nouveau fichier : sisr1/srv-dhcp/dhcpd.conf

nouveau fichier : sisr1/srv-dhcp/interfaces
	nouveau fichier : sisr1/srv-dhcp/isc-dhcp-server
	nouveau fichier : sisr1/srv-dhcp/nat.sh
	nouveau fichier : sisr1/srv-dns1/db.sio1lab.lan
	nouveau fichier : sisr1/srv-dns1/db.sio1lab.lan.rev
	nouveau fichier : sisr1/srv-dns1/interfaces
	nouveau fichier : sisr1/srv-dns1/named.conf.local
	nouveau fichier : sisr1/srv-dns1/named.conf.options
	nouveau fichier : sisr1/srv-dns1/resolv.conf
	nouveau fichier : sisr1/srv-dns1/sshd_config
	nouveau fichier : sisr1/srv-dns2/db.sio1lab.lan
	nouveau fichier : sisr1/srv-dns2/db.sio1lab.lan.rev
	nouveau fichier : sisr1/srv-dns2/interfaces
	nouveau fichier : sisr1/srv-dns2/named.conf.local
	nouveau fichier : sisr1/srv-dns2/named.conf.options
	nouveau fichier : sisr1/srv-dns2/resolv.conf

sisr1/srv-dhcp/dhcpd.conf

@@ -0,0 +1,113 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+
+#option domain-name-servers ns1.example.org, ns2.example.org;
+
+default-lease-time 600;
+max-lease-time 7200;
+
+option domain-name-servers 192.168.0.160;
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+subnet 192.168.2.0 netmask 255.255.255.0 {
+	range 192.168.2.5 192.168.2.50;
+	option routers 192.168.2.1;
+}
+host xp-master {
+   hardware ethernet 08:00:27:77:70:0d;
+   fixed-address 192.168.2.20;
+} 
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers 10.121.38.7, 10.121.38.8;{
+#  option domain-name "internal.example.org";
+#  option routers 192.168.2.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.example.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}

sisr1/srv-dhcp/interfaces

@@ -0,0 +1,19 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto enp0s3
+iface enp0s3 inet static
+	address 192.168.0.160/24
+	gateway 192.168.0.1
+
+auto enp0s8
+iface enp0s8 inet static
+address 192.168.2.1/24
+

sisr1/srv-dhcp/isc-dhcp-server

@@ -0,0 +1,18 @@
+# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
+#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+DHCPDv4_PID=/var/run/dhcpd.pid
+#DHCPDv6_PID=/var/run/dhcpd6.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="enp0s8"
+INTERFACESv6=""

sisr1/srv-dhcp/nat.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+  echo "1" > /proc/sys/net/ipv4/ip_forward
+  nft add table basic_nat_table
+  nft add chain basic_nat_table prerouting {type nat hook prerouting priority 0 \; }
+  nft add chain basic_nat_table postrouting {type nat hook postrouting priority 0 \; }
+  nft add rule basic_nat_table postrouting masquerade
+

sisr1/srv-dns1/db.sio1lab.lan

@@ -0,0 +1,19 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@		IN	SOA	deb-dns1-jb.sio1lab.lan. root.sio1lab.lan. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@		IN	NS	deb-dns1-jb.
+	
+deb-dns1-jb	IN	A	192.168.0.160
+deb-dhcp-jb	IN	A	192.168.0.161
+
+
+dhcp		IN	CNAME		deb-dhcp-jb	
+dns1		IN	CNAME		deb-dns1-jb

sisr1/srv-dns1/db.sio1lab.lan.rev

@@ -0,0 +1,22 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL    604800
+@               IN      SOA     deb-dns1-jb.sio1lab.lan. root.sio1lab.lan. (
+                              2         ; Serial
+                         604800         ; Refresh
+                          86400         ; Retry
+                        2419200         ; Expire
+                         604800 )       ; Negative Cache TTL
+;
+@               IN      NS      deb-dns1-jb.sio1lab.lan.
+
+deb-dns1-jb     IN      A       192.168.0.120
+deb-dhcp-jb     IN      A       192.168.0.121
+
+
+dhcp            IN      CNAME           deb-dhcp-jb     
+dns1            IN      CNAME           deb-dns1-jb
+
+160		IN	PTR		deb-dhcp-jb
+161		IN	PTR		deb-dns1-jb

sisr1/srv-dns1/interfaces

@@ -0,0 +1,19 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+allow-hotplug enp0s3
+iface enp0s3 inet static
+	address 192.168.0.161/24
+	gateway 192.168.0.1
+
+auto enp0s8
+iface eth0 inet static
+address 192.168.2.1/24
+

sisr1/srv-dns1/named.conf.local

@@ -0,0 +1,19 @@
+//
+// Do any local configuration here
+//
+// zone directe
+        zone "sio1lab.lan" {
+             type master;
+             file "/etc/bind/db.sio1lab.lan";
+        };
+
+	// zone inverse 
+	zone "0.168.192.in-addr.arpa" {
+	     type master;
+             notify no;
+             file "/etc/bind/db.sio1lab.lan.rev";
+	};
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+

sisr1/srv-dns1/named.conf.options

@@ -0,0 +1,25 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	 forwarders {
+	 	10.121.38.7;
+		10.121.38.8;
+	 };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	listen-on-v6 { any; };
+};

sisr1/srv-dns1/resolv.conf

@@ -0,0 +1,4 @@
+domain sio1lab.lan
+search sio1lab.lan
+nameserver 127.0.0.1
+

sisr1/srv-dns1/sshd_config

@@ -0,0 +1,122 @@
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+KbdInteractiveAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

sisr1/srv-dns2/db.sio1lab.lan

@@ -0,0 +1,19 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@		IN	SOA	deb-dns1-jb.sio1lab.lan. root.sio1lab.lan. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@		IN	NS	deb-dns1-jb.
+	
+deb-dns1-jb	IN	A	192.168.0.160
+deb-dhcp-jb	IN	A	192.168.0.161
+
+
+dhcp		IN	CNAME		deb-dhcp-jb	
+dns1		IN	CNAME		deb-dns1-jb

sisr1/srv-dns2/db.sio1lab.lan.rev

@@ -0,0 +1,22 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL    604800
+@               IN      SOA     deb-dns1-jb.sio1lab.lan. root.sio1lab.lan. (
+                              2         ; Serial
+                         604800         ; Refresh
+                          86400         ; Retry
+                        2419200         ; Expire
+                         604800 )       ; Negative Cache TTL
+;
+@               IN      NS      deb-dns1-jb.sio1lab.lan.
+
+deb-dns1-jb     IN      A       192.168.0.120
+deb-dhcp-jb     IN      A       192.168.0.121
+
+
+dhcp            IN      CNAME           deb-dhcp-jb     
+dns1            IN      CNAME           deb-dns1-jb
+
+160		IN	PTR		deb-dhcp-jb
+161		IN	PTR		deb-dns1-jb

sisr1/srv-dns2/interfaces

@@ -0,0 +1,19 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+allow-hotplug enp0s3
+iface enp0s3 inet static
+	address 192.168.0.161/24
+	gateway 192.168.0.1
+
+auto enp0s8
+iface eth0 inet static
+address 192.168.2.1/24
+

sisr1/srv-dns2/named.conf.local

@@ -0,0 +1,19 @@
+//
+// Do any local configuration here
+//
+// zone directe
+        zone "sio1lab.lan" {
+             type master;
+             file "/etc/bind/db.sio1lab.lan";
+        };
+
+	// zone inverse 
+	zone "0.168.192.in-addr.arpa" {
+	     type master;
+             notify no;
+             file "/etc/bind/db.sio1lab.lan.rev";
+	};
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+

sisr1/srv-dns2/named.conf.options

@@ -0,0 +1,25 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	 forwarders {
+	 	10.121.38.7;
+		10.121.38.8;
+	 };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	listen-on-v6 { any; };
+};

sisr1/srv-dns2/resolv.conf

@@ -0,0 +1,4 @@
+domain sio1lab.lan
+search sio1lab.lan
+nameserver 127.0.0.1
+