Ajout des derniers fichiers du TP sur Ansible, fonctionnel et validé.

Reviewed-on: #38

automate.sh

@@ -11,52 +11,24 @@ export https_proxy="http://10.121.38.1:8080/"
 echo "Voulez-vous récupérer les fichiers du dépôt ou effectuer un push sur le dépôt ? [1 = Pull, 2 = Push]"
 read answer
 
-echo "Quelle branche est concernée ? [1 = main, 2 = test]"
-read branch
-
-if [ $branch == 1 ] ; then
-	if [ $answer == 1 ] ; then
-		git checkout main
-		echo "Récupération des fichiers à jour, branche main..."
-		git pull -q origin main
-	else
-		git checkout main
-		echo "Ajout des fichiers au Gitea..."
-		sleep 1
-		git add .
-		echo "Commit en cours..."
-		sleep 1
-		git commit
-		echo "Entrez la version du tag:"
-		read tag
-		git tag $tag
-		echo "Push des fichiers au Gitea, branche main..."
-		sleep 1
-		git push -q origin main --tag
-	fi
-
-elif [ $branch == 2 ] ; then
-	if [ $answer == 1 ] ; then
-		git checkout test
-		echo "Récupération des fichiers à jour dans la branche test..."
-		git pull -q origin test
-	else
-		git checkout test
-		echo "Ajout des fichiers au Gitea, branche test..."
-		sleep 1
-		git add .
-		echo "Commit en cours..."
-		sleep 1
-		git commit
-		echo "Entrez la version du tag:"
-		read tag
-		git tag $tag
-		echo "Push des fichiers au Gitea, branche test..."
-		sleep 1
-		git push -q origin test --tag
-	fi
-
+if [ $answer == 1 ] ; then
+	git checkout main
+	echo "Récupération des fichiers à jour, branche main..."
+	git pull -q origin main
+	echo "Fichiers à jour récupérés."
 else
-	echo "Choisissez une branche et une option valide. Veuillez relancer le script"
-
-fi
+	git checkout main
+	echo "Ajout des fichiers au Gitea..."
+	sleep 1
+	git add .
+	echo "Commit en cours..."
+	sleep 1
+	git commit
+	git tag -l "v.0*" --sort="-v:refname"
+	echo "Entrez la version du tag: (Le plus récent est en haut)"
+	read tag
+	git tag $tag
+	echo "Push des fichiers au Gitea, branche main..."
+	sleep 1
+	git push -q origin main --tag
+fi

bts_annee_2/cyber2/vpn-ipsec/README.md

@@ -0,0 +1 @@
+Dossier avec les fichiers de configuration du tunnel IPsec fait en TP, ainsi que les IPs et tables de routage.

bts_annee_2/cyber2/vpn-ipsec/gw1/README.md

@@ -0,0 +1 @@
+Il faut renommer le fichier ipsec-gw1.conf en ipsec.conf et le placer dans /etc/ .

bts_annee_2/cyber2/vpn-ipsec/gw1/config_ip_gw1

@@ -0,0 +1,18 @@
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+    inet 127.0.0.1/8 scope host lo
+       valid_lft forever preferred_lft forever
+    inet6 ::1/128 scope host noprefixroute 
+       valid_lft forever preferred_lft forever
+2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
+    link/ether 08:00:27:71:ec:44 brd ff:ff:ff:ff:ff:ff
+    inet 192.168.1.1/24 brd 192.168.1.255 scope global enp0s3
+       valid_lft forever preferred_lft forever
+    inet6 fe80::a00:27ff:fe71:ec44/64 scope link 
+       valid_lft forever preferred_lft forever
+3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
+    link/ether 08:00:27:c2:6d:0b brd ff:ff:ff:ff:ff:ff
+    inet 10.0.0.1/24 brd 10.0.0.255 scope global enp0s8
+       valid_lft forever preferred_lft forever
+    inet6 fe80::a00:27ff:fec2:6d0b/64 scope link 
+       valid_lft forever preferred_lft forever

bts_annee_2/cyber2/vpn-ipsec/gw1/ipsec-gw1.conf

@@ -0,0 +1,23 @@
+config setup
+        charondebug="all"
+        uniqueids=yes
+        strictcrlpolicy=no
+conn %default
+conn tunnel #
+        left=10.0.0.1
+        leftsubnet=192.168.1.0/24
+        right=10.0.0.2
+        rightsubnet=192.168.2.0/24
+        ike=aes256-sha2_256-modp1024!
+        esp=aes256-sha2_256!
+        keyingtries=0
+        ikelifetime=1h
+        lifetime=8h
+        dpddelay=30
+        dpdtimeout=120
+        dpdaction=restart
+        authby=secret
+        auto=start
+        keyexchange=ikev2
+        type=tunnel
+

bts_annee_2/cyber2/vpn-ipsec/gw1/table_routage_gw1

@@ -0,0 +1,3 @@
+10.0.0.0/24 dev enp0s8 proto kernel scope link src 10.0.0.1 
+192.168.1.0/24 dev enp0s3 proto kernel scope link src 192.168.1.1 
+192.168.2.0/24 via 192.168.1.1 dev enp0s3 

bts_annee_2/cyber2/vpn-ipsec/gw2/README.md

@@ -0,0 +1 @@
+Il faut renommer le fichier ipsec-gw2.conf en ipsec.conf et le placer dans /etc/ .

bts_annee_2/cyber2/vpn-ipsec/gw2/config_ip_gw2

@@ -0,0 +1,18 @@
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+    inet 127.0.0.1/8 scope host lo
+       valid_lft forever preferred_lft forever
+    inet6 ::1/128 scope host noprefixroute 
+       valid_lft forever preferred_lft forever
+2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
+    link/ether 08:00:27:35:ba:6d brd ff:ff:ff:ff:ff:ff
+    inet 192.168.2.1/24 brd 192.168.2.255 scope global enp0s3
+       valid_lft forever preferred_lft forever
+    inet6 fe80::a00:27ff:fe35:ba6d/64 scope link 
+       valid_lft forever preferred_lft forever
+3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
+    link/ether 08:00:27:ea:8b:77 brd ff:ff:ff:ff:ff:ff
+    inet 10.0.0.2/24 brd 10.0.0.255 scope global enp0s8
+       valid_lft forever preferred_lft forever
+    inet6 fe80::a00:27ff:feea:8b77/64 scope link 
+       valid_lft forever preferred_lft forever

bts_annee_2/cyber2/vpn-ipsec/gw2/ipsec-gw2.conf

@@ -0,0 +1,23 @@
+config setup
+        charondebug="all"
+        uniqueids=yes
+        strictcrlpolicy=no
+conn %default
+conn tunnel #
+        left=10.0.0.2
+        leftsubnet=192.168.2.0/24
+        right=10.0.0.1
+        rightsubnet=192.168.1.0/24
+        ike=aes256-sha2_256-modp1024!
+        esp=aes256-sha2_256!
+        keyingtries=0
+        ikelifetime=1h
+        lifetime=8h
+        dpddelay=30
+        dpdtimeout=120
+        dpdaction=restart
+        authby=secret
+        auto=start
+        keyexchange=ikev2
+        type=tunnel
+

bts_annee_2/cyber2/vpn-ipsec/gw2/table_routage_gw2

@@ -0,0 +1,2 @@
+10.0.0.0/24 dev enp0s8 proto kernel scope link src 10.0.0.2 
+192.168.2.0/24 dev enp0s3 proto kernel scope link src 192.168.2.1 

bts_annee_2/cyber2/wordpress-lamp/README.md

@@ -0,0 +1 @@
+Dossier avec les fichiers de configuration du pare-feu, le fichier de test goss et le script de récupération des informations sur le serveur Web Wordpress.

bts_annee_2/cyber2/wordpress-lamp/compte-rendu-2024-09-30

@@ -0,0 +1,100 @@
+# Scan des ports ouverts visibles depuis le poste physique
+
+lun. 30 sept. 2024 16:45:55 CEST
+Starting Nmap 7.93 ( https://nmap.org ) at 2024-09-30 16:45 CEST
+Nmap scan report for 172.16.0.152
+Host is up (0.00069s latency).
+Not shown: 997 filtered tcp ports (no-response)
+PORT    STATE SERVICE  VERSION
+22/tcp  open  ssh      OpenSSH 9.2p1 Debian 2+deb12u3 (protocol 2.0)
+| ssh-hostkey: 
+|   256 507a12ddb833cec5b87c576702e1682a (ECDSA)
+|_  256 c3bbd552f31fbd2d9fdd9e11ca521cbc (ED25519)
+80/tcp  open  http     Apache httpd 2.4.62 ((Debian))
+|_http-title: Did not follow redirect to https://172.16.0.152/
+|_http-server-header: Apache/2.4.62 (Debian)
+443/tcp open  ssl/http Apache httpd 2.4.62 ((Debian))
+|_http-server-header: Apache/2.4.62 (Debian)
+| tls-alpn: 
+|_  http/1.1
+|_http-title: Apache2 Debian Default Page: It works
+| ssl-cert: Subject: commonName=wordpress-ge/organizationName=Lyc\xC3\x83\xC2\xA9e Le Castel/stateOrProvinceName=Bourgogne/countryName=FR
+| Not valid before: 2024-09-26T13:11:27
+|_Not valid after:  2025-09-26T13:11:27
+|_ssl-date: TLS randomness does not represent time
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 23.30 seconds
+
+# Affichage des règles du pare-feu
+
+# Generated by iptables-save v1.8.9 on Mon Sep 30 16:46:17 2024
+*filter
+:INPUT DROP [30889:1853067]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [142:9272]
+-A INPUT -m state --state INVALID -j DROP
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
+-A FORWARD -m state --state INVALID -j DROP
+-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+COMMIT
+# Completed on Mon Sep 30 16:46:17 2024
+
+# Scan des ports UDP ouverts sur le serveur Web
+
+State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess                                   
+UNCONN 0      0         127.0.0.54:53        0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=19))
+UNCONN 0      0      127.0.0.53%lo:53        0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=17))
+UNCONN 0      0            0.0.0.0:5355      0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=11))
+
+# Scan des ports TCP ouverts sur le serveur Web
+
+State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess                                   
+LISTEN 0      4096         0.0.0.0:5355      0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=12))
+LISTEN 0      128          0.0.0.0:22        0.0.0.0:*    users:(("sshd",pid=404,fd=3))            
+LISTEN 0      100          0.0.0.0:25        0.0.0.0:*    users:(("master",pid=778,fd=13))         
+LISTEN 0      4096      127.0.0.54:53        0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=20))
+LISTEN 0      80         127.0.0.1:3306      0.0.0.0:*    users:(("mariadbd",pid=462,fd=20))       
+LISTEN 0      4096   127.0.0.53%lo:53        0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=18))
+
+# Résultats des tests Goss
+
+1..31
+ok 1 - Package: apache2: installed: matches expectation: true
+ok 2 - Package: apache2: version: matches expectation: ["2.4.62-1~deb12u1"]
+ok 3 - Package: mariadb-server: installed: matches expectation: true
+ok 4 - Package: mariadb-server: version: matches expectation: ["1:10.11.6-0+deb12u1"]
+ok 5 - Process: apache2: running: matches expectation: true
+ok 6 - Service: sshd: enabled: matches expectation: true
+ok 7 - Service: sshd: running: matches expectation: true
+ok 8 - Process: sshd: running: matches expectation: true
+ok 9 - Port: tcp:22: listening: matches expectation: true
+ok 10 - Port: tcp:22: ip: matches expectation: ["0.0.0.0"]
+ok 11 - Port: tcp6:22: listening: matches expectation: true
+ok 12 - Port: tcp6:22: ip: matches expectation: ["::"]
+ok 13 - User: sshd: exists: matches expectation: true
+ok 14 - User: sshd: uid: matches expectation: 103
+ok 15 - User: sshd: gid: matches expectation: 65534
+ok 16 - User: sshd: home: matches expectation: "/run/sshd"
+ok 17 - User: sshd: groups: matches expectation: ["nogroup"]
+ok 18 - User: sshd: shell: matches expectation: "/usr/sbin/nologin"
+ok 19 - Port: tcp6:80: listening: matches expectation: true
+ok 20 - Port: tcp6:80: ip: matches expectation: ["::"]
+ok 21 - Interface: eth0: exists: matches expectation: true
+ok 22 - Interface: eth0: addrs: matches expectation: ["172.16.0.152/24","fe80::be24:11ff:fe76:ac6f/64"]
+ok 23 - Interface: eth0: mtu: matches expectation: 1500
+ok 24 - Port: tcp6:443: listening: matches expectation: true
+ok 25 - Port: tcp6:443: ip: matches expectation: ["::"]
+ok 26 - Service: ssh: enabled: matches expectation: true
+ok 27 - Service: ssh: running: matches expectation: true
+ok 28 - Service: apache2: enabled: matches expectation: true
+ok 29 - Service: apache2: running: matches expectation: true
+ok 30 - HTTP: http://172.16.0.152/wordpress: status: matches expectation: 200
+ok 31 - HTTP: http://172.16.0.152/wordpress: Body: matches expectation: ["engagement"]

bts_annee_2/cyber2/wordpress-lamp/compterendudistant.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+DATE=$(date -I)
+echo "Scan nmap et comptes-rendus en cours de création, veuillez patienter..."
+echo -ne "# Scan des ports ouverts visibles depuis le poste physique\n\n" > compte-rendu-$DATE
+(date ; nmap -A 172.16.0.152 ) >> compte-rendu-$DATE
+echo -ne "\n# Affichage des règles du pare-feu\n\n" >> compte-rendu-$DATE
+ssh debian@172.16.0.152 "sudo iptables-legacy-save" >> compte-rendu-$DATE
+echo -ne "\n# Scan des ports UDP ouverts sur le serveur Web\n\n" >> compte-rendu-$DATE
+ssh debian@172.16.0.152 "sudo ss -lnu4p" >> compte-rendu-$DATE
+echo -ne "\n# Scan des ports TCP ouverts sur le serveur Web\n\n" >> compte-rendu-$DATE
+ssh debian@172.16.0.152 "sudo ss -lnt4p" >> compte-rendu-$DATE
+echo -ne "\n# Résultats des tests Goss\n\n" >> compte-rendu-$DATE
+ssh debian@172.16.0.152 "sudo goss v -f tap" >> compte-rendu-$DATE

bts_annee_2/cyber2/wordpress-lamp/ferm.conf

@@ -0,0 +1,43 @@
+# -*- shell-script -*-
+#
+#  Configuration file for ferm(1).
+#
+domain (ip) {
+    table filter {
+        chain INPUT {
+            policy DROP;
+
+            # connection tracking
+            mod state state INVALID DROP;
+            mod state state (ESTABLISHED RELATED) ACCEPT;
+
+            # allow local packet
+            interface lo ACCEPT;
+
+            # respond to ping
+            proto icmp ACCEPT; 
+
+            # allow SSH connections
+            proto tcp dport ssh ACCEPT;
+        
+	    # autorise les connexions HTTP et HTTPS
+	    proto tcp dport (http https) ACCEPT;
+	}
+        chain OUTPUT {
+            policy ACCEPT;
+
+            # connection tracking
+            #mod state state INVALID DROP;
+            mod state state (ESTABLISHED RELATED) ACCEPT;
+        }
+        chain FORWARD {
+            policy DROP;
+
+            # connection tracking
+            mod state state INVALID DROP;
+            mod state state (ESTABLISHED RELATED) ACCEPT;
+        }
+    }
+}
+
+@include ferm.d/;

bts_annee_2/cyber2/wordpress-lamp/goss.yaml

@@ -0,0 +1,73 @@
+package:
+    apache2:
+        installed: true
+        versions:
+            - 2.4.62-1~deb12u1
+    mariadb-server:
+        installed: true
+        versions:
+            - 1:10.11.6-0+deb12u1
+port:
+    tcp:22:
+        listening: true
+        ip:
+            - 0.0.0.0
+    tcp6:22:
+        listening: true
+        ip:
+            - '::'
+    tcp6:80:
+        listening: true
+        ip:
+            - '::'
+    tcp6:443:
+        listening: true
+        ip:
+            - '::'
+service:
+    apache2:
+        enabled: true
+        running: true
+    ssh:
+        enabled: true
+        running: true
+    sshd:
+        enabled: true
+        running: true
+user:
+    sshd:
+        exists: true
+        uid: 103
+        gid: 65534
+        groups:
+            - nogroup
+        home: /run/sshd
+        shell: /usr/sbin/nologin
+process:
+    apache2:
+        running: true
+    sshd:
+        running: true
+interface:
+    eth0:
+        exists: true
+        addrs:
+            - 172.16.0.152/24
+            - fe80::be24:11ff:fe76:ac6f/64
+        mtu: 1500
+http:
+    http://172.16.0.152/wordpress:
+        status: 200
+        allow-insecure: true
+        no-follow-redirects: false
+        timeout: 5000
+        body:
+          - engagement
+https:
+    https://172.16.0.152/wordpress:
+        status: 200
+        allow-insecure: true
+        no-follow-redirects: false
+        timeout: 5000
+        body:
+          - engagement

bts_annee_2/sisr2/README.md

@@ -1,2 +1,2 @@
 Dépôt de seconde année de SISR.
-Chaque dossier porte le numéro de la séance associée.
+Chaque dossier porte le nom du sujet associé.

bts_annee_2/sisr2/ansible/README.md

@@ -0,0 +1,2 @@
+Fichier hosts utilisé pour ansible lors du TP de la séance 16.
+Sont inclus les fichiers idempotents .yml d'ansible que j'ai fait, ainsi que le dossier avec tous les playbooks pour le DokuWiki.

bts_annee_2/sisr2/ansible/doku/README.md

@@ -0,0 +1 @@
+Dossier des playbooks DokuWiki.

bts_annee_2/sisr2/ansible/doku/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+ 
+[web]
+web1
+web2

bts_annee_2/sisr2/ansible/doku/local.yml

@@ -0,0 +1,4 @@
+- hosts: web
+  roles:
+  - web
+  - doku

bts_annee_2/sisr2/ansible/doku/main_doku.yml

@@ -0,0 +1,51 @@
+- name: 1. Récupération du tar.gz du DokuWiki
+  get_url:
+    url: http://depl/store/dokuwiki-stable.tgz
+    dest: /tmp
+
+- name: 2. Extraction de l'archive
+  unarchive:
+    src: /tmp/dokuwiki-stable.tgz
+    dest: /var/www/html
+    remote_src: yes
+
+- name: 3. Status des dossiers du Wiki
+  stat:
+    path: /var/www/html/dokuwiki-2024-02-06b
+  register: rept_stat
+
+- name: 4. On renomme les dossiers
+  command: mv /var/www/html/dokuwiki-2024-02-06b /var/www/html/doku
+  when: rept_stat.stat.exists
+
+- name: 5. Changement des droits sur la racine
+  file:
+    path: /var/www/html/doku
+    owner: root
+    group: root
+
+- name: 6. Changement des droits sur le dossier data
+  file:
+    path: /var/www/html/doku/data
+    owner: www-data
+    group: www-data
+    recurse: true
+
+- name: 7. Changement des droits sur le dossier conf
+  file:
+    path: /var/www/html/doku/conf
+    owner: www-data
+    group: www-data
+    recurse: true
+
+- name: 8. Changement des droits sur le dossier lib
+  file:
+    path: /var/www/html/doku/lib
+    owner: www-data
+    group: www-data
+    recurse: true
+
+- name: 9. Redémarre Apache2
+  service:
+    name: apache2
+    state: restarted

bts_annee_2/sisr2/ansible/doku/main_web.yml

@@ -0,0 +1,10 @@
+- name: 1. Installe les paquets requis pour le DokuWiki 
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+     - apache2
+     - php
+     - php-mbstring
+     - php-gd
+     - php-xml

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/action_provision

@@ -0,0 +1 @@
+1.5:958cb3af-259b-4658-a68d-c1857a1e413e

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/action_set_name

@@ -0,0 +1 @@
+1728918924

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/box_meta

@@ -0,0 +1 @@
+{"name":"debian/bookworm64","version":"12.20240905.1","provider":"virtualbox","directory":"boxes/debian-VAGRANTSLASH-bookworm64/12.20240905.1/virtualbox"}

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/creator_uid

@@ -0,0 +1 @@
+1010

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/id

@@ -0,0 +1 @@
+958cb3af-259b-4658-a68d-c1857a1e413e

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/index_uuid

@@ -0,0 +1 @@
+f61390876b004055816245659fd5bd63

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/private_key

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
+AAtzc2gtZWQyNTUxOQAAACCBZZKsafTtksM02cxu00M0JHuzu98jWAYjAE5g
+5nYQewAAAJAH27ajB9u2owAAAAtzc2gtZWQyNTUxOQAAACCBZZKsafTtksM0
+2cxu00M0JHuzu98jWAYjAE5g5nYQewAAAEC/FErqsFWPvvl2PPU4cwB4kJeI
+uUI3/pDFA1jD8ia3I4Flkqxp9O2SwzTZzG7TQzQke7O73yNYBiMATmDmdhB7
+AAAAB3ZhZ3JhbnQBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/synced_folders

@@ -0,0 +1 @@
+{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/guillaume.emorine/vagrant/testansible/dokuw","disabled":false,"__vagrantfile":true}}}

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/vagrant_cwd

@@ -0,0 +1 @@
+/home/guillaume.emorine/vagrant/testansible/dokuw

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory

@@ -0,0 +1,3 @@
+# Generated by Vagrant
+
+default ansible_ssh_host=127.0.0.1 ansible_ssh_port=2202 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='/home/guillaume.emorine/vagrant/testansible/dokuw/.vagrant/machines/default/virtualbox/private_key'

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/rgloader/loader.rb

@@ -0,0 +1,12 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# This file loads the proper rgloader/loader.rb file that comes packaged
+# with Vagrant so that encoded files can properly run with Vagrant.
+
+if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
+  require File.expand_path(
+    "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
+else
+  raise "Encoded files can't be read outside of the Vagrant installer."
+end

bts_annee_2/sisr2/ansible/doku_vagrant/README.md

@@ -0,0 +1 @@
+Dossier qui contient les fichiers du test vagrantfile + ansible.

bts_annee_2/sisr2/ansible/doku_vagrant/Vagrantfile

@@ -0,0 +1,30 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+
+  config.vm.box_check_update = true
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+
+  config.vm.network "forwarded_port", guest: 80, host: 8080
+  config.vm.network "forwarded_port", guest: 22, host: 2022
+
+  config.vm.provision "shell", inline: <<-SHELL
+     apt update && apt-get upgrade -y
+   SHELL
+ 
+   config.vm.provision "ansible" do |ansible|
+     ansible.playbook = "local.yml" # lance le playbook local.yml
+   end
+end

bts_annee_2/sisr2/ansible/doku_vagrant/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+ 
+[web]
+web1
+web2

bts_annee_2/sisr2/ansible/doku_vagrant/local.yml

@@ -0,0 +1,5 @@
+- hosts: all
+  become: yes
+  roles:
+  - web
+  - doku

bts_annee_2/sisr2/ansible/doku_vagrant/roles/doku/tasks/main.yml

@@ -0,0 +1,51 @@
+- name: 1. Récupération du tar.gz du DokuWiki
+  get_url:
+    url: http://depl/store/dokuwiki-stable.tgz
+    dest: /tmp
+
+- name: 2. Extraction de l'archive
+  unarchive:
+    src: /tmp/dokuwiki-stable.tgz
+    dest: /var/www/html
+    remote_src: yes
+
+- name: 3. Status des dossiers du Wiki
+  stat:
+    path: /var/www/html/dokuwiki-2024-02-06b
+  register: rept_stat
+
+- name: 4. On renomme les dossiers
+  command: mv /var/www/html/dokuwiki-2024-02-06b /var/www/html/doku
+  when: rept_stat.stat.exists
+
+- name: 5. Changement des droits sur la racine
+  file:
+    path: /var/www/html/doku
+    owner: root
+    group: root
+
+- name: 6. Changement des droits sur le dossier data
+  file:
+    path: /var/www/html/doku/data
+    owner: www-data
+    group: www-data
+    recurse: true
+
+- name: 7. Changement des droits sur le dossier conf
+  file:
+    path: /var/www/html/doku/conf
+    owner: www-data
+    group: www-data
+    recurse: true
+
+- name: 8. Changement des droits sur le dossier lib
+  file:
+    path: /var/www/html/doku/lib
+    owner: www-data
+    group: www-data
+    recurse: true
+
+- name: 9. Redémarre Apache2
+  service:
+    name: apache2
+    state: restarted

bts_annee_2/sisr2/ansible/doku_vagrant/roles/web/tasks/main.yml

@@ -0,0 +1,10 @@
+- name: 1. Installe les paquets requis pour le DokuWiki 
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+     - apache2
+     - php
+     - php-mbstring
+     - php-gd
+     - php-xml

bts_annee_2/sisr2/ansible/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+ 
+[web]
+web1
+web2

bts_annee_2/sisr2/ansible/squid.yml

@@ -0,0 +1,32 @@
+# squid.yml
+---
+- hosts: adm
+  vars:
+    - proxy_port: 8080
+    - proxy_mem: 128
+    - proxy_localnet: "192.168.0.0/24"
+
+  tasks:
+    - name: 1. Installe le proxy Squid sur la machine Infra.
+      apt:
+        name: squid
+        state: present
+
+# Uncomment this on FIRST RUN, comment afterwards !
+#    - name: 2. Récupère le fichier squid.conf.
+#      ansible.builtin.fetch:
+#        src: /etc/squid/squid.conf
+#        dest: squid.conf.j2
+#        flat: yes
+
+    - name: 3. Envoie squid.conf
+      template:
+        src: squid.conf.j2
+        dest: /etc/squid/squid.conf
+      notify: Restart squid
+  
+  handlers:
+    - name: Restart squid
+      service: 
+        name: squid
+        state: restarted

bts_annee_2/sisr2/ansible/syslog-cli.yml

@@ -0,0 +1,35 @@
+# syslog-cli.yml
+---
+- hosts: web
+  tasks:
+  - name: 1. Installe le paquet rsyslog.
+    apt: 
+      name: rsyslog
+      state: present
+
+  - name: 2. Ajoute la ligne pour forwarder les logs rsyslog au bon endroit.
+    lineinfile:
+      path: /etc/rsyslog.conf
+      line: '*.* @192.168.0.37:514'
+      create: yes
+    notify: Restart rsyslog
+
+  - name: 3. Forward les logs journald vers syslog.
+    replace:
+      path: /etc/systemd/journald.conf
+      regexp: '^#ForwardToSyslog=yes'
+      replace: 'ForwardToSyslog=yes'
+    notify: Restart journald
+
+  handlers:
+  - name: Restart rsyslog
+    service:
+      name: rsyslog
+      state: restarted
+
+  - name: Restart journald
+    service:
+      name: systemd-journald
+      state: restarted
+
+

bts_annee_2/sisr2/ansible/syslog.yml

@@ -0,0 +1,30 @@
+# syslog.yml
+---
+- hosts: adm
+  tasks:
+  - name: 1. Installe le paquet rsyslog.
+    apt: 
+      name: rsyslog
+      state: present
+
+  - name: 2. Active le module UDP sur le serveur syslog.
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#module\(load="imudp"\)'
+      replace: 'module(load="imudp")'
+    notify: Restart rsyslog
+
+  - name: 3. Active l'écoute sur le port UDP 514.
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#input\(type="imudp" port="514"\)'
+      replace: 'input(type="imudp" port="514")'
+    notify: Restart rsyslog
+
+  handlers:
+  - name: Restart rsyslog
+    service:
+      name: rsyslog
+      state: restarted
+
+

bts_annee_2/sisr2/ansible/web.yml

@@ -0,0 +1,21 @@
+# playbook.yml
+---
+- hosts: web
+  tasks:
+  - name: 1. installe Apache
+    apt: 
+      name: apache2
+      state: present
+  - name: 2. installe PHP pour Apache
+    apt:
+      name: php
+      state: present
+  - name: 3. installe php-mbstring
+    apt:
+      name: php-mbstring
+      state: present
+  - name: 4. installe index.html
+    copy:
+      src: index.html
+      dest: /var/www/html/index.html
+      mode: 0664 

bts_annee_2/sisr2/pxe/DHCP/README.md

@@ -0,0 +1 @@
+Fichiers de configuration du serveur DHCP de la machine PXE.

bts_annee_2/sisr2/pxe/Interfaces/README.md

@@ -0,0 +1 @@
+Fichiers d'interfaces réseau des deux cartes de la machine PXE.

bts_annee_2/sisr2/pxe/Interfaces/enp0s3

@@ -0,0 +1,3 @@
+# generated by FAI
+auto enp0s3
+iface enp0s3 inet dhcp

bts_annee_2/sisr2/pxe/Interfaces/enp0s8

@@ -0,0 +1,4 @@
+# generated by FAI
+auto enp0s8
+iface enp0s8 inet static
+address 192.168.1.100/24

bts_annee_2/sisr2/pxe/nftables/README.md

@@ -0,0 +1 @@
+Fichier de configuration nftables de la machine PXE.

bts_annee_2/sisr2/pxe/routing_command

@@ -0,0 +1 @@
+sysctl net.ipv4.ip_forward=1

bts_annee_2/sisr2/python/README.md

@@ -0,0 +1,2 @@
+Dépôt des fichiers Python faits lors de la séance du 3 Octobre, le matin.
+Le fichier users.txt est celui utilisé pour la création des comptes, pour l'exercice 4.

bts_annee_2/sisr2/python/createusers.py

@@ -0,0 +1,26 @@
+#!/usr/bin/python3
+import os
+import sys
+def create_user(login, full_name):
+    try:
+        os.system(f'sudo useradd -m -c "{full_name}" {login}')
+        print(f"Utilisateur {login} créé avec succès.")
+    except Exception as e:
+        print(f"Erreur lors de la création de l'utilisateur {login}: {e}")
+def main(filename):
+    try:
+        with open(filename, 'r') as file:
+            for line in file:
+                line = line.strip()
+                if line:
+                    login, full_name = line.split(':')
+                    create_user(login.strip(), full_name.strip())
+    except FileNotFoundError:
+        print(f"Le fichier {filename} n'a pas été trouvé.")
+    except Exception as e:
+        print(f"Erreur lors de la lecture du fichier {filename}: {e}")
+if __name__ == "__main__":
+    if len(sys.argv) != 2:
+        print("Usage: python creatusr.py <nom_du_fichier>")
+    else:
+        main(sys.argv[1])

bts_annee_2/sisr2/python/occurences.py

@@ -0,0 +1,18 @@
+#!/usr/bin/python3
+# Demander à l'utilisateur de saisir une phrase
+phrase = input("Entrez une phrase : ")
+# Convertir la phrase en liste de mots
+mots = phrase.split()
+# Crée un dictionnaire pour stocker les occurrences des mots
+occurrences = {}
+# Compter les occurrences de chaque mot
+for mot in mots:
+    if mot in occurrences:
+        occurrences[mot] += 1
+    else:
+        occurrences[mot] = 1
+# Afficher les mots et leurs occurrences
+print("Occurrences des mots :")
+for mot, count in occurrences.items():
+    print(f"{mot} : {count}"
+

bts_annee_2/sisr2/python/perimetre.py

@@ -0,0 +1,6 @@
+#!/usr/bin/python3
+# Récupération de la valeur du rayon
+rayon=int(input("Quel est le rayon du cercle ? "))
+# Calcul et affichage
+perim=(2*3.141592*rayon)
+print("Le périmètre vaut:",perim)

bts_annee_2/sisr2/python/tableau.py

@@ -0,0 +1,31 @@
+#!/usr/bin/python3
+# Les variables:
+tableau=[]
+i=0
+avg=0
+# Boucle while pour l'input et le remplissage du tableau
+while i < 4:
+    x=int(input("Entrez un chiffre : "))
+    tableau.append(x)
+    x=0
+    i=i+1
+# Fin de la boucle while, déclaration de variables pour la suite
+mini=tableau[0]
+maxi=tableau[0]
+# Boucle for pour obtenir les valeurs minimales et maximales
+for y in range (i):
+    if tableau[y] > maxi:
+        maxi=tableau[y]
+    if tableau[y] < mini:
+        mini=tableau[y]
+    avg=avg+tableau[y]
+    # Affichage de chaque élément du tableau
+    print(tableau[y])
+# Calcul de la moyenne
+avg=avg/i
+# Affichage final
+print("La plus grande valeur du tableau est: ",maxi)
+print("La plus petite valeur du tableau est: ",mini)
+print("La moyenne du tableau final est: ",avg)
+
+# On aurait pu faire ça 100x plus vite, mais faut se compliquer la vie.

bts_annee_2/sisr2/python/users.txt

@@ -0,0 +1,5 @@
+adupont:Albert Dupont
+jduroy:Jeannette Duroy
+gemorine:Guillaume Emorine
+jpauchet:Jarod Pauchet
+ngenret:Nathan Genret