Légère mise à jour du dépôt.

et la vagrantfile template.

README.md

@@ -1,6 +1,5 @@
 # siotp
 
-Dépôt de fichiers personnels provenant de machines virtuelles utilisées en TP.
-Ce Gitea contient aussi un script d'automatisation du processus de push et de pull, adaptés aux deux branches.
+## Dépôt de fichiers personnels provenant de machines virtuelles utilisées en TP. Ce Gitea contient aussi un script d'automatisation du processus de push et de pull, adaptés aux deux branches.
 
 *Dépôt anciennement privé, devenu public le 16 Septembre 2024.*

automate.sh

@@ -4,6 +4,7 @@
 # Ajout d'un système de choix
 # Ajout d'un export de proxy HTTP/HTTPS automatique vers ceux du lycée pour la machine en salle 214.
 # Ajout d'un système de gestion d'erreur très basique pour éviter qu'un push/un pull se produise en cas de réponses incorrectes.
+# Suppression des derniers vestiges de l'existence d'une branche autre que 'main'
 
 export http_proxy="http://10.121.38.1:8080/"
 export https_proxy="http://10.121.38.1:8080/"
@@ -12,12 +13,10 @@ echo "Voulez-vous récupérer les fichiers du dépôt ou effectuer un push sur l
 read answer
 
 if [ $answer == 1 ] ; then
-	git checkout main
 	echo "Récupération des fichiers à jour, branche main..."
 	git pull -q origin main
 	echo "Fichiers à jour récupérés."
 else
-	git checkout main
 	echo "Ajout des fichiers au Gitea..."
 	sleep 1
 	git add .

bts_annee_2/README.md

@@ -1,3 +1,6 @@
-Dépôt de seconde année de BTS.
-Un répertoire est dédié au côté SISR, un autre est dédié au côté Cybersécurité.
-Un dernier répertoire est dédié aux ateliers de professionalisation, mais les effectifs du BTS font que le seul présent (sur le SDIS 29) sera le dernier en mode "piscine".
+## Dépôt de seconde année de BTS.
+### Le premier répertoire est dédié au côté SISR des TPs. 
+### Le deuxième répertoire est dédié au côté Cybersécurité des TPs.
+### Le troisième répertoire est dédié aux ateliers de professionalisation, mais les effectifs du BTS font que le seul présent (SDIS 29) sera le dernier en mode "piscine".
+### Le quatrième répertoire est dédié aux Vagrantfiles utilisés lors des TPs, que ce soit en cybersécurité ou en SISR.
+### Le cinquième répertoire est dédié au contrôle sur les logs, tel qu'il a été rendu.

bts_annee_2/cyber2/README.md

@@ -1,2 +1,5 @@
-Dépôt de seconde année de Cybersécurité.
-Chaque dossier porte un nom descriptif, qu'on peut relier à une ou plusieurs séances.
+# Dépôt de seconde année de Cybersécurité.
+## Chaque dossier porte un nom descriptif, qu'on peut relier à une ou plusieurs séances.
+### Séances 12, 14 et 15 : OpenVPN, IPSec.
+### Séance 16 : Simulation de Ransomware.
+### Sécurité - Mise en pace d'une application Web sécurisée : Wordpress-LAMP.

bts_annee_2/ds_logs/README.md

@@ -0,0 +1 @@
+# Ce répertoire contient le DS sur les logs tel qu'il a été rendu, le fichier de l'historique bash, ainsi que les fichiers nécessaires pour le contrôle.

bts_annee_2/ds_logs/srv1/fail2ban-client-status-sshd

@@ -0,0 +1,11 @@
+root@vpxyxt:~# fail2ban-client status sshd
+Status for the jail: sshd
+|- Filter
+|  |- Currently failed:	6
+|  |- Total failed:	127969
+|  `- File list:	/var/log/auth.log
+`- Actions
+   |- Currently banned:	3
+   |- Total banned:	14924
+   `- Banned IP list:	221.131.165.33 125.141.139.7 112.85.42.229
+

bts_annee_2/ds_logs/srv1/last-reboot

@@ -0,0 +1,18 @@
+reboot   system boot  4.19.0-18-cloud- Thu Nov 11 23:30   still running
+reboot   system boot  4.19.0-18-cloud- Sun Oct 24 23:12 - 23:29 (18+01:17)
+reboot   system boot  4.19.0-17-cloud- Mon Aug 16 19:09 - 23:12 (69+04:02)
+reboot   system boot  4.19.0-17-cloud- Tue Aug  3 13:52 - 19:07 (13+05:14)
+reboot   system boot  4.19.0-17-cloud- Wed Jul 21 22:02 - 13:51 (12+15:48)
+reboot   system boot  4.19.0-17-cloud- Sat Jul 17 14:51 - 22:02 (4+07:10)
+reboot   system boot  4.19.0-17-cloud- Mon Jun 21 21:04 - 14:49 (25+17:45)
+reboot   system boot  4.19.0-16-cloud- Wed Apr 21 17:22 - 21:04 (61+03:41)
+reboot   system boot  4.19.0-16-cloud- Sun Mar 28 23:02 - 17:22 (23+18:20)
+reboot   system boot  4.19.0-14-cloud- Mon Mar  1 18:48 - 23:00 (27+03:11)
+reboot   system boot  4.19.0-14-cloud- Sat Feb  6 18:30 - 18:48 (23+00:17)
+reboot   system boot  4.19.0-9-cloud-a Fri Aug  7 11:12 - 18:30 (183+08:18)
+reboot   system boot  4.19.0-9-cloud-a Wed Jun 10 22:13 - 11:10 (57+12:56)
+reboot   system boot  4.19.0-9-cloud-a Sun May 10 21:26 - 22:13 (31+00:47)
+reboot   system boot  4.19.0-8-cloud-a Wed Apr 22 16:33 - 21:26 (18+04:52)
+reboot   system boot  4.19.0-5-cloud-a Wed Apr 22 14:33 - 16:33  (01:59)
+
+wtmp begins Wed Apr 22 14:32:29 2020

bts_annee_2/ds_logs/srv2/error.log

@@ -0,0 +1,22 @@
+2022/01/06 01:10:37 [crit] 25928#25928: *193130 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 134.122.134.182, server: 0.0.0.0:443
+2022/01/06 04:52:51 [crit] 25928#25928: *193597 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 180.215.192.168, server: 0.0.0.0:443
+2022/01/06 05:05:07 [crit] 25928#25928: *193671 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 184.105.139.68, server: 0.0.0.0:443
+2022/01/06 07:48:51 [crit] 25928#25928: *193925 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.205.83, server: 0.0.0.0:443
+2022/01/06 16:29:13 [error] 25928#25928: *195335 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught Error: Call to undefined function submit_button() in /var/www/html/wordpress/wp-admin/includes/file.php:2269
+Stack trace:
+#0 /var/www/html/wordpress/wp-admin/includes/class-wp-upgrader-skin.php(136): request_filesystem_credentials('', 'ftpext', false, '/var/www/html/w...', Array, false)
+#1 /var/www/html/wordpress/wp-admin/includes/class-automatic-upgrader-skin.php(49): WP_Upgrader_Skin->request_filesystem_credentials(false, '/var/www/html/w...', false)
+#2 /var/www/html/wordpress/wp-admin/includes/class-wp-site-health-auto-updates.php(280): Automatic_Upgrader_Skin->request_filesystem_credentials(false, '/var/www/html/w...')
+#3 /var/www/html/wordpress/wp-admin/includes/class-wp-site-health-auto-updates.php(36): WP_Site_Health_Auto_Updates->test_check_wp_filesystem_method()
+#4 /var/www/html/wordpress/wp-admin/includes/class-wp-site-health.php(1704): WP_Site_Health_Auto_Updates->run_tests()
+#5 /var/www/html/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-" while reading response header from upstream, client: 109.215.149.166, server: www.sasti-bfc.fr, request: "GET /wp-json/wp-site-health/v1/tests/background-updates?_locale=user HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.3-fpm.sock:", host: "www.sasti-bfc.fr", referrer: "https://www.sasti-bfc.fr/wp-admin/site-health.php"
+2022/01/06 16:31:41 [error] 25928#25928: *195357 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught Error: Call to undefined function submit_button() in /var/www/html/wordpress/wp-admin/includes/file.php:2269
+Stack trace:
+#0 /var/www/html/wordpress/wp-admin/includes/class-wp-upgrader-skin.php(136): request_filesystem_credentials('', 'ftpext', false, '/var/www/html/w...', Array, false)
+#1 /var/www/html/wordpress/wp-admin/includes/class-automatic-upgrader-skin.php(49): WP_Upgrader_Skin->request_filesystem_credentials(false, '/var/www/html/w...', false)
+#2 /var/www/html/wordpress/wp-admin/includes/class-wp-site-health-auto-updates.php(280): Automatic_Upgrader_Skin->request_filesystem_credentials(false, '/var/www/html/w...')
+#3 /var/www/html/wordpress/wp-admin/includes/class-wp-site-health-auto-updates.php(36): WP_Site_Health_Auto_Updates->test_check_wp_filesystem_method()
+#4 /var/www/html/wordpress/wp-admin/includes/class-wp-site-health.php(1704): WP_Site_Health_Auto_Updates->run_tests()
+#5 /var/www/html/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-" while reading response header from upstream, client: 109.215.149.166, server: www.sasti-bfc.fr, request: "GET /wp-json/wp-site-health/v1/tests/background-updates?_locale=user HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.3-fpm.sock:", host: "www.sasti-bfc.fr", referrer: "https://www.sasti-bfc.fr/wp-admin/site-health.php"
+2022/01/06 17:29:59 [crit] 25928#25928: *195897 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 198.20.69.98, server: 0.0.0.0:443
+2022/01/06 23:36:59 [error] 25928#25928: *196755 directory index of "/var/www/html/wordpress/wp-admin/css/" is forbidden, client: 2.56.57.240, server: www.sasti-bfc.fr, request: "GET /wp-admin/css/ HTTP/1.1", host: "www.sasti-bfc.fr", referrer: "binance.com"

bts_annee_2/sisr2/README.md

@@ -1,2 +1,8 @@
-Dépôt de seconde année de SISR.
-Chaque dossier porte un nom descriptif, qu'on peut relier à une ou plusieurs séances.
+# Dépôt de seconde année de SISR.
+## Chaque dossier porte un nom descriptif, qu'on peut relier à une ou plusieurs séances.
+### Séances 3 et 4 : Heartbeat, répartition de charge.
+### Séances 4 et 5 : Haproxy et LVS.
+### Séance 6 (PXE - Déploiement automatisé de machines) : Intel PXE.
+### Séances 13 et 14 : Scripts Python.
+### Séances 16, 17 et 18 : Playbooks Ansible.
+### Séance 27 : Netbox/IPAM.

bts_annee_2/sisr2/intel_pxe_boot/README.md

@@ -1 +1 @@
-Fichiers de configuration de la cinquième séance de SISR, sur PXE et le Netboot.
+Fichiers de configuration de la sixième séance de SISR, sur PXE et le Netboot.

bts_annee_2/sisr2/netbox_IPAM/README.md

@@ -0,0 +1 @@
+Ce répertoire contient le script élaboré lors du TP sur NetBox, sur une machine Vagrant Docker. Il contient aussi le fichier .csv généré.

bts_annee_2/sisr2/netbox_IPAM/netbox.csv

@@ -0,0 +1,163 @@
+address,status,dns_name
+10.121.32.2/24,active,pxcastel.sio.lan
+10.121.32.24/24,active,nas.sio.lan
+10.121.32.254/24,active,gws.sio.lan
+10.121.32.69/24,active,gw.sio.lan
+10.121.38.100/24,active,sio211-10.sio.lan
+10.121.38.101/24,active,sio211-11.sio.lan
+10.121.38.102/24,active,sio211-12.sio.lan
+10.121.38.10/24,active,depl.sio.lan
+10.121.38.103/24,active,sio211-13.sio.lan
+10.121.38.104/24,active,sio211-14.sio.lan
+10.121.38.105/24,active,sio211-15.sio.lan
+10.121.38.106/24,active,sio211-16.sio.lan
+10.121.38.11/24,active,px3.sio.lan
+10.121.38.120/24,active,sio214-00.sio.lan
+10.121.38.121/24,active,sio214-01.sio.lan
+10.121.38.122/24,active,sio214-02.sio.lan
+10.121.38.12/24,active,ansible.sio.lan
+10.121.38.123/24,active,sio214-03.sio.lan
+10.121.38.124/24,active,sio214-04.sio.lan
+10.121.38.1/24,active,proxy.sio.lan
+10.121.38.125/24,active,sio214-05.sio.lan
+10.121.38.126/24,active,sio214-06.sio.lan
+10.121.38.127/24,active,sio214-07.sio.lan
+10.121.38.128/24,active,sio214-08.sio.lan
+10.121.38.129/24,active,sio214-09.sio.lan
+10.121.38.130/24,active,sio214-10.sio.lan
+10.121.38.131/24,active,sio214-11.sio.lan
+10.121.38.132/24,active,sio214-12.sio.lan
+10.121.38.13/24,active,tpbdd.sio.lan
+10.121.38.133/24,active,sio214-13.sio.lan
+10.121.38.140/24,active,sio215-00.sio.lan
+10.121.38.141/24,active,sio215-01.sio.lan
+10.121.38.142/24,active,sio215-02.sio.lan
+10.121.38.14/24,active,wd.sio.lan
+10.121.38.143/24,active,sio215-03.sio.lan
+10.121.38.144/24,active,sio215-04.sio.lan
+10.121.38.145/24,active,sio215-05.sio.lan
+10.121.38.146/24,active,sio215-06.sio.lan
+10.121.38.147/24,active,sio215-07.sio.lan
+10.121.38.148/24,active,sio215-08.sio.lan
+10.121.38.149/24,active,sio215-09.sio.lan
+10.121.38.150/24,active,sio215-10.sio.lan
+10.121.38.151/24,active,sio215-11.sio.lan
+10.121.38.152/24,active,sio215-12.sio.lan
+10.121.38.15/24,active,store.sio.lan
+10.121.38.153/24,active,sio215-13.sio.lan
+10.121.38.154/24,active,sio215-14.sio.lan
+10.121.38.155/24,active,sio215-15.sio.lan
+10.121.38.156/24,active,sio215-16.sio.lan
+10.121.38.157/24,active,sio215-17.sio.lan
+10.121.38.158/24,active,sio216-05.sio.lan
+10.121.38.159/24,active,sio216-06.sio.lan
+10.121.38.160/24,active,sio216-07.sio.lan
+10.121.38.16/24,active,store2.sio.lan
+10.121.38.17/24,active,sionas.sio.lan
+10.121.38.18/24,active,docker.sio.lan
+10.121.38.19/24,active,elk.sio.lan
+10.121.38.20/24,active,wiki.sio.lan
+10.121.38.21/24,active,infra.sio.lan
+10.121.38.22/24,active,adguard.sio.lan
+10.121.38.2/24,active,px.sio.lan
+10.121.38.23/24,active,lp216.sio.lan
+10.121.38.24/24,active,ansible2.sio.lan
+10.121.38.25/24,active,rundeck.sio.lan
+10.121.38.253/24,active,gwlab.sio.lan
+10.121.38.26/24,active,lp211.sio.lan
+10.121.38.27/24,active,lp215.sio.lan
+10.121.38.28/24,active,lp246.sio.lan
+10.121.38.29/24,active,lp214.sio.lan
+10.121.38.31/24,active,stork.sio.lan
+10.121.38.32/24,active,gwsio2.sio.lan
+10.121.38.3/24,active,ubnd.sio.lan
+10.121.38.33/24,active,gwsio3.sio.lan
+10.121.38.34/24,active,gwsio4.sio.lan
+10.121.38.35/24,active,gwsio5.sio.lan
+10.121.38.36/24,active,pve2.sio.lan
+10.121.38.37/24,active,pve.sio.lan
+10.121.38.38/24,active,ntfy.sio.lan
+10.121.38.39/24,active,jenkins.sio.lan
+10.121.38.40/24,active,awx.sio.lan
+10.121.38.41/24,active,free.sio.lan
+10.121.38.42/24,active,free.sio.lan
+10.121.38.4/24,active,fog2.sio.lan
+10.121.38.43/24,active,free.sio.lan
+10.121.38.44/24,active,free.sio.lan
+10.121.38.45/24,active,free.sio.lan
+10.121.38.46/24,active,free.sio.lan
+10.121.38.48/24,active,free.sio.lan
+10.121.38.49/24,active,free.sio.lan
+10.121.38.51/24,active,ppe21p.sio.lan
+10.121.38.52/24,active,ppe22p.sio.lan
+10.121.38.5/24,active,fog.sio.lan
+10.121.38.53/24,active,ppe23p.sio.lan
+10.121.38.54/24,active,ppe24p.sio.lan
+10.121.38.55/24,active,ppe25p.sio.lan
+10.121.38.61/24,active,pxap31.sio.lan
+10.121.38.62/24,active,pxap32.sio.lan
+10.121.38.6/24,active,px2.sio.lan
+10.121.38.63/24,active,pxap33.sio.lan
+10.121.38.64/24,active,pxap34.sio.lan
+10.121.38.65/24,active,pxap35.sio.lan
+10.121.38.66/24,active,ap31prod.sio.lan
+10.121.38.67/24,active,ap31wiki.sio.lan
+10.121.38.68/24,active,ap32prod.sio.lan
+10.121.38.69/24,active,ap32wiki.sio.lan
+10.121.38.70/24,active,ap33prod.sio.lan
+10.121.38.71/24,active,ap33wiki.sio.lan
+10.121.38.72/24,active,ap34prod.sio.lan
+10.121.38.7/24,active,ns.sio.lan
+10.121.38.73/24,active,ap34wiki.sio.lan
+10.121.38.74/24,active,ap35prod.sio.lan
+10.121.38.75/24,active,ap35wiki.sio.lan
+10.121.38.76/24,active,ap21.sio.lan
+10.121.38.77/24,active,ap22.sio.lan
+10.121.38.78/24,active,ap23.sio.lan
+10.121.38.79/24,active,ap24.sio.lan
+10.121.38.80/24,active,ap25.sio.lan
+10.121.38.81/24,active,ap26.sio.lan
+10.121.38.8/24,active,bobi.sio.lan
+10.121.38.90/24,active,sio211-00.sio.lan
+10.121.38.91/24,active,sio211-01.sio.lan
+10.121.38.92/24,active,sio211-02.sio.lan
+10.121.38.9/24,active,icinga.sio.lan
+10.121.38.93/24,active,sio211-03.sio.lan
+10.121.38.94/24,active,sio211-04.sio.lan
+10.121.38.95/24,active,sio211-05.sio.lan
+10.121.38.96/24,active,sio211-06.sio.lan
+10.121.38.97/24,active,sio211-07.sio.lan
+10.121.38.98/24,active,sio211-08.sio.lan
+10.121.38.99/24,active,sio211-09.sio.lan
+172.16.0.100/24,active,ap31-prod.sio.lan
+172.16.0.101/24,active,ap31-test.sio.lan
+172.16.0.102/24,active,ap31-mon.sio.lan
+172.16.0.10/24,active,pxlab1.sio.lan
+172.16.0.103/24,active,ap31-wiki.sio.lan
+172.16.0.104/24,active,ap31-ans.sio.lan
+172.16.0.105/24,active,ap31-pt.sio.lan
+172.16.0.110/24,active,ap32-prod.sio.lan
+172.16.0.111/24,active,ap32-test.sio.lan
+172.16.0.112/24,active,ap32-mon.sio.lan
+172.16.0.11/24,active,pxlab2.sio.lan
+172.16.0.113/24,active,ap32-wiki.sio.lan
+172.16.0.114/24,active,ap32-ans.sio.lan
+172.16.0.115/24,active,ap32-pt.sio.lan
+172.16.0.120/24,active,ap33-prod.sio.lan
+172.16.0.121/24,active,ap33-test.sio.lan
+172.16.0.122/24,active,ap33-mon.sio.lan
+172.16.0.12/24,active,pxlab3.sio.lan
+172.16.0.123/24,active,ap33-wiki.sio.lan
+172.16.0.124/24,active,ap33-ans.sio.lan
+172.16.0.125/24,active,ap33-pt.sio.lan
+172.16.0.130/24,active,ap34-prod.sio.lan
+172.16.0.131/24,active,ap34-test.sio.lan
+172.16.0.132/24,active,ap34-mon.sio.lan
+172.16.0.133/24,active,ap34-wiki.sio.lan
+172.16.0.40/24,active,infralab.sio.lan
+172.16.0.60/24,active,ap43-test.sio.lan
+172.16.0.64/24,active,ap44-test.sio.lan
+172.16.0.65/24,active,ap42-git.sio.lan
+172.16.0.68/24,active,ap43-git.sio.lan
+172.16.0.86/24,active,ap42-test.sio.lan
+172.16.0.91/24,active,ap41-test.sio.lan

bts_annee_2/sisr2/netbox_IPAM/netbox.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+host -l -ta sio.lan|awk 'BEGIN{ OFS=""; print "address,status,dns_name"} { print $4"/24,active,", $1 }'|sort -n > netbox.csv

bts_annee_2/vagrantfiles/README.md

@@ -1 +1,2 @@
-Ce répertoire contient les vagrantfiles et répertoires de celles-ci utilisés lors de TPs et des séances, que ce soit en SISR ou en Cyber.
+# Ce répertoire contient les vagrantfiles et répertoires de celles-ci utilisés lors de TPs et des séances, que ce soit en SISR ou en Cyber.
+Le fichier Vagrantfile dans la racine est une base "universelle" qu'il faut modifier en fonction des besoins.

bts_annee_2/vagrantfiles/Vagrantfile

@@ -0,0 +1,79 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+ 
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+ 
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "renommer"
+ 
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+ 
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+ 
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+    config.vm.network "public_network"
+ 
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+ 
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessable to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+ 
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+    config.vm.provider "virtualbox" do |vb|
+      # Display the VirtualBox GUI when booting the machine
+      vb.gui = true
+   
+      # Customize the amount of memory on the VM:
+      vb.memory = "1024"
+    end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+ 
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
+     apt-get update
+     apt-get install -y vim wget curl neovim mc git
+   SHELL
+end

bts_annee_2/vagrantfiles/glpi-nginx/.vagrant/machines/default/virtualbox/action_provision

@@ -0,0 +1 @@
+1.5:27ce5f9b-8a53-4204-bf63-0c86f4eeea0d

bts_annee_2/vagrantfiles/glpi-nginx/.vagrant/machines/default/virtualbox/action_set_name

@@ -0,0 +1 @@
+1736181732

bts_annee_2/vagrantfiles/glpi-nginx/.vagrant/machines/default/virtualbox/box_meta

@@ -0,0 +1 @@
+{"name":"debian/bookworm64","version":"12.20241217.1","provider":"virtualbox","directory":"boxes/debian-VAGRANTSLASH-bookworm64/12.20241217.1/amd64/virtualbox"}

bts_annee_2/vagrantfiles/glpi-nginx/.vagrant/machines/default/virtualbox/creator_uid

@@ -0,0 +1 @@
+1010

bts_annee_2/vagrantfiles/glpi-nginx/.vagrant/machines/default/virtualbox/id

@@ -0,0 +1 @@
+27ce5f9b-8a53-4204-bf63-0c86f4eeea0d

bts_annee_2/vagrantfiles/glpi-nginx/.vagrant/machines/default/virtualbox/index_uuid

@@ -0,0 +1 @@
+8a76f4c8f236403186de238ea4ebc2cf

bts_annee_2/vagrantfiles/glpi-nginx/.vagrant/machines/default/virtualbox/private_key

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
+AAtzc2gtZWQyNTUxOQAAACA+vKTzZM7ragTvooE9Qo65sdiheOsGax0xOFyD
+Rlh4bwAAAJAu+ANpLvgDaQAAAAtzc2gtZWQyNTUxOQAAACA+vKTzZM7ragTv
+ooE9Qo65sdiheOsGax0xOFyDRlh4bwAAAEA0my83DFtuXQZSmNX4Hw+r7mat
+Wi1kPnSnxcQxXhhKoj68pPNkzutqBO+igT1Cjrmx2KF46wZrHTE4XINGWHhv
+AAAAB3ZhZ3JhbnQBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----

bts_annee_2/vagrantfiles/glpi-nginx/.vagrant/machines/default/virtualbox/synced_folders

@@ -0,0 +1 @@
+{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/guillaume.emorine/vagrant/glpi-nginx","disabled":false,"__vagrantfile":true}}}

bts_annee_2/vagrantfiles/glpi-nginx/.vagrant/machines/default/virtualbox/vagrant_cwd

@@ -0,0 +1 @@
+/home/guillaume.emorine/vagrant/glpi-nginx

bts_annee_2/vagrantfiles/glpi-nginx/.vagrant/rgloader/loader.rb

@@ -0,0 +1,12 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# This file loads the proper rgloader/loader.rb file that comes packaged
+# with Vagrant so that encoded files can properly run with Vagrant.
+
+if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
+  require File.expand_path(
+    "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
+else
+  raise "Encoded files can't be read outside of the Vagrant installer."
+end

bts_annee_2/vagrantfiles/glpi-nginx/README.md

@@ -0,0 +1 @@
+Ce vagrantfile a été créé lors du travail sur la situation GLPI de l'E6 sur GSB, lorsqu'il y avait plusieurs soucis à résoudre avec Nginx et GLPI dans les playbooks.

bts_annee_2/vagrantfiles/glpi-nginx/Vagrantfile

@@ -0,0 +1,79 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+ 
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+ 
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "glpi"
+ 
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+ 
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+ 
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+    config.vm.network "public_network"
+ 
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+ 
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessable to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+ 
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+    config.vm.provider "virtualbox" do |vb|
+      # Display the VirtualBox GUI when booting the machine
+      vb.gui = true
+   
+      # Customize the amount of memory on the VM:
+      vb.memory = "1024"
+    end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+ 
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
+     apt-get update
+     apt-get install -y vim wget curl neovim mc git
+   SHELL
+end

bts_annee_2/vagrantfiles/kubernetes/.vagrant/machines/default/virtualbox/action_provision

@@ -0,0 +1 @@
+1.5:9cf9dbdc-932d-4347-8376-a635a52efc63

bts_annee_2/vagrantfiles/kubernetes/.vagrant/machines/default/virtualbox/action_set_name

@@ -0,0 +1 @@
+1733996561

bts_annee_2/vagrantfiles/kubernetes/.vagrant/machines/default/virtualbox/box_meta

@@ -0,0 +1 @@
+{"name":"debian/bookworm64","version":"12.20240905.1","provider":"virtualbox","directory":"boxes/debian-VAGRANTSLASH-bookworm64/12.20240905.1/virtualbox"}

bts_annee_2/vagrantfiles/kubernetes/.vagrant/machines/default/virtualbox/creator_uid

@@ -0,0 +1 @@
+1010

bts_annee_2/vagrantfiles/kubernetes/.vagrant/machines/default/virtualbox/id

@@ -0,0 +1 @@
+9cf9dbdc-932d-4347-8376-a635a52efc63

bts_annee_2/vagrantfiles/kubernetes/.vagrant/machines/default/virtualbox/index_uuid

@@ -0,0 +1 @@
+5f104f0a5e054a46acb8fd97f702e8e4

bts_annee_2/vagrantfiles/kubernetes/.vagrant/machines/default/virtualbox/private_key

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
+AAtzc2gtZWQyNTUxOQAAACCYILH3XIv6eFpL1r4A6I8dRGpDlYQqsAqU1o3Y
+MmnL+AAAAJAXHrdFFx63RQAAAAtzc2gtZWQyNTUxOQAAACCYILH3XIv6eFpL
+1r4A6I8dRGpDlYQqsAqU1o3YMmnL+AAAAEDoVzDwOjhTUVHCJqYT2TSYNkb/
+KZEKQd1kekQA5H8zkpggsfdci/p4WkvWvgDojx1EakOVhCqwCpTWjdgyacv4
+AAAAB3ZhZ3JhbnQBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----

bts_annee_2/vagrantfiles/kubernetes/.vagrant/machines/default/virtualbox/synced_folders

@@ -0,0 +1 @@
+{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/guillaume.emorine/vagrant/kubernetes","disabled":false,"__vagrantfile":true}}}

bts_annee_2/vagrantfiles/kubernetes/.vagrant/machines/default/virtualbox/vagrant_cwd

@@ -0,0 +1 @@
+/home/guillaume.emorine/vagrant/kubernetes

bts_annee_2/vagrantfiles/kubernetes/.vagrant/rgloader/loader.rb

@@ -0,0 +1,12 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# This file loads the proper rgloader/loader.rb file that comes packaged
+# with Vagrant so that encoded files can properly run with Vagrant.
+
+if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
+  require File.expand_path(
+    "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
+else
+  raise "Encoded files can't be read outside of the Vagrant installer."
+end

bts_annee_2/vagrantfiles/kubernetes/awx/Vagrantfile

@@ -0,0 +1,84 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+ 
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+ 
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "kubernetes-k3s"
+ 
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+ 
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+ 
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+    config.vm.network "public_network"
+ 
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+ 
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessable to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+ 
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+    config.vm.provider "virtualbox" do |vb|
+      # Display the VirtualBox GUI when booting the machine
+      vb.gui = false
+   
+      # Customize the amount of memory on the VM:
+      vb.memory = "6144"
+
+      # Amount of cores for the VM:
+      vb.cpus = 2
+    end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+ 
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
+     apt-get update
+     apt-get install -y vim wget curl neovim mc git
+     export http_proxy=http://10.121.38.1:8080
+     export https_proxy=http://10.121.38.1:8080
+   SHELL
+end

bts_annee_2/vagrantfiles/kubernetes/awx_client/.vagrant/machines/default/virtualbox/action_provision

@@ -0,0 +1 @@
+1.5:1639f9f3-ba4b-4fa4-81fe-740684fc82e1

bts_annee_2/vagrantfiles/kubernetes/awx_client/.vagrant/machines/default/virtualbox/action_set_name

@@ -0,0 +1 @@
+1733998855

bts_annee_2/vagrantfiles/kubernetes/awx_client/.vagrant/machines/default/virtualbox/box_meta

@@ -0,0 +1 @@
+{"name":"debian/bookworm64","version":"12.20240905.1","provider":"virtualbox","directory":"boxes/debian-VAGRANTSLASH-bookworm64/12.20240905.1/virtualbox"}

bts_annee_2/vagrantfiles/kubernetes/awx_client/.vagrant/machines/default/virtualbox/creator_uid

@@ -0,0 +1 @@
+1010

bts_annee_2/vagrantfiles/kubernetes/awx_client/.vagrant/machines/default/virtualbox/id

@@ -0,0 +1 @@
+1639f9f3-ba4b-4fa4-81fe-740684fc82e1

bts_annee_2/vagrantfiles/kubernetes/awx_client/.vagrant/machines/default/virtualbox/index_uuid

@@ -0,0 +1 @@
+dc8b423f3f2542ddb6f499b6a7109d71

bts_annee_2/vagrantfiles/kubernetes/awx_client/.vagrant/machines/default/virtualbox/private_key

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
+AAtzc2gtZWQyNTUxOQAAACDaSd4UME4d+Ru7lGHn3vbkeunGCbXd9RSuDYKF
+8K2qWgAAAJBDe2qbQ3tqmwAAAAtzc2gtZWQyNTUxOQAAACDaSd4UME4d+Ru7
+lGHn3vbkeunGCbXd9RSuDYKF8K2qWgAAAEA8KrXiI13mCEf0xXogttRVTO1R
+RbcjiDBwgoJlylt3ltpJ3hQwTh35G7uUYefe9uR66cYJtd31FK4NgoXwrapa
+AAAAB3ZhZ3JhbnQBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----

bts_annee_2/vagrantfiles/kubernetes/awx_client/.vagrant/machines/default/virtualbox/synced_folders

@@ -0,0 +1 @@
+{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/guillaume.emorine/vagrant/kubernetes/awx_client","disabled":false,"__vagrantfile":true}}}

bts_annee_2/vagrantfiles/kubernetes/awx_client/.vagrant/machines/default/virtualbox/vagrant_cwd

@@ -0,0 +1 @@
+/home/guillaume.emorine/vagrant/kubernetes/awx_client

bts_annee_2/vagrantfiles/kubernetes/awx_client/.vagrant/rgloader/loader.rb

@@ -0,0 +1,12 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# This file loads the proper rgloader/loader.rb file that comes packaged
+# with Vagrant so that encoded files can properly run with Vagrant.
+
+if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
+  require File.expand_path(
+    "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
+else
+  raise "Encoded files can't be read outside of the Vagrant installer."
+end

bts_annee_2/vagrantfiles/kubernetes/awx_client/Vagrantfile

@@ -0,0 +1,79 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+ 
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+ 
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "awx-cli"
+ 
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+ 
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+ 
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+    config.vm.network "public_network"
+ 
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+ 
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessable to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+ 
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+    config.vm.provider "virtualbox" do |vb|
+      # Display the VirtualBox GUI when booting the machine
+      vb.gui = false
+   
+      # Customize the amount of memory on the VM:
+      vb.memory = "1024"
+    end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+ 
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
+     apt-get update
+     apt-get install -y vim wget curl neovim mc git
+   SHELL
+end

bts_annee_2/vagrantfiles/securisation-linux/Manutan_Questions.txt

@@ -0,0 +1,15 @@
+# Questions sur Manutan et DopperPaymer
+
+L'AD n'était pas nettoyé donc possiblement des portes dérobées cachées dedans. Pour l'attaque, un employé clique sur un lien de phishing, et un bot vient, puis deux, puis trois, etc. Ils ont ensuite espionné le réseau après être entré par hasard, et ont déterminé que Manutan était une bonne cible.
+Il a fallu 10 jours et 10 nuits non-stop pour restaurer 80% des serveurs, les 20 autres pourcents = près de trois mois.
+
+L'AD était le premier serveur Windows à être restauré. 400 serveurs Unix pas touchés par le ransomware.
+Pour eux, ils utilisent Rubrik pour des sauvegardes immuables, qu'on ne peut pas supprimer ni modifier tant qu'une date de péremption n'est pas passée. D'ailleurs, Manutan n'ont pas parlé de comment ils ont fait pour gérer le problème des serveurs de sauvegarde pleins par les doubles sauvegardes Rubrik.
+
+75% de leurs serveurs sont Microsoft chez Manutan, et cela offre une grande surface d'attaque. Les serveurs partagent aussi leur stockage en réseau, donc ça créé des passerelles vecteurs de propagation. Ils vont mettre une plateforme d'intermédiation. Leurs applications ne sont aussi pas sécurisées par elle-même donc elles doivent être reconstruites et réécrites avec la sécurité inclue dans le design. Enfin, ils se séparent de deux autres outils de sauvegarde qui ne les ont pas aidés, qui sont Veeam et NetBackup. Dans leur cas, trois méthodes de restauration ajoute beaucoup de complexité face à certains incidents comme ceux récent.
+
+Ils vont devoir faire une refonte totale du SI en incluant aucune version de Windows inférieure à Serveur 2016 ou RHEL 7.9, et ce sera cher. Ils se séparent de VMWare pour leurs clusters.
+
+Enfin, ils ont mis un proxy web entre leurs serveurs et les accès direct au cloud, car ils pensent que la prochaine infection ou attaque viendra d'un partenaire.
+
+La faiblesse du système de sites en mirroir est qu'il suffit qu'un des sites soit infecté pour que celle-ci se propage au reste du SI, ce qui est moins qu'optimal.

bts_annee_2/vagrantfiles/securisation-linux/devsec-ansible/Vagrantfile

@@ -0,0 +1,79 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+ 
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+ 
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "devsec"
+ 
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+ 
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+ 
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+    config.vm.network "public_network"
+ 
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+ 
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessable to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+ 
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+    config.vm.provider "virtualbox" do |vb|
+      # Display the VirtualBox GUI when booting the machine
+      vb.gui = false
+   
+      # Customize the amount of memory on the VM:
+      vb.memory = "1024"
+    end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+ 
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
+     apt-get update
+     apt-get install -y vim wget curl neovim mc git
+   SHELL
+end

bts_annee_2/vagrantfiles/securisation-linux/lynis-srv/Vagrantfile

@@ -0,0 +1,79 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+ 
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+ 
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "srv"
+ 
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+ 
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+ 
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+    config.vm.network "public_network"
+ 
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+ 
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessable to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+ 
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+    config.vm.provider "virtualbox" do |vb|
+      # Display the VirtualBox GUI when booting the machine
+      vb.gui = false
+   
+      # Customize the amount of memory on the VM:
+      vb.memory = "1024"
+    end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+ 
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
+     apt-get update
+     apt-get install -y vim wget curl neovim mc git
+   SHELL
+end

bts_annee_2/vagrantfiles/terraform/.vagrant/machines/default/virtualbox/action_provision

@@ -0,0 +1 @@
+1.5:b9aeb3d1-4407-4d82-80b9-86c7b87e3ed9

bts_annee_2/vagrantfiles/terraform/.vagrant/machines/default/virtualbox/action_set_name

@@ -0,0 +1 @@
+1733148968

bts_annee_2/vagrantfiles/terraform/.vagrant/machines/default/virtualbox/box_meta

@@ -0,0 +1 @@
+{"name":"debian/bookworm64","version":"12.20240905.1","provider":"virtualbox","directory":"boxes/debian-VAGRANTSLASH-bookworm64/12.20240905.1/virtualbox"}

bts_annee_2/vagrantfiles/terraform/.vagrant/machines/default/virtualbox/creator_uid

@@ -0,0 +1 @@
+1010

bts_annee_2/vagrantfiles/terraform/.vagrant/machines/default/virtualbox/id

@@ -0,0 +1 @@
+b9aeb3d1-4407-4d82-80b9-86c7b87e3ed9

bts_annee_2/vagrantfiles/terraform/.vagrant/machines/default/virtualbox/index_uuid

@@ -0,0 +1 @@
+e9b668cf954346fea75c8148eb78fcc7

bts_annee_2/vagrantfiles/terraform/.vagrant/machines/default/virtualbox/private_key

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
+AAtzc2gtZWQyNTUxOQAAACARgX8gJRfa6oFNsshyAxHz+1PWlsbpG+KrEsbx
+LPQgIgAAAJAGI+l2BiPpdgAAAAtzc2gtZWQyNTUxOQAAACARgX8gJRfa6oFN
+sshyAxHz+1PWlsbpG+KrEsbxLPQgIgAAAECjMGeE018GlW9SHQFsDb0szA4z
+K1XNkHPEZEKf75hY5xGBfyAlF9rqgU2yyHIDEfP7U9aWxukb4qsSxvEs9CAi
+AAAAB3ZhZ3JhbnQBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----

bts_annee_2/vagrantfiles/terraform/.vagrant/machines/default/virtualbox/synced_folders

@@ -0,0 +1 @@
+{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/guillaume.emorine/vagrant/terraform","disabled":false,"__vagrantfile":true}}}

bts_annee_2/vagrantfiles/terraform/.vagrant/machines/default/virtualbox/vagrant_cwd

@@ -0,0 +1 @@
+/home/guillaume.emorine/vagrant/terraform

bts_annee_2/vagrantfiles/terraform/.vagrant/rgloader/loader.rb

@@ -0,0 +1,12 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# This file loads the proper rgloader/loader.rb file that comes packaged
+# with Vagrant so that encoded files can properly run with Vagrant.
+
+if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
+  require File.expand_path(
+    "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
+else
+  raise "Encoded files can't be read outside of the Vagrant installer."
+end

bts_annee_2/vagrantfiles/terraform/Vagrantfile

@@ -0,0 +1,79 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+ 
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+ 
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "terraform"
+ 
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+ 
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+ 
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+    config.vm.network "public_network"
+ 
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+ 
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessable to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+ 
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+    config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   # vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+      vb.memory = "1024"
+    end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+ 
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
+     apt-get update && apt-get upgrade
+     apt-get install -y gpg vim wget curl neovim mc git 
+   SHELL
+end

bts_annee_2/vagrantfiles/waf-modsecurity/.vagrant/machines/default/virtualbox/action_provision

@@ -0,0 +1 @@
+1.5:3b6256ab-67ca-4d72-9280-2f3d496867cc

bts_annee_2/vagrantfiles/waf-modsecurity/.vagrant/machines/default/virtualbox/action_set_name

@@ -0,0 +1 @@
+1733131100

bts_annee_2/vagrantfiles/waf-modsecurity/.vagrant/machines/default/virtualbox/box_meta

@@ -0,0 +1 @@
+{"name":"debian/bookworm64","version":"12.20240905.1","provider":"virtualbox","directory":"boxes/debian-VAGRANTSLASH-bookworm64/12.20240905.1/virtualbox"}

bts_annee_2/vagrantfiles/waf-modsecurity/.vagrant/machines/default/virtualbox/creator_uid

@@ -0,0 +1 @@
+1010

bts_annee_2/vagrantfiles/waf-modsecurity/.vagrant/machines/default/virtualbox/id

@@ -0,0 +1 @@
+3b6256ab-67ca-4d72-9280-2f3d496867cc

bts_annee_2/vagrantfiles/waf-modsecurity/.vagrant/machines/default/virtualbox/index_uuid

@@ -0,0 +1 @@
+48536ea7a68c4d07b248826db13f98cb

bts_annee_2/vagrantfiles/waf-modsecurity/.vagrant/machines/default/virtualbox/private_key

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
+AAtzc2gtZWQyNTUxOQAAACBS9gznrYoh8+E0NWVW3GQkiz2qR/h+jgajI1L1
+SN18pQAAAJBh5Ct2YeQrdgAAAAtzc2gtZWQyNTUxOQAAACBS9gznrYoh8+E0
+NWVW3GQkiz2qR/h+jgajI1L1SN18pQAAAED+YwoKm7T6WR+NiVl1drxikMUx
+ZQ24vE6tCd9c+aqzkFL2DOetiiHz4TQ1ZVbcZCSLPapH+H6OBqMjUvVI3Xyl
+AAAAB3ZhZ3JhbnQBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----

bts_annee_2/vagrantfiles/waf-modsecurity/.vagrant/machines/default/virtualbox/synced_folders

@@ -0,0 +1 @@
+{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/guillaume.emorine/vagrant/waf-modsecurity","disabled":false,"__vagrantfile":true}}}

bts_annee_2/vagrantfiles/waf-modsecurity/.vagrant/machines/default/virtualbox/vagrant_cwd

@@ -0,0 +1 @@
+/home/guillaume.emorine/vagrant/waf-modsecurity

bts_annee_2/vagrantfiles/waf-modsecurity/.vagrant/rgloader/loader.rb

@@ -0,0 +1,12 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# This file loads the proper rgloader/loader.rb file that comes packaged
+# with Vagrant so that encoded files can properly run with Vagrant.
+
+if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
+  require File.expand_path(
+    "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
+else
+  raise "Encoded files can't be read outside of the Vagrant installer."
+end

bts_annee_2/vagrantfiles/waf-modsecurity/Vagrantfile

@@ -0,0 +1,79 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+ 
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+ 
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "modsecurity"
+ 
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+ 
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+ 
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+    config.vm.network "public_network"
+ 
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+ 
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessable to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+ 
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+    config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   # vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+    end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+ 
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
+     apt-get update && apt-get upgrade
+     apt-get install -y vim wget curl neovim mc apache2 libapache2-mod-security2
+   SHELL
+end