Modif stlab.yml

Sio2/AP3/Ansible/apbase.yml

@@ -0,0 +1,29 @@
+---
+- name: apbase
+  hosts: ap32
+  become: true
+  become_method: sudo
+  tasks:
+  - name: Ajout fichier apt.conf
+    copy:
+      src: apt.conf
+      dest: /etc/apt/apt.conf
+
+  - name: apt update & upgrade
+    apt:
+      update_cache: yes
+      upgrade: yes
+
+  - name: Installation des packets
+    apt:
+      name:
+        - apache2
+        - php
+        - php-mbstring
+        - php-mysql
+        - mariadb-server
+        - git
+        - python3-mysqldb
+        - python3-passlib
+        - python3-pymysql
+      state: present

Sio2/AP3/Ansible/apdb.yml

@@ -0,0 +1,23 @@
+---
+- name: apdb
+  hosts: ap32
+  become: true
+  become_method: sudo
+  tasks:
+  - name: creation nouvelle db sdis2022
+    community.mysql.mysql_db:
+      name: sdis29
+      login_user: root
+      login_password: admin
+      state: present
+      login_unix_socket: /run/mysqld/mysqld.sock
+
+  - name: creation utilisateur ap32  
+    community.mysql.mysql_user:
+      login_user: root
+      login_password: admin
+      name: ap32
+      password: ap32
+      priv: 'sdis29.*:ALL'
+      state: present
+      login_unix_socket: /run/mysqld/mysqld.sock

Sio2/AP3/Ansible/apdbdump.yml

@@ -0,0 +1,19 @@
+---
+- hosts: ap32
+  become: true
+  become_method: sudo
+  tasks:
+  - name: Dump database
+    community.mysql.mysql_db:
+      state: dump
+      name: "sdis29"
+      login_user: ap32
+      login_password: ap32
+      target: /tmp/sdis29-dump.sql.gz
+      login_unix_socket: /run/mysqld/mysqld.sock
+
+  - name: copie du dump sur machine locale
+    fetch:
+      src: /tmp/sdis29-dump.sql.gz
+      dest: sdis29-dump.sql.gz
+      flat: yes

Sio2/AP3/Ansible/apt.conf

@@ -0,0 +1,2 @@
+Acquire::http::Proxy "http://10.121.38.1:8080";
+Acquire::https::Proxy "http://10.121.38.1:8080";

Sio2/AP3/Ansible/hosts

@@ -0,0 +1,2 @@
+[ap32]
+ap32-prod

Sio2/CYBER/10-Nagios/commands.cfg

@@ -0,0 +1,308 @@
+###############################################################################
+# COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS 4.4.6
+#
+#
+# NOTES: This config file provides you with some example command definitions
+#        that you can reference in host, service, and contact definitions.
+#
+#        You don't need to keep commands in a separate file from your other
+#        object definitions.  This has been done just to make things easier to
+#        understand.
+#
+###############################################################################
+
+
+
+################################################################################
+#
+# SAMPLE NOTIFICATION COMMANDS
+#
+# These are some example notification commands.  They may or may not work on
+# your system without modification.  As an example, some systems will require
+# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below.
+#
+################################################################################
+
+define command {
+
+    command_name    notify-host-by-email
+    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
+}
+
+
+
+define command {
+
+    command_name    notify-service-by-email
+    command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
+}
+
+
+
+################################################################################
+#
+# SAMPLE HOST CHECK COMMANDS
+#
+################################################################################
+
+# Removed in Debian because it conflicts with the command of the same name
+# defined in ping.cfg, which is part of monitoring-plugins-basic.
+#
+## This command checks to see if a host is "alive" by pinging it
+## The check must result in a 100% packet loss or 5 second (5000ms) round trip
+## average time to produce a critical error.
+## Note: Five ICMP echo packets are sent (determined by the '-p 5' argument)
+#
+#define command {
+#
+#    command_name    check-host-alive
+#    command_line    $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
+#}
+
+
+
+################################################################################
+#
+# SAMPLE SERVICE CHECK COMMANDS
+#
+# These are some example service check commands.  They may or may not work on
+# your system, as they must be modified for your plugins.  See the HTML
+# documentation on the plugins for examples of how to configure command definitions.
+#
+# NOTE:  The following 'check_local_...' functions are designed to monitor
+#        various metrics on the host that Nagios is running on (i.e. this one).
+################################################################################
+
+define command {
+
+    command_name    check_local_disk
+    command_line    $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+}
+
+
+
+define command {
+
+    command_name    check_local_load
+    command_line    $USER1$/check_load -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_procs
+    command_line    $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+}
+
+
+
+define command {
+
+    command_name    check_local_users
+    command_line    $USER1$/check_users -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_swap
+    command_line    $USER1$/check_swap -w $ARG1$ -c $ARG2$
+}
+
+
+
+define command {
+
+    command_name    check_local_mrtgtraf
+    command_line    $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$
+}
+
+
+
+################################################################################
+# NOTE:  The following 'check_...' commands are used to monitor services on
+#        both local and remote hosts.
+################################################################################
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ftp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ftp
+#    command_line    $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in hppjd.cfg, which is part of monitoring-plugins-standard.
+#
+#define command {
+#
+#    command_name    check_hpjd
+#    command_line    $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+define command {
+
+    command_name    check_snmp
+    command_line    $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$
+}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in http.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_http
+#    command_line    $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ssh.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ssh
+#    command_line    $USER1$/check_ssh $ARG1$ $HOSTADDRESS$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in dhcp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_dhcp
+#    command_line    $USER1$/check_dhcp $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in ping.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_ping
+#    command_line    $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_pop
+#    command_line    $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_imap
+#    command_line    $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in mail.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_smtp
+#    command_line    $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_tcp
+#    command_line    $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
+#
+#define command {
+#
+#    command_name    check_udp
+#    command_line    $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
+#}
+
+
+
+# Removed in Debian because it conflicts with the command of the same of
+# defined in nt.cfg, which is part of monitoring-plugins-standard.
+#
+#define command {
+#
+#    command_name    check_nt
+#    command_line    $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
+#}
+
+
+
+################################################################################
+#
+# SAMPLE PERFORMANCE DATA COMMANDS
+#
+# These are sample performance data commands that can be used to send performance
+# data output to two text files (one for hosts, another for services).  If you
+# plan on simply writing performance data out to a file, consider using the
+# host_perfdata_file and service_perfdata_file options in the main config file.
+#
+################################################################################
+
+define command {
+
+    command_name    process-host-perfdata
+    command_line    /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/lib/nagios4/host-perfdata.out
+}
+
+
+
+define command {
+
+    command_name    process-service-perfdata
+    command_line    /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/lib/nagios4/service-perfdata.out
+}
+
+
+define command {
+	command_name check_lin_load
+	command_line $USER1$/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
+}
+
+define command {
+	command_name check_lin_mem
+	command_line $USER1$/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -w $ARG3$ -c $ARG4$
+}
+
+define command {
+        command_name check_dns_ext
+        command_line $USER1$/check_dns -H 9.9.9.9 -s 10.121.38.7
+}

Sio2/CYBER/10-Nagios/contacts.cfg

@@ -0,0 +1,59 @@
+###############################################################################
+# CONTACTS.CFG - SAMPLE CONTACT/CONTACTGROUP DEFINITIONS
+#
+#
+# NOTES: This config file provides you with some example contact and contact
+#        group definitions that you can reference in host and service
+#        definitions.
+#
+#        You don't need to keep these definitions in a separate file from your
+#        other object definitions.  This has been done just to make things
+#        easier to understand.
+#
+###############################################################################
+
+
+
+###############################################################################
+#
+# CONTACTS
+#
+###############################################################################
+
+# Just one contact defined by default - the Nagios admin (that's you)
+# This contact definition inherits a lot of default values from the
+# 'generic-contact' template which is defined elsewhere.
+
+define contact {
+
+    contact_name            nagiosadmin             ; Short name of user
+    use                     generic-contact         ; Inherit default values from generic-contact template (defined above)
+    alias                   Nagios Admin            ; Full name of user
+    email                   nagios@localhost ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
+}
+
+define contact {
+
+    contact_name            louis             ; Short name of user
+    use                     generic-contact         ; Inherit default values from generic-contact templa>
+    alias                   louis depres            ; Full name of user
+    email                   louis.dprs@gmail.com ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
+}
+
+
+
+###############################################################################
+#
+# CONTACT GROUPS
+#
+###############################################################################
+
+# We only have one contact in this simple configuration file, so there is
+# no need to create more than one contact group.
+
+define contactgroup {
+
+    contactgroup_name       admins
+    alias                   Nagios Administrators
+    members                 nagiosadmin, louis
+}

Sio2/CYBER/10-Nagios/main.cf

@@ -0,0 +1,60 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
+# fresh installs.
+compatibility_level = 2
+
+
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+#smtpd_tls_security_level=may
+
+smtp_tls_CApath=/etc/ssl/certs
+#smtp_tls_security_level=may
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+myhostname = nagios.sio.lan
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+mydestination = bullseye, nagios.sio.lan, nagios, localhost.localdomain, localhost
+relayhost = [smtp.gmail.com]:587 
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.40/24
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+default_transport = smtp
+relay_transport = smtp
+inet_protocols = ipv4
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+# Disallow methods that allow anonymous authentication
+smtp_sasl_security_options = noanonymous
+# Location of sasl_passwd
+smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
+# Enable STARTTLS encryption
+smtp_tls_security_level = encrypt
+# Location of CA certificates
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+

Sio2/CYBER/10-Nagios/ns.cfg

@@ -0,0 +1,55 @@
+###############################################################################
+# LOCALHOST.CFG - SAMPLE OBJECT CONFIG FILE FOR MONITORING THIS MACHINE
+#
+#
+# NOTE: This config file is intended to serve as an *extremely* simple
+#       example of how you can create configuration entries to monitor
+#       the local (Linux) machine.
+#
+###############################################################################
+
+
+
+###############################################################################
+#
+# HOST DEFINITION
+#
+###############################################################################
+
+# Define a host for the local machine
+
+define host {
+
+    use                     linux-server            ; Name of host template to use
+                                                    ; This host definition will inherit all variables that are defined
+                                                    ; in (or inherited by) the linux-server host template definition.
+    host_name               ns
+    alias                   ns
+    address                 10.121.38.7
+    parents                 gwsio5
+}
+
+
+define service {
+
+    use                     generic-service   ;Use generic-service template
+    hostgroup_name          linux-servers     ; S'applique au groupe en question
+    service_description     chk-lin-load ; Nom du service
+    check_command           check_lin_load!public!--v2c!netsl!3,2,2!3,2,2 ; Command
+}
+
+define service {
+
+    use                     generic-service   ;Use generic-service template
+    hostgroup_name          linux-servers     ; S'applique au groupe en question
+    service_description     chk-lin-mem ; Nom du service
+    check_command           check_lin_mem!public!--v2c!70%,80%!90%,95% ; Command
+}
+
+
+define service{
+        use                             generic-service
+        hostgroup_name                  linux-servers
+        service_description             chk-dns-ext
+        check_command                   check_dns_ext
+        }

Sio2/CYBER/10-Nagios/sasl_passwd

@@ -0,0 +1 @@
+[smtp.gmail.com]:587    l.depres15@gmail.com:uhteajxfcpvapjey

Sio2/SISR/40-ansible/local.yml

@@ -0,0 +1,5 @@
+---
+- hosts: infra
+  roles:
+  - web
+  - doku

Sio2/SISR/40-ansible/maindoku.yml

@@ -0,0 +1,45 @@
+- name: recuperation archive et decompression dans /tmp
+  unarchive:
+    src: http://depl/store/dokuwiki-stable.tgz
+    dest: /var/www/html
+    remote_src: yes
+ 
+- name: renommer le dossier et deplacer
+  stat:
+    path: /var/www/html/dokuwiki-2022-07-31a
+  register: dokuwiki_status
+
+- name: check si dokuwiki deja installe
+  stat:
+    path: /var/www/html/doku
+  register: doku_status
+
+- name: sortie si dokuwiki est deja installe
+  fail:
+    msg: "dokuwiki deja installe dans /var/www/html/doku"
+  when: doku_status.stat.exists
+
+- name: renomme dokuwiki-2022-07-31a
+  command: "mv /var/www/html/dokuwiki-2022-07-31a /var/www/html/doku"
+  when: dokuwiki_status.stat.exists
+
+- name: les droits dokuwiki
+  file:
+    path: /var/www/html/doku
+    state: directory
+    recurse: yes
+    owner: root
+    group: root
+    mode: 0755
+
+- name: droits de www-data
+  file:
+    path: "/var/www/html/doku/{{ item }}"
+    state: directory
+    recurse: yes
+    owner: www-data
+    group: www-data
+  with_items:
+    - data
+    - lib
+    - conf

Sio2/SISR/40-ansible/mainweb.yml

@@ -0,0 +1,11 @@
+---
+- name: installation apache2 php php-gd php-mbstring
+  apt:
+    pkg:
+    - apache2
+    - php
+    - php-gd
+    - php-xml
+    - php-mbstring
+    state: present
+

Sio2/SISR/40-ansible/stlab.yml

@@ -0,0 +1,49 @@
+---
+- hosts: localhost
+  #  become: true
+  vars_prompt:
+    - name: username
+      prompt: Votre nom?
+      private: false
+
+  tasks:
+    - name: cree utilisateurs
+      shell: "curl depl.sio.lan/usr/mkusrlin-2024.sh|bash"
+
+    - name: mdp root verrouillage
+# avec mkpasswd -m SHA-512
+      ansible.builtin.user:
+        name: root
+        password: '$6$Ga8KbEYAgCZYGeDB$7zlfBy1j4koFv.NYQEeZa/k7pwjNTEI7hrWUlrHWTwd1YsEqm.Sy2DZ1GAFYe2qe4ZccMQJAt7QxILY1sd9AV0' 
+    - name: enleve sio de sudo
+      ansible.builtin.user:
+        name: sio
+        groups: ''
+
+    - name: met le user "{{ username }}" dans le groupe sudo
+      ansible.builtin.user:
+        name: "{{ username }}"
+        groups: sudo
+        append: yes
+      when: username != ""
+
+    - name: installer systemd-journal-remote
+      apt:
+        name:
+          - systemd-journal-remote
+
+    - name: chnager adresse envoie log
+      replace:
+        path: /etc/systemd/journal-upload.conf
+        regexp: '^# URL='
+        replace: 'URL=http://192.168.0.1:19532'
+
+    - name: Enable systemd-journal-upload.service
+      ansible.builtin.service:
+        name: systemd-journal-upload.service
+        enabled: yes
+
+    - name: Restart systemd-journal-upload.service
+      ansible.builtin.service:
+        name: systemd-journal-upload.service
+        state: restarted

Sio2/SISR/50-docker/dokuwiki/docker-compose.yml

@@ -0,0 +1,15 @@
+version: "2.1"
+services:
+  dokuwiki:
+    image: lscr.io/linuxserver/dokuwiki:latest
+    container_name: dokuwiki
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/London
+    volumes:
+      - /path/to/appdata/config:/config
+    ports:
+      - 8000:80
+      - 443:443 #optional
+    restart: unless-stopped

Sio2/SISR/50-docker/glpi/docker-compose.yml

@@ -0,0 +1,28 @@
+version: "3.2"
+
+services:
+#MariaDB Container
+  mariadb:
+    image: mariadb:10.7
+    container_name: mariadb
+    hostname: mariadb
+    volumes:
+      - /var/lib/mysql:/var/lib/mysql
+    env_file:
+      - ./mariadb.env
+    restart: always
+
+#GLPI Container
+  glpi:
+    image: diouxx/glpi
+    container_name : glpi
+    hostname: glpi
+    ports:
+      - "8081:80"
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - /var/www/html/glpi/:/var/www/html/glpi
+    environment:
+      - TIMEZONE=Europe/Brussels
+    restart: always

Sio2/SISR/50-docker/glpi/mariadb.env

@@ -0,0 +1,4 @@
+MARIADB_ROOT_PASSWORD=diouxx
+MARIADB_DATABASE=glpidb
+MARIADB_USER=glpi_user
+MARIADB_PASSWORD=glpi

Sio2/SISR/50-docker/nextcloud/docker-compose.yml

@@ -0,0 +1,33 @@
+version: '2'
+
+volumes:
+  nextcloud:
+  db:
+
+services:
+  db:
+    image: mariadb:10.5
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    volumes:
+      - db:/var/lib/mysql
+    environment:
+      - MYSQL_ROOT_PASSWORD=root
+      - MYSQL_PASSWORD=nextcloud
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+
+  app:
+    image: nextcloud
+    restart: always
+    ports:
+      - 8080:80
+    links:
+      - db
+    volumes:
+      - nextcloud:/var/www/html
+    environment:
+      - MYSQL_PASSWORD=nextcloud
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db

Sio2/SISR/50-docker/wordpress/docker-compose.yml

@@ -0,0 +1,33 @@
+services:
+  db:
+    # We use a mariadb image which supports both amd64 & arm64 architecture
+    image: mariadb:10.6.4-focal
+    # If you really want to use MySQL, uncomment the following line
+    #image: mysql:8.0.27
+    command: '--default-authentication-plugin=mysql_native_password'
+    volumes:
+      - db_data:/var/lib/mysql
+    restart: always
+    environment:
+      - MYSQL_ROOT_PASSWORD=somewordpress
+      - MYSQL_DATABASE=wordpress
+      - MYSQL_USER=wordpress
+      - MYSQL_PASSWORD=wordpress
+    expose:
+      - 3306
+      - 33060
+  wordpress:
+    image: wordpress:latest
+    volumes:
+      - wp_data:/var/www/html
+    ports:
+      - 80:80
+    restart: always
+    environment:
+      - WORDPRESS_DB_HOST=db
+      - WORDPRESS_DB_USER=wordpress
+      - WORDPRESS_DB_PASSWORD=wordpress
+      - WORDPRESS_DB_NAME=wordpress
+volumes:
+  db_data:
+  wp_data:

Sio2/SISR/60-Vagrant/Docker/Vagrantfile

@@ -0,0 +1,77 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bullseye64"
+  config.vm.hostname = "docker"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+   config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+     vb.memory = "3096"
+   end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     apt-get update
+     apt install -y wget curl git vim nano
+     if ! which docker ; then
+       curl -s -o getdocker.sh https://get.docker.com
+       bash getdocker.sh
+       gpasswd -a vagrant docker
+     fi
+  #   apt-get install -y apache2
+   SHELL
+end

Sio2/SISR/60-Vagrant/Suricata/Vagrantfile

@@ -0,0 +1,86 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bullseye64"
+  config.vm.hostname = "suricata"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+   config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+     vb.memory = "2048"
+   end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     apt-get update
+     apt install -y wget curl git nano suricata jq
+     systemctl enable suricata.service
+     systemctl stop suricata.service
+     sed -i 's/community-id: false/community-id: true/' /etc/suricata/suricata.yaml
+     sed -iz 's/- interface: eth0/- interface: eth1/' /etc/suricata/suricata.yaml
+     cat >> /etc/suricata/suricata.yaml <<-EOT
+detect-engine:
+  - rule-reload: true
+EOT
+#     systemctl start suricata.service
+     sudo suricata-update -o /etc/suricata/rules
+     sudo suricata-update list-sources
+     sudo suricata -T -c /etc/suricata/suricata.yaml -v
+     systemctl start suricata.service
+     ip -br a 
+   SHELL
+end
+