Modif stlab.yml

Sio2/AP3/Ansible/apbase.yml

@@ -0,0 +1,29 @@
+---
+- name: apbase
+  hosts: ap32
+  become: true
+  become_method: sudo
+  tasks:
+  - name: Ajout fichier apt.conf
+    copy:
+      src: apt.conf
+      dest: /etc/apt/apt.conf
+
+  - name: apt update & upgrade
+    apt:
+      update_cache: yes
+      upgrade: yes
+
+  - name: Installation des packets
+    apt:
+      name:
+        - apache2
+        - php
+        - php-mbstring
+        - php-mysql
+        - mariadb-server
+        - git
+        - python3-mysqldb
+        - python3-passlib
+        - python3-pymysql
+      state: present

Sio2/AP3/Ansible/apdb.yml

@@ -0,0 +1,23 @@
+---
+- name: apdb
+  hosts: ap32
+  become: true
+  become_method: sudo
+  tasks:
+  - name: creation nouvelle db sdis2022
+    community.mysql.mysql_db:
+      name: sdis29
+      login_user: root
+      login_password: admin
+      state: present
+      login_unix_socket: /run/mysqld/mysqld.sock
+
+  - name: creation utilisateur ap32  
+    community.mysql.mysql_user:
+      login_user: root
+      login_password: admin
+      name: ap32
+      password: ap32
+      priv: 'sdis29.*:ALL'
+      state: present
+      login_unix_socket: /run/mysqld/mysqld.sock

Sio2/AP3/Ansible/apdbdump.yml

@@ -0,0 +1,19 @@
+---
+- hosts: ap32
+  become: true
+  become_method: sudo
+  tasks:
+  - name: Dump database
+    community.mysql.mysql_db:
+      state: dump
+      name: "sdis29"
+      login_user: ap32
+      login_password: ap32
+      target: /tmp/sdis29-dump.sql.gz
+      login_unix_socket: /run/mysqld/mysqld.sock
+
+  - name: copie du dump sur machine locale
+    fetch:
+      src: /tmp/sdis29-dump.sql.gz
+      dest: sdis29-dump.sql.gz
+      flat: yes

Sio2/AP3/Ansible/apt.conf

@@ -0,0 +1,2 @@
+Acquire::http::Proxy "http://10.121.38.1:8080";
+Acquire::https::Proxy "http://10.121.38.1:8080";

Sio2/AP3/Ansible/hosts

@@ -0,0 +1,2 @@
+[ap32]
+ap32-prod

Sio2/SISR/40-ansible/stlab.yml

@@ -0,0 +1,49 @@
+---
+- hosts: localhost
+  #  become: true
+  vars_prompt:
+    - name: username
+      prompt: Votre nom?
+      private: false
+
+  tasks:
+    - name: cree utilisateurs
+      shell: "curl depl.sio.lan/usr/mkusrlin-2024.sh|bash"
+
+    - name: mdp root verrouillage
+# avec mkpasswd -m SHA-512
+      ansible.builtin.user:
+        name: root
+        password: '$6$Ga8KbEYAgCZYGeDB$7zlfBy1j4koFv.NYQEeZa/k7pwjNTEI7hrWUlrHWTwd1YsEqm.Sy2DZ1GAFYe2qe4ZccMQJAt7QxILY1sd9AV0' 
+    - name: enleve sio de sudo
+      ansible.builtin.user:
+        name: sio
+        groups: ''
+
+    - name: met le user "{{ username }}" dans le groupe sudo
+      ansible.builtin.user:
+        name: "{{ username }}"
+        groups: sudo
+        append: yes
+      when: username != ""
+
+    - name: installer systemd-journal-remote
+      apt:
+        name:
+          - systemd-journal-remote
+
+    - name: chnager adresse envoie log
+      replace:
+        path: /etc/systemd/journal-upload.conf
+        regexp: '^# URL='
+        replace: 'URL=http://192.168.0.1:19532'
+
+    - name: Enable systemd-journal-upload.service
+      ansible.builtin.service:
+        name: systemd-journal-upload.service
+        enabled: yes
+
+    - name: Restart systemd-journal-upload.service
+      ansible.builtin.service:
+        name: systemd-journal-upload.service
+        state: restarted

Sio2/SISR/60-Vagrant/Docker/Vagrantfile

@@ -0,0 +1,77 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bullseye64"
+  config.vm.hostname = "docker"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+   config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+     vb.memory = "3096"
+   end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     apt-get update
+     apt install -y wget curl git vim nano
+     if ! which docker ; then
+       curl -s -o getdocker.sh https://get.docker.com
+       bash getdocker.sh
+       gpasswd -a vagrant docker
+     fi
+  #   apt-get install -y apache2
+   SHELL
+end

Sio2/SISR/60-Vagrant/Suricata/Vagrantfile

@@ -0,0 +1,86 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bullseye64"
+  config.vm.hostname = "suricata"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+   config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+     vb.memory = "2048"
+   end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     apt-get update
+     apt install -y wget curl git nano suricata jq
+     systemctl enable suricata.service
+     systemctl stop suricata.service
+     sed -i 's/community-id: false/community-id: true/' /etc/suricata/suricata.yaml
+     sed -iz 's/- interface: eth0/- interface: eth1/' /etc/suricata/suricata.yaml
+     cat >> /etc/suricata/suricata.yaml <<-EOT
+detect-engine:
+  - rule-reload: true
+EOT
+#     systemctl start suricata.service
+     sudo suricata-update -o /etc/suricata/rules
+     sudo suricata-update list-sources
+     sudo suricata -T -c /etc/suricata/suricata.yaml -v
+     systemctl start suricata.service
+     ip -br a 
+   SHELL
+end
+