yes | ||||
| #GSSAPIStrictAcceptorCheck yes | ||||
| #GSSAPIKeyExchange no | ||||
|  | ||||
| # Set this to 'yes' to enable PAM authentication, account processing, | ||||
| # and session processing. If this is enabled, PAM authentication will | ||||
| # be allowed through the ChallengeResponseAuthentication and | ||||
| # PasswordAuthentication.  Depending on your PAM configuration, | ||||
| # PAM authentication via ChallengeResponseAuthentication may bypass | ||||
| # the setting of "PermitRootLogin without-password". | ||||
| # If you just want the PAM account and session checks to run without | ||||
| # PAM authentication, then enable this but set PasswordAuthentication | ||||
| # and ChallengeResponseAuthentication to 'no'. | ||||
| UsePAM yes | ||||
|  | ||||
| #AllowAgentForwarding yes | ||||
| #AllowTcpForwarding yes | ||||
| #GatewayPorts no | ||||
| X11Forwarding yes | ||||
| #X11DisplayOffset 10 | ||||
| #X11UseLocalhost yes | ||||
| #PermitTTY yes | ||||
| PrintMotd no | ||||
| #PrintLastLog yes | ||||
| #TCPKeepAlive yes | ||||
| #PermitUserEnvironment no | ||||
| #Compression delayed | ||||
| #ClientAliveInterval 0 | ||||
| #ClientAliveCountMax 3 | ||||
| #UseDNS no | ||||
| #PidFile /var/run/sshd.pid | ||||
| #MaxStartups 10:30:100 | ||||
| #PermitTunnel no | ||||
| #ChrootDirectory none | ||||
| #VersionAddendum none | ||||
|  | ||||
| # no default banner path | ||||
| #Banner none | ||||
|  | ||||
| # Allow client to pass locale environment variables | ||||
| AcceptEnv LANG LC_* | ||||
|  | ||||
| # override default of no subsystems | ||||
| Subsystem	sftp	/usr/lib/openssh/sftp-server | ||||
|  | ||||
| # Example of overriding settings on a per-user basis | ||||
| #Match User anoncvs | ||||
| #	X11Forwarding no | ||||
| #	AllowTcpForwarding no | ||||
| #	PermitTTY no | ||||
| #	ForceCommand cvs server | ||||
| PermitRootLogin prohibit-password | ||||
		Reference in New Issue
	
	Block a user