fichier de sécurisation

sio1/sisr1/30-config/heartbeat-tp/authkeys

@@ -0,0 +1,29 @@
+#
+#	Authentication file.  Must be mode 600
+#
+#
+#	Must have exactly one auth directive at the front.
+#	auth	send authentication using this method-id
+#
+#	Then, list the method and key that go with that method-id
+#
+#	Available methods: crc sha1, md5.  Crc doesn't need/want a key.
+#
+#	You normally only have one authentication method-id listed in this file
+#
+#	Put more than one to make a smooth transition when changing auth
+#	methods and/or keys.
+#
+#
+#	sha1 is believed to be the "best", md5 next best.
+#
+#	crc adds no security, except from packet corruption.
+#		Use only on physically secure networks.
+#
+#auth 1
+#1 crc
+#2 sha1 HI!
+#3 md5 Hello!
+auth 1
+1 crc
+

sio1/sisr1/30-config/heartbeat-tp/ha.cf

@@ -0,0 +1,344 @@
+#
+#	There are lots of options in this file.  All you have to have is a set
+#	of nodes listed {"node ...} one of {serial, bcast, mcast, or ucast},
+#	and a value for "auto_failback".
+#
+#	ATTENTION: As the configuration file is read line by line,
+#		   THE ORDER OF DIRECTIVE MATTERS!
+#
+#	In particular, make sure that the udpport, serial baud rate
+#	etc. are set before the heartbeat media are defined!
+#	debug and log file directives go into effect when they
+#	are encountered.
+#
+#	All will be fine if you keep them ordered as in this example.
+#
+#
+#       Note on logging:
+#       If all of debugfile, logfile and logfacility are not defined, 
+#       logging is the same as use_logd yes. In other case, they are
+#       respectively effective. if detering the logging to syslog,
+#       logfacility must be "none".
+#
+#	File to write debug messages to
+#debugfile /var/log/ha-debug
+#
+#
+# 	File to write other messages to
+#
+#logfile	/var/log/ha-log
+#
+#
+#	Facility to use for syslog()/logger 
+#
+logfacility	local0
+#
+#
+#	A note on specifying "how long" times below...
+#
+#	The default time unit is seconds
+#		10 means ten seconds
+#
+#	You can also specify them in milliseconds
+#		1500ms means 1.5 seconds
+#
+#
+#	keepalive: how long between heartbeats?
+#
+#keepalive 2
+#
+#	deadtime: how long-to-declare-host-dead?
+#
+#		If you set this too low you will get the problematic
+#		split-brain (or cluster partition) problem.
+#		See the FAQ for how to use warntime to tune deadtime.
+#
+#deadtime 30
+#
+#	warntime: how long before issuing "late heartbeat" warning?
+#	See the FAQ for how to use warntime to tune deadtime.
+#
+#warntime 10
+#
+#
+#	Very first dead time (initdead)
+#
+#	On some machines/OSes, etc. the network takes a while to come up
+#	and start working right after you've been rebooted.  As a result
+#	we have a separate dead time for when things first come up.
+#	It should be at least twice the normal dead time.
+#
+#initdead 120
+#
+#
+#	What UDP port to use for bcast/ucast communication?
+#
+#udpport	694
+#
+#	Baud rate for serial ports...
+#
+#baud	19200
+#	
+#	serial	serialportname ...
+#serial	/dev/ttyS0	# Linux
+#serial	/dev/cuaa0	# FreeBSD
+#serial /dev/cuad0      # FreeBSD 6.x
+#serial	/dev/cua/a	# Solaris
+#
+#
+#	What interfaces to broadcast heartbeats over?
+#
+#bcast	eth0		# Linux
+#bcast	eth1 eth2	# Linux
+#bcast	le0		# Solaris
+#bcast	le1 le2		# Solaris
+#
+#	Set up a multicast heartbeat medium
+#	mcast [dev] [mcast group] [port] [ttl] [loop]
+#
+#	[dev]		device to send/rcv heartbeats on
+#	[mcast group]	multicast group to join (class D multicast address
+#			224.0.0.0 - 239.255.255.255)
+#	[port]		udp port to sendto/rcvfrom (set this value to the
+#			same value as "udpport" above)
+#	[ttl]		the ttl value for outbound heartbeats.  this effects
+#			how far the multicast packet will propagate.  (0-255)
+#			Must be greater than zero.
+#	[loop]		toggles loopback for outbound multicast heartbeats.
+#			if enabled, an outbound packet will be looped back and
+#			received by the interface it was sent on. (0 or 1)
+#			Set this value to zero.
+#		
+#
+#mcast eth0 225.0.0.1 694 1 0
+#
+#	Set up a unicast / udp heartbeat medium
+#	ucast [dev] [peer-ip-addr]
+#
+#	[dev]		device to send/rcv heartbeats on
+#	[peer-ip-addr]	IP address of peer to send packets to
+#
+#ucast eth0 192.168.1.2
+#
+#
+#	About boolean values...
+#
+#	Any of the following case-insensitive values will work for true:
+#		true, on, yes, y, 1
+#	Any of the following case-insensitive values will work for false:
+#		false, off, no, n, 0
+#
+#
+#
+#	auto_failback:  determines whether a resource will
+#	automatically fail back to its "primary" node, or remain
+#	on whatever node is serving it until that node fails, or
+#	an administrator intervenes.
+#
+#	The possible values for auto_failback are:
+#		on	- enable automatic failbacks
+#		off	- disable automatic failbacks
+#		legacy	- enable automatic failbacks in systems
+#			where all nodes do not yet support
+#			the auto_failback option.
+#
+#	auto_failback "on" and "off" are backwards compatible with the old
+#		"nice_failback on" setting.
+#
+#	See the FAQ for information on how to convert
+#		from "legacy" to "on" without a flash cut.
+#		(i.e., using a "rolling upgrade" process)
+#
+#	The default value for auto_failback is "legacy", which
+#	will issue a warning at startup.  So, make sure you put
+#	an auto_failback directive in your ha.cf file.
+#	(note: auto_failback can be any boolean or "legacy")
+#
+auto_failback on
+#
+#
+#       Basic STONITH support
+#       Using this directive assumes that there is one stonith 
+#       device in the cluster.  Parameters to this device are 
+#       read from a configuration file. The format of this line is:
+#
+#         stonith <stonith_type> <configfile>
+#
+#       NOTE: it is up to you to maintain this file on each node in the
+#       cluster!
+#
+#stonith baytech /etc/ha.d/conf/stonith.baytech
+#
+#       STONITH support
+#       You can configure multiple stonith devices using this directive.
+#       The format of the line is:
+#         stonith_host <hostfrom> <stonith_type> <params...>
+#         <hostfrom> is the machine the stonith device is attached
+#              to or * to mean it is accessible from any host. 
+#         <stonith_type> is the type of stonith device (a list of
+#              supported drives is in /usr/lib/stonith.)
+#         <params...> are driver specific parameters.  To see the
+#              format for a particular device, run:
+#           stonith -l -t <stonith_type> 
+#
+#
+#	Note that if you put your stonith device access information in
+#	here, and you make this file publically readable, you're asking
+#	for a denial of service attack ;-)
+#
+#	To get a list of supported stonith devices, run
+#		stonith -L
+#	For detailed information on which stonith devices are supported
+#	and their detailed configuration options, run this command:
+#		stonith -h
+#
+#stonith_host *     baytech 10.0.0.3 mylogin mysecretpassword
+#stonith_host ken3  rps10 /dev/ttyS1 kathy 0 
+#stonith_host kathy rps10 /dev/ttyS1 ken3 0 
+#
+#	Watchdog is the watchdog timer.  If our own heart doesn't beat for
+#	a minute, then our machine will reboot.
+#	NOTE: If you are using the software watchdog, you very likely
+#	wish to load the module with the parameter "nowayout=0" or
+#	compile it without CONFIG_WATCHDOG_NOWAYOUT set. Otherwise even
+#	an orderly shutdown of heartbeat will trigger a reboot, which is
+#	very likely NOT what you want.
+#
+#watchdog /dev/watchdog
+#       
+#	Tell what machines are in the cluster
+#	node	nodename ...	-- must match uname -n
+#node	ken3
+#node	kathy
+#
+#	Less common options...
+#
+#	Treats 10.10.10.254 as a psuedo-cluster-member
+#	Used together with ipfail below...
+#	note: don't use a cluster node as ping node	
+#
+#ping 10.10.10.254
+#
+#	Treats 10.10.10.254 and 10.10.10.253 as a psuedo-cluster-member
+#       called group1. If either 10.10.10.254 or 10.10.10.253 are up
+#       then group1 is up
+#	Used together with ipfail below...
+#
+#ping_group group1 10.10.10.254 10.10.10.253
+#
+#	HBA ping derective for Fiber Channel
+#	Treats fc-card-name as psudo-cluster-member
+#	used with ipfail below ...
+#
+#	You can obtain HBAAPI from http://hbaapi.sourceforge.net.  You need 
+#	to get the library specific to your HBA directly from the vender
+#	To install HBAAPI stuff, all You need to do is to compile the common
+#	part you obtained from the sourceforge. This will produce libHBAAPI.so 
+#	which you need to copy to /usr/lib. You need also copy hbaapi.h to 
+#	/usr/include.
+#	
+#	The fc-card-name is the name obtained from the hbaapitest program 
+#	that is part of the hbaapi package. Running hbaapitest will produce
+#	a verbose output. One of the first line is similar to:
+#		Apapter number 0 is named: qlogic-qla2200-0
+#	Here fc-card-name is qlogic-qla2200-0. 	
+#
+#hbaping fc-card-name
+#
+#
+#	Processes started and stopped with heartbeat.  Restarted unless
+#		they exit with rc=100
+#
+#respawn userid /path/name/to/run
+#respawn hacluster /usr/lib/heartbeat/ipfail
+#
+#	Access control for client api
+#       	default is no access
+#
+#apiauth client-name gid=gidlist uid=uidlist
+#apiauth ipfail gid=haclient uid=hacluster
+
+###########################
+#
+#	Unusual options.
+#
+###########################
+#
+#	hopfudge maximum hop count minus number of nodes in config
+#hopfudge 1
+#
+#	deadping - dead time for ping nodes
+#deadping 30
+#
+#	hbgenmethod - Heartbeat generation number creation method
+#		Normally these are stored on disk and incremented as needed.
+#hbgenmethod time
+#
+#	realtime - enable/disable realtime execution (high priority, etc.)
+#		defaults to on
+#realtime off
+#
+#	debug - set debug level
+#		defaults to zero
+#debug 1
+#
+#	API Authentication - replaces the fifo-permissions-based system of the past
+#
+#
+#	You can put a uid list and/or a gid list.
+#	If you put both, then a process is authorized if it qualifies under either
+#	the uid list, or under the gid list.
+#
+#	The groupname "default" has special meaning.  If it is specified, then
+#	this will be used for authorizing groupless clients, and any client groups
+#	not otherwise specified.
+#	
+#	There is a subtle exception to this.  "default" will never be used in the 
+#	following cases (actual default auth directives noted in brackets)
+#		  ipfail 	(uid=HA_CCMUSER)
+#		  ccm 	 	(uid=HA_CCMUSER)
+#		  ping		(gid=HA_APIGROUP)
+#		  cl_status	(gid=HA_APIGROUP)
+#
+#	This is done to avoid creating a gaping security hole and matches the most
+#	likely desired configuration.
+#
+#apiauth ipfail uid=hacluster
+#apiauth ccm uid=hacluster
+#apiauth cms uid=hacluster
+#apiauth ping gid=haclient uid=alanr,root
+#apiauth default gid=haclient
+
+# 	message format in the wire, it can be classic or netstring, 
+#	default: classic
+#msgfmt  classic/netstring
+
+#	Do we use logging daemon?
+#	If logging daemon is used, logfile/debugfile/logfacility in this file
+#	are not meaningful any longer. You should check the config file for logging
+#	daemon (the default is /etc/logd.cf)
+#	more infomartion can be fould in the man page.
+#	Setting use_logd to "yes" is recommended
+#	
+# use_logd yes/no
+#
+#	the interval we  reconnect to logging daemon if the previous connection failed
+#	default: 60 seconds
+#conn_logd_time 60
+#
+#
+#	Configure compression module
+#	It could be zlib or bz2, depending on whether u have the corresponding 
+#	library	in the system.
+#compression	bz2
+#
+#	Confiugre compression threshold
+#	This value determines the threshold to compress a message,
+#	e.g. if the threshold is 1, then any message with size greater than 1 KB
+#	will be compressed, the default is 2 (KB)
+#compression_threshold 2
+
+bcast enp0s8
+node srv1
+node srv2
+

sio1/sisr1/30-config/heartbeat-tp/haresources

@@ -0,0 +1,151 @@
+#
+#	This is a list of resources that move from machine to machine as
+#	nodes go down and come up in the cluster.  Do not include
+#	"administrative" or fixed IP addresses in this file.
+#
+# <VERY IMPORTANT NOTE>
+#	The haresources files MUST BE IDENTICAL on all nodes of the cluster.
+#
+#	The node names listed in front of the resource group information
+#	is the name of the preferred node to run the service.  It is
+#	not necessarily the name of the current machine.  If you are running
+#	auto_failback ON (or legacy), then these services will be started
+#	up on the preferred nodes - any time they're up.
+#
+#	If you are running with auto_failback OFF, then the node information
+#	will be used in the case of a simultaneous start-up, or when using
+#	the hb_standby {foreign,local} command.
+#
+#	BUT FOR ALL OF THESE CASES, the haresources files MUST BE IDENTICAL.
+#	If your files are different then almost certainly something
+#	won't work right.
+# </VERY IMPORTANT NOTE>
+#
+#	
+#	We refer to this file when we're coming up, and when a machine is being
+#	taken over after going down.
+#
+#	You need to make this right for your installation, then install it in
+#	/etc/ha.d
+#
+#	Each logical line in the file constitutes a "resource group".
+#	A resource group is a list of resources which move together from
+#	one node to another - in the order listed.  It is assumed that there
+#	is no relationship between different resource groups.  These
+#	resource in a resource group are started left-to-right, and stopped
+#	right-to-left.  Long lists of resources can be continued from line
+#	to line by ending the lines with backslashes ("\").
+#
+#	These resources in this file are either IP addresses, or the name
+#	of scripts to run to "start" or "stop" the given resource.
+#
+#	The format is like this:
+#
+#node-name resource1 resource2 ... resourceN
+#
+#
+#	If the resource name contains an :: in the middle of it, the
+#	part after the :: is passed to the resource script as an argument.
+#       Multiple arguments are separated by the :: delimeter
+#
+#	In the case of IP addresses, the resource script name IPaddr is
+#	implied.
+#
+#	For example, the IP address 135.9.8.7 could also be represented
+#	as IPaddr::135.9.8.7
+#
+#	THIS IS IMPORTANT!!     vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
+#
+#	The given IP address is directed to an interface which has a route
+#	to the given address.  This means you have to have a net route
+#	set up outside of the High-Availability structure.  We don't set it
+#	up here -- we key off of it.
+#
+#	The broadcast address for the IP alias that is created to support
+#	an IP address defaults to the highest address on the subnet.
+#
+#	The netmask for the IP alias that is created defaults to the same
+#	netmask as the route that it selected in in the step above.
+#
+#	The base interface for the IPalias that is created defaults to the
+#	same netmask as the route that it selected in in the step above.
+#
+#	If you want to specify that this IP address is to be brought up
+#	on a subnet with a netmask of 255.255.255.0, you would specify
+#	this as IPaddr::135.9.8.7/24 .  
+#
+#	If you wished to tell it that the broadcast address for this subnet
+#	was 135.9.8.210, then you would specify that this way:
+#		IPaddr::135.9.8.7/24/135.9.8.210
+#
+#	If you wished to tell it that the interface to add the address to
+#	is eth0, then you would need to specify it this way:
+#		IPaddr::135.9.8.7/24/eth0
+#
+#       And this way to specify both the broadcast address and the
+#       interface:
+#		IPaddr::135.9.8.7/24/eth0/135.9.8.210
+#
+#	The IP addresses you list in this file are called "service" addresses,
+#	since they're they're the publicly advertised addresses that clients
+#	use to get at highly available services.
+#
+#	For a hot/standby (non load-sharing) 2-node system with only
+#	a single service address, 
+#	you will probably only put one system name and one IP address in here.
+#	The name you give the address to is the name of the default "hot"
+#	system.
+#
+#	Where the nodename is the name of the node which "normally" owns the
+#	resource.  If this machine is up, it will always have the resource
+#	it is shown as owning.
+#
+#	The string you put in for nodename must match the uname -n name
+#	of your machine.  Depending on how you have it administered, it could
+#	be a short name or a FQDN.
+#
+#-------------------------------------------------------------------
+#
+#	Simple case: One service address, default subnet and netmask
+#		No servers that go up and down with the IP address
+#
+#just.linux-ha.org	135.9.216.110
+#
+#-------------------------------------------------------------------
+#
+#	Assuming the adminstrative addresses are on the same subnet...
+#	A little more complex case: One service address, default subnet
+#	and netmask, and you want to start and stop http when you get
+#	the IP address...
+#
+#just.linux-ha.org	135.9.216.110 http
+#-------------------------------------------------------------------
+#
+#	A little more complex case: Three service addresses, default subnet
+#	and netmask, and you want to start and stop http when you get
+#	the IP address...
+#
+#just.linux-ha.org	135.9.216.110 135.9.215.111 135.9.216.112 httpd
+#-------------------------------------------------------------------
+#
+#	One service address, with the subnet, interface and bcast addr
+#       explicitly defined.
+#
+#just.linux-ha.org	135.9.216.3/28/eth0/135.9.216.12 httpd
+#
+#-------------------------------------------------------------------
+#
+#       An example where a shared filesystem is to be used.
+#       Note that multiple aguments are passed to this script using
+#       the delimiter '::' to separate each argument.
+#
+#node1  10.0.0.170 Filesystem::/dev/sda1::/data1::ext2
+#
+#	Regarding the node-names in this file:
+#
+#	They must match the names of the nodes listed in ha.cf, which in turn
+#	must match the `uname -n` of some node in the cluster.  So they aren't
+#	virtual in any sense of the word.
+#
+srv1 172.16.0.100 apache2
+

sio1/sisr1/30-config/ldap-tp/doku.php

@@ -0,0 +1,131 @@
+<?php
+/**
+ * DokuWiki mainscript
+ *
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * @author     Andreas Gohr <andi@splitbrain.org>
+ *
+ * @global Input $INPUT
+ */
+
+// update message version - always use a string to avoid localized floats!
+use dokuwiki\Extension\Event;
+
+$updateVersion = "53";
+
+//  xdebug_start_profiling();
+
+if(!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__).'/');
+
+// define all DokuWiki globals here (needed within test requests but also helps to keep track)
+global  $ACT,  $INPUT, $QUERY, $ID, $REV, $DATE_AT, $IDX,
+        $DATE, $RANGE, $HIGH, $TEXT, $PRE, $SUF, $SUM, $INFO, $JSINFO;
+
+
+if(isset($_SERVER['HTTP_X_DOKUWIKI_DO'])) {
+    $ACT = trim(strtolower($_SERVER['HTTP_X_DOKUWIKI_DO']));
+} elseif(!empty($_REQUEST['idx'])) {
+    $ACT = 'index';
+} elseif(isset($_REQUEST['do'])) {
+    $ACT = $_REQUEST['do'];
+} else {
+    $ACT = 'show';
+}
+
+// load and initialize the core system
+require_once(DOKU_INC.'inc/init.php');
+
+//import variables
+$INPUT->set('id', str_replace("\xC2\xAD", '', $INPUT->str('id'))); //soft-hyphen
+$QUERY          = trim($INPUT->str('q'));
+$ID             = getID();
+
+$REV   = $INPUT->int('rev');
+$DATE_AT = $INPUT->str('at');
+$IDX   = $INPUT->str('idx');
+$DATE  = $INPUT->int('date');
+$RANGE = $INPUT->str('range');
+$HIGH  = $INPUT->param('s');
+if(empty($HIGH)) $HIGH = getGoogleQuery();
+
+if($INPUT->post->has('wikitext')) {
+    $TEXT = cleanText($INPUT->post->str('wikitext'));
+}
+$PRE = cleanText(substr($INPUT->post->str('prefix'), 0, -1));
+$SUF = cleanText($INPUT->post->str('suffix'));
+$SUM = $INPUT->post->str('summary');
+
+
+//parse DATE_AT
+if($DATE_AT) {
+    $date_parse = strtotime($DATE_AT);
+    if($date_parse) {
+        $DATE_AT = $date_parse;
+    } else { // check for UNIX Timestamp
+        $date_parse = @date('Ymd',$DATE_AT);
+        if(!$date_parse || $date_parse === '19700101') {
+            msg(sprintf($lang['unable_to_parse_date'], hsc($DATE_AT)));
+            $DATE_AT = null;
+        }
+    }
+}
+
+//check for existing $REV related to $DATE_AT
+if($DATE_AT) {
+    $pagelog = new \dokuwiki\ChangeLog\PageChangeLog($ID);
+    $rev_t = $pagelog->getLastRevisionAt($DATE_AT);
+    if($rev_t === '') { //current revision
+        $REV = null;
+        $DATE_AT = null;
+    } else if ($rev_t === false) { //page did not exist
+        $rev_n = $pagelog->getRelativeRevision($DATE_AT,+1);
+        msg(
+            sprintf(
+                $lang['page_nonexist_rev'],
+                dformat($DATE_AT),
+                wl($ID, array('rev' => $rev_n)),
+                dformat($rev_n)
+            )
+        );
+        $REV = $DATE_AT; //will result in a page not exists message
+    } else {
+        $REV = $rev_t;
+    }
+}
+
+//make infos about the selected page available
+$INFO = pageinfo();
+
+// handle debugging
+if($conf['allowdebug'] && $ACT == 'debug') {
+    html_debug();
+    exit;
+}
+
+//send 404 for missing pages if configured or ID has special meaning to bots
+if(!$INFO['exists'] &&
+    ($conf['send404'] || preg_match('/^(robots\.txt|sitemap\.xml(\.gz)?|favicon\.ico|crossdomain\.xml)$/', $ID)) &&
+    ($ACT == 'show' || (!is_array($ACT) && substr($ACT, 0, 7) == 'export_'))
+) {
+    header('HTTP/1.0 404 Not Found');
+}
+
+//prepare breadcrumbs (initialize a static var)
+if($conf['breadcrumbs']) breadcrumbs();
+
+// check upstream
+checkUpdateMessages();
+
+$tmp = array(); // No event data
+Event::createAndTrigger('DOKUWIKI_STARTED', $tmp);
+
+//close session
+session_write_close();
+
+//do the work (picks up what to do from global env)
+act_dispatch();
+
+$tmp = array(); // No event data
+Event::createAndTrigger('DOKUWIKI_DONE', $tmp);
+
+//  xdebug_dump_function_profile(1);

sio1/sisr1/30-config/ldap-tp/labo52.lan.ldif

@@ -0,0 +1,393 @@
+dn: dc=labo52,dc=lan
+o: labo52
+dc: labo52
+structuralObjectClass: organization
+entryUUID: 8cea1486-cf8c-103c-84fc-fb9fff7ed8be
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923130824Z
+ou: labo52
+description: labo52
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+objectClass: gosaDepartment
+objectClass: gosaAcl
+gosaAclEntry: 0:subtree:Y249YWRtaW4sb3U9YWNscm9sZXMsZGM9bGFibzUyLGRjPWxhbg==
+ :dWlkPWZkLWFkbWluLG91PXBlb3BsZSxkYz1sYWJvNTIsZGM9bGFu
+entryCSN: 20220923131630.253993Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923131630Z
+
+dn: cn=admin,dc=labo52,dc=lan
+objectClass: simpleSecurityObject
+objectClass: organizationalRole
+cn: admin
+description: LDAP administrator
+userPassword:: e1NTSEF9ZHdmWGZTTkpzOENzZTU4VmlEZmZTb2hXUHlVM0tyVjI=
+structuralObjectClass: organizationalRole
+entryUUID: 8cea6936-cf8c-103c-84fd-fb9fff7ed8be
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923130824Z
+entryCSN: 20220923130824.418299Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923130824Z
+
+dn: ou=fusiondirectory,dc=labo52,dc=lan
+objectClass: organizationalUnit
+ou: fusiondirectory
+structuralObjectClass: organizationalUnit
+entryUUID: 7a531cd6-cf8d-103c-9474-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923131502Z
+entryCSN: 20220923131502.724490Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923131502Z
+
+dn: cn=config,ou=fusiondirectory,dc=labo52,dc=lan
+fdLanguage: fr_FR
+fdTheme: breezy
+fdTimezone: America/New_York
+fusionConfigMd5: 8781d81883d1a89872fc104c4eddcfb4
+fdLdapSizeLimit: 200
+fdModificationDetectionAttribute: entryCSN
+fdLogging: TRUE
+fdSchemaCheck: TRUE
+fdEnableSnapshots: TRUE
+fdSnapshotBase: ou=snapshots,dc=labo52,dc=lan
+fdPasswordDefaultHash: ssha
+fdForcePasswordDefaultHash: FALSE
+fdHandleExpiredAccounts: FALSE
+fdLoginAttribute: uid
+fdForceSSL: FALSE
+fdWarnSSL: TRUE
+fdSessionLifeTime: 1800
+fdHttpAuthActivated: FALSE
+fdHttpHeaderAuthActivated: FALSE
+fdHttpHeaderAuthHeaderName: AUTH_USER
+fdSslKeyPath: /etc/ssl/private/fd.key
+fdSslCertPath: /etc/ssl/certs/fd.cert
+fdSslCaCertPath: /etc/ssl/certs/ca.cert
+fdCasActivated: FALSE
+fdCasServerCaCertPath: /etc/ssl/certs/ca.cert
+fdCasHost: localhost
+fdCasPort: 443
+fdCasContext: /cas
+fdAccountPrimaryAttribute: uid
+fdCnPattern: %givenName% %sn%
+fdStrictNamingRules: TRUE
+fdUserRDN: ou=people
+fdAclRoleRDN: ou=aclroles
+fdRestrictRoleMembers: FALSE
+fdSplitPostalAddress: FALSE
+fdDisplayErrors: FALSE
+fdLdapStats: FALSE
+fdDebugLevel: 0
+fdListSummary: TRUE
+fdAclTabOnObjects: FALSE
+fdDisplayHookOutput: FALSE
+structuralObjectClass: fusionDirectoryConf
+cn: config
+entryUUID: 7a5393dc-cf8d-103c-9475-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923131502Z
+fdDashboardNumberOfDigit: 3
+fdDashboardPrefix: PC
+fdDashboardExpiredAccountsDays: 15
+fdOGroupRDN: ou=groups
+fdForceSaslPasswordAsk: FALSE
+fdGroupRDN: ou=groups
+fdMinId: 100
+fdUidNumberBase: 1100
+fdGidNumberBase: 1100
+fdIdAllocationMethod: traditional
+fdShells: /bin/ash
+fdShells: /bin/bash
+fdShells: /bin/csh
+fdShells: /bin/sh
+fdShells: /bin/ksh
+fdShells: /bin/tcsh
+fdShells: /bin/dash
+fdShells: /bin/zsh
+fdShells: /sbin/nologin
+fdShells: /bin/false
+fdShells: /usr/bin/git-shell
+fdDefaultShell: /bin/ash
+objectClass: fusionDirectoryConf
+objectClass: fdDashboardPluginConf
+objectClass: fusionDirectoryPluginsConf
+objectClass: fdPasswordRecoveryConf
+fdPasswordRecoveryActivated: FALSE
+fdPasswordRecoveryEmail: to.be@chang.ed
+fdPasswordRecoveryValidity: 10
+fdPasswordRecoverySalt: SomethingSecretAndVeryLong
+fdPasswordRecoveryUseAlternate: FALSE
+fdPasswordRecoveryLoginAttribute: uid
+fdPasswordRecoveryMailSubject:: W0Z1c2lvbkRpcmVjdG9yeV0gTGllbiBkZSByw6lpbml0
+ aWFsaXNhdGlvbiBkdSBtb3QgZGUgcGFzc2U=
+fdPasswordRecoveryMailBody:: Qm9uam91ciwKClZvaWNpIHZvcyBpbmZvcm1hdGlvbnMgOgo
+ tIElkZW50aWZpYW504oCvOiAlcwotIExpZW7igK86ICVzCgpDZSBsaWVuIGVzdCBzZXVsZW1lbn
+ QgdmFsaWRlIHBlbmRhbnQgMTAgbWludXRlcw==
+fdPasswordRecoveryMail2Subject:: W0Z1c2lvbkRpcmVjdG9yeV0gUsOpaW5pdGlhbGlzYXR
+ pb24gZHUgbW90IGRlIHBhc3NlIHLDqXVzc2ll4oCvIQ==
+fdPasswordRecoveryMail2Body:: Qm9uam91ciwKClZvdHJlIG1vdCBkZSBwYXNzZSBhIMOpdM
+ OpIGNoYW5nw6kuIApWb3RyZSBpZGVudGlmaWFudCBkZSBjb25uZXhpb24gZXN0IHRvdWpvdXJzI
+ CVzLg==
+entryCSN: 20220923132212.156185Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923132212Z
+
+dn: ou=aclroles,dc=labo52,dc=lan
+objectClass: organizationalUnit
+ou: aclroles
+structuralObjectClass: organizationalUnit
+entryUUID: ae7b94c0-cf8d-103c-9477-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923131630Z
+entryCSN: 20220923131630.231223Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923131630Z
+
+dn: cn=admin,ou=aclroles,dc=labo52,dc=lan
+objectClass: top
+objectClass: gosaRole
+cn: admin
+description: Donne tous les droits sur tous les objets
+gosaAclTemplate: 0:all;cmdrw
+structuralObjectClass: gosaRole
+entryUUID: ae7bf064-cf8d-103c-9478-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923131630Z
+entryCSN: 20220923131630.233570Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923131630Z
+
+dn: ou=people,dc=labo52,dc=lan
+objectClass: organizationalUnit
+ou: people
+structuralObjectClass: organizationalUnit
+entryUUID: ae7dd7ee-cf8d-103c-9479-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923131630Z
+entryCSN: 20220923131630.246051Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923131630Z
+
+dn: uid=fd-admin,ou=people,dc=labo52,dc=lan
+cn: System Administrator
+sn: Administrator
+givenName: System
+uid: fd-admin
+userPassword:: e1NTSEF9VVRpcWRmRjRYUlN4MEE1aFRYekdYQktWWndGZUhKWG8=
+structuralObjectClass: inetOrgPerson
+entryUUID: ae7e4954-cf8d-103c-947a-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923131630Z
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: posixAccount
+objectClass: shadowAccount
+homeDirectory: /home/admin
+gecos: System Administrator
+loginShell: /bin/bash
+uidNumber: 1102
+gidNumber: 1102
+shadowLastChange: 19262
+entryCSN: 20220927070640.394432Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220927070640Z
+
+dn: cn=manager,ou=aclroles,dc=labo52,dc=lan
+cn: manager
+description: Donner tous les droits aux utilisateurs sur cette branche
+objectClass: top
+objectClass: gosaRole
+gosaAclTemplate: 0:user/user;cmdrw,user/posixAccount;cmdrw
+structuralObjectClass: gosaRole
+entryUUID: b08a5c4c-cf8d-103c-947b-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923131633Z
+entryCSN: 20220923131633.683521Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923131633Z
+
+dn: cn=editowninfos,ou=aclroles,dc=labo52,dc=lan
+cn: editowninfos
+description:: UGVybWV0IGF1eCB1dGlsaXNhdGV1cnMgZCfDqWRpdGVyIGxldXJzIHByb3ByZX
+ MgaW5mb3JtYXRpb25zIChvbmdsZXRzIGfDqW7DqXJpcXVlIGV0IHBvc2l4LCDDoCBuJ3V0aWxpc
+ 2VyIHF1ZSBzdXIgbGEgYmFzZSk=
+objectClass: top
+objectClass: gosaRole
+gosaAclTemplate: 0:user/user;srw,user/posixAccount;srw
+structuralObjectClass: gosaRole
+entryUUID: b08ad140-cf8d-103c-947c-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923131633Z
+entryCSN: 20220923131633.686520Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923131633Z
+
+dn: cn=editownpwd,ou=aclroles,dc=labo52,dc=lan
+cn: editownpwd
+description:: UGVybWV0IGF1eCB1dGlsaXNhdGV1cnMgZGUgY2hhbmdlciBsZXVyIG1vdCBkZS
+ BwYXNzZSAow6AgbuKAmXV0aWxpc2VyIHF1ZSBzdXIgbGEgYmFzZSk=
+objectClass: top
+objectClass: gosaRole
+gosaAclTemplate: 0:user/user;s#userPassword;rw
+structuralObjectClass: gosaRole
+entryUUID: b08b3d4c-cf8d-103c-947d-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923131633Z
+entryCSN: 20220923131633.689286Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923131633Z
+
+dn: ou=recovery,ou=fusiondirectory,dc=labo52,dc=lan
+objectClass: organizationalUnit
+ou: recovery
+structuralObjectClass: organizationalUnit
+entryUUID: 7a462994-cf8e-103c-9480-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923132212Z
+entryCSN: 20220923132212.136345Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923132212Z
+
+dn: ou=locks,ou=fusiondirectory,dc=labo52,dc=lan
+objectClass: organizationalUnit
+ou: locks
+structuralObjectClass: organizationalUnit
+entryUUID: d788d28c-cf8e-103c-9481-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923132448Z
+entryCSN: 20220923132448.601281Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923132448Z
+
+dn: ou=snapshots,dc=labo52,dc=lan
+objectClass: organizationalUnit
+ou: snapshots
+structuralObjectClass: organizationalUnit
+entryUUID: dd5c772c-cf8e-103c-9482-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923132458Z
+entryCSN: 20220923132458.376943Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923132458Z
+
+dn: uid=dpaul,ou=people,dc=labo52,dc=lan
+cn: Paul Dubois
+sn: Dubois
+givenName: Paul
+uid: dpaul
+userPassword:: e1NTSEF9c09STWsySzZ4VmFDdERlYUkxa1BrNTVQQktmTy8vTGU=
+structuralObjectClass: inetOrgPerson
+entryUUID: 6fd7626a-cf8f-103c-9483-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923132904Z
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: posixAccount
+objectClass: shadowAccount
+homeDirectory: /home/paul.dubois
+gecos: Paul Dubois
+uidNumber: 1101
+gidNumber: 1101
+shadowLastChange: 19258
+loginShell: /bin/bash
+entryCSN: 20220923134716.687589Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923134716Z
+
+dn: ou=groups,dc=labo52,dc=lan
+objectClass: organizationalUnit
+ou: groups
+structuralObjectClass: organizationalUnit
+entryUUID: 6fd9f7d2-cf8f-103c-9486-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923132904Z
+entryCSN: 20220923132904.146797Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923132904Z
+
+dn: cn=dpaul,ou=groups,dc=labo52,dc=lan
+objectClass: posixGroup
+cn: dpaul
+description: Groupe de l'utilisateur dpaul
+gidNumber: 1101
+structuralObjectClass: posixGroup
+entryUUID: 6fda4624-cf8f-103c-9487-ad02623342dd
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220923132904Z
+entryCSN: 20220923132904.148802Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220923132904Z
+
+dn: cn=fd-admin,ou=groups,dc=labo52,dc=lan
+objectClass: posixGroup
+cn: fd-admin
+description: Groupe de l'utilisateur fd-admin
+gidNumber: 1102
+structuralObjectClass: posixGroup
+entryUUID: adf57b1c-d27e-103c-85f4-9db5680eeb52
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220927070640Z
+entryCSN: 20220927070640.389773Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220927070640Z
+
+dn: uid=test,ou=people,dc=labo52,dc=lan
+cn: test test
+sn: test
+givenName: test
+uid: test
+preferredLanguage: en_US
+userPassword:: e1NTSEF9NExNdGpBUXpFbnBvcThSM3VQNE93T1hUa01BN1BOSFM=
+structuralObjectClass: inetOrgPerson
+entryUUID: 14c2ec50-d28c-103c-9e03-077ab6ad89d1
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220927084236Z
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: posixAccount
+objectClass: shadowAccount
+homeDirectory: /home/test
+gecos: test test
+loginShell: /bin/bash
+uidNumber: 1103
+gidNumber: 1103
+shadowLastChange: 19262
+entryCSN: 20220927084236.348813Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220927084236Z
+
+dn: cn=test,ou=groups,dc=labo52,dc=lan
+objectClass: posixGroup
+cn: test
+description: Groupe de l'utilisateur test
+gidNumber: 1103
+structuralObjectClass: posixGroup
+entryUUID: 14c698be-d28c-103c-9e06-077ab6ad89d1
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220927084236Z
+entryCSN: 20220927084236.345323Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220927084236Z
+
+dn: cn=31137f330f0161c6725d7fded31984ef,ou=locks,ou=fusiondirectory,dc=labo5
+ 2,dc=lan
+objectClass: fdLockEntry
+fdUserDn: uid=fd-admin,ou=people,dc=labo52,dc=lan
+fdObjectDn: dWlkPWRwYXVsLG91PXBlb3BsZSxkYz1sYWJvNTIsZGM9bGFu
+cn: 31137f330f0161c6725d7fded31984ef
+fdLockTimestamp: 20220927084756.846245Z
+structuralObjectClass: fdLockEntry
+entryUUID: d3cf2d0c-d28c-103c-9e07-077ab6ad89d1
+creatorsName: cn=admin,dc=labo52,dc=lan
+createTimestamp: 20220927084756Z
+entryCSN: 20220927084756.846378Z#000000#000#000000
+modifiersName: cn=admin,dc=labo52,dc=lan
+modifyTimestamp: 20220927084756Z
+

sio1/sisr1/30-config/ldap-tp/local.php

@@ -0,0 +1,23 @@
+<?php
+/*
+ * Dokuwiki's Main Configuration File - Local Settings
+ * Auto-generated by config plugin
+ * Run for user: Unknown
+ * Date: Tue, 27 Sep 2022 10:19:37 +0200
+ */
+
+$conf['title'] = 'Test wiki';
+$conf['lang'] = 'fr';
+$conf['license'] = 'cc-by-sa';
+$conf['useacl'] = 1;
+$conf['authtype'] = 'authldap';
+$conf['superuser'] = '@admin';
+$conf['disableactions'] = 'register';
+$conf['plugin']['authldap']['server'] = 'ldap://localhost:389';
+$conf['plugin']['authldap']['usertree'] = 'ou=people,dc=labo52,dc=lan';
+$conf['plugin']['authldap']['grouptree'] = 'ou=groups,dc=labo52,dc=lan';
+$conf['plugin']['authldap']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))';
+$conf['plugin']['authldap']['groupfilter'] = '(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))';
+$conf['plugin']['authldap']['passcrypt'] = 'ssha';
+$conf['plugin']['authldap']['version'] = 3;
+$conf['plugin']['authldap']['debug'] = 0;

sio1/sisr1/30-config/nagios-tp/gwsio5.cfg

@@ -0,0 +1,12 @@
+ define host {
+    use linux-server            ; Name of host template to use
+    host_name               gwsio5
+    alias                   gwsio5
+    address                 192.168.0.1
+}
+  define service{
+        use                             generic-service
+        host_name                       gwsio5
+        service_description             WWW
+        check_command                   check_http
+        }

sio1/sisr1/30-config/nagios-tp/srv.cfg

@@ -0,0 +1,12 @@
+define host {
+    use linux-server            ; Name of host template to use
+    host_name               srv
+    alias                   srv
+    address                 192.168.0.36
+}
+  define service{
+        use                             generic-service
+        host_name                       srv
+        service_description             WWW
+        check_command                   check_http
+        }

sio1/sisr1/70-python/analyse-cumul.py

@@ -0,0 +1,22 @@
+#!/usr/bin/python3
+import sys
+import re
+
+volip={}
+
+regexp = "^(\S+) (\S+) (\S+) \[([^]]+)\] \"(\w+) (\S+).*\" (\d+) (\S+)"
+for line in sys.stdin: # on lit sur l’entrée standard
+    line = line.rstrip () # on enleve le retour ligne
+    res = re.match (regexp, line)
+    if res:
+        (host, rfc931, user, date, request, url, status, byte) = res.groups()
+        host = res.group (1)
+        byte = int(res.group (8))
+        #print ('host : ', host, ' byte : ', byte)
+        if host not in volip:
+            volip[host]=byte
+        else:
+            volip[host]=volip[host]+byte
+       
+for addr in sorted(volip.keys()):
+    print(addr, "", volip[addr])

sio1/sisr1/70-python/analyse.py

@@ -0,0 +1,13 @@
+#!/usr/bin/python3
+import sys
+import re
+regexp = "^(\S+) (\S+) (\S+) \[([^]]+)\] \"(\w+) (\S+).*\" (\d+) (\S+)"
+for line in sys.stdin: # on lit sur l’entrée standard
+    line = line.rstrip () # on enleve le retour ligne
+    res = re.match (regexp, line)
+    if res:
+        (host, rfc931, user, date, request, url, status, byte) = res.groups()
+        host = res.group (1)
+        byte = res.group (8)
+        print ('host : ', host, ' byte : ', byte)
+ 

sio1/sisr1/70-python/creatusr.py

@@ -0,0 +1,34 @@
+#!/usr/bin/python3
+
+import sys
+
+if len(sys.argv) != 2:
+    print("usage: ", sys.argv[0], "<fichier>")
+    sys.exit(1) # nombre de parametre invalide
+
+filename = sys.argv[1]
+
+try:
+    file = open(filename , "r")
+
+except:
+    msg = "erreur ouverture fichier " + filename
+    print(msg, file=sys.stderr)
+
+else:
+    line = file.readline()
+    maligne = line.rstrip()
+
+    while maligne:
+        (login, complet) = maligne.split(":")
+        print (login)
+        print (complet)
+        commande="useradd --create-home --home-dir /home/"+login+ " --shell /bin/bash --comment \"" + complet + "\" " + login
+        login = []
+        line = file.readline()
+        maligne = line.rstrip()
+        print(line)
+    file.close()
+
+
+

sio1/sisr1/70-python/hello.py

@@ -0,0 +1,2 @@
+#!/usr/bin/python3
+print ("bonjour");

sio1/sisr1/70-python/phrase.py

@@ -0,0 +1,15 @@
+#!/usr/bin/python3
+
+phrase = str(input("Entrez une phrase à analyser : "));
+tabmots = phrase.split(' ');
+cptmots = {}
+
+for mot in tabmots:
+    if mot not in cptmots:
+        cptmots[mot]=1
+    else:
+        cptmots[mot] = cptmots[mot] + 1
+
+for mot in cptmots:
+    print(mot, ":", cptmots[mot])
+

sio1/sisr1/70-python/rayon.py

@@ -0,0 +1,4 @@
+#!/usr/bin/python3
+rayon=float(input("Entrez le rayon du cercle en cm : "));
+perimetre=float(2*rayon*3.141592);
+print("le perimètre du cercle est :", perimetre, "cm");

sio1/sisr1/70-python/tableau.py

@@ -0,0 +1,38 @@
+#!/usr/bin/python3
+
+min=int(0);
+max=int(0);
+i=int(0);
+tableau=[];
+moyenne=float(0);
+
+nombre=int(input("Entrez un nombre entier : "));
+min=nombre;
+if nombre>max:
+    max=nombre;
+tableau.append(nombre);
+
+
+for i in range(0,4):
+    nombre=int(input("Entrez un nombre entier : "));
+
+    if nombre<min:
+        min=nombre;
+
+    if max<nombre:
+        max=nombre;
+
+    tableau.append(nombre);
+
+for i in range(0,5):
+    moyenne+=float(tableau[i]);
+
+moyenne=float(moyenne/len(tableau));
+
+for i in range(0,5):
+    print(tableau[i]);
+
+print("\nLe plus petit nombre est : ", min);
+print("Le nombre le plus grand est : ", max);
+print("La moyenne est de :", moyenne);
+

sio1/sisr1/70-python/users.txt

@@ -0,0 +1,4 @@
+emonnot:Elam Monnot
+pdubois:Paul Dubois
+blennon:Bob Lennon
+

sio1/sisr1/80-ansible/stlab.yml

@@ -0,0 +1,45 @@
+---
+- hosts: localhost
+  #  become: true
+  vars_prompt:
+    - name: username
+      prompt: Votre nom?
+      private: false
+
+  tasks:
+    - name: cree utilisateurs...
+      shell: "curl depl.sio.lan/usr/mkusrlin-2024.sh|bash"
+
+    - name: mdp root verrouillage...
+# avec mkpasswd -m SHA-512
+      ansible.builtin.user:
+        name: root
+        password: '$6$Ga8KbEYAgCZYGeDB$7zlfBy1j4koFv.NYQEeZa/k7pwjNTEI7hrWUlrHWTwd1YsEqm.Sy2DZ1GAFYe2qe4ZccMQJAt7QxILY1sd9AV0'
+
+    - name: enleve sio de sudo...
+      ansible.builtin.user:
+        name: sio
+        groups: ''
+
+    - name: met le user "{{ username }}" dans le groupe sudo...
+      ansible.builtin.user:
+        name: "{{ username }}"
+        groups: sudo
+        append: yes
+
+    - name: installe journal-remote...
+      apt:
+        name: systemd-journal-remote
+        state: present
+
+    - name: configure journal-remote...
+      replace:
+        path: /etc/systemd/journal-upload.conf
+        regexp: '^# URL='
+        replace: 'URL=http://192.168.0.1:19532'
+
+    - name: active journal-remote au démarrage...
+      service:
+        name: systemd-journal-upload
+        state: started
+        enabled: yes

sio1/sisr1/80-ansible/testansible/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+
+[web]
+web1
+web2

sio1/sisr1/80-ansible/tpansible/hosts

@@ -0,0 +1,7 @@
+[adm]
+infra
+
+[web]
+web1
+web2
+

sio1/sisr1/80-ansible/tpansible/index.html

@@ -0,0 +1 @@
+<title>Bonjour</title>

sio1/sisr1/80-ansible/tpansible/squid.yml

@@ -0,0 +1,32 @@
+---
+- hosts: adm
+  vars:
+  - proxy_port: 8080
+  - proxy_mem: 256
+  - proxy_localnet: 192.168.0.0/24
+  tasks:
+    - name: Installation de proxy squid...
+      apt:
+        name: squid
+        state: present
+
+    - name: generation du fichier de configuration de squid...
+      template:
+        src: squid.conf.j2
+        dest: /etc/squid/squid.conf
+        mode: 0644
+        backup: true
+      notify: restart squid
+
+  handlers:
+    - name: restart squid
+      service:
+        name: squid
+        state: restarted
+
+# - name: Copie de squid.conf...
+# fetch:
+# src: /etc/squid/squid.conf
+# dest: ./squid.conf.j2
+# flat: yes
+

sio1/sisr1/80-ansible/tpansible/syslog-client-configure.yml

@@ -0,0 +1,30 @@
+---
+ - hosts: web
+   name: syslog-client-configure
+   tasks:
+     - name: editing journald.conf...
+       ansible.builtin.replace:
+         path: /etc/systemd/journald.conf
+         regexp: '^#ForwardToSyslog=yes'
+         replace: 'ForwardToSyslog=yes'
+         backup: yes
+       notify: restart journald
+
+     - name: editing rsyslog.conf...
+       ansible.builtin.lineinfile:
+         path: /etc/rsyslog.conf
+         line: '*.* @192.168.0.48:514'
+         create: yes
+       notify: restart rsyslog
+
+   handlers:
+     - name: restart journald
+       service:
+         name: systemd-journald
+         state: restarted
+
+     - name: restart rsyslog
+       service:
+         name: rsyslog
+         state: restarted
+

sio1/sisr1/80-ansible/tpansible/syslog-server-configure.yml

@@ -0,0 +1,23 @@
+---
+- hosts: adm
+  name: rsyslog-server-configure
+  tasks:
+    - name: activation du module imudp...
+      ansible.builtin.replace:
+        path: /etc/rsyslog.conf
+        regexp: '^#module\(load="imudp"\)'
+        replace: 'module(load="imudp")'
+
+    - name: ouverture du port 514...
+      ansible.builtin.replace:
+        path: /etc/rsyslog.conf
+        regexp: '^#input\(type="imudp" port="514"\)'
+        replace: 'input(type="imudp" port="514")'
+      notify: restart rsyslog
+
+  handlers:
+    - name: restart rsyslog
+      service:
+        name: rsyslog
+        state: restarted
+

sio1/sisr1/80-ansible/tpansible/web.yml

@@ -0,0 +1,24 @@
+---
+- hosts: web
+  name: web
+  tasks:
+    - name: verifying apache installation
+      apt : 
+        name: apache2
+        state: present
+
+    - name: verifying php installation
+      apt :
+       name: php
+       state: present
+           
+    - name: verifying php-mbstring installation
+      apt : 
+       name: php-mbstring
+       state: present
+     
+    - name: overwriting index.html...
+      copy: 
+        src: index.html
+        dest: /var/www/html/index.html
+