louis.depres/SioTP
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: louis.depres:v2.0.0
Branches Tags
louis.depres:master
louis.depres:v2.0.11
louis.depres:v2.0.10
louis.depres:v2.0.9
louis.depres:v2.0.8
louis.depres:V2.0.7
louis.depres:V2.0.6-b
louis.depres:V2.0.6
louis.depres:v2.0.4
louis.depres:v2.0.3
louis.depres:v.2.0.5
louis.depres:v2.0.2
louis.depres:v2.0.1
louis.depres:v2.0.0
louis.depres:v0.12.6
louis.depres:v0.1.15
louis.depres:v1
louis.depres:v0.5b
louis.depres:v0.5
louis.depres:v0.1.5c
louis.depres:v0.1.5b
louis.depres:v0.1.5
louis.depres:v1.0.0
louis.depres:v0.1
louis.depres:v0.1.0
...
compare: louis.depres:master
Branches Tags
louis.depres:master
louis.depres:v2.0.11
louis.depres:v2.0.10
louis.depres:v2.0.9
louis.depres:v2.0.8
louis.depres:V2.0.7
louis.depres:V2.0.6-b
louis.depres:V2.0.6
louis.depres:v2.0.4
louis.depres:v2.0.3
louis.depres:v.2.0.5
louis.depres:v2.0.2
louis.depres:v2.0.1
louis.depres:v2.0.0
louis.depres:v0.12.6
louis.depres:v0.1.15
louis.depres:v1
louis.depres:v0.5b
louis.depres:v0.5
louis.depres:v0.1.5c
louis.depres:v0.1.5b
louis.depres:v0.1.5
louis.depres:v1.0.0
louis.depres:v0.1
louis.depres:v0.1.0

22 Commits
v2.0.0 ... master

Author SHA1 Message Date
Louis Depres
a91cd7b745 Modif stlab.yml 2023-01-11 10:44:41 +01:00
Louis Depres
5c79f1005a Secu root pour 1ere annee 2023-01-09 11:38:37 +01:00
root
12f480ca36 Changement Vagrantfile 2023-01-04 14:29:27 +01:00
root
8987ade7f6 Changement Vagrantfile 2023-01-04 14:29:06 +01:00
root
08944e6df9 Ansible AP3 2023-01-04 14:26:11 +01:00
Louis Depres
48ee93c0c8 Vagrantfile 2022-11-17 11:50:41 +01:00
Louis
21f0416527 Docker Nextcloud 2022-11-17 10:44:42 +00:00
Louis
cf7c579706 Docker 2022-11-15 07:24:31 +00:00
root
96c5b92a5d Nagios 2022-10-19 08:47:00 +02:00
Louis
5794335644 Merge branch 'master' of https://gitea.lyc-lecastel.fr/louis.depres/SioTP 2022-10-13 09:36:13 +02:00
Louis
166cc2bfe3 Fin Ansible 2022-10-13 09:34:32 +02:00
Louis
85f12c53cb OpenVPN 2022-10-12 11:55:15 +02:00
Louis
100f6bcfef Suite Ansible 2022-10-11 11:01:29 +02:00
Louis
62052834f9 Debut Ansible 2022-10-11 08:11:15 +02:00
louis
6a287b8ee7 Fin Python 2022-09-30 14:38:24 +02:00
louis
20f4f4f183 Log 2022-09-29 11:50:14 +02:00
louis
bef3ed97e7 Creatusr v2 2022-09-29 09:47:20 +02:00
louis
72aba346b9 Python V1 2022-09-28 17:50:16 +02:00
Louis
7a35ccf29e LDAP 2022-09-27 10:55:55 +02:00
root
e016dc6130 Nagios 2 2022-09-26 11:45:51 +02:00
root
0f66776b09 Nagios 2022-09-21 16:25:13 +02:00
root
9081a57724 Vagrant 2022-09-14 17:29:38 +02:00
58 changed files with 15704 additions and 0 deletions
Show Stats Expand all files Collapse all files

29
Sio2/AP3/Ansible/apbase.yml Normal file
View File

@ -0,0 +1,29 @@
---
- name: apbase
hosts: ap32
become: true
become_method: sudo
tasks:
- name: Ajout fichier apt.conf
copy:
src: apt.conf
dest: /etc/apt/apt.conf
- name: apt update & upgrade
apt:
update_cache: yes
upgrade: yes
- name: Installation des packets
apt:
name:
- apache2
- php
- php-mbstring
- php-mysql
- mariadb-server
- git
- python3-mysqldb
- python3-passlib
- python3-pymysql
state: present

23
Sio2/AP3/Ansible/apdb.yml Normal file
View File

@ -0,0 +1,23 @@
---
- name: apdb
hosts: ap32
become: true
become_method: sudo
tasks:
- name: creation nouvelle db sdis2022
community.mysql.mysql_db:
name: sdis29
login_user: root
login_password: admin
state: present
login_unix_socket: /run/mysqld/mysqld.sock
- name: creation utilisateur ap32
community.mysql.mysql_user:
login_user: root
login_password: admin
name: ap32
password: ap32
priv: 'sdis29.*:ALL'
state: present
login_unix_socket: /run/mysqld/mysqld.sock

19
Sio2/AP3/Ansible/apdbdump.yml Normal file
View File

@ -0,0 +1,19 @@
---
- hosts: ap32
become: true
become_method: sudo
tasks:
- name: Dump database
community.mysql.mysql_db:
state: dump
name: "sdis29"
login_user: ap32
login_password: ap32
target: /tmp/sdis29-dump.sql.gz
login_unix_socket: /run/mysqld/mysqld.sock
- name: copie du dump sur machine locale
fetch:
src: /tmp/sdis29-dump.sql.gz
dest: sdis29-dump.sql.gz
flat: yes

2
Sio2/AP3/Ansible/apt.conf Normal file
View File

@ -0,0 +1,2 @@
Acquire::http::Proxy "http://10.121.38.1:8080";
Acquire::https::Proxy "http://10.121.38.1:8080";

2
Sio2/AP3/Ansible/hosts Normal file
View File

@ -0,0 +1,2 @@
[ap32]
ap32-prod

BIN
Sio2/AP3/Ansible/sdis29-dump.sql.gz Normal file
View File

Binary file not shown.

422
Sio2/CYBER/10-Nagios/cgi.cfg Normal file
View File

@ -0,0 +1,422 @@
#################################################################
#
# CGI.CFG - Sample CGI Configuration File for Nagios 4.4.6
#
#
#################################################################
# MAIN CONFIGURATION FILE
# This tells the CGIs where to find your main configuration file.
# The CGIs will read the main and host config files for any other
# data they might need.
main_config_file=/etc/nagios4/nagios.cfg
# PHYSICAL HTML PATH
# This is the path where the HTML files for Nagios reside. This
# value is used to locate the logo images needed by the statusmap
# and statuswrl CGIs.
physical_html_path=/usr/share/nagios4/htdocs
# URL HTML PATH
# This is the path portion of the URL that corresponds to the
# physical location of the Nagios HTML files (as defined above).
# This value is used by the CGIs to locate the online documentation
# and graphics. If you access the Nagios pages with an URL like
# http://www.myhost.com/nagios, this value should be '/nagios'
# (without the quotes).
url_html_path=/nagios4
# CONTEXT-SENSITIVE HELP
# This option determines whether or not a context-sensitive
# help icon will be displayed for most of the CGIs.
# Values: 0 = disables context-sensitive help
# 1 = enables context-sensitive help
show_context_help=0
# PENDING STATES OPTION
# This option determines what states should be displayed in the web
# interface for hosts/services that have not yet been checked.
# Values: 0 = leave hosts/services that have not been check yet in their original state
# 1 = mark hosts/services that have not been checked yet as PENDING
use_pending_states=1
# AUTHENTICATION USAGE
# This option controls whether or not the CGIs will use any
# authentication when displaying host and service information, as
# well as committing commands to Nagios for processing.
#
# Read the HTML documentation to learn how the authorization works!
#
# NOTE: It is a really *bad* idea to disable authorization, unless
# you plan on removing the command CGI (cmd.cgi)! Failure to do
# so will leave you wide open to kiddies messing with Nagios and
# possibly hitting you with a denial of service attack by filling up
# your drive by continuously writing to your command file!
#
# Setting this value to 0 will cause the CGIs to *not* use
# authentication (bad idea), while any other value will make them
# use the authentication functions (the default).
use_authentication=1
# x509 CERT AUTHENTICATION
# When enabled, this option allows you to use x509 cert (SSL)
# authentication in the CGIs. This is an advanced option and should
# not be enabled unless you know what you're doing.
use_ssl_authentication=0
# DEFAULT USER
# Setting this variable will define a default user name that can
# access pages without authentication. This allows people within a
# secure domain (i.e., behind a firewall) to see the current status
# without authenticating. You may want to use this to avoid basic
# authentication if you are not using a secure server since basic
# authentication transmits passwords in the clear.
#
# Important: Do not define a default username unless you are
# running a secure web server and are sure that everyone who has
# access to the CGIs has been authenticated in some manner! If you
# define this variable, anyone who has not authenticated to the web
# server will inherit all rights you assign to this user!
#default_user_name=guest
# SYSTEM/PROCESS INFORMATION ACCESS
# This option is a comma-delimited list of all usernames that
# have access to viewing the Nagios process information as
# provided by the Extended Information CGI (extinfo.cgi). By
# default, *no one* has access to this unless you choose to
# not use authorization. You may use an asterisk (*) to
# authorize any user who has authenticated to the web server.
authorized_for_system_information=nagiosadmin
# CONFIGURATION INFORMATION ACCESS
# This option is a comma-delimited list of all usernames that
# can view ALL configuration information (hosts, commands, etc).
# By default, users can only view configuration information
# for the hosts and services they are contacts for. You may use
# an asterisk (*) to authorize any user who has authenticated
# to the web server.
authorized_for_configuration_information=nagiosadmin
# SYSTEM/PROCESS COMMAND ACCESS
# This option is a comma-delimited list of all usernames that
# can issue shutdown and restart commands to Nagios via the
# command CGI (cmd.cgi). Users in this list can also change
# the program mode to active or standby. By default, *no one*
# has access to this unless you choose to not use authorization.
# You may use an asterisk (*) to authorize any user who has
# authenticated to the web server.
authorized_for_system_commands=nagiosadmin
# GLOBAL HOST/SERVICE VIEW ACCESS
# These two options are comma-delimited lists of all usernames that
# can view information for all hosts and services that are being
# monitored. By default, users can only view information
# for hosts or services that they are contacts for (unless you
# you choose to not use authorization). You may use an asterisk (*)
# to authorize any user who has authenticated to the web server.
authorized_for_all_services=nagiosadmin
authorized_for_all_hosts=nagiosadmin
# GLOBAL HOST/SERVICE COMMAND ACCESS
# These two options are comma-delimited lists of all usernames that
# can issue host or service related commands via the command
# CGI (cmd.cgi) for all hosts and services that are being monitored.
# By default, users can only issue commands for hosts or services
# that they are contacts for (unless you you choose to not use
# authorization). You may use an asterisk (*) to authorize any
# user who has authenticated to the web server.
authorized_for_all_service_commands=nagiosadmin
authorized_for_all_host_commands=nagiosadmin
# READ-ONLY USERS
# A comma-delimited list of usernames that have read-only rights in
# the CGIs. This will block any service or host commands normally shown
# on the extinfo CGI pages. It will also block comments from being shown
# to read-only users.
#authorized_for_read_only=user1,user2
# STATUSMAP BACKGROUND IMAGE
# This option allows you to specify an image to be used as a
# background in the statusmap CGI. It is assumed that the image
# resides in the HTML images path (i.e. /usr/local/nagios/share/images).
# This path is automatically determined by appending "/images"
# to the path specified by the 'physical_html_path' directive.
# Note: The image file may be in GIF, PNG, JPEG, or GD2 format.
# However, I recommend that you convert your image to GD2 format
# (uncompressed) but ONLY IF YOU WILL USE THE LEGACY MAP EXCLUSIVELY,
# as this will cause less CPU load when the CGI generates the image.
#statusmap_background_image=smbackground.gd2
# STATUSMAP TRANSPARENCY INDEX COLOR
# These options set the r,g,b values of the background color used the statusmap CGI,
# so normal browsers that can't show real png transparency set the desired color as
# a background color instead (to make it look pretty).
# Defaults to white: (R,G,B) = (255,255,255).
#color_transparency_index_r=255
#color_transparency_index_g=255
#color_transparency_index_b=255
# DEFAULT STATUSMAP LAYOUT METHOD
# This option allows you to specify the default layout method
# the statusmap CGI should use for drawing hosts. If you do
# not use this option, the default for the legacy map is to use
# user-defined coordinates and the default for the new map is "6"
# (Circular Balloon).
# Valid options for the legacy map are as follows:
# 0 = User-defined coordinates
# 1 = Depth layers
# 2 = Collapsed tree
# 3 = Balanced tree
# 4 = Circular
# 5 = Circular (Marked Up)
# Valid options for the new map are as follows:
# 0 = User-defined coordinates
# 1 = Depth Layers (Horizontal)
# 2 = Collapsed tree (Horizontal)
# 3 = Balanced tree (Horizontal)
# 4 = DON'T USE
# 5 = Circular Markup
# 6 = Circular Balloon
# 7 = Balanced tree (Vertical)
# 8 = Collapsed tree (Vertical)
# 9 = Depth Layers (Vertical)
# 10 = Force Map
#default_statusmap_layout=6
# DEFAULT STATUSWRL LAYOUT METHOD
# This option allows you to specify the default layout method
# the statuswrl (VRML) CGI should use for drawing hosts. If you
# do not use this option, the default is to use user-defined
# coordinates. Valid options are as follows:
# 0 = User-defined coordinates
# 2 = Collapsed tree
# 3 = Balanced tree
# 4 = Circular
default_statuswrl_layout=4
# STATUSWRL INCLUDE
# This option allows you to include your own objects in the
# generated VRML world. It is assumed that the file
# resides in the HTML path (i.e. /usr/local/nagios/share).
#statuswrl_include=myworld.wrl
# PING SYNTAX
# This option determines what syntax should be used when
# attempting to ping a host from the WAP interface (using
# the statuswml CGI. You must include the full path to
# the ping binary, along with all required options. The
# $HOSTADDRESS$ macro is substituted with the address of
# the host before the command is executed.
# Please note that the syntax for the ping binary is
# notorious for being different on virtually ever *NIX
# OS and distribution, so you may have to tweak this to
# work on your system.
ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$
# REFRESH RATE
# This option allows you to specify the refresh rate in seconds
# of various CGIs (status, statusmap, extinfo, and outages).
refresh_rate=90
# PAGE TOUR
# Enable page tour for helpful tips and tricks on various pages
#enable_page_tour=1
# DEFAULT PAGE LIMIT
# This option allows you to specify the default number of results
# displayed on the status.cgi. This number can be adjusted from
# within the UI after the initial page load. Setting this to 0
# will show all results.
result_limit=100
# ESCAPE HTML TAGS
# This option determines whether HTML tags in host and service
# status output is escaped in the web interface. If enabled,
# your plugin output will not be able to contain clickable links.
escape_html_tags=1
# SOUND OPTIONS
# These options allow you to specify an optional audio file
# that should be played in your browser window when there are
# problems on the network. The audio files are used only in
# the status CGI. Only the sound for the most critical problem
# will be played. Order of importance (higher to lower) is as
# follows: unreachable hosts, down hosts, critical services,
# warning services, and unknown services. If there are no
# visible problems, the sound file optionally specified by
# 'normal_sound' variable will be played.
#
#
# <varname>=<sound_file>
#
# Note: All audio files must be placed in the /media subdirectory
# under the HTML path (i.e. /usr/local/nagios/share/media/).
#host_unreachable_sound=hostdown.wav
#host_down_sound=hostdown.wav
#service_critical_sound=critical.wav
#service_warning_sound=warning.wav
#service_unknown_sound=warning.wav
#normal_sound=noproblem.wav
# URL TARGET FRAMES
# These options determine the target frames in which notes and
# action URLs will open.
action_url_target=_blank
notes_url_target=_blank
# LOCK AUTHOR NAMES OPTION
# This option determines whether users can change the author name
# when submitting comments, scheduling downtime. If disabled, the
# author names will be locked into their contact name, as defined in Nagios.
# Values: 0 = allow editing author names
# 1 = lock author names (disallow editing)
lock_author_names=1
# SPLUNK INTEGRATION OPTIONS
# These options allow you to enable integration with Splunk
# in the web interface. If enabled, you'll be presented with
# "Splunk It" links in various places in the CGIs (log file,
# alert history, host/service detail, etc). Useful if you're
# trying to research why a particular problem occurred.
# For more information on Splunk, visit http://www.splunk.com/
# This option determines whether the Splunk integration is enabled
# Values: 0 = disable Splunk integration
# 1 = enable Splunk integration
#enable_splunk_integration=1
# This option should be the URL used to access your instance of Splunk
#splunk_url=http://127.0.0.1:8000/
# NAVIGATION BAR SEARCH OPTIONS
# The following options allow to configure the navbar search. Default
# is to search for hostnames. With enabled navbar_search_for_addresses,
# the navbar search queries IP addresses as well. It's also possible
# to enable search for aliases by setting navbar_search_for_aliases=1.
navbar_search_for_addresses=1
navbar_search_for_aliases=1
# DEFAULTS FOR CHECKBOXES FOR ACKNOWLEDGEMENTS
# Enabling ack_no_sticky will default the "Sticky Acknowledgement" to
# be unchecked.
# Enabling ack_no_send will default the "Send Notification" to
# be unchecked.
#ack_no_sticky=0
#ack_no_send=0
# SHOW ONLY HARD STATES IS TACTICAL OVERVIEW
# This option controls whether only HARD states are counted on the
# Tactical Overview, or if both HARD and SOFT states are counted.
# Set to 1 to show only HARD states. Defaults to 0 (HARD+SOFT).
#tac_cgi_hard_only=0
# COMMAND COMMENTS
# These options control whether or not comments are required, optional,
# or not allowed for specific commands. The format for each line is:
# cmd-name=req,def-comment
#
# cmd-name is "CMT_" plus a command such as ADD_HOST_COMMENT
# req 0 = not allowed, 1 = optional, 2 = required
# def-comment optional default comment that will be put in the input field
#
# The following examples override the default comment requirements in
# some way.
#CMT_ADD_HOST_COMMENT=1
#CMT_ACKNOWLEDGE_HOST_PROBLEM=2,"Problem is being looked into"
#CMT_SCHEDULE_SVC_CHECK=1
#CMT_SCHEDULE_HOST_DOWNTIME=0

308
Sio2/CYBER/10-Nagios/commands.cfg Normal file
View File

@ -0,0 +1,308 @@
###############################################################################
# COMMANDS.CFG - SAMPLE COMMAND DEFINITIONS FOR NAGIOS 4.4.6
#
#
# NOTES: This config file provides you with some example command definitions
# that you can reference in host, service, and contact definitions.
#
# You don't need to keep commands in a separate file from your other
# object definitions. This has been done just to make things easier to
# understand.
#
###############################################################################
################################################################################
#
# SAMPLE NOTIFICATION COMMANDS
#
# These are some example notification commands. They may or may not work on
# your system without modification. As an example, some systems will require
# you to use "/usr/bin/mailx" instead of "/usr/bin/mail" in the commands below.
#
################################################################################
define command {
command_name notify-host-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
}
define command {
command_name notify-service-by-email
command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
}
################################################################################
#
# SAMPLE HOST CHECK COMMANDS
#
################################################################################
# Removed in Debian because it conflicts with the command of the same name
# defined in ping.cfg, which is part of monitoring-plugins-basic.
#
## This command checks to see if a host is "alive" by pinging it
## The check must result in a 100% packet loss or 5 second (5000ms) round trip
## average time to produce a critical error.
## Note: Five ICMP echo packets are sent (determined by the '-p 5' argument)
#
#define command {
#
# command_name check-host-alive
# command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5
#}
################################################################################
#
# SAMPLE SERVICE CHECK COMMANDS
#
# These are some example service check commands. They may or may not work on
# your system, as they must be modified for your plugins. See the HTML
# documentation on the plugins for examples of how to configure command definitions.
#
# NOTE: The following 'check_local_...' functions are designed to monitor
# various metrics on the host that Nagios is running on (i.e. this one).
################################################################################
define command {
command_name check_local_disk
command_line $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
}
define command {
command_name check_local_load
command_line $USER1$/check_load -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_procs
command_line $USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
}
define command {
command_name check_local_users
command_line $USER1$/check_users -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_swap
command_line $USER1$/check_swap -w $ARG1$ -c $ARG2$
}
define command {
command_name check_local_mrtgtraf
command_line $USER1$/check_mrtgtraf -F $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -e $ARG5$
}
################################################################################
# NOTE: The following 'check_...' commands are used to monitor services on
# both local and remote hosts.
################################################################################
# Removed in Debian because it conflicts with the command of the same of
# defined in ftp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ftp
# command_line $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in hppjd.cfg, which is part of monitoring-plugins-standard.
#
#define command {
#
# command_name check_hpjd
# command_line $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$
#}
define command {
command_name check_snmp
command_line $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$
}
# Removed in Debian because it conflicts with the command of the same of
# defined in http.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_http
# command_line $USER1$/check_http -I $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in ssh.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ssh
# command_line $USER1$/check_ssh $ARG1$ $HOSTADDRESS$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in dhcp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_dhcp
# command_line $USER1$/check_dhcp $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in ping.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_ping
# command_line $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_pop
# command_line $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_imap
# command_line $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in mail.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_smtp
# command_line $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_tcp
# command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in tcp_ucp.cfg, which is part of monitoring-plugins-basic.
#
#define command {
#
# command_name check_udp
# command_line $USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$
#}
# Removed in Debian because it conflicts with the command of the same of
# defined in nt.cfg, which is part of monitoring-plugins-standard.
#
#define command {
#
# command_name check_nt
# command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
#}
################################################################################
#
# SAMPLE PERFORMANCE DATA COMMANDS
#
# These are sample performance data commands that can be used to send performance
# data output to two text files (one for hosts, another for services). If you
# plan on simply writing performance data out to a file, consider using the
# host_perfdata_file and service_perfdata_file options in the main config file.
#
################################################################################
define command {
command_name process-host-perfdata
command_line /usr/bin/printf "%b" "$LASTHOSTCHECK$\t$HOSTNAME$\t$HOSTSTATE$\t$HOSTATTEMPT$\t$HOSTSTATETYPE$\t$HOSTEXECUTIONTIME$\t$HOSTOUTPUT$\t$HOSTPERFDATA$\n" >> /var/lib/nagios4/host-perfdata.out
}
define command {
command_name process-service-perfdata
command_line /usr/bin/printf "%b" "$LASTSERVICECHECK$\t$HOSTNAME$\t$SERVICEDESC$\t$SERVICESTATE$\t$SERVICEATTEMPT$\t$SERVICESTATETYPE$\t$SERVICEEXECUTIONTIME$\t$SERVICELATENCY$\t$SERVICEOUTPUT$\t$SERVICEPERFDATA$\n" >> /var/lib/nagios4/service-perfdata.out
}
define command {
command_name check_lin_load
command_line $USER1$/check_snmp_load.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -T $ARG3$ -w $ARG4$ -c $ARG5$
}
define command {
command_name check_lin_mem
command_line $USER1$/check_snmp_mem.pl -H $HOSTADDRESS$ -C $ARG1$ $ARG2$ -w $ARG3$ -c $ARG4$
}
define command {
command_name check_dns_ext
command_line $USER1$/check_dns -H 9.9.9.9 -s 10.121.38.7
}

59
Sio2/CYBER/10-Nagios/contacts.cfg Normal file
View File

@ -0,0 +1,59 @@
###############################################################################
# CONTACTS.CFG - SAMPLE CONTACT/CONTACTGROUP DEFINITIONS
#
#
# NOTES: This config file provides you with some example contact and contact
# group definitions that you can reference in host and service
# definitions.
#
# You don't need to keep these definitions in a separate file from your
# other object definitions. This has been done just to make things
# easier to understand.
#
###############################################################################
###############################################################################
#
# CONTACTS
#
###############################################################################
# Just one contact defined by default - the Nagios admin (that's you)
# This contact definition inherits a lot of default values from the
# 'generic-contact' template which is defined elsewhere.
define contact {
contact_name nagiosadmin ; Short name of user
use generic-contact ; Inherit default values from generic-contact template (defined above)
alias Nagios Admin ; Full name of user
email nagios@localhost ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
}
define contact {
contact_name louis ; Short name of user
use generic-contact ; Inherit default values from generic-contact templa>
alias louis depres ; Full name of user
email louis.dprs@gmail.com ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
}
###############################################################################
#
# CONTACT GROUPS
#
###############################################################################
# We only have one contact in this simple configuration file, so there is
# no need to create more than one contact group.
define contactgroup {
contactgroup_name admins
alias Nagios Administrators
members nagiosadmin, louis
}

32
Sio2/CYBER/10-Nagios/gwsio5.cfg Normal file
View File

@ -0,0 +1,32 @@
###############################################################################
# LOCALHOST.CFG - SAMPLE OBJECT CONFIG FILE FOR MONITORING THIS MACHINE
#
#
# NOTE: This config file is intended to serve as an *extremely* simple
# example of how you can create configuration entries to monitor
# the local (Linux) machine.
#
###############################################################################
###############################################################################
#
# HOST DEFINITION
#
###############################################################################
# Define a host for the local machine
define host {
use linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name gwsio5
alias gwsio5
address 192.168.0.1
# hostgroup_name linux-servers
}

188
Sio2/CYBER/10-Nagios/localhost.cfg Normal file
View File

@ -0,0 +1,188 @@
###############################################################################
# LOCALHOST.CFG - SAMPLE OBJECT CONFIG FILE FOR MONITORING THIS MACHINE
#
#
# NOTE: This config file is intended to serve as an *extremely* simple
# example of how you can create configuration entries to monitor
# the local (Linux) machine.
#
###############################################################################
###############################################################################
#
# HOST DEFINITION
#
###############################################################################
# Define a host for the local machine
define host {
use linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name localhost
alias localhost
address 127.0.0.1
}
###############################################################################
#
# HOST GROUP DEFINITION
#
###############################################################################
# Define an optional hostgroup for Linux machines
define hostgroup {
hostgroup_name linux-servers ; The name of the hostgroup
alias Linux Servers ; Long name of the group
members localhost, srv, gwsio5, ns ; Comma separated list of hosts that belong to this group
}
###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
# Define a service to "ping" the local machine
define service {
use local-service ; Name of service template to use
hostgroup_name linux-servers
service_description PING
check_command check_ping!100.0,20%!500.0,60%
notifications_enabled 1
}
# Define a service to check the disk space of the root partition
# on the local machine. Warning if < 20% free, critical if
# < 10% free space on partition.
define service {
use local-service ; Name of service template to use
host_name localhost
service_description Root Partition
check_command check_local_disk!20%!10%!/
}
# Define a service to check the number of currently logged in
# users on the local machine. Warning if > 20 users, critical
# if > 50 users.
define service {
use local-service ; Name of service template to use
host_name localhost
service_description Current Users
check_command check_local_users!20!50
}
# Define a service to check the number of currently running procs
# on the local machine. Warning if > 250 processes, critical if
# > 400 processes.
define service {
use local-service ; Name of service template to use
host_name localhost
service_description Total Processes
check_command check_local_procs!250!400!RSZDT
}
# Define a service to check the load on the local machine.
define service {
use local-service ; Name of service template to use
host_name localhost
service_description Current Load
check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0
}
# Define a service to check the swap usage the local machine.
# Critical if less than 10% of swap is free, warning if less than 20% is free
define service {
use local-service ; Name of service template to use
host_name localhost
service_description Swap Usage
check_command check_local_swap!20%!10%
}
# Define a service to check SSH on the local machine.
# Disable notifications for this service by default, as not all users may have SSH enabled.
define service {
use local-service ; Name of service template to use
# host_name localhost
hostgroup_name linux-servers
service_description SSH
check_command check_ssh
notifications_enabled 1
}
# Define a service to check HTTP on the local machine.
# Disable notifications for this service by default, as not all users may have HTTP enabled.
define service {
use local-service ; Name of service template to use
#host_name localhost
hostgroup_name linux-servers
service_description HTTP
check_command check_http
notifications_enabled 1
}
define service {
use generic-service ;Use generic-service template
hostgroup_name linux-servers ; S'applique au groupe en question
service_description chk-lin-load ; Nom du service
check_command check_lin_load!public!--v2c!netsl!3,2,2!3,2,2 ; Command
}
define service {
use generic-service ;Use generic-service template
hostgroup_name linux-servers ; S'applique au groupe en question
service_description chk-lin-mem ; Nom du service
check_command check_lin_mem!public!--v2c!70%,80%!90%,95% ; Command
}
define service{
use generic-service
hostgroup_name linux-servers
service_description chk-dns-ext
check_command check_dns_ext
}

60
Sio2/CYBER/10-Nagios/main.cf Normal file
View File

@ -0,0 +1,60 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
#smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = nagios.sio.lan
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = bullseye, nagios.sio.lan, nagios, localhost.localdomain, localhost
relayhost = [smtp.gmail.com]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.40/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
default_transport = smtp
relay_transport = smtp
inet_protocols = ipv4
# Enable SASL authentication
smtp_sasl_auth_enable = yes
# Disallow methods that allow anonymous authentication
smtp_sasl_security_options = noanonymous
# Location of sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
# Enable STARTTLS encryption
smtp_tls_security_level = encrypt
# Location of CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

1391
Sio2/CYBER/10-Nagios/nagios.cfg Normal file
View File

File diff suppressed because it is too large Load Diff

28
Sio2/CYBER/10-Nagios/nagios4-cgi.conf Normal file
View File

@ -0,0 +1,28 @@
ScriptAlias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4
ScriptAlias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4
Alias /nagios4/stylesheets /etc/nagios4/stylesheets
Alias /nagios4 /usr/share/nagios4/htdocs
<DirectoryMatch (/usr/share/nagios4/htdocs|/usr/lib/cgi-bin/nagios4|/etc/nagios4/stylesheets)>
Options FollowSymLinks
DirectoryIndex index.php index.html
AllowOverride AuthConfig
AuthDigestDomain "nagios4"
AuthDigestProvider file
AuthUserFile "/etc/nagios4/htdigest.users"
AuthGroupFile "/etc/group"
AuthName "Restricted Nagios4 Access"
AuthType Digest
Require valid-user
</DirectoryMatch>
<Directory /usr/share/nagios4/htdocs>
Options +ExecCGI
</Directory>
<Directory /usr/lib/cgi-bin/nagios4>
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>

55
Sio2/CYBER/10-Nagios/ns.cfg Normal file
View File

@ -0,0 +1,55 @@
###############################################################################
# LOCALHOST.CFG - SAMPLE OBJECT CONFIG FILE FOR MONITORING THIS MACHINE
#
#
# NOTE: This config file is intended to serve as an *extremely* simple
# example of how you can create configuration entries to monitor
# the local (Linux) machine.
#
###############################################################################
###############################################################################
#
# HOST DEFINITION
#
###############################################################################
# Define a host for the local machine
define host {
use linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name ns
alias ns
address 10.121.38.7
parents gwsio5
}
define service {
use generic-service ;Use generic-service template
hostgroup_name linux-servers ; S'applique au groupe en question
service_description chk-lin-load ; Nom du service
check_command check_lin_load!public!--v2c!netsl!3,2,2!3,2,2 ; Command
}
define service {
use generic-service ;Use generic-service template
hostgroup_name linux-servers ; S'applique au groupe en question
service_description chk-lin-mem ; Nom du service
check_command check_lin_mem!public!--v2c!70%,80%!90%,95% ; Command
}
define service{
use generic-service
hostgroup_name linux-servers
service_description chk-dns-ext
check_command check_dns_ext
}

1
Sio2/CYBER/10-Nagios/sasl_passwd Normal file
View File

@ -0,0 +1 @@
[smtp.gmail.com]:587 l.depres15@gmail.com:uhteajxfcpvapjey

31
Sio2/CYBER/10-Nagios/srv.cfg Normal file
View File

@ -0,0 +1,31 @@
###############################################################################
# LOCALHOST.CFG - SAMPLE OBJECT CONFIG FILE FOR MONITORING THIS MACHINE
#
#
# NOTE: This config file is intended to serve as an *extremely* simple
# example of how you can create configuration entries to monitor
# the local (Linux) machine.
#
###############################################################################
###############################################################################
#
# HOST DEFINITION
#
###############################################################################
# Define a host for the local machine
define host {
use linux-server ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name srv
alias srv
address 192.168.0.25
}

20
Sio2/CYBER/20-openvpn/ca.crt Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDOTCCAiGgAwIBAgIUC8Reak8KplpJ6RkJQ4dy228ay7MwDQYJKoZIhvcNAQEL
BQAwEDEOMAwGA1UEAwwFTG91aXMwHhcNMjIxMDEyMDgzNDIwWhcNMzIxMDA5MDgz
NDIwWjAQMQ4wDAYDVQQDDAVMb3VpczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAMZUauq/R97I03UHCO2sCYMm0xSSgabWcM7pKz/Xa09zpGm6QZHAiOHh
cCIWL4iLPRx8X8IAlVi5iRndAQhMnYkxx/gX/aHilDYrjPxn8RdaZB42lwJox0Xs
qYIc1TDnHLuf2sv9rRL3AUZ3BwdoCR7XbFhOsD6Kk5VFy4TNTfFwms51ATqOzfA4
in3QDGkPVTq/6+8kPFkbI96FiUQ1FwvRPQyqrQjh3su5pDaM19wFLAgp4zWYIUqZ
H+HOuvdPvM7fbz1dW+PZPPLGu1SJFiJ9mpoYVq5UwcjeRSl+qQQNDpsnT+gv8sop
h2ANhyEu3M2ZCQiH1WCfvamo5xH/67UCAwEAAaOBijCBhzAdBgNVHQ4EFgQUF4fN
H8XCXNYjLio+Cex0siWsW0UwSwYDVR0jBEQwQoAUF4fNH8XCXNYjLio+Cex0siWs
W0WhFKQSMBAxDjAMBgNVBAMMBUxvdWlzghQLxF5qTwqmWknpGQlDh3LbbxrLszAM
BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAZQhI
N6DNawRxGSO5ioWNKsnB14sFrvrCbiAtr/vcj/5mnxqJlE8KTfOmAs0JHp9hgsDg
9rRn7pSKfOJfXSzwvlLotEBAg7QEqX1k1PAVwD5roc0RmvS0yH7eoF8CcwQhWuDj
RbcuA2yah/L8v6SrtLcbzvWRF2Jm/zEiEUoHoUJwt4TaLL4z7lnDZ/H0Kgx/dfI5
DYzAdfAQASOOMZHc57lBNB2Md1PIVt50Rj6K+ZDyXE2uKgVGCkroDpA+n2a6QaFn
35CqrUjg66U4pLBCmrZwBScHp8cUXNju44FS7/Y8WnFsX5Wm3RVdErlcvqOg5Jxs
GOsIks/TvelhSMjwiw==
-----END CERTIFICATE-----

8
Sio2/CYBER/20-openvpn/dh.pem Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA4jWuH4ZUAtE0fXIfp3xq7zpRxPLhKeNY0IuwutL0ZCMUTmJjVp7G
tesWOF5Zmeu4E/SdKOIg6fKSLjr4vUIesL9clkHabjagEaIu07cDlbMC38BGeHzb
YT6Ba+UrHyz5Qqk7lhwGz3/yMmIOcvV60GL8okVAd37bCz08jObEtvlyWzJD8zUr
rgCArb4T8jj7/V/9w6ROt9TWJHxZdUlUMhxjK451pozLqY4QXiH4PRNAIP7BUr1l
Qh5gYpQU/BrMMxH/7n0LCCeoxrbUYz+UfzO1Rxs2KWJ2UCTCgGqNwXkS3hMUb4xC
qSNC0ssaAFlra5AlIxd06F6A0lRTkwQtEwIBAg==
-----END DH PARAMETERS-----

84
Sio2/CYBER/20-openvpn/openvpnclt.crt Normal file
View File

@ -0,0 +1,84 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ef:26:be:be:1c:6f:df:b6:72:ab:d0:98:5e:8e:ab:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Louis
Validity
Not Before: Oct 12 08:35:54 2022 GMT
Not After : Jan 14 08:35:54 2025 GMT
Subject: CN=openvpnclt
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:a2:21:3d:b7:82:3d:47:36:e5:94:4e:9b:84:
39:b0:f5:66:54:43:09:29:c2:81:59:ee:ff:d3:1f:
3c:4c:73:c2:a6:de:08:db:f9:c8:ff:1b:19:1a:13:
65:91:d6:af:9c:ee:bf:15:49:1c:74:6a:f1:cd:3c:
a8:87:2c:24:c0:d2:99:9e:ec:46:b1:f4:50:86:0b:
8c:4a:8a:b6:13:04:9a:1a:6e:e8:de:57:40:7b:f8:
b2:7b:1e:05:e9:ae:56:bf:f5:0e:6a:49:85:cb:a7:
4d:f1:72:ea:d6:83:1c:c2:19:7b:86:b0:ef:89:82:
7d:98:3e:32:f3:83:03:89:36:7c:32:13:f3:f5:af:
d4:8c:92:95:95:02:48:2b:21:b0:3a:79:a2:ef:64:
55:c5:1c:4a:ab:9d:1b:70:fe:a7:9e:bc:fa:b8:12:
22:87:52:95:ca:a4:5c:26:91:6d:d6:9e:aa:07:53:
13:6a:bc:e7:91:98:c7:57:b6:ff:b8:10:82:73:99:
0a:b8:5c:70:13:f7:8c:e5:d4:b7:7b:d0:51:24:ed:
bc:ac:50:61:d3:2e:9e:98:6a:a6:16:9c:cc:eb:fa:
4c:10:69:f0:c2:2f:cd:8e:6b:b7:7f:2c:5b:c1:a8:
fc:af:ef:1a:91:1e:5d:f4:d1:fb:cc:33:34:6e:e8:
d2:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
78:9F:7E:30:60:4E:EB:50:F5:FC:D2:6E:1E:2B:F3:AC:DE:73:C0:AD
X509v3 Authority Key Identifier:
keyid:17:87:CD:1F:C5:C2:5C:D6:23:2E:2A:3E:09:EC:74:B2:25:AC:5B:45
DirName:/CN=Louis
serial:0B:C4:5E:6A:4F:0A:A6:5A:49:E9:19:09:43:87:72:DB:6F:1A:CB:B3
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
95:b5:d4:87:5e:e3:3f:a1:4f:2a:8a:e1:52:cc:25:63:42:bb:
f7:2e:6e:f6:aa:bc:9e:a6:88:ab:d5:02:65:29:31:0e:a1:a7:
0d:e7:20:ac:9d:1c:a8:31:23:5a:8d:07:a4:94:88:99:f8:88:
83:69:1a:0a:a8:5a:d5:39:2f:00:5a:27:53:60:70:2f:fc:7f:
e1:2c:15:7b:ea:6b:91:72:9a:e5:b6:c9:ae:b7:b4:89:3c:95:
17:bf:a3:31:3e:0e:41:ec:90:bb:d6:4a:1a:c3:79:7a:95:55:
23:e9:86:84:91:05:32:69:9e:44:cd:03:df:c8:97:a8:6c:47:
6c:2c:d1:64:f5:91:30:87:56:7b:42:38:0a:78:1e:b9:6d:bb:
8d:02:7b:fd:df:ac:a9:41:2c:cd:c7:10:34:d3:98:91:a9:bd:
bc:e3:76:1e:13:9c:7b:98:c0:01:3c:9a:e3:fb:a1:41:cf:6b:
35:d1:ea:b9:d4:f4:9a:d8:c3:60:c7:b8:4b:79:09:1b:9c:25:
d4:90:51:ae:87:46:47:f6:ee:a2:45:fa:a9:79:0a:7d:24:3f:
bf:e4:aa:fc:26:43:ed:68:dd:a2:74:01:81:ad:f7:a5:5f:76:
2a:54:49:08:14:a6:d2:27:ac:a6:1d:af:08:e2:be:2f:23:c7:
82:c1:a5:78
-----BEGIN CERTIFICATE-----
MIIDTTCCAjWgAwIBAgIRAO8mvr4cb9+2cqvQmF6OqxowDQYJKoZIhvcNAQELBQAw
EDEOMAwGA1UEAwwFTG91aXMwHhcNMjIxMDEyMDgzNTU0WhcNMjUwMTE0MDgzNTU0
WjAVMRMwEQYDVQQDDApvcGVudnBuY2x0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAqKIhPbeCPUc25ZROm4Q5sPVmVEMJKcKBWe7/0x88THPCpt4I2/nI
/xsZGhNlkdavnO6/FUkcdGrxzTyohywkwNKZnuxGsfRQhguMSoq2EwSaGm7o3ldA
e/iyex4F6a5Wv/UOakmFy6dN8XLq1oMcwhl7hrDviYJ9mD4y84MDiTZ8MhPz9a/U
jJKVlQJIKyGwOnmi72RVxRxKq50bcP6nnrz6uBIih1KVyqRcJpFt1p6qB1MTarzn
kZjHV7b/uBCCc5kKuFxwE/eM5dS3e9BRJO28rFBh0y6emGqmFpzM6/pMEGnwwi/N
jmu3fyxbwaj8r+8akR5d9NH7zDM0bujSowIDAQABo4GcMIGZMAkGA1UdEwQCMAAw
HQYDVR0OBBYEFHiffjBgTutQ9fzSbh4r86zec8CtMEsGA1UdIwREMEKAFBeHzR/F
wlzWIy4qPgnsdLIlrFtFoRSkEjAQMQ4wDAYDVQQDDAVMb3Vpc4IUC8Reak8KplpJ
6RkJQ4dy228ay7MwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0G
CSqGSIb3DQEBCwUAA4IBAQCVtdSHXuM/oU8qiuFSzCVjQrv3Lm72qryepoir1QJl
KTEOoacN5yCsnRyoMSNajQeklIiZ+IiDaRoKqFrVOS8AWidTYHAv/H/hLBV76muR
cprltsmut7SJPJUXv6MxPg5B7JC71koaw3l6lVUj6YaEkQUyaZ5EzQPfyJeobEds
LNFk9ZEwh1Z7QjgKeB65bbuNAnv936ypQSzNxxA005iRqb2843YeE5x7mMABPJrj
+6FBz2s10eq51PSa2MNgx7hLeQkbnCXUkFGuh0ZH9u6iRfqpeQp9JD+/5Kr8JkPt
aN2idAGBrfelX3YqVEkIFKbSJ6ymHa8I4r4vI8eCwaV4
-----END CERTIFICATE-----

28
Sio2/CYBER/20-openvpn/openvpnclt.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCooiE9t4I9Rzbl
lE6bhDmw9WZUQwkpwoFZ7v/THzxMc8Km3gjb+cj/GxkaE2WR1q+c7r8VSRx0avHN
PKiHLCTA0pme7Eax9FCGC4xKirYTBJoabujeV0B7+LJ7HgXprla/9Q5qSYXLp03x
curWgxzCGXuGsO+Jgn2YPjLzgwOJNnwyE/P1r9SMkpWVAkgrIbA6eaLvZFXFHEqr
nRtw/qeevPq4EiKHUpXKpFwmkW3WnqoHUxNqvOeRmMdXtv+4EIJzmQq4XHAT94zl
1Ld70FEk7bysUGHTLp6YaqYWnMzr+kwQafDCL82Oa7d/LFvBqPyv7xqRHl300fvM
MzRu6NKjAgMBAAECggEBAIpJQjcpOH1l2+fSgc/YU7MA2qR4wJflMEv+yP1pnPoY
5+QNKnix0pkYsLIIe/9nbWWlBz++T75MQPQMLSuEELOrQFzp52NhNXNnHum17G+W
E4VftEk4heHj5QE/cpvZ4rvRiruwhS6niSxaD6hPppKpcPnYOOasArCJOSEmLA0l
MyxW7zGa3aVFXzZWMMNc++EZxksCiSrFGzgfqvaZ65Bfj3GjUMs16C0yjlysC6y4
kXYdU92bvXM2LDEg2sST9+9PxAsr5lcpy+g2yTCKDfwz5lNgo9B6E1WmAZk0rvEQ
Das5u93gTfMsTWpqR66tpwm7z8VM/NlpVuh9+KkB/EECgYEA1nTh1KE+tkMNxcod
MuXDKT0a5BdXGF8kuJcqo/GDTs4fLtX3p+aJjEL2n7/r20FXf5IopWjvwNOT9hO6
qLSxwiN1L+raA24isg6sMWq0KBAlP1DtsEy6OFWEGbVCaeNQvR2oQarLZyUB+tjV
IpZOQB+QiVltPPAGjc8Mpv3rc+ECgYEAyUzTj7XfVTpLe1MKbrmma5mGoK2k1aUe
e6Si2SzZ+xfo5ujtACwsdRF5044IkaQdZ3bVfRkLPzPeDj7NijVPnFQzLUlKr29t
inemCtwSsW2Gq829qz8ZbIk7EHui4DBcUipyzmJTGGxFFtT+uTNU4QHIPIJfsp/x
W/IkltllVwMCgYEAk5PNUFBB4pTUJncGjt7z5S4KkknJgpj+oRRNoJHzRUisxsMx
cNZBc0clhhtBSBl4B+7hj6pdynkOyfkbqzrlVG6oFvhrXI7uy08zibIfFa6+owqi
9n5ma5vVkwdcE5f9GJcPEVliLbGW4jNSwEFkydWu1gW3GYcnS3DfCQ+VdqECgYEA
wiDG/halFGotlPcWXoXHSok6XgZXqnmclhzFt68bYJ1ETDthJAN1tEhwNmcJOHsO
qFLfu87FG+SHRzGlwp168wX4fLnrvpg1CY4toNdvZ5B6iYDWYyls+VC2l0TEZHP+
9HZfVU1ZWXpAfq5WIICyYHP5iPEqHPdGKiewxZFNu8UCgYBqkHQA2emQWsPwACpC
JyaDSS+oya6+GiijOTl13zU6hXwk353lzxG5XHuHh+DKjoY7N6K+WAytkt5m1pFM
h918zgOI8Ntpw9hYOY9IRh7/mRibCrcX7ywGhBc/X5xcXglWCTqjm7X8mUE3ZWMp
1ea9UgXBanlvVdqgdYZQcArMNw==
-----END PRIVATE KEY-----

315
Sio2/CYBER/20-openvpn/server.conf Normal file
View File

@ -0,0 +1,315 @@
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194
# TCP or UDP server?
;proto tcp
proto udp
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca ca.crt
cert issued/openvpnsrv.crt
key private/openvpnsrv.key
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh2048.pem 2048
dh dh.pem
# Network topology
# Should be subnet (addressing via IP)
# unless Windows clients v2.0.9 and lower have to
# be supported (then net30, i.e. a /30 per client)
# Defaults to net30 (not recommended)
;topology subnet
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist /var/log/openvpn/ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
# Configure server mode for ethernet bridging
# using a DHCP-proxy, where clients talk
# to the OpenVPN server-side DHCP server
# to receive their IP address allocation
# and DNS server addresses. You must first use
# your OS's bridging capability to bridge the TAP
# interface with the ethernet NIC interface.
# Note: this mode only works on clients (such as
# Windows), where the client-side TAP adapter is
# bound to a DHCP client.
;server-bridge
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
;push "redirect-gateway def1 bypass-dhcp"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
# The addresses below refer to the public
# DNS servers provided by opendns.com.
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey tls-auth ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
tls-auth ta.key 0 # This file is secret
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
# Note that v2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC
# Enable compression on the VPN link and push the
# option to the client (v2.4+ only, for earlier
# versions see below)
;compress lz4-v2
;push "compress lz4-v2"
# For compression compatible with older clients use comp-lzo
# If you enable it here, you must also
# enable it in the client config file.
;comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
;user nobody
;group nogroup
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status /var/log/openvpn/openvpn-status.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
;log /var/log/openvpn/openvpn.log
;log-append /var/log/openvpn/openvpn.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
# Notify the client that when the server restarts so it
# can automatically reconnect.
explicit-exit-notify 1

21
Sio2/CYBER/20-openvpn/ta.key Normal file
View File

@ -0,0 +1,21 @@
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
802c84970a521b1a640fa14059c7f524
5c23ecddddb64a337203bf62c4ff17b7
3f8d8f62d16f73845b271ee8d6888dd4
ffaf36d37537573df58084a4af6cb770
89ce69cab2966f41cef0fdfb6a989c00
300f027b6e2a0c2028d0cb33c0b812d0
5d1f908f8de4f127d8e6e5b7eb253b2c
724292d58707db359a22158eff460ee4
37edf7f484dc72948c944ebde87add73
8e16c8af7c2a556be4aa37d11a8ecb74
800bb07de7d9e3d563eee347e07b3f2a
493a0be8a4e7fec27874b23dab51a7d3
39b61af065e5cdffd30418b40c7bff03
c139ba6f27331d49e17d75ee3cdb5217
d95d3b26eb5484c89ef70f2579a52f3c
62268bdae2e24de8cd748a73e3e795f1
-----END OpenVPN Static key V1-----

131
Sio2/SISR/20-ldap/doku.php Normal file
View File

@ -0,0 +1,131 @@
<?php
/**
* DokuWiki mainscript
*
* @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
* @author Andreas Gohr <andi@splitbrain.org>
*
* @global Input $INPUT
*/
// update message version - always use a string to avoid localized floats!
use dokuwiki\Extension\Event;
$updateVersion = "53";
// xdebug_start_profiling();
if(!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__).'/');
// define all DokuWiki globals here (needed within test requests but also helps to keep track)
global $ACT, $INPUT, $QUERY, $ID, $REV, $DATE_AT, $IDX,
$DATE, $RANGE, $HIGH, $TEXT, $PRE, $SUF, $SUM, $INFO, $JSINFO;
if(isset($_SERVER['HTTP_X_DOKUWIKI_DO'])) {
$ACT = trim(strtolower($_SERVER['HTTP_X_DOKUWIKI_DO']));
} elseif(!empty($_REQUEST['idx'])) {
$ACT = 'index';
} elseif(isset($_REQUEST['do'])) {
$ACT = $_REQUEST['do'];
} else {
$ACT = 'show';
}
// load and initialize the core system
require_once(DOKU_INC.'inc/init.php');
//import variables
$INPUT->set('id', str_replace("\xC2\xAD", '', $INPUT->str('id'))); //soft-hyphen
$QUERY = trim($INPUT->str('q'));
$ID = getID();
$REV = $INPUT->int('rev');
$DATE_AT = $INPUT->str('at');
$IDX = $INPUT->str('idx');
$DATE = $INPUT->int('date');
$RANGE = $INPUT->str('range');
$HIGH = $INPUT->param('s');
if(empty($HIGH)) $HIGH = getGoogleQuery();
if($INPUT->post->has('wikitext')) {
$TEXT = cleanText($INPUT->post->str('wikitext'));
}
$PRE = cleanText(substr($INPUT->post->str('prefix'), 0, -1));
$SUF = cleanText($INPUT->post->str('suffix'));
$SUM = $INPUT->post->str('summary');
//parse DATE_AT
if($DATE_AT) {
$date_parse = strtotime($DATE_AT);
if($date_parse) {
$DATE_AT = $date_parse;
} else { // check for UNIX Timestamp
$date_parse = @date('Ymd',$DATE_AT);
if(!$date_parse || $date_parse === '19700101') {
msg(sprintf($lang['unable_to_parse_date'], hsc($DATE_AT)));
$DATE_AT = null;
}
}
}
//check for existing $REV related to $DATE_AT
if($DATE_AT) {
$pagelog = new \dokuwiki\ChangeLog\PageChangeLog($ID);
$rev_t = $pagelog->getLastRevisionAt($DATE_AT);
if($rev_t === '') { //current revision
$REV = null;
$DATE_AT = null;
} else if ($rev_t === false) { //page did not exist
$rev_n = $pagelog->getRelativeRevision($DATE_AT,+1);
msg(
sprintf(
$lang['page_nonexist_rev'],
dformat($DATE_AT),
wl($ID, array('rev' => $rev_n)),
dformat($rev_n)
)
);
$REV = $DATE_AT; //will result in a page not exists message
} else {
$REV = $rev_t;
}
}
//make infos about the selected page available
$INFO = pageinfo();
// handle debugging
if($conf['allowdebug'] && $ACT == 'debug') {
html_debug();
exit;
}
//send 404 for missing pages if configured or ID has special meaning to bots
if(!$INFO['exists'] &&
($conf['send404'] || preg_match('/^(robots\.txt|sitemap\.xml(\.gz)?|favicon\.ico|crossdomain\.xml)$/', $ID)) &&
($ACT == 'show' || (!is_array($ACT) && substr($ACT, 0, 7) == 'export_'))
) {
header('HTTP/1.0 404 Not Found');
}
//prepare breadcrumbs (initialize a static var)
if($conf['breadcrumbs']) breadcrumbs();
// check upstream
checkUpdateMessages();
$tmp = array(); // No event data
Event::createAndTrigger('DOKUWIKI_STARTED', $tmp);
//close session
session_write_close();
//do the work (picks up what to do from global env)
act_dispatch();
$tmp = array(); // No event data
Event::createAndTrigger('DOKUWIKI_DONE', $tmp);
// xdebug_dump_function_profile(1);

180
Sio2/SISR/20-ldap/dokuwiki.php Normal file
View File

@ -0,0 +1,180 @@
<?php
/**
* This is DokuWiki's Main Configuration file
*
* All the default values are kept here, you should not modify it but use
* a local.php file instead to override the settings from here.
*
* This is a piece of PHP code so PHP syntax applies!
*
* For help with the configuration and a more detailed explanation of the various options
* see https://www.dokuwiki.org/config
*/
/* Basic Settings */
$conf['title'] = 'DokuWiki'; //what to show in the title
$conf['start'] = 'start'; //name of start page
$conf['lang'] = 'fr'; //your language
$conf['template'] = 'dokuwiki'; //see lib/tpl directory
$conf['tagline'] = ''; //tagline in header (if template supports it)
$conf['sidebar'] = 'sidebar'; //name of sidebar in root namespace (if template supports it)
$conf['license'] = 'cc-by-nc-sa'; //see conf/license.php
$conf['savedir'] = './data'; //where to store all the files
$conf['basedir'] = ''; //absolute dir from serveroot - blank for autodetection
$conf['baseurl'] = ''; //URL to server including protocol - blank for autodetect
$conf['cookiedir'] = ''; //path to use in cookies - blank for basedir
$conf['dmode'] = 0755; //set directory creation mode
$conf['fmode'] = 0644; //set file creation mode
$conf['allowdebug'] = 0; //allow debug output, enable if needed 0|1
/* Display Settings */
$conf['recent'] = 20; //how many entries to show in recent
$conf['recent_days'] = 7; //How many days of recent changes to keep. (days)
$conf['breadcrumbs'] = 10; //how many recent visited pages to show
$conf['youarehere'] = 0; //show "You are here" navigation? 0|1
$conf['fullpath'] = 0; //show full path of the document or relative to datadir only? 0|1
$conf['typography'] = 1; //smartquote conversion 0=off, 1=doublequotes, 2=all quotes
$conf['dformat'] = '%Y/%m/%d %H:%M'; //dateformat accepted by PHPs strftime() function
$conf['signature'] = ' --- //[[@MAIL@|@NAME@]] @DATE@//'; //signature see wiki page for details
$conf['showuseras'] = 'loginname'; // 'loginname' users login name
// 'username' users full name
// 'email' e-mail address (will be obfuscated as per mailguard)
// 'email_link' e-mail address as a mailto: link (obfuscated)
$conf['toptoclevel'] = 1; //Level starting with and below to include in AutoTOC (max. 5)
$conf['tocminheads'] = 3; //Minimum amount of headlines that determines if a TOC is built
$conf['maxtoclevel'] = 3; //Up to which level include into AutoTOC (max. 5)
$conf['maxseclevel'] = 3; //Up to which level create editable sections (max. 5)
$conf['camelcase'] = 0; //Use CamelCase for linking? (I don't like it) 0|1
$conf['deaccent'] = 1; //deaccented chars in pagenames (1) or romanize (2) or keep (0)?
$conf['useheading'] = 0; //use the first heading in a page as its name
$conf['sneaky_index']= 0; //check for namespace read permission in index view (0|1) (1 might cause unexpected behavior)
$conf['hidepages'] = ''; //Regexp for pages to be skipped from RSS, Search and Recent Changes
/* Authentication Settings */
$conf['useacl'] = 0; //Use Access Control Lists to restrict access?
$conf['autopasswd'] = 1; //autogenerate passwords and email them to user
$conf['authtype'] = 'authplain'; //which authentication backend should be used
$conf['passcrypt'] = 'bcrypt'; //Used crypt method (smd5,md5,sha1,ssha,crypt,mysql,my411,bcrypt)
$conf['defaultgroup']= 'user'; //Default groups new Users are added to
$conf['superuser'] = '!!not set!!'; //The admin can be user or @group or comma separated list user1,@group1,user2
$conf['manager'] = '!!not set!!'; //The manager can be user or @group or comma separated list user1,@group1,user2
$conf['profileconfirm'] = 1; //Require current password to confirm changes to user profile
$conf['rememberme'] = 1; //Enable/disable remember me on login
$conf['disableactions'] = ''; //comma separated list of actions to disable
$conf['auth_security_timeout'] = 900; //time (seconds) auth data is considered valid, set to 0 to recheck on every page view
$conf['securecookie'] = 1; //never send HTTPS cookies via HTTP
$conf['remote'] = 0; //Enable/disable remote interfaces
$conf['remoteuser'] = '!!not set!!'; //user/groups that have access to remote interface (comma separated). leave empty to allow all users
$conf['remotecors'] = ''; //enable Cross-Origin Resource Sharing (CORS) for the remote interfaces. Asterisk (*) to allow all origins. leave empty to deny.
/* Antispam Features */
$conf['usewordblock']= 1; //block spam based on words? 0|1
$conf['relnofollow'] = 1; //use rel="ugc nofollow" for external links?
$conf['indexdelay'] = 60*60*24*5; //allow indexing after this time (seconds) default is 5 days
$conf['mailguard'] = 'hex'; //obfuscate email addresses against spam harvesters?
//valid entries are:
// 'visible' - replace @ with [at], . with [dot] and - with [dash]
// 'hex' - use hex entities to encode the mail address
// 'none' - do not obfuscate addresses
$conf['iexssprotect']= 1; // check for JavaScript and HTML in uploaded files 0|1
/* Editing Settings */
$conf['usedraft'] = 1; //automatically save a draft while editing (0|1)
$conf['htmlok'] = 0; //may raw HTML be embedded? This may break layout and XHTML validity 0|1
$conf['phpok'] = 0; //may PHP code be embedded? Never do this on the internet! 0|1
$conf['locktime'] = 15*60; //maximum age for lockfiles (defaults to 15 minutes)
$conf['cachetime'] = 60*60*24; //maximum age for cachefile in seconds (defaults to a day)
/* Link Settings */
// Set target to use when creating links - leave empty for same window
$conf['target']['wiki'] = '';
$conf['target']['interwiki'] = '';
$conf['target']['extern'] = '';
$conf['target']['media'] = '';
$conf['target']['windows'] = '';
/* Media Settings */
$conf['mediarevisions'] = 1; //enable/disable media revisions
$conf['refcheck'] = 1; //check for references before deleting media files
$conf['gdlib'] = 2; //the GDlib version (0, 1 or 2) 2 tries to autodetect
$conf['im_convert'] = ''; //path to ImageMagicks convert (will be used instead of GD)
$conf['jpg_quality'] = '70'; //quality of compression when scaling jpg images (0-100)
$conf['fetchsize'] = 0; //maximum size (bytes) fetch.php may download from extern, disabled by default
/* Notification Settings */
$conf['subscribers'] = 0; //enable change notice subscription support
$conf['subscribe_time'] = 24*60*60; //Time after which digests / lists are sent (in sec, default 1 day)
//Should be smaller than the time specified in recent_days
$conf['notify'] = ''; //send change info to this email (leave blank for nobody)
$conf['registernotify'] = ''; //send info about newly registered users to this email (leave blank for nobody)
$conf['mailfrom'] = ''; //use this email when sending mails
$conf['mailreturnpath'] = ''; //use this email as returnpath for bounce mails
$conf['mailprefix'] = ''; //use this as prefix of outgoing mails
$conf['htmlmail'] = 1; //send HTML multipart mails
$conf['dontlog'] = 'debug'; //logging facilites that should be disabled
/* Syndication Settings */
$conf['sitemap'] = 0; //Create a google sitemap? How often? In days.
$conf['rss_type'] = 'rss1'; //type of RSS feed to provide, by default:
// 'rss' - RSS 0.91
// 'rss1' - RSS 1.0
// 'rss2' - RSS 2.0
// 'atom' - Atom 0.3
// 'atom1' - Atom 1.0
$conf['rss_linkto'] = 'diff'; //what page RSS entries link to:
// 'diff' - page showing revision differences
// 'page' - the revised page itself
// 'rev' - page showing all revisions
// 'current' - most recent revision of page
$conf['rss_content'] = 'abstract'; //what to put in the items by default?
// 'abstract' - plain text, first paragraph or so
// 'diff' - plain text unified diff wrapped in <pre> tags
// 'htmldiff' - diff as HTML table
// 'html' - the full page rendered in XHTML
$conf['rss_media'] = 'both'; //what should be listed?
// 'both' - page and media changes
// 'pages' - page changes only
// 'media' - media changes only
$conf['rss_update'] = 5*60; //Update the RSS feed every n seconds (defaults to 5 minutes)
$conf['rss_show_summary'] = 1; //Add revision summary to title? 0|1
$conf['rss_show_deleted'] = 1; //Show deleted items 0|1
/* Advanced Settings */
$conf['updatecheck'] = 1; //automatically check for new releases?
$conf['userewrite'] = 0; //this makes nice URLs: 0: off 1: .htaccess 2: internal
$conf['useslash'] = 0; //use slash instead of colon? only when rewrite is on
$conf['sepchar'] = '_'; //word separator character in page names; may be a
// letter, a digit, '_', '-', or '.'.
$conf['canonical'] = 0; //Should all URLs use full canonical http://... style?
$conf['fnencode'] = 'url'; //encode filenames (url|safe|utf-8)
$conf['autoplural'] = 0; //try (non)plural form of nonexisting files?
$conf['compression'] = 'gz'; //compress old revisions: (0: off) ('gz': gnuzip) ('bz2': bzip)
// bz2 generates smaller files, but needs more cpu-power
$conf['gzip_output'] = 0; //use gzip content encodeing for the output xhtml (if allowed by browser)
$conf['compress'] = 1; //Strip whitespaces and comments from Styles and JavaScript? 1|0
$conf['cssdatauri'] = 512; //Maximum byte size of small images to embed into CSS, won't work on IE<8
$conf['send404'] = 0; //Send a HTTP 404 status for non existing pages?
$conf['broken_iua'] = 0; //Platform with broken ignore_user_abort (IIS+CGI) 0|1
$conf['xsendfile'] = 0; //Use X-Sendfile (1 = lighttpd, 2 = standard)
$conf['renderer_xhtml'] = 'xhtml'; //renderer to use for main page generation
$conf['readdircache'] = 0; //time cache in second for the readdir operation, 0 to deactivate.
$conf['search_nslimit'] = 0; //limit the search to the current X namespaces
$conf['search_fragment'] = 'exact'; //specify the default fragment search behavior
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
//Regexp of trusted proxy address when reading IP using HTTP header
// if blank, do not trust any proxy (including local IP)
/* Feature Flags */
$conf['defer_js'] = 1; // Defer javascript to be executed after the page's HTML has been parsed. Setting will be removed in the next release.
/* Network Settings */
$conf['dnslookups'] = 1; //disable to disallow IP to hostname lookups
$conf['jquerycdn'] = 0; //use a CDN for delivering jQuery?
// Proxy setup - if your Server needs a proxy to access the web set these
$conf['proxy']['host'] = '';
$conf['proxy']['port'] = '';
$conf['proxy']['user'] = '';
$conf['proxy']['pass'] = '';
$conf['proxy']['ssl'] = 0;
$conf['proxy']['except'] = '';

682
Sio2/SISR/20-ldap/install.php Normal file
View File

@ -0,0 +1,682 @@
<?php
/*><div style="width:60%; margin: auto; background-color: #fcc;
border: 1px solid #faa; padding: 0.5em 1em;">
<h1 style="font-size: 120%">No PHP Support</h1>
It seems this server has no PHP support enabled. You will need to
enable PHP before you can install and run DokuWiki. Contact your hosting
provider if you're unsure what this means.
</div>*/
/**
* Dokuwiki installation assistance
*
* @author Chris Smith <chris@jalakai.co.uk>
*/
if (!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__) . '/');
if (!defined('DOKU_CONF')) define('DOKU_CONF', DOKU_INC . 'conf/');
if (!defined('DOKU_LOCAL')) define('DOKU_LOCAL', DOKU_INC . 'conf/');
// load and initialize the core system
require_once(DOKU_INC . 'inc/init.php');
require_once(DOKU_INC . 'inc/pageutils.php');
// check for error reporting override or set error reporting to sane values
if (!defined('DOKU_E_LEVEL')) {
error_reporting(E_ALL ^ E_NOTICE);
} else {
error_reporting(DOKU_E_LEVEL);
}
// language strings
require_once(DOKU_INC . 'inc/lang/en/lang.php');
if (isset($_REQUEST['l']) && !is_array($_REQUEST['l'])) {
$LC = preg_replace('/[^a-z\-]+/', '', $_REQUEST['l']);
}
if (empty($LC)) $LC = 'en';
if ($LC && $LC != 'en') {
require_once(DOKU_INC . 'inc/lang/' . $LC . '/lang.php');
}
// initialise variables ...
$error = array();
// begin output
header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html>
<html lang="<?php echo $LC?>" dir="<?php echo $lang['direction']?>">
<head>
<meta charset="utf-8" />
<title><?php echo $lang['i_installer']?></title>
<style>
body { width: 90%; margin: 0 auto; font: 84% Verdana, Helvetica, Arial, sans-serif; }
img { border: none }
br.cl { clear:both; }
code { font-size: 110%; color: #800000; }
fieldset { border: none }
label { display: block; margin-top: 0.5em; }
select.text, input.text { width: 30em; margin: 0 0.5em; }
a {text-decoration: none}
</style>
<script>
function acltoggle(){
var cb = document.getElementById('acl');
var fs = document.getElementById('acldep');
if(!cb || !fs) return;
if(cb.checked){
fs.style.display = '';
}else{
fs.style.display = 'none';
}
}
window.onload = function(){
acltoggle();
var cb = document.getElementById('acl');
if(cb) cb.onchange = acltoggle;
};
</script>
</head>
<body style="">
<h1 style="float:left">
<img src="lib/exe/fetch.php?media=wiki:dokuwiki-128.png"
style="vertical-align: middle;" alt="" height="64" width="64" />
<?php echo $lang['i_installer']?>
</h1>
<div style="float:right; margin: 1em;">
<?php langsel()?>
</div>
<br class="cl" />
<div style="float: right; width: 34%;">
<?php
if (file_exists(DOKU_INC . 'inc/lang/' . $LC . '/install.html')) {
include(DOKU_INC . 'inc/lang/' . $LC . '/install.html');
} else {
print "<div lang=\"en\" dir=\"ltr\">\n";
include(DOKU_INC . 'inc/lang/en/install.html');
print "</div>\n";
}
?>
<a style="
background: transparent
url(data/dont-panic-if-you-see-this-in-your-logs-it-means-your-directory-permissions-are-correct.png)
left top no-repeat;
display: block; width:380px; height:73px; border:none; clear:both;"
target="_blank"
href="http://www.dokuwiki.org/security#web_access_security"></a>
</div>
<div style="float: left; width: 58%;">
<?php
try {
if (! (check_functions() && check_permissions())) {
echo '<p>' . $lang['i_problems'] . '</p>';
print_errors();
print_retry();
} elseif (!check_configs()) {
echo '<p>' . $lang['i_modified'] . '</p>';
print_errors();
} elseif (check_data($_REQUEST['d'])) {
// check_data has sanitized all input parameters
if (!store_data($_REQUEST['d'])) {
echo '<p>' . $lang['i_failure'] . '</p>';
print_errors();
} else {
echo '<p>' . $lang['i_success'] . '</p>';
}
} else {
print_errors();
print_form($_REQUEST['d']);
}
} catch (Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "\n";
}
?>
</div>
<div style="clear: both">
<a href="http://dokuwiki.org/"><img src="lib/tpl/dokuwiki/images/button-dw.png" alt="driven by DokuWiki" /></a>
<a href="http://php.net"><img src="lib/tpl/dokuwiki/images/button-php.gif" alt="powered by PHP" /></a>
</div>
</body>
</html>
<?php
/**
* Print the input form
*
* @param array $d submitted entry 'd' of request data
*/
function print_form($d)
{
global $lang;
global $LC;
include(DOKU_CONF . 'license.php');
if (!is_array($d)) $d = array();
$d = array_map('hsc', $d);
if (!isset($d['acl'])) $d['acl'] = 1;
if (!isset($d['pop'])) $d['pop'] = 1;
?>
<form action="" method="post">
<input type="hidden" name="l" value="<?php echo $LC ?>" />
<fieldset>
<label for="title"><?php echo $lang['i_wikiname']?>
<input type="text" name="d[title]" id="title" value="<?php echo $d['title'] ?>" style="width: 20em;" />
</label>
<fieldset style="margin-top: 1em;">
<label for="acl">
<input type="checkbox" name="d[acl]" id="acl" <?php echo(($d['acl'] ? ' checked="checked"' : ''));?> />
<?php echo $lang['i_enableacl']?></label>
<fieldset id="acldep">
<label for="superuser"><?php echo $lang['i_superuser']?></label>
<input class="text" type="text" name="d[superuser]" id="superuser"
value="<?php echo $d['superuser'] ?>" />
<label for="fullname"><?php echo $lang['fullname']?></label>
<input class="text" type="text" name="d[fullname]" id="fullname"
value="<?php echo $d['fullname'] ?>" />
<label for="email"><?php echo $lang['email']?></label>
<input class="text" type="text" name="d[email]" id="email" value="<?php echo $d['email'] ?>" />
<label for="password"><?php echo $lang['pass']?></label>
<input class="text" type="password" name="d[password]" id="password" />
<label for="confirm"><?php echo $lang['passchk']?></label>
<input class="text" type="password" name="d[confirm]" id="confirm" />
<label for="policy"><?php echo $lang['i_policy']?></label>
<select class="text" name="d[policy]" id="policy">
<option value="0" <?php echo ($d['policy'] == 0) ? 'selected="selected"' : '' ?>><?php
echo $lang['i_pol0']?></option>
<option value="1" <?php echo ($d['policy'] == 1) ? 'selected="selected"' : '' ?>><?php
echo $lang['i_pol1']?></option>
<option value="2" <?php echo ($d['policy'] == 2) ? 'selected="selected"' : '' ?>><?php
echo $lang['i_pol2']?></option>
</select>
<label for="allowreg">
<input type="checkbox" name="d[allowreg]" id="allowreg" <?php
echo(($d['allowreg'] ? ' checked="checked"' : ''));?> />
<?php echo $lang['i_allowreg']?>
</label>
</fieldset>
</fieldset>
<fieldset>
<p><?php echo $lang['i_license']?></p>
<?php
array_push($license, array('name' => $lang['i_license_none'], 'url' => ''));
if (empty($d['license'])) $d['license'] = 'cc-by-sa';
foreach ($license as $key => $lic) {
echo '<label for="lic_' . $key . '">';
echo '<input type="radio" name="d[license]" value="' . hsc($key) . '" id="lic_' . $key . '"' .
(($d['license'] === $key) ? ' checked="checked"' : '') . '>';
echo hsc($lic['name']);
if ($lic['url']) echo ' <a href="' . $lic['url'] . '" target="_blank"><sup>[?]</sup></a>';
echo '</label>';
}
?>
</fieldset>
<fieldset>
<p><?php echo $lang['i_pop_field']?></p>
<label for="pop">
<input type="checkbox" name="d[pop]" id="pop" <?php
echo(($d['pop'] ? ' checked="checked"' : ''));?> />
<?php echo $lang['i_pop_label']?>
<a href="http://www.dokuwiki.org/popularity" target="_blank"><sup>[?]</sup></a>
</label>
</fieldset>
</fieldset>
<fieldset id="process">
<button type="submit" name="submit"><?php echo $lang['btn_save']?></button>
</fieldset>
</form>
<?php
}
function print_retry()
{
global $lang;
global $LC;
?>
<form action="" method="get">
<fieldset>
<input type="hidden" name="l" value="<?php echo $LC ?>" />
<button type="submit"><?php echo $lang['i_retry'];?></button>
</fieldset>
</form>
<?php
}
/**
* Check validity of data
*
* @author Andreas Gohr
*
* @param array $d
* @return bool ok?
*/
function check_data(&$d)
{
static $form_default = array(
'title' => '',
'acl' => '1',
'superuser' => '',
'fullname' => '',
'email' => '',
'password' => '',
'confirm' => '',
'policy' => '0',
'allowreg' => '0',
'license' => 'cc-by-sa'
);
global $lang;
global $error;
if (!is_array($d)) $d = array();
foreach ($d as $k => $v) {
if (is_array($v))
unset($d[$k]);
else $d[$k] = (string)$v;
}
//autolowercase the username
$d['superuser'] = isset($d['superuser']) ? strtolower($d['superuser']) : "";
$ok = false;
if (isset($_REQUEST['submit'])) {
$ok = true;
// check input
if (empty($d['title'])) {
$error[] = sprintf($lang['i_badval'], $lang['i_wikiname']);
$ok = false;
}
if (isset($d['acl'])) {
if (empty($d['superuser']) || ($d['superuser'] !== cleanID($d['superuser']))) {
$error[] = sprintf($lang['i_badval'], $lang['i_superuser']);
$ok = false;
}
if (empty($d['password'])) {
$error[] = sprintf($lang['i_badval'], $lang['pass']);
$ok = false;
} elseif (!isset($d['confirm']) || $d['confirm'] != $d['password']) {
$error[] = sprintf($lang['i_badval'], $lang['passchk']);
$ok = false;
}
if (empty($d['fullname']) || strstr($d['fullname'], ':')) {
$error[] = sprintf($lang['i_badval'], $lang['fullname']);
$ok = false;
}
if (empty($d['email']) || strstr($d['email'], ':') || !strstr($d['email'], '@')) {
$error[] = sprintf($lang['i_badval'], $lang['email']);
$ok = false;
}
} else {
// Since default = 1, browser won't send acl=0 when user untick acl
$d['acl'] = '0';
}
}
$d = array_merge($form_default, $d);
return $ok;
}
/**
* Writes the data to the config files
*
* @author Chris Smith <chris@jalakai.co.uk>
*
* @param array $d
* @return bool
*/
function store_data($d)
{
global $LC;
$ok = true;
$d['policy'] = (int) $d['policy'];
// create local.php
$now = gmdate('r');
$output = <<<EOT
<?php
/**
* Dokuwiki's Main Configuration File - Local Settings
* Auto-generated by install script
* Date: $now
*/
EOT;
// add any config options set by a previous installer
$preset = __DIR__ . '/install.conf';
if (file_exists($preset)) {
$output .= "# preset config options\n";
$output .= file_get_contents($preset);
$output .= "\n\n";
$output .= "# options selected in installer\n";
@unlink($preset);
}
$output .= '$conf[\'title\'] = \'' . addslashes($d['title']) . "';\n";
$output .= '$conf[\'lang\'] = \'' . addslashes($LC) . "';\n";
$output .= '$conf[\'license\'] = \'' . addslashes($d['license']) . "';\n";
if ($d['acl']) {
$output .= '$conf[\'useacl\'] = 1' . ";\n";
$output .= "\$conf['superuser'] = '@admin';\n";
}
if (!$d['allowreg']) {
$output .= '$conf[\'disableactions\'] = \'register\'' . ";\n";
}
$ok = $ok && fileWrite(DOKU_LOCAL . 'local.php', $output);
if ($d['acl']) {
// hash the password
$phash = new \dokuwiki\PassHash();
$pass = $phash->hash_bcrypt($d['password']);
// create users.auth.php
$output = <<<EOT
# users.auth.php
# <?php exit()?>
# Don't modify the lines above
#
# Userfile
#
# Auto-generated by install script
# Date: $now
#
# Format:
# login:passwordhash:Real Name:email:groups,comma,separated
EOT;
// --- user:bcryptpasswordhash:Real Name:email:groups,comma,seperated
$output = $output . "\n" . join(':', [
$d['superuser'],
$pass,
$d['fullname'],
$d['email'],
'admin,user',
]) . "\n";
$ok = $ok && fileWrite(DOKU_LOCAL . 'users.auth.php', $output);
// create acl.auth.php
$output = <<<EOT
# acl.auth.php
# <?php exit()?>
# Don't modify the lines above
#
# Access Control Lists
#
# Auto-generated by install script
# Date: $now
EOT;
if ($d['policy'] == 2) {
$output .= "* @ALL 0\n";
$output .= "* @user 8\n";
} elseif ($d['policy'] == 1) {
$output .= "* @ALL 1\n";
$output .= "* @user 8\n";
} else {
$output .= "* @ALL 8\n";
}
$ok = $ok && fileWrite(DOKU_LOCAL . 'acl.auth.php', $output);
}
// enable popularity submission
if (isset($d['pop']) && $d['pop']) {
@touch(DOKU_INC . 'data/cache/autosubmit.txt');
}
// disable auth plugins til needed
$output = <<<EOT
<?php
/*
* Local plugin enable/disable settings
*
* Auto-generated by install script
* Date: $now
*/
\$plugins['authad'] = 0;
\$plugins['authldap'] = 0;
\$plugins['authmysql'] = 0;
\$plugins['authpgsql'] = 0;
EOT;
$ok = $ok && fileWrite(DOKU_LOCAL . 'plugins.local.php', $output);
return $ok;
}
/**
* Write the given content to a file
*
* @author Chris Smith <chris@jalakai.co.uk>
*
* @param string $filename
* @param string $data
* @return bool
*/
function fileWrite($filename, $data)
{
global $error;
global $lang;
if (($fp = @fopen($filename, 'wb')) === false) {
$filename = str_replace($_SERVER['DOCUMENT_ROOT'], '{DOCUMENT_ROOT}/', $filename);
$error[] = sprintf($lang['i_writeerr'], $filename);
return false;
}
if (!empty($data)) {
fwrite($fp, $data);
}
fclose($fp);
return true;
}
/**
* check installation dependent local config files and tests for a known
* unmodified main config file
*
* @author Chris Smith <chris@jalakai.co.uk>
*
* @return bool
*/
function check_configs()
{
global $error;
global $lang;
$ok = true;
$config_files = array(
'local' => DOKU_LOCAL . 'local.php',
'users' => DOKU_LOCAL . 'users.auth.php',
'auth' => DOKU_LOCAL . 'acl.auth.php'
);
// configs shouldn't exist
foreach ($config_files as $file) {
if (file_exists($file) && filesize($file)) {
$file = str_replace($_SERVER['DOCUMENT_ROOT'], '{DOCUMENT_ROOT}/', $file);
$error[] = sprintf($lang['i_confexists'], $file);
$ok = false;
}
}
return $ok;
}
/**
* Check other installation dir/file permission requirements
*
* @author Chris Smith <chris@jalakai.co.uk>
*
* @return bool
*/
function check_permissions()
{
global $error;
global $lang;
$dirs = array(
'conf' => DOKU_LOCAL,
'data' => DOKU_INC . 'data',
'pages' => DOKU_INC . 'data/pages',
'attic' => DOKU_INC . 'data/attic',
'media' => DOKU_INC . 'data/media',
'media_attic' => DOKU_INC . 'data/media_attic',
'media_meta' => DOKU_INC . 'data/media_meta',
'meta' => DOKU_INC . 'data/meta',
'cache' => DOKU_INC . 'data/cache',
'locks' => DOKU_INC . 'data/locks',
'index' => DOKU_INC . 'data/index',
'tmp' => DOKU_INC . 'data/tmp'
);
$ok = true;
foreach ($dirs as $dir) {
if (!file_exists("$dir/.") || !is_writable($dir)) {
$dir = str_replace($_SERVER['DOCUMENT_ROOT'], '{DOCUMENT_ROOT}', $dir);
$error[] = sprintf($lang['i_permfail'], $dir);
$ok = false;
}
}
return $ok;
}
/**
* Check the availability of functions used in DokuWiki and the PHP version
*
* @author Andreas Gohr <andi@splitbrain.org>
*
* @return bool
*/
function check_functions()
{
global $error;
global $lang;
$ok = true;
if (version_compare(phpversion(), '5.6.0', '<')) {
$error[] = sprintf($lang['i_phpver'], phpversion(), '5.6.0');
$ok = false;
}
if (ini_get('mbstring.func_overload') != 0) {
$error[] = $lang['i_mbfuncoverload'];
$ok = false;
}
try {
random_bytes(1);
} catch (\Exception $th) {
// If an appropriate source of randomness cannot be found, an Exception will be thrown by PHP 7+
$error[] = $lang['i_urandom'];
$ok = false;
}
if (ini_get('mbstring.func_overload') != 0) {
$error[] = $lang['i_mbfuncoverload'];
$ok = false;
}
$funcs = explode(' ', 'addslashes call_user_func chmod copy fgets ' .
'file file_exists fseek flush filesize ftell fopen ' .
'glob header ignore_user_abort ini_get mkdir ' .
'ob_start opendir parse_ini_file readfile realpath ' .
'rename rmdir serialize session_start unlink usleep ' .
'preg_replace file_get_contents htmlspecialchars_decode ' .
'spl_autoload_register stream_select fsockopen pack xml_parser_create');
if (!function_exists('mb_substr')) {
$funcs[] = 'utf8_encode';
$funcs[] = 'utf8_decode';
}
if (!function_exists('mail')) {
if (strpos(ini_get('disable_functions'), 'mail') !== false) {
$disabled = $lang['i_disabled'];
} else {
$disabled = "";
}
$error[] = sprintf($lang['i_funcnmail'], $disabled);
}
foreach ($funcs as $func) {
if (!function_exists($func)) {
$error[] = sprintf($lang['i_funcna'], $func);
$ok = false;
}
}
return $ok;
}
/**
* Print language selection
*
* @author Andreas Gohr <andi@splitbrain.org>
*/
function langsel()
{
global $lang;
global $LC;
$dir = DOKU_INC . 'inc/lang';
$dh = opendir($dir);
if (!$dh) return;
$langs = array();
while (($file = readdir($dh)) !== false) {
if (preg_match('/^[\._]/', $file)) continue;
if (is_dir($dir . '/' . $file) && file_exists($dir . '/' . $file . '/lang.php')) {
$langs[] = $file;
}
}
closedir($dh);
sort($langs);
echo '<form action="">';
echo $lang['i_chooselang'];
echo ': <select name="l" onchange="submit()">';
foreach ($langs as $l) {
$sel = ($l == $LC) ? 'selected="selected"' : '';
echo '<option value="' . $l . '" ' . $sel . '>' . $l . '</option>';
}
echo '</select> ';
echo '<button type="submit">' . $lang['btn_update'] . '</button>';
echo '</form>';
}
/**
* Print global error array
*
* @author Andreas Gohr <andi@splitbrain.org>
*/
function print_errors()
{
global $error;
if (!empty($error)) {
echo '<ul>';
foreach ($error as $err) {
echo "<li>$err</li>";
}
echo '</ul>';
}
}

372
Sio2/SISR/20-ldap/labo51.lan.ldif Normal file
View File

@ -0,0 +1,372 @@
dn: dc=labo51,dc=lan
o: labo51
dc: labo51
structuralObjectClass: organization
entryUUID: fa4724a4-cf8e-103c-8b56-5b76801a304f
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923132546Z
ou: labo51
description: labo51
objectClass: top
objectClass: dcObject
objectClass: organization
objectClass: gosaDepartment
objectClass: gosaAcl
gosaAclEntry: 0:subtree:Y249YWRtaW4sb3U9YWNscm9sZXMsZGM9bGFibzUxLGRjPWxhbg==
:dWlkPWZkLWFkbWluLG91PXBlb3BsZSxkYz1sYWJvNTEsZGM9bGFu
entryCSN: 20220923133315.145750Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220923133315Z
dn: cn=admin,dc=labo51,dc=lan
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9azJpYVFLcGRSYis3MEVqMjVoR0V1aXpudGtGdDRyVEc=
structuralObjectClass: organizationalRole
entryUUID: fa477026-cf8e-103c-8b57-5b76801a304f
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923132546Z
entryCSN: 20220923132546.893074Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220923132546Z
dn: ou=fusiondirectory,dc=labo51,dc=lan
objectClass: organizationalUnit
ou: fusiondirectory
structuralObjectClass: organizationalUnit
entryUUID: fa2072e0-cf8f-103c-9ee5-cd38c1c99b59
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923133256Z
entryCSN: 20220923133256.134250Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220923133256Z
dn: cn=config,ou=fusiondirectory,dc=labo51,dc=lan
fdLanguage: fr_FR
fdTheme: breezy
fdTimezone: Europe/Paris
fdLdapSizeLimit: 200
fdModificationDetectionAttribute: entryCSN
fdLogging: TRUE
fdSchemaCheck: TRUE
fdEnableSnapshots: TRUE
fdSnapshotBase: ou=snapshots,dc=labo51,dc=lan
fdPasswordDefaultHash: ssha
fdForcePasswordDefaultHash: FALSE
fdHandleExpiredAccounts: FALSE
fdLoginAttribute: uid
fdForceSSL: FALSE
fdWarnSSL: TRUE
fdSessionLifeTime: 1800
fdHttpAuthActivated: FALSE
fdHttpHeaderAuthActivated: FALSE
fdHttpHeaderAuthHeaderName: AUTH_USER
fdSslKeyPath: /etc/ssl/private/fd.key
fdSslCertPath: /etc/ssl/certs/fd.cert
fdSslCaCertPath: /etc/ssl/certs/ca.cert
fdCasActivated: FALSE
fdCasServerCaCertPath: /etc/ssl/certs/ca.cert
fdCasHost: localhost
fdCasPort: 443
fdCasContext: /cas
fdAccountPrimaryAttribute: uid
fdCnPattern: %givenName% %sn%
fdStrictNamingRules: TRUE
fdUserRDN: ou=people
fdAclRoleRDN: ou=aclroles
fdRestrictRoleMembers: FALSE
fdSplitPostalAddress: FALSE
fdDisplayErrors: FALSE
fdLdapStats: FALSE
fdDebugLevel: 0
fdListSummary: TRUE
fdAclTabOnObjects: FALSE
fdDisplayHookOutput: FALSE
structuralObjectClass: fusionDirectoryConf
cn: config
entryUUID: fa2105f2-cf8f-103c-9ee6-cd38c1c99b59
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923133256Z
fdDashboardNumberOfDigit: 3
fdDashboardPrefix: PC
fdDashboardExpiredAccountsDays: 15
fdOGroupRDN: ou=groups
fdForceSaslPasswordAsk: FALSE
objectClass: fusionDirectoryConf
objectClass: fdDashboardPluginConf
objectClass: fusionDirectoryPluginsConf
objectClass: fdPasswordRecoveryConf
fdPasswordRecoveryActivated: FALSE
fdPasswordRecoveryEmail: to.be@chang.ed
fdPasswordRecoveryValidity: 10
fdPasswordRecoverySalt: SomethingSecretAndVeryLong
fdPasswordRecoveryUseAlternate: FALSE
fdPasswordRecoveryLoginAttribute: uid
fdPasswordRecoveryMailSubject:: W0Z1c2lvbkRpcmVjdG9yeV0gTGllbiBkZSByw6lpbml0
aWFsaXNhdGlvbiBkdSBtb3QgZGUgcGFzc2U=
fdPasswordRecoveryMailBody:: Qm9uam91ciwKClZvaWNpIHZvcyBpbmZvcm1hdGlvbnMgOgo
tIElkZW50aWZpYW504oCvOiAlcwotIExpZW7igK86ICVzCgpDZSBsaWVuIGVzdCBzZXVsZW1lbn
QgdmFsaWRlIHBlbmRhbnQgMTAgbWludXRlcw==
fdPasswordRecoveryMail2Subject:: W0Z1c2lvbkRpcmVjdG9yeV0gUsOpaW5pdGlhbGlzYXR
pb24gZHUgbW90IGRlIHBhc3NlIHLDqXVzc2ll4oCvIQ==
fdPasswordRecoveryMail2Body:: Qm9uam91ciwKClZvdHJlIG1vdCBkZSBwYXNzZSBhIMOpdM
OpIGNoYW5nw6kuIApWb3RyZSBpZGVudGlmaWFudCBkZSBjb25uZXhpb24gZXN0IHRvdWpvdXJzI
CVzLg==
fusionConfigMd5: a757b5932e118edd99c930ce5cb6399b
fdGroupRDN: ou=groups
fdMinId: 100
fdUidNumberBase: 1100
fdGidNumberBase: 1100
fdIdAllocationMethod: traditional
fdShells: /bin/ash
fdShells: /bin/bash
fdShells: /bin/csh
fdShells: /bin/sh
fdShells: /bin/ksh
fdShells: /bin/tcsh
fdShells: /bin/dash
fdShells: /bin/zsh
fdShells: /sbin/nologin
fdShells: /bin/false
fdShells: /usr/bin/git-shell
fdDefaultShell: /bin/ash
entryCSN: 20220927084251.846088Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220927084251Z
dn: ou=aclroles,dc=labo51,dc=lan
objectClass: organizationalUnit
ou: aclroles
structuralObjectClass: organizationalUnit
entryUUID: 05717270-cf90-103c-9ee8-cd38c1c99b59
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923133315Z
entryCSN: 20220923133315.120052Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220923133315Z
dn: cn=admin,ou=aclroles,dc=labo51,dc=lan
objectClass: top
objectClass: gosaRole
cn: admin
description: Donne tous les droits sur tous les objets
gosaAclTemplate: 0:all;cmdrw
structuralObjectClass: gosaRole
entryUUID: 0571e12e-cf90-103c-9ee9-cd38c1c99b59
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923133315Z
entryCSN: 20220923133315.122882Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220923133315Z
dn: ou=people,dc=labo51,dc=lan
objectClass: organizationalUnit
ou: people
structuralObjectClass: organizationalUnit
entryUUID: 0573d402-cf90-103c-9eea-cd38c1c99b59
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923133315Z
entryCSN: 20220923133315.135652Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220923133315Z
dn: uid=fd-admin,ou=people,dc=labo51,dc=lan
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
cn: System Administrator
sn: Administrator
givenName: System
uid: fd-admin
userPassword:: e1NTSEF9WFlPYlZ4bi96eEhkUkFZaWluZjRLaFZNeUJaa1hTQTM=
structuralObjectClass: inetOrgPerson
entryUUID: 0574800a-cf90-103c-9eeb-cd38c1c99b59
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923133315Z
entryCSN: 20220923133315.140056Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220923133315Z
dn: cn=manager,ou=aclroles,dc=labo51,dc=lan
cn: manager
description: Donner tous les droits aux utilisateurs sur cette branche
objectClass: top
objectClass: gosaRole
gosaAclTemplate: 0:user/user;cmdrw,user/posixAccount;cmdrw
structuralObjectClass: gosaRole
entryUUID: 06db8bc8-cf90-103c-9eec-cd38c1c99b59
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923133317Z
entryCSN: 20220923133317.493099Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220923133317Z
dn: cn=editowninfos,ou=aclroles,dc=labo51,dc=lan
cn: editowninfos
description:: UGVybWV0IGF1eCB1dGlsaXNhdGV1cnMgZCfDqWRpdGVyIGxldXJzIHByb3ByZX
MgaW5mb3JtYXRpb25zIChvbmdsZXRzIGfDqW7DqXJpcXVlIGV0IHBvc2l4LCDDoCBuJ3V0aWxpc
2VyIHF1ZSBzdXIgbGEgYmFzZSk=
objectClass: top
objectClass: gosaRole
gosaAclTemplate: 0:user/user;srw,user/posixAccount;srw
structuralObjectClass: gosaRole
entryUUID: 06dc1dcc-cf90-103c-9eed-cd38c1c99b59
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923133317Z
entryCSN: 20220923133317.496837Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220923133317Z
dn: cn=editownpwd,ou=aclroles,dc=labo51,dc=lan
cn: editownpwd
description:: UGVybWV0IGF1eCB1dGlsaXNhdGV1cnMgZGUgY2hhbmdlciBsZXVyIG1vdCBkZS
BwYXNzZSAow6AgbuKAmXV0aWxpc2VyIHF1ZSBzdXIgbGEgYmFzZSk=
objectClass: top
objectClass: gosaRole
gosaAclTemplate: 0:user/user;s#userPassword;rw
structuralObjectClass: gosaRole
entryUUID: 06dc87d0-cf90-103c-9eee-cd38c1c99b59
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923133317Z
entryCSN: 20220923133317.499552Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220923133317Z
dn: ou=recovery,ou=fusiondirectory,dc=labo51,dc=lan
objectClass: organizationalUnit
ou: recovery
structuralObjectClass: organizationalUnit
entryUUID: 867ca16e-cf90-103c-9ef1-cd38c1c99b59
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923133651Z
entryCSN: 20220923133651.619426Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220923133651Z
dn: ou=locks,ou=fusiondirectory,dc=labo51,dc=lan
objectClass: organizationalUnit
ou: locks
structuralObjectClass: organizationalUnit
entryUUID: 89251e00-cf90-103c-9ef2-cd38c1c99b59
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923133656Z
entryCSN: 20220923133656.079063Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220923133656Z
dn: ou=snapshots,dc=labo51,dc=lan
objectClass: organizationalUnit
ou: snapshots
structuralObjectClass: organizationalUnit
entryUUID: d945fb3e-cf90-103c-9ef3-cd38c1c99b59
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923133910Z
entryCSN: 20220923133910.512170Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220923133910Z
dn: uid=dpaul,ou=people,dc=labo51,dc=lan
cn: Paul Dubois
sn: Dubois
givenName: Paul
description: Polo
uid: dpaul
preferredLanguage: fr_FR
userPassword:: e1NTSEF9RkgrNnNtUnNxMGw3KzFDODB2MXNTQzJQVXJSZEttS0g=
structuralObjectClass: inetOrgPerson
entryUUID: 27e0f56e-cf91-103c-9ef4-cd38c1c99b59
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923134122Z
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
homeDirectory: /home/paul
gecos: Paul Dubois
loginShell: /bin/ash
uidNumber: 1101
gidNumber: 1002
shadowLastChange: 19262
entryCSN: 20220927084325.025161Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220927084325Z
dn: cn=fd-admin,dc=labo51,dc=lan
objectClass: posixGroup
cn: fd-admin
description: Groupe de l'utilisateur fd-admin
gidNumber: 1001
structuralObjectClass: posixGroup
entryUUID: ee847b00-cf91-103c-8113-87fb8d81eb6d
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220923134655Z
entryCSN: 20220923134655.650648Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220923134655Z
dn: cn=dpaul,dc=labo51,dc=lan
objectClass: posixGroup
cn: dpaul
description: Groupe de l'utilisateur dpaul
gidNumber: 1002
structuralObjectClass: posixGroup
entryUUID: 8474bbca-d28a-103c-8c1d-dbb4971e905b
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220927083124Z
entryCSN: 20220927083124.720185Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220927083124Z
dn: uid=louis,ou=people,dc=labo51,dc=lan
cn: louis depres
sn: depres
givenName: louis
uid: louis
preferredLanguage: fr_FR
userPassword:: e1NTSEF9b2dhU25CWlNEWkFUekVIVXJsSXR4NFFEbGM2QURCNVk=
structuralObjectClass: inetOrgPerson
entryUUID: 4dee1eb4-d28c-103c-8125-f3f3a5e1910b
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220927084412Z
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
homeDirectory: /home/louis
gecos: louis depres
loginShell: /bin/ash
uidNumber: 1102
gidNumber: 1101
shadowLastChange: 19262
entryCSN: 20220927084412.248333Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220927084412Z
dn: ou=groups,dc=labo51,dc=lan
objectClass: organizationalUnit
ou: groups
structuralObjectClass: organizationalUnit
entryUUID: 4defab8a-d28c-103c-8128-f3f3a5e1910b
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220927084412Z
entryCSN: 20220927084412.244637Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220927084412Z
dn: cn=louis,ou=groups,dc=labo51,dc=lan
objectClass: posixGroup
cn: louis
description: Groupe de l'utilisateur louis
gidNumber: 1101
structuralObjectClass: posixGroup
entryUUID: 4defde70-d28c-103c-8129-f3f3a5e1910b
creatorsName: cn=admin,dc=labo51,dc=lan
createTimestamp: 20220927084412Z
entryCSN: 20220927084412.245939Z#000000#000#000000
modifiersName: cn=admin,dc=labo51,dc=lan
modifyTimestamp: 20220927084412Z

16
Sio2/SISR/20-ldap/local.php Normal file
View File

@ -0,0 +1,16 @@
<?php
$conf['title'] = 'labo2 ps wiki';
$conf['lang'] = 'fr';
$conf['license'] = 'cc-by-sa';
$conf['useacl'] = 1;
$conf['authtype'] = 'authldap';
$conf['superuser'] = '@admin';
$conf['disableactions'] = 'register';
$conf['plugin']['authldap']['server'] = 'ldap://localhost:389';
$conf['plugin']['authldap']['usertree'] = 'ou=people,dc=labo51,dc=lan';
$conf['plugin']['authldap']['grouptree'] = 'ou=groups,dc=labo51,dc=lan';
$conf['plugin']['authldap']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))';
$conf['plugin']['authldap']['groupfilter'] = '(&(objectClass=posixGroup)(memberUID=%{user}))';
$conf['plugin']['authldap']['version'] = 3;
$conf['plugin']['authldap']['debug'] = 1;
$conf['plugin']['authldap']['passcrypt'] = 'ssha';

23
Sio2/SISR/30-python/creatusr.py Executable file
View File

@ -0,0 +1,23 @@
#!/usr/bin/python3
import sys
try:
user = open("user.txt", "r")
except:
print ("Fichier utilisateur inconnu")
else:
line = user.readline ()
maligne = line.rstrip()
# print (line)
while maligne:
(login, complet) = maligne.split(":")
print (login)
print (complet)
line = user.readline()
maligne = line.rstrip()
#print (line)
user.close()

39
Sio2/SISR/30-python/creatusr2.py Executable file
View File

@ -0,0 +1,39 @@
#!/usr/bin/python3
import sys
#print "Nom du programme : ", sys.argv[0]
#print "Nombre d'arguments: ", len(sys.argv)
#print "Les arguments sont : " , str(sys.argv)
if len(sys.argv) !=2:
msg = "Usage : " + sys.argv[0] + " <fichier.txt>"
print (msg, file=sys.stderr)
sys.exit(1)
filename = sys.argv[1]
try:
file = open(filename , "r")
except:
msg = "Erreur ouverture fichier " + filename
print (msg ,file=sys.stderr)
else:
line = file.readline ()
maligne = line.rstrip()
while maligne:
(login, complet) = maligne.split(":")
print (login)
print (complet)
commande = "useradd --create-home --home-dir /home"+ login + " --shell /bin/bash --comment \"" + complet + "\" " + login
print (commande)
print (" ")
line = file.readline()
maligne = line.rstrip()
#print (line)
file.close()

41
Sio2/SISR/30-python/creatusr3.py Executable file
View File

@ -0,0 +1,41 @@
#!/usr/bin/python3
import sys
#print "Nom du programme : ", sys.argv[0]
#print "Nombre d'arguments: ", len(sys.argv)
#print "Les arguments sont : " , str(sys.argv)
if len(sys.argv) !=2:
msg = "Usage : " + sys.argv[0] + " <fichier.txt>"
print (msg, file=sys.stderr)
sys.exit(1)
filename = sys.argv[1]
try:
file = open(filename , "r")
except:
msg = "Erreur ouverture fichier " + filename
print (msg ,file=sys.stderr)
else:
line = file.readline ()
maligne = line.rstrip()
while maligne:
(login, complet) = maligne.split(":")
print (login)
print (complet)
cmd = ('getent passwd', login)
res=subprocess.run(cmd.split(),stdout=subprocess.PIPE)
commande = "useradd --create-home --home-dir /home"+ login + " --shell /bin/bash --comment \"" + complet + "\" " + login
print (commande)
print (" ")
line = file.readline()
maligne = line.rstrip()
#print (line)
file.close()

44
Sio2/SISR/30-python/creatusr4.py Normal file
View File

@ -0,0 +1,44 @@
#!/usr/bin/python3
# ne marche pas
import sys
import os
import pwd
import subprocess
#print ("Nom du programme : ", sys.argv[0])
#print ("Nombre d'arguments: ", len(sys.argv))
#print ("Les arguments sont : " , str(sys.argv))
if len(sys.argv) != 2:
msg= ("Usage : " + sys.argv[0] + " <fichier.txt>")
print(msg ,file=sys.stderr)
sys.exit(1)
filename = sys.argv[1]
try:
file= open(filename , "r")
except:
msg = ("Erreur ouverture fichier " + filename)
print(msg ,file=sys.stderr)
else:
line = file.readline()
linee = line.rstrip()
while linee:
(login, complet) = linee.split(":")
cmd="getent passwd " + login
res= subprocess.run(cmd.split(),stdout=subprocess.PIPE)
res2= (res.stdout.decode("utf8"))
if not res2 :
commande = "useradd --create-home --home-dir /home/"+ login + " --shell /bin/bash --comment \"" + complet + "\" " + login
res3= os.system(commande)
else :
print("Utilisateur " + login + " existant" )
line = file.readline()
linee = line.rstrip()
file.close()

28
Sio2/SISR/30-python/log.py Executable file
View File

@ -0,0 +1,28 @@
#!/usr/bin/python3
import sys
import re
volip = {}
cpthit = {}
regexp = "^(\S+) (\S+) (\S+) \[([^]]+)\] \"(\w+) (\S+).*\" (\d+) (\S+)"
for line in sys.stdin: # on lit sur lentrée standard
line = line.rstrip () # on enleve le retour ligne
res = re.match (regexp, line)
if res:
(host, rfc931, user, date, request, url, status, byte) = res.groups()
host = res.group (1)
byte = int(res.group (8))
#print ('host : ', host, ' byte : ', byte)
if host not in volip:
volip[host] = byte
cpthit[host] = 1
else:
volip[host] = volip[host] + byte
cpthit[host] = cpthit[host] + 1
for addr in sorted(volip.keys()):
print ("VOLUME : ", addr, " : ", volip[addr],";;; HIT : ", cpthit[addr])
#for hit in sorted(cpthit.keys()):
# print (hit, " : ", cpthit[hit])

2
Sio2/SISR/30-python/prog.py Executable file
View File

@ -0,0 +1,2 @@
#!/usr/bin/python3
print ("Bonjour.")

4
Sio2/SISR/30-python/prog1.py Executable file
View File

@ -0,0 +1,4 @@
#!/usr/bin/python3
rayon=float(input("Saisir le rayon : "))
peri=(2*3.141592*rayon)
print ("Le périmètre vaut : ", peri, "cm")

30
Sio2/SISR/30-python/prog2.py Executable file
View File

@ -0,0 +1,30 @@
#!/usr/bin/python3
tableau=[]
nb=int(input("Combien de nombre dans le tableau : "))
for i in range (nb):
valeur=int(input("Saisir un nombre : "))
tableau.append(valeur)
min = tableau[0]
max = tableau[0]
moy = 0
for valeur in tableau:
if valeur < min:
min = valeur
if valeur > max:
max = valeur
moy = moy + valeur
moy = moy/nb
for valeur in tableau:
print (valeur)
print ("La moyenne est : ", moy)
print ("Le plus petit élément est : ", min)
print ("Le plus grand élément est : ", max)

14
Sio2/SISR/30-python/prog3.py Executable file
View File

@ -0,0 +1,14 @@
#!/usr/bin/python3
phrase = str(input("Entrez votre phrase : "))
tabmots = phrase.split(" ")
cptmots = {}
for mot in tabmots:
if not mot in cptmots:
cptmots[mot] = 1
else:
cptmots[mot] = cptmots[mot] + 1
for mot in cptmots.keys():
print(mot, ":", cptmots[mot])

1816
Sio2/SISR/30-python/resul.txt Normal file
View File

File diff suppressed because it is too large Load Diff

4
Sio2/SISR/30-python/user.txt Normal file
View File

@ -0,0 +1,4 @@
lucien:Lucien Dubois
claudine:Claudine Dupont
robert:Robert Dupond
anthony:Anthony Arnoux

6
Sio2/SISR/40-ansible/hosts Normal file
View File

@ -0,0 +1,6 @@
[adm]
infra
[web]
web1
web2

1
Sio2/SISR/40-ansible/index.html Normal file
View File

@ -0,0 +1 @@
coucou les loulous

5
Sio2/SISR/40-ansible/local.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: infra
roles:
- web
- doku

45
Sio2/SISR/40-ansible/maindoku.yml Normal file
View File

@ -0,0 +1,45 @@
- name: recuperation archive et decompression dans /tmp
unarchive:
src: http://depl/store/dokuwiki-stable.tgz
dest: /var/www/html
remote_src: yes
- name: renommer le dossier et deplacer
stat:
path: /var/www/html/dokuwiki-2022-07-31a
register: dokuwiki_status
- name: check si dokuwiki deja installe
stat:
path: /var/www/html/doku
register: doku_status
- name: sortie si dokuwiki est deja installe
fail:
msg: "dokuwiki deja installe dans /var/www/html/doku"
when: doku_status.stat.exists
- name: renomme dokuwiki-2022-07-31a
command: "mv /var/www/html/dokuwiki-2022-07-31a /var/www/html/doku"
when: dokuwiki_status.stat.exists
- name: les droits dokuwiki
file:
path: /var/www/html/doku
state: directory
recurse: yes
owner: root
group: root
mode: 0755
- name: droits de www-data
file:
path: "/var/www/html/doku/{{ item }}"
state: directory
recurse: yes
owner: www-data
group: www-data
with_items:
- data
- lib
- conf

11
Sio2/SISR/40-ansible/mainweb.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: installation apache2 php php-gd php-mbstring
apt:
pkg:
- apache2
- php
- php-gd
- php-xml
- php-mbstring
state: present

24
Sio2/SISR/40-ansible/rsyslog.yml Normal file
View File

@ -0,0 +1,24 @@
---
- hosts: infra
tasks:
- name: decommente le chargement du module imudp dans rsyslog.conf
replace:
path: /etc/rsyslog.conf
regexp: '^#module\(load="imudp"\)'
replace: 'module(load="imudp")'
backup: true
notify: Restart Rsyslog
- name: decommente le chargement du module imudp dans rsyslog.conf
replace:
path: /etc/rsyslog.conf
regexp: '^#input\(type="imudp" port="514"\)'
replace: 'input(type="imudp" port="514")'
backup: true
notify: Restart Rsyslog
handlers:
- name: Restart Rsyslog
service:
name: rsyslog
state: restarted

45
Sio2/SISR/40-ansible/rsyslogcli.yml Normal file
View File

@ -0,0 +1,45 @@
---
- hosts: web
tasks:
- name: decommente forwardtosyslog dans journald.conf
replace:
path: /etc/systemd/journald.conf
regexp: '^#ForwardToSyslog=yes'
replace: 'ForwardToSyslog=yes'
backup: true
notify: Restart journald
- name: modifier RateLimitInterval dans journald.conf
replace:
path: /etc/systemd/journald.conf
regexp: '^#RateLimitIntervalSec=30s'
replace: 'RateLimitIntervalSec=0'
backup: true
notify: Restart journald
- name: modifier RateLimitBurst dans journald.conf
replace:
path: /etc/systemd/journald.conf
regexp: '^#RateLimitBurst=10000'
replace: 'RateLimitBurst=0'
backup: true
notify: Restart journald
- name: deplacer log vers un serveur distant
lineinfile:
path: /etc/rsyslog.conf
line: '*.* @192.168.0.24:514'
backup: true
notify: Restart rsyslog
handlers:
- name: Restart journald
service:
name: systemd-journald.service
state: restarted
- name: Restart rsyslog
service:
name: rsyslog
state: restarted

8567
Sio2/SISR/40-ansible/squid.conf.j2 Normal file
View File

File diff suppressed because it is too large Load Diff

30
Sio2/SISR/40-ansible/squid.yml Normal file
View File

@ -0,0 +1,30 @@
---
- hosts: adm
vars:
- proxy_port: 8080
- proxy_mem: 128
- localnet: "192.168.0.0/24"
tasks:
- name: installation squid
apt:
name: squid
state: present
- name: generation fichier de conf à partir de la template
template:
src: squid.conf.j2
dest: /etc/squid/squid.conf
mode: 0644
backup: true
notify: restart squid
handlers:
- name: restart squid
service:
name: squid
state: restarted
# - name: recuperer fichier de conf squid
# fetch:
# src: /etc/squid/squid.conf
# dest: ./squid.conf

49
Sio2/SISR/40-ansible/stlab.yml Normal file
View File

@ -0,0 +1,49 @@
---
- hosts: localhost
# become: true
vars_prompt:
- name: username
prompt: Votre nom?
private: false
tasks:
- name: cree utilisateurs
shell: "curl depl.sio.lan/usr/mkusrlin-2024.sh|bash"
- name: mdp root verrouillage
# avec mkpasswd -m SHA-512
ansible.builtin.user:
name: root
password: '$6$Ga8KbEYAgCZYGeDB$7zlfBy1j4koFv.NYQEeZa/k7pwjNTEI7hrWUlrHWTwd1YsEqm.Sy2DZ1GAFYe2qe4ZccMQJAt7QxILY1sd9AV0'
- name: enleve sio de sudo
ansible.builtin.user:
name: sio
groups: ''
- name: met le user "{{ username }}" dans le groupe sudo
ansible.builtin.user:
name: "{{ username }}"
groups: sudo
append: yes
when: username != ""
- name: installer systemd-journal-remote
apt:
name:
- systemd-journal-remote
- name: chnager adresse envoie log
replace:
path: /etc/systemd/journal-upload.conf
regexp: '^# URL='
replace: 'URL=http://192.168.0.1:19532'
- name: Enable systemd-journal-upload.service
ansible.builtin.service:
name: systemd-journal-upload.service
enabled: yes
- name: Restart systemd-journal-upload.service
ansible.builtin.service:
name: systemd-journal-upload.service
state: restarted

23
Sio2/SISR/40-ansible/web.yml Normal file
View File

@ -0,0 +1,23 @@
---
- hosts: all
tasks:
- name: 1. installe Apache
apt:
name: apache2
state: present
- name: 2. installe PHP pour Apache
apt:
name: php
state: present
- name: 3. installe php-mbstring
apt:
name: php-mbstring
state: present
- name: 4. installe index.html
copy:
src: index.html
dest: /var/www/html/index.html
mode: 0664

15
Sio2/SISR/50-docker/dokuwiki/docker-compose.yml Normal file
View File

@ -0,0 +1,15 @@
version: "2.1"
services:
dokuwiki:
image: lscr.io/linuxserver/dokuwiki:latest
container_name: dokuwiki
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
volumes:
- /path/to/appdata/config:/config
ports:
- 8000:80
- 443:443 #optional
restart: unless-stopped

28
Sio2/SISR/50-docker/glpi/docker-compose.yml Normal file
View File

@ -0,0 +1,28 @@
version: "3.2"
services:
#MariaDB Container
mariadb:
image: mariadb:10.7
container_name: mariadb
hostname: mariadb
volumes:
- /var/lib/mysql:/var/lib/mysql
env_file:
- ./mariadb.env
restart: always
#GLPI Container
glpi:
image: diouxx/glpi
container_name : glpi
hostname: glpi
ports:
- "8081:80"
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- /var/www/html/glpi/:/var/www/html/glpi
environment:
- TIMEZONE=Europe/Brussels
restart: always

4
Sio2/SISR/50-docker/glpi/mariadb.env Normal file
View File

@ -0,0 +1,4 @@
MARIADB_ROOT_PASSWORD=diouxx
MARIADB_DATABASE=glpidb
MARIADB_USER=glpi_user
MARIADB_PASSWORD=glpi

33
Sio2/SISR/50-docker/nextcloud/docker-compose.yml Normal file
View File

@ -0,0 +1,33 @@
version: '2'
volumes:
nextcloud:
db:
services:
db:
image: mariadb:10.5
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=root
- MYSQL_PASSWORD=nextcloud
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
app:
image: nextcloud
restart: always
ports:
- 8080:80
links:
- db
volumes:
- nextcloud:/var/www/html
environment:
- MYSQL_PASSWORD=nextcloud
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db

33
Sio2/SISR/50-docker/wordpress/docker-compose.yml Normal file
View File

@ -0,0 +1,33 @@
services:
db:
# We use a mariadb image which supports both amd64 & arm64 architecture
image: mariadb:10.6.4-focal
# If you really want to use MySQL, uncomment the following line
#image: mysql:8.0.27
command: '--default-authentication-plugin=mysql_native_password'
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
- MYSQL_ROOT_PASSWORD=somewordpress
- MYSQL_DATABASE=wordpress
- MYSQL_USER=wordpress
- MYSQL_PASSWORD=wordpress
expose:
- 3306
- 33060
wordpress:
image: wordpress:latest
volumes:
- wp_data:/var/www/html
ports:
- 80:80
restart: always
environment:
- WORDPRESS_DB_HOST=db
- WORDPRESS_DB_USER=wordpress
- WORDPRESS_DB_PASSWORD=wordpress
- WORDPRESS_DB_NAME=wordpress
volumes:
db_data:
wp_data:

77
Sio2/SISR/60-Vagrant/Docker/Vagrantfile vendored Normal file
View File

@ -0,0 +1,77 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://vagrantcloud.com/search.
config.vm.box = "debian/bullseye64"
config.vm.hostname = "docker"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# NOTE: This will enable public access to the opened port
# config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine and only allow access
# via 127.0.0.1 to disable public access
# config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
config.vm.network "public_network"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
#
# # Customize the amount of memory on the VM:
vb.memory = "3096"
end
#
# View the documentation for the provider you are using for more
# information on available options.
# Enable provisioning with a shell script. Additional provisioners such as
# Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
# documentation for more information about their specific syntax and use.
config.vm.provision "shell", inline: <<-SHELL
apt-get update
apt install -y wget curl git vim nano
if ! which docker ; then
curl -s -o getdocker.sh https://get.docker.com
bash getdocker.sh
gpasswd -a vagrant docker
fi
# apt-get install -y apache2
SHELL
end

86
Sio2/SISR/60-Vagrant/Suricata/Vagrantfile vendored Normal file
View File

@ -0,0 +1,86 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://vagrantcloud.com/search.
config.vm.box = "debian/bullseye64"
config.vm.hostname = "suricata"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# NOTE: This will enable public access to the opened port
# config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine and only allow access
# via 127.0.0.1 to disable public access
# config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
config.vm.network "public_network"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
#
# # Customize the amount of memory on the VM:
vb.memory = "2048"
end
#
# View the documentation for the provider you are using for more
# information on available options.
# Enable provisioning with a shell script. Additional provisioners such as
# Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
# documentation for more information about their specific syntax and use.
config.vm.provision "shell", inline: <<-SHELL
apt-get update
apt install -y wget curl git nano suricata jq
systemctl enable suricata.service
systemctl stop suricata.service
sed -i 's/community-id: false/community-id: true/' /etc/suricata/suricata.yaml
sed -iz 's/- interface: eth0/- interface: eth1/' /etc/suricata/suricata.yaml
cat >> /etc/suricata/suricata.yaml <<-EOT
detect-engine:
- rule-reload: true
EOT
# systemctl start suricata.service
sudo suricata-update -o /etc/suricata/rules
sudo suricata-update list-sources
sudo suricata -T -c /etc/suricata/suricata.yaml -v
systemctl start suricata.service
ip -br a
SHELL
end

70
Sio2/SISR/60-Vagrant/Vagrantfile vendored Normal file
View File

@ -0,0 +1,70 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://vagrantcloud.com/search.
config.vm.box = "debian/bullseye64"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# NOTE: This will enable public access to the opened port
config.vm.network "forwarded_port", guest: 80, host: 2080
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine and only allow access
# via 127.0.0.1 to disable public access
# config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
# config.vm.network "public_network"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
#
# # Customize the amount of memory on the VM:
vb.memory = "1024"
end
#
# View the documentation for the provider you are using for more
# information on available options.
# Enable provisioning with a shell script. Additional provisioners such as
# Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
# documentation for more information about their specific syntax and use.
config.vm.provision "shell", inline: <<-SHELL
apt-get update
apt-get install -y apache2 nano
SHELL
end