nouveau fichier : bts_annee_2/cyber2/wordpress-lamp/README.md

nouveau fichier : bts_annee_2/cyber2/wordpress-lamp/compte-rendu-2024-09-30
	nouveau fichier : bts_annee_2/cyber2/wordpress-lamp/compterendudistant.sh
	nouveau fichier : bts_annee_2/cyber2/wordpress-lamp/ferm.conf
	nouveau fichier : bts_annee_2/cyber2/wordpress-lamp/goss.yaml
	renommé :         bts_annee_2/sisr2/seance_03/README.md -> bts_annee_2/sisr2/heartbeat_repa_charge/README.md
	renommé :         bts_annee_2/sisr2/seance_03/hb1/inst-hb1.sh -> bts_annee_2/sisr2/heartbeat_repa_charge/hb1/inst-hb1.sh
	renommé :         bts_annee_2/sisr2/seance_03/hb2/inst-hb2.sh -> bts_annee_2/sisr2/heartbeat_repa_charge/hb2/inst-hb2.sh
	renommé :         bts_annee_2/sisr2/seance_03/vagrant/Vagrantfile_bookworm -> bts_annee_2/sisr2/heartbeat_repa_charge/vagrant/Vagrantfile_bookworm
	renommé :         bts_annee_2/sisr2/seance_03/vagrant/Vagrantfile_rsync -> bts_annee_2/sisr2/heartbeat_repa_charge/vagrant/Vagrantfile_rsync
	renommé :         bts_annee_2/sisr2/seance_04/README.md -> bts_annee_2/sisr2/lvs_haproxy/README.md
	renommé :         bts_annee_2/sisr2/seance_04/lvs/haproxy.cfg -> bts_annee_2/sisr2/lvs_haproxy/lvs/haproxy.cfg
	renommé :         bts_annee_2/sisr2/seance_04/lvs/ipvs.sh -> bts_annee_2/sisr2/lvs_haproxy/lvs/ipvs.sh

README.md

@@ -2,4 +2,4 @@ Dépôt de fichiers personnels provenant de machines virtuelles utilisées en TP
 
 Ce Gitea contient aussi un script d'automatisation du processus de push et de pull, adaptés aux deux branches.
 
-Le dépôt a été passé en privé de manière possiblement permanente, pour garder mon travail exclusif à moi-même.
+Dépôt anciennement privé, devenu public le 16 Septembre 2024.

automate.sh

@@ -27,9 +27,12 @@ if [ $branch == 1 ] ; then
 		echo "Commit en cours..."
 		sleep 1
 		git commit
+		echo "Entrez la version du tag:"
+		read tag
+		git tag $tag
 		echo "Push des fichiers au Gitea, branche main..."
 		sleep 1
-		git push -q origin main
+		git push -q origin main --tag
 	fi
 
 elif [ $branch == 2 ] ; then
@@ -45,9 +48,12 @@ elif [ $branch == 2 ] ; then
 		echo "Commit en cours..."
 		sleep 1
 		git commit
+		echo "Entrez la version du tag:"
+		read tag
+		git tag $tag
 		echo "Push des fichiers au Gitea, branche test..."
 		sleep 1
-		git push -q origin test
+		git push -q origin test --tag
 	fi
 
 else

bts_annee_2/cyber2/wordpress-lamp/README.md

@@ -0,0 +1 @@
+Dossier avec les fichiers de configuration du pare-feu, le fichier de test goss et le script de récupération des informations sur le serveur Web Wordpress.

bts_annee_2/cyber2/wordpress-lamp/compte-rendu-2024-09-30

@@ -0,0 +1,100 @@
+# Scan des ports ouverts visibles depuis le poste physique
+
+lun. 30 sept. 2024 16:45:55 CEST
+Starting Nmap 7.93 ( https://nmap.org ) at 2024-09-30 16:45 CEST
+Nmap scan report for 172.16.0.152
+Host is up (0.00069s latency).
+Not shown: 997 filtered tcp ports (no-response)
+PORT    STATE SERVICE  VERSION
+22/tcp  open  ssh      OpenSSH 9.2p1 Debian 2+deb12u3 (protocol 2.0)
+| ssh-hostkey: 
+|   256 507a12ddb833cec5b87c576702e1682a (ECDSA)
+|_  256 c3bbd552f31fbd2d9fdd9e11ca521cbc (ED25519)
+80/tcp  open  http     Apache httpd 2.4.62 ((Debian))
+|_http-title: Did not follow redirect to https://172.16.0.152/
+|_http-server-header: Apache/2.4.62 (Debian)
+443/tcp open  ssl/http Apache httpd 2.4.62 ((Debian))
+|_http-server-header: Apache/2.4.62 (Debian)
+| tls-alpn: 
+|_  http/1.1
+|_http-title: Apache2 Debian Default Page: It works
+| ssl-cert: Subject: commonName=wordpress-ge/organizationName=Lyc\xC3\x83\xC2\xA9e Le Castel/stateOrProvinceName=Bourgogne/countryName=FR
+| Not valid before: 2024-09-26T13:11:27
+|_Not valid after:  2025-09-26T13:11:27
+|_ssl-date: TLS randomness does not represent time
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 23.30 seconds
+
+# Affichage des règles du pare-feu
+
+# Generated by iptables-save v1.8.9 on Mon Sep 30 16:46:17 2024
+*filter
+:INPUT DROP [30889:1853067]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [142:9272]
+-A INPUT -m state --state INVALID -j DROP
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
+-A FORWARD -m state --state INVALID -j DROP
+-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+COMMIT
+# Completed on Mon Sep 30 16:46:17 2024
+
+# Scan des ports UDP ouverts sur le serveur Web
+
+State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess                                   
+UNCONN 0      0         127.0.0.54:53        0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=19))
+UNCONN 0      0      127.0.0.53%lo:53        0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=17))
+UNCONN 0      0            0.0.0.0:5355      0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=11))
+
+# Scan des ports TCP ouverts sur le serveur Web
+
+State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess                                   
+LISTEN 0      4096         0.0.0.0:5355      0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=12))
+LISTEN 0      128          0.0.0.0:22        0.0.0.0:*    users:(("sshd",pid=404,fd=3))            
+LISTEN 0      100          0.0.0.0:25        0.0.0.0:*    users:(("master",pid=778,fd=13))         
+LISTEN 0      4096      127.0.0.54:53        0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=20))
+LISTEN 0      80         127.0.0.1:3306      0.0.0.0:*    users:(("mariadbd",pid=462,fd=20))       
+LISTEN 0      4096   127.0.0.53%lo:53        0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=18))
+
+# Résultats des tests Goss
+
+1..31
+ok 1 - Package: apache2: installed: matches expectation: true
+ok 2 - Package: apache2: version: matches expectation: ["2.4.62-1~deb12u1"]
+ok 3 - Package: mariadb-server: installed: matches expectation: true
+ok 4 - Package: mariadb-server: version: matches expectation: ["1:10.11.6-0+deb12u1"]
+ok 5 - Process: apache2: running: matches expectation: true
+ok 6 - Service: sshd: enabled: matches expectation: true
+ok 7 - Service: sshd: running: matches expectation: true
+ok 8 - Process: sshd: running: matches expectation: true
+ok 9 - Port: tcp:22: listening: matches expectation: true
+ok 10 - Port: tcp:22: ip: matches expectation: ["0.0.0.0"]
+ok 11 - Port: tcp6:22: listening: matches expectation: true
+ok 12 - Port: tcp6:22: ip: matches expectation: ["::"]
+ok 13 - User: sshd: exists: matches expectation: true
+ok 14 - User: sshd: uid: matches expectation: 103
+ok 15 - User: sshd: gid: matches expectation: 65534
+ok 16 - User: sshd: home: matches expectation: "/run/sshd"
+ok 17 - User: sshd: groups: matches expectation: ["nogroup"]
+ok 18 - User: sshd: shell: matches expectation: "/usr/sbin/nologin"
+ok 19 - Port: tcp6:80: listening: matches expectation: true
+ok 20 - Port: tcp6:80: ip: matches expectation: ["::"]
+ok 21 - Interface: eth0: exists: matches expectation: true
+ok 22 - Interface: eth0: addrs: matches expectation: ["172.16.0.152/24","fe80::be24:11ff:fe76:ac6f/64"]
+ok 23 - Interface: eth0: mtu: matches expectation: 1500
+ok 24 - Port: tcp6:443: listening: matches expectation: true
+ok 25 - Port: tcp6:443: ip: matches expectation: ["::"]
+ok 26 - Service: ssh: enabled: matches expectation: true
+ok 27 - Service: ssh: running: matches expectation: true
+ok 28 - Service: apache2: enabled: matches expectation: true
+ok 29 - Service: apache2: running: matches expectation: true
+ok 30 - HTTP: http://172.16.0.152/wordpress: status: matches expectation: 200
+ok 31 - HTTP: http://172.16.0.152/wordpress: Body: matches expectation: ["engagement"]

bts_annee_2/cyber2/wordpress-lamp/compterendudistant.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+DATE=$(date -I)
+echo "Scan nmap et comptes-rendus en cours de création, veuillez patienter..."
+echo -ne "# Scan des ports ouverts visibles depuis le poste physique\n\n" > compte-rendu-$DATE
+(date ; nmap -A 172.16.0.152 ) >> compte-rendu-$DATE
+echo -ne "\n# Affichage des règles du pare-feu\n\n" >> compte-rendu-$DATE
+ssh debian@172.16.0.152 "sudo iptables-legacy-save" >> compte-rendu-$DATE
+echo -ne "\n# Scan des ports UDP ouverts sur le serveur Web\n\n" >> compte-rendu-$DATE
+ssh debian@172.16.0.152 "sudo ss -lnu4p" >> compte-rendu-$DATE
+echo -ne "\n# Scan des ports TCP ouverts sur le serveur Web\n\n" >> compte-rendu-$DATE
+ssh debian@172.16.0.152 "sudo ss -lnt4p" >> compte-rendu-$DATE
+echo -ne "\n# Résultats des tests Goss\n\n" >> compte-rendu-$DATE
+ssh debian@172.16.0.152 "sudo goss v -f tap" >> compte-rendu-$DATE

bts_annee_2/cyber2/wordpress-lamp/ferm.conf

@@ -0,0 +1,43 @@
+# -*- shell-script -*-
+#
+#  Configuration file for ferm(1).
+#
+domain (ip) {
+    table filter {
+        chain INPUT {
+            policy DROP;
+
+            # connection tracking
+            mod state state INVALID DROP;
+            mod state state (ESTABLISHED RELATED) ACCEPT;
+
+            # allow local packet
+            interface lo ACCEPT;
+
+            # respond to ping
+            proto icmp ACCEPT; 
+
+            # allow SSH connections
+            proto tcp dport ssh ACCEPT;
+        
+	    # autorise les connexions HTTP et HTTPS
+	    proto tcp dport (http https) ACCEPT;
+	}
+        chain OUTPUT {
+            policy ACCEPT;
+
+            # connection tracking
+            #mod state state INVALID DROP;
+            mod state state (ESTABLISHED RELATED) ACCEPT;
+        }
+        chain FORWARD {
+            policy DROP;
+
+            # connection tracking
+            mod state state INVALID DROP;
+            mod state state (ESTABLISHED RELATED) ACCEPT;
+        }
+    }
+}
+
+@include ferm.d/;

bts_annee_2/cyber2/wordpress-lamp/goss.yaml

@@ -0,0 +1,73 @@
+package:
+    apache2:
+        installed: true
+        versions:
+            - 2.4.62-1~deb12u1
+    mariadb-server:
+        installed: true
+        versions:
+            - 1:10.11.6-0+deb12u1
+port:
+    tcp:22:
+        listening: true
+        ip:
+            - 0.0.0.0
+    tcp6:22:
+        listening: true
+        ip:
+            - '::'
+    tcp6:80:
+        listening: true
+        ip:
+            - '::'
+    tcp6:443:
+        listening: true
+        ip:
+            - '::'
+service:
+    apache2:
+        enabled: true
+        running: true
+    ssh:
+        enabled: true
+        running: true
+    sshd:
+        enabled: true
+        running: true
+user:
+    sshd:
+        exists: true
+        uid: 103
+        gid: 65534
+        groups:
+            - nogroup
+        home: /run/sshd
+        shell: /usr/sbin/nologin
+process:
+    apache2:
+        running: true
+    sshd:
+        running: true
+interface:
+    eth0:
+        exists: true
+        addrs:
+            - 172.16.0.152/24
+            - fe80::be24:11ff:fe76:ac6f/64
+        mtu: 1500
+http:
+    http://172.16.0.152/wordpress:
+        status: 200
+        allow-insecure: true
+        no-follow-redirects: false
+        timeout: 5000
+        body:
+          - engagement
+https:
+    https://172.16.0.152/wordpress:
+        status: 200
+        allow-insecure: true
+        no-follow-redirects: false
+        timeout: 5000
+        body:
+          - engagement

bts_annee_2/sisr2/heartbeat_repa_charge/README.md

@@ -0,0 +1,2 @@
+Vagrantfiles de la troisième séance en SISR, et scripts pour le heartbeat.
+Les dossiers nominaux sont les machines du heartbeat.

bts_annee_2/sisr2/heartbeat_repa_charge/hb1/inst-hb1.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+# les bases 
+#  noeud hb1  : 192.168.0.101 
+#  noeud hb2  : 192.168.0.102 
+#  addr virt. : 192.168.0.103 
+    
+sed -i 's/bookworm/hb1/g' /etc/host{s,name}
+apt update
+apt install -y heartbeat apache2 net-tools
+systemctl disable apache2
+
+cat <<EOT> /etc/network/interfaces.d/enp0s3
+allow-hotplug enp0s3
+iface enp0s3 inet static
+address 192.168.0.101/24 # a adapter pour hb2
+EOT
+
+cat <<EOT> /etc/network/interfaces.d/enp0s8
+allow-hotplug enp0s8
+iface enp0s8 inet static
+address 10.0.0.1/24      # a adapter pour hb2
+EOT
+
+cd /usr/share/doc/heartbeat
+gunzip *.gz
+cp ha.cf /etc/ha.d
+cp haresources /etc/ha.d
+cp authkeys /etc/ha.d
+cd /etc/ha.d
+echo "192.168.0.102 hb2" >> /etc/hosts # a adapter pour hb2
+
+cat <<EOT >> /etc/ha.d/ha.cf
+bcast enp0s8
+node hb1
+node hb2
+pacemaker off
+EOT
+
+# echo " hb1 192.168.0.103 apache2" >> /etc/ha.d/haresources pou Debian buster
+echo " hb1 192.168.0.103/24/enp0s3 apache2" >> /etc/ha.d/haresources 
+
+cat <<EOT >> /etc/ha.d/authkeys
+auth 1
+1 crc
+EOT
+
+chmod 600 /etc/ha.d/authkeys
+echo hb1 > /var/www/html/index.html # a adapter pour hb2
+ #

bts_annee_2/sisr2/heartbeat_repa_charge/hb2/inst-hb2.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+# les bases 
+#  noeud hb1  : 192.168.0.101 
+#  noeud hb2  : 192.168.0.102 
+#  addr virt. : 192.168.0.103 
+    
+sed -i 's/bookworm/hb2/g' /etc/host{s,name}
+apt update
+apt install -y heartbeat apache2 net-tools
+systemctl disable apache2
+
+cat <<EOT> /etc/network/interfaces.d/enp0s3
+allow-hotplug enp0s3
+iface enp0s3 inet static
+address 192.168.0.102/24 # a adapter pour hb2
+EOT
+
+cat <<EOT> /etc/network/interfaces.d/enp0s8
+allow-hotplug enp0s8
+iface enp0s8 inet static
+address 10.0.0.2/24      # a adapter pour hb2
+EOT
+
+cd /usr/share/doc/heartbeat
+gunzip *.gz
+cp ha.cf /etc/ha.d
+cp haresources /etc/ha.d
+cp authkeys /etc/ha.d
+cd /etc/ha.d
+echo "192.168.0.101 hb1" >> /etc/hosts # a adapter pour hb2
+
+cat <<EOT >> /etc/ha.d/ha.cf
+bcast enp0s8
+node hb1
+node hb2
+pacemaker off
+EOT
+
+# echo " hb1 192.168.0.103 apache2" >> /etc/ha.d/haresources pou Debian buster
+echo " hb1 192.168.0.103/24/enp0s3 apache2" >> /etc/ha.d/haresources 
+
+cat <<EOT >> /etc/ha.d/authkeys
+auth 1
+1 crc
+EOT
+
+chmod 600 /etc/ha.d/authkeys
+echo hb2 > /var/www/html/index.html # a adapter pour hb2
+ #

bts_annee_2/sisr2/lvs_haproxy/README.md

@@ -0,0 +1 @@
+Dossier avec les fichiers provenant de la machine LVS pour l'équilibrage des charges.

bts_annee_2/sisr2/lvs_haproxy/lvs/haproxy.cfg

@@ -0,0 +1,44 @@
+global
+	log /dev/log	local0
+	log /dev/log	local1 notice
+	chroot /var/lib/haproxy
+	stats socket /run/haproxy/admin.sock mode 660 level admin
+	stats timeout 30s
+	user haproxy
+	group haproxy
+	daemon
+
+	# Default SSL material locations
+	ca-base /etc/ssl/certs
+	crt-base /etc/ssl/private
+
+	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
+        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
+
+defaults
+	log	global
+	mode	http
+	option	httplog
+	option	dontlognull
+        timeout connect 5000
+        timeout client  50000
+        timeout server  50000
+	errorfile 400 /etc/haproxy/errors/400.http
+	errorfile 403 /etc/haproxy/errors/403.http
+	errorfile 408 /etc/haproxy/errors/408.http
+	errorfile 500 /etc/haproxy/errors/500.http
+	errorfile 502 /etc/haproxy/errors/502.http
+	errorfile 503 /etc/haproxy/errors/503.http
+	errorfile 504 /etc/haproxy/errors/504.http
+# conf perso
+frontend front_webservers
+	bind *:80
+	default_backend backend_webservers
+	option forwardfor
+
+backend backend_webservers
+	balance roundrobin
+	server web1-ge 172.16.1.1:80 check
+	server web2-ge 172.16.1.2:80 check

bts_annee_2/sisr2/lvs_haproxy/lvs/ipvs.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+ipvsadm -A -t 192.168.0.150:80 -s rr
+ipvsadm -a -t 192.168.0.150:80 -r 172.16.1.1:80 -m
+ipvsadm -a -t 192.168.0.150:80 -r 172.16.1.2:80 -m
+ipvsadm -L

bts_annee_2/sisr2/pxe/DHCP/README.md

@@ -0,0 +1 @@
+Fichiers de configuration du serveur DHCP de la machine PXE.

bts_annee_2/sisr2/pxe/DHCP/dhcpd.conf

@@ -0,0 +1,112 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+#option domain-name "example.org";
+option domain-name-servers 10.121.38.7, 10.121.38.8;
+
+default-lease-time 100000;
+max-lease-time 7200000;
+
+allow booting;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+subnet 192.168.1.0 netmask 255.255.255.0 {
+  range 192.168.1.10 192.168.1.20;
+  option broadcast-address 192.168.1.255;
+  option routers 192.168.1.100;
+  next-server 192.168.1.100;
+  filename "pxelinux.0";
+}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.example.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}

bts_annee_2/sisr2/pxe/DHCP/isc-dhcp-server

@@ -0,0 +1,18 @@
+# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
+#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+DHCPDv4_PID=/var/run/dhcpd.pid
+#DHCPDv6_PID=/var/run/dhcpd6.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="enp0s8"
+INTERFACESv6=""

bts_annee_2/sisr2/pxe/Interfaces/README.md

@@ -0,0 +1 @@
+Fichiers d'interfaces réseau des deux cartes de la machine PXE.

bts_annee_2/sisr2/pxe/Interfaces/enp0s3

@@ -0,0 +1,3 @@
+# generated by FAI
+auto enp0s3
+iface enp0s3 inet dhcp

bts_annee_2/sisr2/pxe/Interfaces/enp0s8

@@ -0,0 +1,4 @@
+# generated by FAI
+auto enp0s8
+iface enp0s8 inet static
+address 192.168.1.100/24

bts_annee_2/sisr2/pxe/README.md

@@ -0,0 +1 @@
+Fichiers de configuration de la cinquième séance de SISR, sur PXE et le Netboot.

bts_annee_2/sisr2/pxe/nftables/README.md

@@ -0,0 +1 @@
+Fichier de configuration nftables de la machine PXE.

bts_annee_2/sisr2/pxe/nftables/nftables.conf

@@ -0,0 +1,24 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+	chain input {
+		type filter hook input priority filter;
+	}
+	chain forward {
+		type filter hook forward priority filter;
+	}
+	chain output {
+		type filter hook output priority filter;
+	}
+}
+table inet nat {
+	chain prerouting {
+		type nat hook prerouting priority 0;
+	}
+	chain postrouting {
+		type nat hook postrouting priority 100;
+		oifname "enp0s3" masquerade
+	}
+}

bts_annee_2/sisr2/pxe/routing_command

@@ -0,0 +1 @@
+sysctl net.ipv4.ip_forward=1

bts_annee_2/sisr2/seance_03/README.md

@@ -1 +0,0 @@
-Vagrantfiles de la troisième séance en SISR.