louis.depres/SioTP
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: louis.depres:V2.0.6-b
Branches Tags
louis.depres:master
louis.depres:v2.0.11
louis.depres:v2.0.10
louis.depres:v2.0.9
louis.depres:v2.0.8
louis.depres:V2.0.7
louis.depres:V2.0.6-b
louis.depres:V2.0.6
louis.depres:v2.0.4
louis.depres:v2.0.3
louis.depres:v.2.0.5
louis.depres:v2.0.2
louis.depres:v2.0.1
louis.depres:v2.0.0
louis.depres:v0.12.6
louis.depres:v0.1.15
louis.depres:v1
louis.depres:v0.5b
louis.depres:v0.5
louis.depres:v0.1.5c
louis.depres:v0.1.5b
louis.depres:v0.1.5
louis.depres:v1.0.0
louis.depres:v0.1
louis.depres:v0.1.0
...
compare: louis.depres:master
Branches Tags
louis.depres:master
louis.depres:v2.0.11
louis.depres:v2.0.10
louis.depres:v2.0.9
louis.depres:v2.0.8
louis.depres:V2.0.7
louis.depres:V2.0.6-b
louis.depres:V2.0.6
louis.depres:v2.0.4
louis.depres:v2.0.3
louis.depres:v.2.0.5
louis.depres:v2.0.2
louis.depres:v2.0.1
louis.depres:v2.0.0
louis.depres:v0.12.6
louis.depres:v0.1.15
louis.depres:v1
louis.depres:v0.5b
louis.depres:v0.5
louis.depres:v0.1.5c
louis.depres:v0.1.5b
louis.depres:v0.1.5
louis.depres:v1.0.0
louis.depres:v0.1
louis.depres:v0.1.0

12 Commits
V2.0.6-b ... master

Author SHA1 Message Date
Louis Depres
a91cd7b745 Modif stlab.yml 2023-01-11 10:44:41 +01:00
Louis Depres
5c79f1005a Secu root pour 1ere annee 2023-01-09 11:38:37 +01:00
root
12f480ca36 Changement Vagrantfile 2023-01-04 14:29:27 +01:00
root
8987ade7f6 Changement Vagrantfile 2023-01-04 14:29:06 +01:00
root
08944e6df9 Ansible AP3 2023-01-04 14:26:11 +01:00
Louis Depres
48ee93c0c8 Vagrantfile 2022-11-17 11:50:41 +01:00
Louis
21f0416527 Docker Nextcloud 2022-11-17 10:44:42 +00:00
Louis
cf7c579706 Docker 2022-11-15 07:24:31 +00:00
root
96c5b92a5d Nagios 2022-10-19 08:47:00 +02:00
Louis
5794335644 Merge branch 'master' of https://gitea.lyc-lecastel.fr/louis.depres/SioTP 2022-10-13 09:36:13 +02:00
Louis
166cc2bfe3 Fin Ansible 2022-10-13 09:34:32 +02:00
Louis
85f12c53cb OpenVPN 2022-10-12 11:55:15 +02:00
29 changed files with 1420 additions and 0 deletions
Show Stats Expand all files Collapse all files

29
Sio2/AP3/Ansible/apbase.yml Normal file
View File

@ -0,0 +1,29 @@
---
- name: apbase
hosts: ap32
become: true
become_method: sudo
tasks:
- name: Ajout fichier apt.conf
copy:
src: apt.conf
dest: /etc/apt/apt.conf
- name: apt update & upgrade
apt:
update_cache: yes
upgrade: yes
- name: Installation des packets
apt:
name:
- apache2
- php
- php-mbstring
- php-mysql
- mariadb-server
- git
- python3-mysqldb
- python3-passlib
- python3-pymysql
state: present

23
Sio2/AP3/Ansible/apdb.yml Normal file
View File

@ -0,0 +1,23 @@
---
- name: apdb
hosts: ap32
become: true
become_method: sudo
tasks:
- name: creation nouvelle db sdis2022
community.mysql.mysql_db:
name: sdis29
login_user: root
login_password: admin
state: present
login_unix_socket: /run/mysqld/mysqld.sock
- name: creation utilisateur ap32
community.mysql.mysql_user:
login_user: root
login_password: admin
name: ap32
password: ap32
priv: 'sdis29.*:ALL'
state: present
login_unix_socket: /run/mysqld/mysqld.sock

19
Sio2/AP3/Ansible/apdbdump.yml Normal file
View File

@ -0,0 +1,19 @@
---
- hosts: ap32
become: true
become_method: sudo
tasks:
- name: Dump database
community.mysql.mysql_db:
state: dump
name: "sdis29"
login_user: ap32
login_password: ap32
target: /tmp/sdis29-dump.sql.gz
login_unix_socket: /run/mysqld/mysqld.sock
- name: copie du dump sur machine locale
fetch:
src: /tmp/sdis29-dump.sql.gz
dest: sdis29-dump.sql.gz
flat: yes

2
Sio2/AP3/Ansible/apt.conf Normal file
View File

@ -0,0 +1,2 @@
Acquire::http::Proxy "http://10.121.38.1:8080";
Acquire::https::Proxy "http://10.121.38.1:8080";

2
Sio2/AP3/Ansible/hosts Normal file
View File

@ -0,0 +1,2 @@
[ap32]
ap32-prod

BIN
Sio2/AP3/Ansible/sdis29-dump.sql.gz Normal file
View File

Binary file not shown.

308
Sio2/CYBER/10-Nagios/commands.cfg Normal file
View File

@ -0,0 +1,308 @@
###############################################################################
# COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS 4.4.6
#
#
# NOTES: This config file provides you with some example command definitions
# that you can reference in host, service, and contact definitions.
#
# You don't need to keep commands in a separate file from your other
# object definitions. This has been done just to make things easier to
# understand.
#
###############################################################################
################################################################################
#
# SAMPLE NOTIFICATION COMMANDS
#
# These are some example notification commands. They may or may not work on
# your system without modification. As an example, some systems will require
# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below.
#
################################################################################
define command {
command_name notify-host-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
}
define command {
command_name notify-service-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
}
################################################################################
#
# SAMPLE HOST CHECK COMMANDS
#
################################################################################
# Removed in Debian because it conflicts with the command of the same name
# defined in ping.cfg, which is part of monitoring-plugins-basic.
#
## This command checks to see if a host is "alive" by pinging it
## The check must result in a 100% packet loss or 5 second (5000ms) round trip
## average time to produce a critical error.
## Note: Five ICMP echo packets are sent (determined by the '-p 5' argument)
#
#define command {
#
# command_name check-host-alive
# command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
#}
################################################################################
#
# SAMPLE SERVICE CHECK COMMANDS
#
# These are some example service check commands. They may or may not work on
# your system, as they must be modified for your plugins. See the HTML
# documentation on the plugins for examples of how to configure command definitions.
#
# NOTE: The following 'check_local_...' functions are designed to monitor
# various metrics on the host that Nagios is running on (i.e. this one).
################################################################################
define command {
command_name check_local_disk
command_line $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
}
define command {
command_name check_local_load
command_line $USER1$/check_load -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_procs
command_line $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
}
define command {
command_name check_local_users
command_line $USER1$/check_users -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_swap
command_line $USER1$/check_swap -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_mrtgtraf
command_line $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$
}
################################################################################
# NOTE: The following 'check_...' commands are used to monitor services on
# both local and remote hosts.
################################################################################
# Removed in Debian because it conflicts with the command of the same of
# defined in ftp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ftp
# command_line $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in hppjd.cfg, which is part of monitoring-plugins-standard.
#
#define command {
#
# command_name check_hpjd
# command_line $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$
#}
define command {
command_name check_snmp
command_line $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$
}
# Removed in Debian because it conflicts with the command of the same of
# defined in http.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_http
# command_line $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in ssh.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ssh
# command_line $USER1$/check_ssh $ARG1$ $HOSTADDRESS$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in dhcp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_dhcp
# command_line $USER1$/check_dhcp $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in ping.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ping
# command_line $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_pop
# command_line $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_imap
# command_line $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_smtp
# command_line $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_tcp
# command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_udp
# command_line $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in nt.cfg, which is part of monitoring-plugins-standard.
#
#define command {
#
# command_name check_nt
# command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
#}
################################################################################
#
# SAMPLE PERFORMANCE DATA COMMANDS
#
# These are sample performance data commands that can be used to send performance
# data output to two text files (one for hosts, another for services). If you
# plan on simply writing performance data out to a file, consider using the
# host_perfdata_file and service_perfdata_file options in the main config file.
#
################################################################################
define command {
command_name process-host-perfdata
command_line /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/lib/nagios4/host-perfdata.out
}
define command {
command_name process-service-perfdata
command_line /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/lib/nagios4/service-perfdata.out
}
define command {
command_name check_lin_load
command_line $USER1$/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
}
define command {
command_name check_lin_mem
command_line $USER1$/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -w $ARG3$ -c $ARG4$
}
define command {
command_name check_dns_ext
command_line $USER1$/check_dns -H 9.9.9.9 -s 10.121.38.7
}

59
Sio2/CYBER/10-Nagios/contacts.cfg Normal file
View File

@ -0,0 +1,59 @@
###############################################################################
# CONTACTS.CFG - SAMPLE CONTACT/CONTACTGROUP DEFINITIONS
#
#
# NOTES: This config file provides you with some example contact and contact
# group definitions that you can reference in host and service
# definitions.
#
# You don't need to keep these definitions in a separate file from your
# other object definitions. This has been done just to make things
# easier to understand.
#
###############################################################################
###############################################################################
#
# CONTACTS
#
###############################################################################
# Just one contact defined by default - the Nagios admin (that's you)
# This contact definition inherits a lot of default values from the
# 'generic-contact' template which is defined elsewhere.
define contact {
contact_name nagiosadmin ; Short name of user
use generic-contact ; Inherit default values from generic-contact template (defined above)
alias Nagios Admin ; Full name of user
email nagios@localhost ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
}
define contact {
contact_name louis ; Short name of user
use generic-contact ; Inherit default values from generic-contact templa>
alias louis depres ; Full name of user
email louis.dprs@gmail.com ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
}
###############################################################################
#
# CONTACT GROUPS
#
###############################################################################
# We only have one contact in this simple configuration file, so there is
# no need to create more than one contact group.
define contactgroup {
contactgroup_name admins
alias Nagios Administrators
members nagiosadmin, louis
}

60
Sio2/CYBER/10-Nagios/main.cf Normal file
View File

@ -0,0 +1,60 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
#smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = nagios.sio.lan
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = bullseye, nagios.sio.lan, nagios, localhost.localdomain, localhost
relayhost = [smtp.gmail.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.40/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
default_transport = smtp
relay_transport = smtp
inet_protocols = ipv4
# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Disallow methods that allow anonymous authentication
smtp_sasl_security_options = noanonymous
# Location of sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
# Enable STARTTLS encryption
smtp_tls_security_level = encrypt
# Location of CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

55
Sio2/CYBER/10-Nagios/ns.cfg Normal file
View File

@ -0,0 +1,55 @@
###############################################################################
# LOCALHOST.CFG - SAMPLE OBJECT CONFIG FILE FOR MONITORING THIS MACHINE
#
#
# NOTE: This config file is intended to serve as an *extremely* simple
# example of how you can create configuration entries to monitor
# the local (Linux) machine.
#
###############################################################################
###############################################################################
#
# HOST DEFINITION
#
###############################################################################
# Define a host for the local machine
define host {
use linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name ns
alias ns
address 10.121.38.7
parents gwsio5
}
define service {
use generic-service ;Use generic-service template
hostgroup_name linux-servers ; S'applique au groupe en question
service_description chk-lin-load ; Nom du service
check_command check_lin_load!public!--v2c!netsl!3,2,2!3,2,2 ; Command
}
define service {
use generic-service ;Use generic-service template
hostgroup_name linux-servers ; S'applique au groupe en question
service_description chk-lin-mem ; Nom du service
check_command check_lin_mem!public!--v2c!70%,80%!90%,95% ; Command
}
define service{
use generic-service
hostgroup_name linux-servers
service_description chk-dns-ext
check_command check_dns_ext
}

1
Sio2/CYBER/10-Nagios/sasl_passwd Normal file
View File

@ -0,0 +1 @@
[smtp.gmail.com]:587 l.depres15@gmail.com:uhteajxfcpvapjey

20
Sio2/CYBER/20-openvpn/ca.crt Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDOTCCAiGgAwIBAgIUC8Reak8KplpJ6RkJQ4dy228ay7MwDQYJKoZIhvcNAQEL
BQAwEDEOMAwGA1UEAwwFTG91aXMwHhcNMjIxMDEyMDgzNDIwWhcNMzIxMDA5MDgz
NDIwWjAQMQ4wDAYDVQQDDAVMb3VpczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAMZUauq/R97I03UHCO2sCYMm0xSSgabWcM7pKz/Xa09zpGm6QZHAiOHh
cCIWL4iLPRx8X8IAlVi5iRndAQhMnYkxx/gX/aHilDYrjPxn8RdaZB42lwJox0Xs
qYIc1TDnHLuf2sv9rRL3AUZ3BwdoCR7XbFhOsD6Kk5VFy4TNTfFwms51ATqOzfA4
in3QDGkPVTq/6+8kPFkbI96FiUQ1FwvRPQyqrQjh3su5pDaM19wFLAgp4zWYIUqZ
H+HOuvdPvM7fbz1dW+PZPPLGu1SJFiJ9mpoYVq5UwcjeRSl+qQQNDpsnT+gv8sop
h2ANhyEu3M2ZCQiH1WCfvamo5xH/67UCAwEAAaOBijCBhzAdBgNVHQ4EFgQUF4fN
H8XCXNYjLio+Cex0siWsW0UwSwYDVR0jBEQwQoAUF4fNH8XCXNYjLio+Cex0siWs
W0WhFKQSMBAxDjAMBgNVBAMMBUxvdWlzghQLxF5qTwqmWknpGQlDh3LbbxrLszAM
BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAZQhI
N6DNawRxGSO5ioWNKsnB14sFrvrCbiAtr/vcj/5mnxqJlE8KTfOmAs0JHp9hgsDg
9rRn7pSKfOJfXSzwvlLotEBAg7QEqX1k1PAVwD5roc0RmvS0yH7eoF8CcwQhWuDj
RbcuA2yah/L8v6SrtLcbzvWRF2Jm/zEiEUoHoUJwt4TaLL4z7lnDZ/H0Kgx/dfI5
DYzAdfAQASOOMZHc57lBNB2Md1PIVt50Rj6K+ZDyXE2uKgVGCkroDpA+n2a6QaFn
35CqrUjg66U4pLBCmrZwBScHp8cUXNju44FS7/Y8WnFsX5Wm3RVdErlcvqOg5Jxs
GOsIks/TvelhSMjwiw==
-----END CERTIFICATE-----

8
Sio2/CYBER/20-openvpn/dh.pem Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA4jWuH4ZUAtE0fXIfp3xq7zpRxPLhKeNY0IuwutL0ZCMUTmJjVp7G
tesWOF5Zmeu4E/SdKOIg6fKSLjr4vUIesL9clkHabjagEaIu07cDlbMC38BGeHzb
YT6Ba+UrHyz5Qqk7lhwGz3/yMmIOcvV60GL8okVAd37bCz08jObEtvlyWzJD8zUr
rgCArb4T8jj7/V/9w6ROt9TWJHxZdUlUMhxjK451pozLqY4QXiH4PRNAIP7BUr1l
Qh5gYpQU/BrMMxH/7n0LCCeoxrbUYz+UfzO1Rxs2KWJ2UCTCgGqNwXkS3hMUb4xC
qSNC0ssaAFlra5AlIxd06F6A0lRTkwQtEwIBAg==
-----END DH PARAMETERS-----

84
Sio2/CYBER/20-openvpn/openvpnclt.crt Normal file
View File

@ -0,0 +1,84 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ef:26:be:be:1c:6f:df:b6:72:ab:d0:98:5e:8e:ab:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Louis
Validity
Not Before: Oct 12 08:35:54 2022 GMT
Not After : Jan 14 08:35:54 2025 GMT
Subject: CN=openvpnclt
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:a2:21:3d:b7:82:3d:47:36:e5:94:4e:9b:84:
39:b0:f5:66:54:43:09:29:c2:81:59:ee:ff:d3:1f:
3c:4c:73:c2:a6:de:08:db:f9:c8:ff:1b:19:1a:13:
65:91:d6:af:9c:ee:bf:15:49:1c:74:6a:f1:cd:3c:
a8:87:2c:24:c0:d2:99:9e:ec:46:b1:f4:50:86:0b:
8c:4a:8a:b6:13:04:9a:1a:6e:e8:de:57:40:7b:f8:
b2:7b:1e:05:e9:ae:56:bf:f5:0e:6a:49:85:cb:a7:
4d:f1:72:ea:d6:83:1c:c2:19:7b:86:b0:ef:89:82:
7d:98:3e:32:f3:83:03:89:36:7c:32:13:f3:f5:af:
d4:8c:92:95:95:02:48:2b:21:b0:3a:79:a2:ef:64:
55:c5:1c:4a:ab:9d:1b:70:fe:a7:9e:bc:fa:b8:12:
22:87:52:95:ca:a4:5c:26:91:6d:d6:9e:aa:07:53:
13:6a:bc:e7:91:98:c7:57:b6:ff:b8:10:82:73:99:
0a:b8:5c:70:13:f7:8c:e5:d4:b7:7b:d0:51:24:ed:
bc:ac:50:61:d3:2e:9e:98:6a:a6:16:9c:cc:eb:fa:
4c:10:69:f0:c2:2f:cd:8e:6b:b7:7f:2c:5b:c1:a8:
fc:af:ef:1a:91:1e:5d:f4:d1:fb:cc:33:34:6e:e8:
d2:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
78:9F:7E:30:60:4E:EB:50:F5:FC:D2:6E:1E:2B:F3:AC:DE:73:C0:AD
X509v3 Authority Key Identifier:
keyid:17:87:CD:1F:C5:C2:5C:D6:23:2E:2A:3E:09:EC:74:B2:25:AC:5B:45
DirName:/CN=Louis
serial:0B:C4:5E:6A:4F:0A:A6:5A:49:E9:19:09:43:87:72:DB:6F:1A:CB:B3
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
95:b5:d4:87:5e:e3:3f:a1:4f:2a:8a:e1:52:cc:25:63:42:bb:
f7:2e:6e:f6:aa:bc:9e:a6:88:ab:d5:02:65:29:31:0e:a1:a7:
0d:e7:20:ac:9d:1c:a8:31:23:5a:8d:07:a4:94:88:99:f8:88:
83:69:1a:0a:a8:5a:d5:39:2f:00:5a:27:53:60:70:2f:fc:7f:
e1:2c:15:7b:ea:6b:91:72:9a:e5:b6:c9:ae:b7:b4:89:3c:95:
17:bf:a3:31:3e:0e:41:ec:90:bb:d6:4a:1a:c3:79:7a:95:55:
23:e9:86:84:91:05:32:69:9e:44:cd:03:df:c8:97:a8:6c:47:
6c:2c:d1:64:f5:91:30:87:56:7b:42:38:0a:78:1e:b9:6d:bb:
8d:02:7b:fd:df:ac:a9:41:2c:cd:c7:10:34:d3:98:91:a9:bd:
bc:e3:76:1e:13:9c:7b:98:c0:01:3c:9a:e3:fb:a1:41:cf:6b:
35:d1:ea:b9:d4:f4:9a:d8:c3:60:c7:b8:4b:79:09:1b:9c:25:
d4:90:51:ae:87:46:47:f6:ee:a2:45:fa:a9:79:0a:7d:24:3f:
bf:e4:aa:fc:26:43:ed:68:dd:a2:74:01:81:ad:f7:a5:5f:76:
2a:54:49:08:14:a6:d2:27:ac:a6:1d:af:08:e2:be:2f:23:c7:
82:c1:a5:78
-----BEGIN CERTIFICATE-----
MIIDTTCCAjWgAwIBAgIRAO8mvr4cb9+2cqvQmF6OqxowDQYJKoZIhvcNAQELBQAw
EDEOMAwGA1UEAwwFTG91aXMwHhcNMjIxMDEyMDgzNTU0WhcNMjUwMTE0MDgzNTU0
WjAVMRMwEQYDVQQDDApvcGVudnBuY2x0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAqKIhPbeCPUc25ZROm4Q5sPVmVEMJKcKBWe7/0x88THPCpt4I2/nI
/xsZGhNlkdavnO6/FUkcdGrxzTyohywkwNKZnuxGsfRQhguMSoq2EwSaGm7o3ldA
e/iyex4F6a5Wv/UOakmFy6dN8XLq1oMcwhl7hrDviYJ9mD4y84MDiTZ8MhPz9a/U
jJKVlQJIKyGwOnmi72RVxRxKq50bcP6nnrz6uBIih1KVyqRcJpFt1p6qB1MTarzn
kZjHV7b/uBCCc5kKuFxwE/eM5dS3e9BRJO28rFBh0y6emGqmFpzM6/pMEGnwwi/N
jmu3fyxbwaj8r+8akR5d9NH7zDM0bujSowIDAQABo4GcMIGZMAkGA1UdEwQCMAAw
HQYDVR0OBBYEFHiffjBgTutQ9fzSbh4r86zec8CtMEsGA1UdIwREMEKAFBeHzR/F
wlzWIy4qPgnsdLIlrFtFoRSkEjAQMQ4wDAYDVQQDDAVMb3Vpc4IUC8Reak8KplpJ
6RkJQ4dy228ay7MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0G
CSqGSIb3DQEBCwUAA4IBAQCVtdSHXuM/oU8qiuFSzCVjQrv3Lm72qryepoir1QJl
KTEOoacN5yCsnRyoMSNajQeklIiZ+IiDaRoKqFrVOS8AWidTYHAv/H/hLBV76muR
cprltsmut7SJPJUXv6MxPg5B7JC71koaw3l6lVUj6YaEkQUyaZ5EzQPfyJeobEds
LNFk9ZEwh1Z7QjgKeB65bbuNAnv936ypQSzNxxA005iRqb2843YeE5x7mMABPJrj
+6FBz2s10eq51PSa2MNgx7hLeQkbnCXUkFGuh0ZH9u6iRfqpeQp9JD+/5Kr8JkPt
aN2idAGBrfelX3YqVEkIFKbSJ6ymHa8I4r4vI8eCwaV4
-----END CERTIFICATE-----

28
Sio2/CYBER/20-openvpn/openvpnclt.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCooiE9t4I9Rzbl
lE6bhDmw9WZUQwkpwoFZ7v/THzxMc8Km3gjb+cj/GxkaE2WR1q+c7r8VSRx0avHN
PKiHLCTA0pme7Eax9FCGC4xKirYTBJoabujeV0B7+LJ7HgXprla/9Q5qSYXLp03x
curWgxzCGXuGsO+Jgn2YPjLzgwOJNnwyE/P1r9SMkpWVAkgrIbA6eaLvZFXFHEqr
nRtw/qeevPq4EiKHUpXKpFwmkW3WnqoHUxNqvOeRmMdXtv+4EIJzmQq4XHAT94zl
1Ld70FEk7bysUGHTLp6YaqYWnMzr+kwQafDCL82Oa7d/LFvBqPyv7xqRHl300fvM
MzRu6NKjAgMBAAECggEBAIpJQjcpOH1l2+fSgc/YU7MA2qR4wJflMEv+yP1pnPoY
5+QNKnix0pkYsLIIe/9nbWWlBz++T75MQPQMLSuEELOrQFzp52NhNXNnHum17G+W
E4VftEk4heHj5QE/cpvZ4rvRiruwhS6niSxaD6hPppKpcPnYOOasArCJOSEmLA0l
MyxW7zGa3aVFXzZWMMNc++EZxksCiSrFGzgfqvaZ65Bfj3GjUMs16C0yjlysC6y4
kXYdU92bvXM2LDEg2sST9+9PxAsr5lcpy+g2yTCKDfwz5lNgo9B6E1WmAZk0rvEQ
Das5u93gTfMsTWpqR66tpwm7z8VM/NlpVuh9+KkB/EECgYEA1nTh1KE+tkMNxcod
MuXDKT0a5BdXGF8kuJcqo/GDTs4fLtX3p+aJjEL2n7/r20FXf5IopWjvwNOT9hO6
qLSxwiN1L+raA24isg6sMWq0KBAlP1DtsEy6OFWEGbVCaeNQvR2oQarLZyUB+tjV
IpZOQB+QiVltPPAGjc8Mpv3rc+ECgYEAyUzTj7XfVTpLe1MKbrmma5mGoK2k1aUe
e6Si2SzZ+xfo5ujtACwsdRF5044IkaQdZ3bVfRkLPzPeDj7NijVPnFQzLUlKr29t
inemCtwSsW2Gq829qz8ZbIk7EHui4DBcUipyzmJTGGxFFtT+uTNU4QHIPIJfsp/x
W/IkltllVwMCgYEAk5PNUFBB4pTUJncGjt7z5S4KkknJgpj+oRRNoJHzRUisxsMx
cNZBc0clhhtBSBl4B+7hj6pdynkOyfkbqzrlVG6oFvhrXI7uy08zibIfFa6+owqi
9n5ma5vVkwdcE5f9GJcPEVliLbGW4jNSwEFkydWu1gW3GYcnS3DfCQ+VdqECgYEA
wiDG/halFGotlPcWXoXHSok6XgZXqnmclhzFt68bYJ1ETDthJAN1tEhwNmcJOHsO
qFLfu87FG+SHRzGlwp168wX4fLnrvpg1CY4toNdvZ5B6iYDWYyls+VC2l0TEZHP+
9HZfVU1ZWXpAfq5WIICyYHP5iPEqHPdGKiewxZFNu8UCgYBqkHQA2emQWsPwACpC
JyaDSS+oya6+GiijOTl13zU6hXwk353lzxG5XHuHh+DKjoY7N6K+WAytkt5m1pFM
h918zgOI8Ntpw9hYOY9IRh7/mRibCrcX7ywGhBc/X5xcXglWCTqjm7X8mUE3ZWMp
1ea9UgXBanlvVdqgdYZQcArMNw==
-----END PRIVATE KEY-----

315
Sio2/CYBER/20-openvpn/server.conf Normal file
View File

@ -0,0 +1,315 @@
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194
# TCP or UDP server?
;proto tcp
proto udp
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca ca.crt
cert issued/openvpnsrv.crt
key private/openvpnsrv.key
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh2048.pem 2048
dh dh.pem
# Network topology
# Should be subnet (addressing via IP)
# unless Windows clients v2.0.9 and lower have to
# be supported (then net30, i.e. a /30 per client)
# Defaults to net30 (not recommended)
;topology subnet
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist /var/log/openvpn/ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
# Configure server mode for ethernet bridging
# using a DHCP-proxy, where clients talk
# to the OpenVPN server-side DHCP server
# to receive their IP address allocation
# and DNS server addresses. You must first use
# your OS's bridging capability to bridge the TAP
# interface with the ethernet NIC interface.
# Note: this mode only works on clients (such as
# Windows), where the client-side TAP adapter is
# bound to a DHCP client.
;server-bridge
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
;push "redirect-gateway def1 bypass-dhcp"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
# The addresses below refer to the public
# DNS servers provided by opendns.com.
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey tls-auth ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
tls-auth ta.key 0 # This file is secret
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
# Note that v2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC
# Enable compression on the VPN link and push the
# option to the client (v2.4+ only, for earlier
# versions see below)
;compress lz4-v2
;push "compress lz4-v2"
# For compression compatible with older clients use comp-lzo
# If you enable it here, you must also
# enable it in the client config file.
;comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
;user nobody
;group nogroup
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status /var/log/openvpn/openvpn-status.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
;log /var/log/openvpn/openvpn.log
;log-append /var/log/openvpn/openvpn.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
# Notify the client that when the server restarts so it
# can automatically reconnect.
explicit-exit-notify 1

21
Sio2/CYBER/20-openvpn/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
802c84970a521b1a640fa14059c7f524
5c23ecddddb64a337203bf62c4ff17b7
3f8d8f62d16f73845b271ee8d6888dd4
ffaf36d37537573df58084a4af6cb770
89ce69cab2966f41cef0fdfb6a989c00
300f027b6e2a0c2028d0cb33c0b812d0
5d1f908f8de4f127d8e6e5b7eb253b2c
724292d58707db359a22158eff460ee4
37edf7f484dc72948c944ebde87add73
8e16c8af7c2a556be4aa37d11a8ecb74
800bb07de7d9e3d563eee347e07b3f2a
493a0be8a4e7fec27874b23dab51a7d3
39b61af065e5cdffd30418b40c7bff03
c139ba6f27331d49e17d75ee3cdb5217
d95d3b26eb5484c89ef70f2579a52f3c
62268bdae2e24de8cd748a73e3e795f1
-----END OpenVPN Static key V1-----

5
Sio2/SISR/40-ansible/local.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: infra
roles:
- web
- doku

45
Sio2/SISR/40-ansible/maindoku.yml Normal file
View File

@ -0,0 +1,45 @@
- name: recuperation archive et decompression dans /tmp
unarchive:
src: http://depl/store/dokuwiki-stable.tgz
dest: /var/www/html
remote_src: yes
- name: renommer le dossier et deplacer
stat:
path: /var/www/html/dokuwiki-2022-07-31a
register: dokuwiki_status
- name: check si dokuwiki deja installe
stat:
path: /var/www/html/doku
register: doku_status
- name: sortie si dokuwiki est deja installe
fail:
msg: "dokuwiki deja installe dans /var/www/html/doku"
when: doku_status.stat.exists
- name: renomme dokuwiki-2022-07-31a
command: "mv /var/www/html/dokuwiki-2022-07-31a /var/www/html/doku"
when: dokuwiki_status.stat.exists
- name: les droits dokuwiki
file:
path: /var/www/html/doku
state: directory
recurse: yes
owner: root
group: root
mode: 0755
- name: droits de www-data
file:
path: "/var/www/html/doku/{{ item }}"
state: directory
recurse: yes
owner: www-data
group: www-data
with_items:
- data
- lib
- conf

11
Sio2/SISR/40-ansible/mainweb.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: installation apache2 php php-gd php-mbstring
apt:
pkg:
- apache2
- php
- php-gd
- php-xml
- php-mbstring
state: present

49
Sio2/SISR/40-ansible/stlab.yml Normal file
View File

@ -0,0 +1,49 @@
---
- hosts: localhost
# become: true
vars_prompt:
- name: username
prompt: Votre nom?
private: false
tasks:
- name: cree utilisateurs
shell: "curl depl.sio.lan/usr/mkusrlin-2024.sh|bash"
- name: mdp root verrouillage
# avec mkpasswd -m SHA-512
ansible.builtin.user:
name: root
password: '$6$Ga8KbEYAgCZYGeDB$7zlfBy1j4koFv.NYQEeZa/k7pwjNTEI7hrWUlrHWTwd1YsEqm.Sy2DZ1GAFYe2qe4ZccMQJAt7QxILY1sd9AV0'
- name: enleve sio de sudo
ansible.builtin.user:
name: sio
groups: ''
- name: met le user "{{ username }}" dans le groupe sudo
ansible.builtin.user:
name: "{{ username }}"
groups: sudo
append: yes
when: username != ""
- name: installer systemd-journal-remote
apt:
name:
- systemd-journal-remote
- name: chnager adresse envoie log
replace:
path: /etc/systemd/journal-upload.conf
regexp: '^# URL='
replace: 'URL=http://192.168.0.1:19532'
- name: Enable systemd-journal-upload.service
ansible.builtin.service:
name: systemd-journal-upload.service
enabled: yes
- name: Restart systemd-journal-upload.service
ansible.builtin.service:
name: systemd-journal-upload.service
state: restarted

15
Sio2/SISR/50-docker/dokuwiki/docker-compose.yml Normal file
View File

@ -0,0 +1,15 @@
version: "2.1"
services:
dokuwiki:
image: lscr.io/linuxserver/dokuwiki:latest
container_name: dokuwiki
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
volumes:
- /path/to/appdata/config:/config
ports:
- 8000:80
- 443:443 #optional
restart: unless-stopped

28
Sio2/SISR/50-docker/glpi/docker-compose.yml Normal file
View File

@ -0,0 +1,28 @@
version: "3.2"
services:
#MariaDB Container
mariadb:
image: mariadb:10.7
container_name: mariadb
hostname: mariadb
volumes:
- /var/lib/mysql:/var/lib/mysql
env_file:
- ./mariadb.env
restart: always
#GLPI Container
glpi:
image: diouxx/glpi
container_name : glpi
hostname: glpi
ports:
- "8081:80"
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- /var/www/html/glpi/:/var/www/html/glpi
environment:
- TIMEZONE=Europe/Brussels
restart: always

4
Sio2/SISR/50-docker/glpi/mariadb.env Normal file
View File

@ -0,0 +1,4 @@
MARIADB_ROOT_PASSWORD=diouxx
MARIADB_DATABASE=glpidb
MARIADB_USER=glpi_user
MARIADB_PASSWORD=glpi

33
Sio2/SISR/50-docker/nextcloud/docker-compose.yml Normal file
View File

@ -0,0 +1,33 @@
version: '2'
volumes:
nextcloud:
db:
services:
db:
image: mariadb:10.5
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=root
- MYSQL_PASSWORD=nextcloud
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
app:
image: nextcloud
restart: always
ports:
- 8080:80
links:
- db
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_PASSWORD=nextcloud
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db

33
Sio2/SISR/50-docker/wordpress/docker-compose.yml Normal file
View File

@ -0,0 +1,33 @@
services:
db:
# We use a mariadb image which supports both amd64 & arm64 architecture
image: mariadb:10.6.4-focal
# If you really want to use MySQL, uncomment the following line
#image: mysql:8.0.27
command: '--default-authentication-plugin=mysql_native_password'
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
- MYSQL_ROOT_PASSWORD=somewordpress
- MYSQL_DATABASE=wordpress
- MYSQL_USER=wordpress
- MYSQL_PASSWORD=wordpress
expose:
- 3306
- 33060
wordpress:
image: wordpress:latest
volumes:
- wp_data:/var/www/html
ports:
- 80:80
restart: always
environment:
- WORDPRESS_DB_HOST=db
- WORDPRESS_DB_USER=wordpress
- WORDPRESS_DB_PASSWORD=wordpress
- WORDPRESS_DB_NAME=wordpress
volumes:
db_data:
wp_data:

77
Sio2/SISR/60-Vagrant/Docker/Vagrantfile vendored Normal file
View File

@ -0,0 +1,77 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://vagrantcloud.com/search.
config.vm.box = "debian/bullseye64"
config.vm.hostname = "docker"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# NOTE: This will enable public access to the opened port
# config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine and only allow access
# via 127.0.0.1 to disable public access
# config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
config.vm.network "public_network"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
#
# # Customize the amount of memory on the VM:
vb.memory = "3096"
end
#
# View the documentation for the provider you are using for more
# information on available options.
# Enable provisioning with a shell script. Additional provisioners such as
# Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
# documentation for more information about their specific syntax and use.
config.vm.provision "shell", inline: <<-SHELL
apt-get update
apt install -y wget curl git vim nano
if ! which docker ; then
curl -s -o getdocker.sh https://get.docker.com
bash getdocker.sh
gpasswd -a vagrant docker
fi
# apt-get install -y apache2
SHELL
end

86
Sio2/SISR/60-Vagrant/Suricata/Vagrantfile vendored Normal file
View File

@ -0,0 +1,86 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://vagrantcloud.com/search.
config.vm.box = "debian/bullseye64"
config.vm.hostname = "suricata"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# NOTE: This will enable public access to the opened port
# config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine and only allow access
# via 127.0.0.1 to disable public access
# config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
config.vm.network "public_network"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
#
# # Customize the amount of memory on the VM:
vb.memory = "2048"
end
#
# View the documentation for the provider you are using for more
# information on available options.
# Enable provisioning with a shell script. Additional provisioners such as
# Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
# documentation for more information about their specific syntax and use.
config.vm.provision "shell", inline: <<-SHELL
apt-get update
apt install -y wget curl git nano suricata jq
systemctl enable suricata.service
systemctl stop suricata.service
sed -i 's/community-id: false/community-id: true/' /etc/suricata/suricata.yaml
sed -iz 's/- interface: eth0/- interface: eth1/' /etc/suricata/suricata.yaml
cat >> /etc/suricata/suricata.yaml <<-EOT
detect-engine:
- rule-reload: true
EOT
# systemctl start suricata.service
sudo suricata-update -o /etc/suricata/rules
sudo suricata-update list-sources
sudo suricata -T -c /etc/suricata/suricata.yaml -v
systemctl start suricata.service
ip -br a
SHELL
end

0
Sio2/Vagrantfile → Sio2/SISR/60-Vagrant/Vagrantfile vendored
View File