fichier de sécurisation

sio1/sisr1/70-python/analyse-cumul.py

@@ -0,0 +1,22 @@
+#!/usr/bin/python3
+import sys
+import re
+
+volip={}
+
+regexp = "^(\S+) (\S+) (\S+) \[([^]]+)\] \"(\w+) (\S+).*\" (\d+) (\S+)"
+for line in sys.stdin: # on lit sur l’entrée standard
+    line = line.rstrip () # on enleve le retour ligne
+    res = re.match (regexp, line)
+    if res:
+        (host, rfc931, user, date, request, url, status, byte) = res.groups()
+        host = res.group (1)
+        byte = int(res.group (8))
+        #print ('host : ', host, ' byte : ', byte)
+        if host not in volip:
+            volip[host]=byte
+        else:
+            volip[host]=volip[host]+byte
+       
+for addr in sorted(volip.keys()):
+    print(addr, "", volip[addr])

sio1/sisr1/70-python/analyse.py

@@ -0,0 +1,13 @@
+#!/usr/bin/python3
+import sys
+import re
+regexp = "^(\S+) (\S+) (\S+) \[([^]]+)\] \"(\w+) (\S+).*\" (\d+) (\S+)"
+for line in sys.stdin: # on lit sur l’entrée standard
+    line = line.rstrip () # on enleve le retour ligne
+    res = re.match (regexp, line)
+    if res:
+        (host, rfc931, user, date, request, url, status, byte) = res.groups()
+        host = res.group (1)
+        byte = res.group (8)
+        print ('host : ', host, ' byte : ', byte)
+ 

sio1/sisr1/70-python/creatusr.py

@@ -0,0 +1,34 @@
+#!/usr/bin/python3
+
+import sys
+
+if len(sys.argv) != 2:
+    print("usage: ", sys.argv[0], "<fichier>")
+    sys.exit(1) # nombre de parametre invalide
+
+filename = sys.argv[1]
+
+try:
+    file = open(filename , "r")
+
+except:
+    msg = "erreur ouverture fichier " + filename
+    print(msg, file=sys.stderr)
+
+else:
+    line = file.readline()
+    maligne = line.rstrip()
+
+    while maligne:
+        (login, complet) = maligne.split(":")
+        print (login)
+        print (complet)
+        commande="useradd --create-home --home-dir /home/"+login+ " --shell /bin/bash --comment \"" + complet + "\" " + login
+        login = []
+        line = file.readline()
+        maligne = line.rstrip()
+        print(line)
+    file.close()
+
+
+

sio1/sisr1/70-python/users.txt

@@ -0,0 +1,4 @@
+emonnot:Elam Monnot
+pdubois:Paul Dubois
+blennon:Bob Lennon
+

sio1/sisr1/80-ansible/stlab.yml

@@ -0,0 +1,45 @@
+---
+- hosts: localhost
+  #  become: true
+  vars_prompt:
+    - name: username
+      prompt: Votre nom?
+      private: false
+
+  tasks:
+    - name: cree utilisateurs...
+      shell: "curl depl.sio.lan/usr/mkusrlin-2024.sh|bash"
+
+    - name: mdp root verrouillage...
+# avec mkpasswd -m SHA-512
+      ansible.builtin.user:
+        name: root
+        password: '$6$Ga8KbEYAgCZYGeDB$7zlfBy1j4koFv.NYQEeZa/k7pwjNTEI7hrWUlrHWTwd1YsEqm.Sy2DZ1GAFYe2qe4ZccMQJAt7QxILY1sd9AV0'
+
+    - name: enleve sio de sudo...
+      ansible.builtin.user:
+        name: sio
+        groups: ''
+
+    - name: met le user "{{ username }}" dans le groupe sudo...
+      ansible.builtin.user:
+        name: "{{ username }}"
+        groups: sudo
+        append: yes
+
+    - name: installe journal-remote...
+      apt:
+        name: systemd-journal-remote
+        state: present
+
+    - name: configure journal-remote...
+      replace:
+        path: /etc/systemd/journal-upload.conf
+        regexp: '^# URL='
+        replace: 'URL=http://192.168.0.1:19532'
+
+    - name: active journal-remote au démarrage...
+      service:
+        name: systemd-journal-upload
+        state: started
+        enabled: yes

sio1/sisr1/80-ansible/testansible/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+
+[web]
+web1
+web2

sio1/sisr1/80-ansible/tpansible/hosts

@@ -0,0 +1,7 @@
+[adm]
+infra
+
+[web]
+web1
+web2
+

sio1/sisr1/80-ansible/tpansible/index.html

@@ -0,0 +1 @@
+<title>Bonjour</title>

sio1/sisr1/80-ansible/tpansible/squid.yml

@@ -0,0 +1,32 @@
+---
+- hosts: adm
+  vars:
+  - proxy_port: 8080
+  - proxy_mem: 256
+  - proxy_localnet: 192.168.0.0/24
+  tasks:
+    - name: Installation de proxy squid...
+      apt:
+        name: squid
+        state: present
+
+    - name: generation du fichier de configuration de squid...
+      template:
+        src: squid.conf.j2
+        dest: /etc/squid/squid.conf
+        mode: 0644
+        backup: true
+      notify: restart squid
+
+  handlers:
+    - name: restart squid
+      service:
+        name: squid
+        state: restarted
+
+# - name: Copie de squid.conf...
+# fetch:
+# src: /etc/squid/squid.conf
+# dest: ./squid.conf.j2
+# flat: yes
+

sio1/sisr1/80-ansible/tpansible/syslog-client-configure.yml

@@ -0,0 +1,30 @@
+---
+ - hosts: web
+   name: syslog-client-configure
+   tasks:
+     - name: editing journald.conf...
+       ansible.builtin.replace:
+         path: /etc/systemd/journald.conf
+         regexp: '^#ForwardToSyslog=yes'
+         replace: 'ForwardToSyslog=yes'
+         backup: yes
+       notify: restart journald
+
+     - name: editing rsyslog.conf...
+       ansible.builtin.lineinfile:
+         path: /etc/rsyslog.conf
+         line: '*.* @192.168.0.48:514'
+         create: yes
+       notify: restart rsyslog
+
+   handlers:
+     - name: restart journald
+       service:
+         name: systemd-journald
+         state: restarted
+
+     - name: restart rsyslog
+       service:
+         name: rsyslog
+         state: restarted
+

sio1/sisr1/80-ansible/tpansible/syslog-server-configure.yml

@@ -0,0 +1,23 @@
+---
+- hosts: adm
+  name: rsyslog-server-configure
+  tasks:
+    - name: activation du module imudp...
+      ansible.builtin.replace:
+        path: /etc/rsyslog.conf
+        regexp: '^#module\(load="imudp"\)'
+        replace: 'module(load="imudp")'
+
+    - name: ouverture du port 514...
+      ansible.builtin.replace:
+        path: /etc/rsyslog.conf
+        regexp: '^#input\(type="imudp" port="514"\)'
+        replace: 'input(type="imudp" port="514")'
+      notify: restart rsyslog
+
+  handlers:
+    - name: restart rsyslog
+      service:
+        name: rsyslog
+        state: restarted
+

sio1/sisr1/80-ansible/tpansible/web.yml

@@ -0,0 +1,24 @@
+---
+- hosts: web
+  name: web
+  tasks:
+    - name: verifying apache installation
+      apt : 
+        name: apache2
+        state: present
+
+    - name: verifying php installation
+      apt :
+       name: php
+       state: present
+           
+    - name: verifying php-mbstring installation
+      apt : 
+       name: php-mbstring
+       state: present
+     
+    - name: overwriting index.html...
+      copy: 
+        src: index.html
+        dest: /var/www/html/index.html
+