# Scan des ports ouverts visibles depuis le poste physique

lun. 30 sept. 2024 16:45:55 CEST
Starting Nmap 7.93 ( https://nmap.org ) at 2024-09-30 16:45 CEST
Nmap scan report for 172.16.0.152
Host is up (0.00069s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT    STATE SERVICE  VERSION
22/tcp  open  ssh      OpenSSH 9.2p1 Debian 2+deb12u3 (protocol 2.0)
| ssh-hostkey: 
|   256 507a12ddb833cec5b87c576702e1682a (ECDSA)
|_  256 c3bbd552f31fbd2d9fdd9e11ca521cbc (ED25519)
80/tcp  open  http     Apache httpd 2.4.62 ((Debian))
|_http-title: Did not follow redirect to https://172.16.0.152/
|_http-server-header: Apache/2.4.62 (Debian)
443/tcp open  ssl/http Apache httpd 2.4.62 ((Debian))
|_http-server-header: Apache/2.4.62 (Debian)
| tls-alpn: 
|_  http/1.1
|_http-title: Apache2 Debian Default Page: It works
| ssl-cert: Subject: commonName=wordpress-ge/organizationName=Lyc\xC3\x83\xC2\xA9e Le Castel/stateOrProvinceName=Bourgogne/countryName=FR
| Not valid before: 2024-09-26T13:11:27
|_Not valid after:  2025-09-26T13:11:27
|_ssl-date: TLS randomness does not represent time
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 23.30 seconds

# Affichage des règles du pare-feu

# Generated by iptables-save v1.8.9 on Mon Sep 30 16:46:17 2024
*filter
:INPUT DROP [30889:1853067]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [142:9272]
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Mon Sep 30 16:46:17 2024

# Scan des ports UDP ouverts sur le serveur Web

State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess                                   
UNCONN 0      0         127.0.0.54:53        0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=19))
UNCONN 0      0      127.0.0.53%lo:53        0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=17))
UNCONN 0      0            0.0.0.0:5355      0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=11))

# Scan des ports TCP ouverts sur le serveur Web

State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess                                   
LISTEN 0      4096         0.0.0.0:5355      0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=12))
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*    users:(("sshd",pid=404,fd=3))            
LISTEN 0      100          0.0.0.0:25        0.0.0.0:*    users:(("master",pid=778,fd=13))         
LISTEN 0      4096      127.0.0.54:53        0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=20))
LISTEN 0      80         127.0.0.1:3306      0.0.0.0:*    users:(("mariadbd",pid=462,fd=20))       
LISTEN 0      4096   127.0.0.53%lo:53        0.0.0.0:*    users:(("systemd-resolve",pid=267,fd=18))

# Résultats des tests Goss

1..31
ok 1 - Package: apache2: installed: matches expectation: true
ok 2 - Package: apache2: version: matches expectation: ["2.4.62-1~deb12u1"]
ok 3 - Package: mariadb-server: installed: matches expectation: true
ok 4 - Package: mariadb-server: version: matches expectation: ["1:10.11.6-0+deb12u1"]
ok 5 - Process: apache2: running: matches expectation: true
ok 6 - Service: sshd: enabled: matches expectation: true
ok 7 - Service: sshd: running: matches expectation: true
ok 8 - Process: sshd: running: matches expectation: true
ok 9 - Port: tcp:22: listening: matches expectation: true
ok 10 - Port: tcp:22: ip: matches expectation: ["0.0.0.0"]
ok 11 - Port: tcp6:22: listening: matches expectation: true
ok 12 - Port: tcp6:22: ip: matches expectation: ["::"]
ok 13 - User: sshd: exists: matches expectation: true
ok 14 - User: sshd: uid: matches expectation: 103
ok 15 - User: sshd: gid: matches expectation: 65534
ok 16 - User: sshd: home: matches expectation: "/run/sshd"
ok 17 - User: sshd: groups: matches expectation: ["nogroup"]
ok 18 - User: sshd: shell: matches expectation: "/usr/sbin/nologin"
ok 19 - Port: tcp6:80: listening: matches expectation: true
ok 20 - Port: tcp6:80: ip: matches expectation: ["::"]
ok 21 - Interface: eth0: exists: matches expectation: true
ok 22 - Interface: eth0: addrs: matches expectation: ["172.16.0.152/24","fe80::be24:11ff:fe76:ac6f/64"]
ok 23 - Interface: eth0: mtu: matches expectation: 1500
ok 24 - Port: tcp6:443: listening: matches expectation: true
ok 25 - Port: tcp6:443: ip: matches expectation: ["::"]
ok 26 - Service: ssh: enabled: matches expectation: true
ok 27 - Service: ssh: running: matches expectation: true
ok 28 - Service: apache2: enabled: matches expectation: true
ok 29 - Service: apache2: running: matches expectation: true
ok 30 - HTTP: http://172.16.0.152/wordpress: status: matches expectation: 200
ok 31 - HTTP: http://172.16.0.152/wordpress: Body: matches expectation: ["engagement"]