fichier de sécurisation

sio1/sisr1/80-ansible/stlab.yml

@@ -0,0 +1,45 @@
+---
+- hosts: localhost
+  #  become: true
+  vars_prompt:
+    - name: username
+      prompt: Votre nom?
+      private: false
+
+  tasks:
+    - name: cree utilisateurs...
+      shell: "curl depl.sio.lan/usr/mkusrlin-2024.sh|bash"
+
+    - name: mdp root verrouillage...
+# avec mkpasswd -m SHA-512
+      ansible.builtin.user:
+        name: root
+        password: '$6$Ga8KbEYAgCZYGeDB$7zlfBy1j4koFv.NYQEeZa/k7pwjNTEI7hrWUlrHWTwd1YsEqm.Sy2DZ1GAFYe2qe4ZccMQJAt7QxILY1sd9AV0'
+
+    - name: enleve sio de sudo...
+      ansible.builtin.user:
+        name: sio
+        groups: ''
+
+    - name: met le user "{{ username }}" dans le groupe sudo...
+      ansible.builtin.user:
+        name: "{{ username }}"
+        groups: sudo
+        append: yes
+
+    - name: installe journal-remote...
+      apt:
+        name: systemd-journal-remote
+        state: present
+
+    - name: configure journal-remote...
+      replace:
+        path: /etc/systemd/journal-upload.conf
+        regexp: '^# URL='
+        replace: 'URL=http://192.168.0.1:19532'
+
+    - name: active journal-remote au démarrage...
+      service:
+        name: systemd-journal-upload
+        state: started
+        enabled: yes

sio1/sisr1/80-ansible/testansible/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+
+[web]
+web1
+web2

sio1/sisr1/80-ansible/tpansible/hosts

@@ -0,0 +1,7 @@
+[adm]
+infra
+
+[web]
+web1
+web2
+

sio1/sisr1/80-ansible/tpansible/index.html

@@ -0,0 +1 @@
+<title>Bonjour</title>

sio1/sisr1/80-ansible/tpansible/squid.yml

@@ -0,0 +1,32 @@
+---
+- hosts: adm
+  vars:
+  - proxy_port: 8080
+  - proxy_mem: 256
+  - proxy_localnet: 192.168.0.0/24
+  tasks:
+    - name: Installation de proxy squid...
+      apt:
+        name: squid
+        state: present
+
+    - name: generation du fichier de configuration de squid...
+      template:
+        src: squid.conf.j2
+        dest: /etc/squid/squid.conf
+        mode: 0644
+        backup: true
+      notify: restart squid
+
+  handlers:
+    - name: restart squid
+      service:
+        name: squid
+        state: restarted
+
+# - name: Copie de squid.conf...
+# fetch:
+# src: /etc/squid/squid.conf
+# dest: ./squid.conf.j2
+# flat: yes
+

sio1/sisr1/80-ansible/tpansible/syslog-client-configure.yml

@@ -0,0 +1,30 @@
+---
+ - hosts: web
+   name: syslog-client-configure
+   tasks:
+     - name: editing journald.conf...
+       ansible.builtin.replace:
+         path: /etc/systemd/journald.conf
+         regexp: '^#ForwardToSyslog=yes'
+         replace: 'ForwardToSyslog=yes'
+         backup: yes
+       notify: restart journald
+
+     - name: editing rsyslog.conf...
+       ansible.builtin.lineinfile:
+         path: /etc/rsyslog.conf
+         line: '*.* @192.168.0.48:514'
+         create: yes
+       notify: restart rsyslog
+
+   handlers:
+     - name: restart journald
+       service:
+         name: systemd-journald
+         state: restarted
+
+     - name: restart rsyslog
+       service:
+         name: rsyslog
+         state: restarted
+

sio1/sisr1/80-ansible/tpansible/syslog-server-configure.yml

@@ -0,0 +1,23 @@
+---
+- hosts: adm
+  name: rsyslog-server-configure
+  tasks:
+    - name: activation du module imudp...
+      ansible.builtin.replace:
+        path: /etc/rsyslog.conf
+        regexp: '^#module\(load="imudp"\)'
+        replace: 'module(load="imudp")'
+
+    - name: ouverture du port 514...
+      ansible.builtin.replace:
+        path: /etc/rsyslog.conf
+        regexp: '^#input\(type="imudp" port="514"\)'
+        replace: 'input(type="imudp" port="514")'
+      notify: restart rsyslog
+
+  handlers:
+    - name: restart rsyslog
+      service:
+        name: rsyslog
+        state: restarted
+

sio1/sisr1/80-ansible/tpansible/web.yml

@@ -0,0 +1,24 @@
+---
+- hosts: web
+  name: web
+  tasks:
+    - name: verifying apache installation
+      apt : 
+        name: apache2
+        state: present
+
+    - name: verifying php installation
+      apt :
+       name: php
+       state: present
+           
+    - name: verifying php-mbstring installation
+      apt : 
+       name: php-mbstring
+       state: present
+     
+    - name: overwriting index.html...
+      copy: 
+        src: index.html
+        dest: /var/www/html/index.html
+