correction du fichier resolv.conf

sio2/ct-ansible/resolv.conf

@@ -0,0 +1,4 @@
+search sio.lan
+domain sio.lan
+nameserver 10.121.38.7
+nameserver 10.121.38.8

sio2/ct-ansible/sshd_config

@@ -0,0 +1,125 @@
+#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
+PermitRootLogin yes
+PermitRootLogin prohibit-password

sio2/cyber/05-nagios/apache2.conf

@@ -0,0 +1,50 @@
+# apache configuration for nagios 4.x
+
+ScriptAlias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4
+ScriptAlias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4
+
+# Where the stylesheets (config files) reside
+Alias /nagios4/stylesheets /etc/nagios4/stylesheets
+
+# Where the HTML pages live
+Alias /nagios4 /usr/share/nagios4/htdocs
+
+<DirectoryMatch (/usr/share/nagios4/htdocs|/usr/lib/cgi-bin/nagios4|/etc/nagios4/stylesheets)>
+    Options FollowSymLinks
+    DirectoryIndex index.php index.html
+    AllowOverride AuthConfig
+    #
+    # The default Debian nagios4 install sets use_authentication=0 in
+    # /etc/nagios4/cgi.cfg, which turns off nagos's internal authentication.
+    # This is insecure.  As a compromise this default apache2 configuration
+    # only allows private IP addresses access.
+    #
+    # The <Files>...</Files> below shows how you can secure the nagios4
+    # web site so anybody can view it, but only authenticated users can issue
+    # commands (such as silence notifications).  To do that replace the
+    # "Require all granted" with "Require valid-user", and use htdigest
+    # program from the apache2-utils package to add users to
+    # /etc/nagios4/htdigest.users.
+    #
+    # A step up is to insist all users validate themselves by moving
+    # the stanza's in the <Files>..<Files> into the <DirectoryMatch>.
+    # Then by setting use_authentication=1 in /etc/nagios4/cgi.cfg you
+    # can configure which people get to see a particular service from
+    # within the nagios configuration.
+    # 
+    Require ip	::1/128 fc00::/7 fe80::/10 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16
+    <Files "cmd.cgi">
+	AuthDigestDomain "Nagios4"
+	AuthDigestProvider file
+	AuthUserFile	"/etc/nagios4/htdigest.users"
+	AuthGroupFile	"/etc/group"
+	AuthName	"Nagios4"
+	AuthType	Digest
+	Require all	granted
+	#Require	valid-user
+    </Files>
+</DirectoryMatch>
+
+<Directory /usr/share/nagios4/htdocs>
+    Options	+ExecCGI	
+</Directory>

sio2/cyber/05-nagios/cgi.cfg

@@ -0,0 +1,422 @@
+#################################################################
+#
+# CGI.CFG - Sample CGI Configuration File for Nagios 4.4.6
+#
+#
+#################################################################
+
+
+# MAIN CONFIGURATION FILE
+# This tells the CGIs where to find your main configuration file.
+# The CGIs will read the main and host config files for any other
+# data they might need.
+
+main_config_file=/etc/nagios4/nagios.cfg
+
+
+
+# PHYSICAL HTML PATH
+# This is the path where the HTML files for Nagios reside.  This
+# value is used to locate the logo images needed by the statusmap
+# and statuswrl CGIs.
+
+physical_html_path=/usr/share/nagios4/htdocs
+
+
+
+# URL HTML PATH
+# This is the path portion of the URL that corresponds to the
+# physical location of the Nagios HTML files (as defined above).
+# This value is used by the CGIs to locate the online documentation
+# and graphics.  If you access the Nagios pages with an URL like
+# http://www.myhost.com/nagios, this value should be '/nagios'
+# (without the quotes).
+
+url_html_path=/nagios4
+
+
+
+# CONTEXT-SENSITIVE HELP
+# This option determines whether or not a context-sensitive
+# help icon will be displayed for most of the CGIs.
+# Values: 0 = disables context-sensitive help
+#         1 = enables context-sensitive help
+
+show_context_help=0
+
+
+
+# PENDING STATES OPTION
+# This option determines what states should be displayed in the web
+# interface for hosts/services that have not yet been checked.
+# Values: 0 = leave hosts/services that have not been check yet in their original state
+#         1 = mark hosts/services that have not been checked yet as PENDING
+
+use_pending_states=1
+
+
+
+# AUTHENTICATION USAGE
+# This option controls whether or not the CGIs will use any
+# authentication when displaying host and service information, as
+# well as committing commands to Nagios for processing.
+#
+# Read the HTML documentation to learn how the authorization works!
+#
+# NOTE: It is a really *bad* idea to disable authorization, unless
+# you plan on removing the command CGI (cmd.cgi)!  Failure to do
+# so will leave you wide open to kiddies messing with Nagios and
+# possibly hitting you with a denial of service attack by filling up
+# your drive by continuously writing to your command file!
+#
+# Setting this value to 0 will cause the CGIs to *not* use
+# authentication (bad idea), while any other value will make them
+# use the authentication functions (the default).
+
+use_authentication=0
+
+
+
+# x509 CERT AUTHENTICATION
+# When enabled, this option allows you to use x509 cert (SSL)
+# authentication in the CGIs.  This is an advanced option and should
+# not be enabled unless you know what you're doing.
+
+use_ssl_authentication=0
+
+
+
+# DEFAULT USER
+# Setting this variable will define a default user name that can
+# access pages without authentication.  This allows people within a
+# secure domain (i.e., behind a firewall) to see the current status
+# without authenticating.  You may want to use this to avoid basic
+# authentication if you are not using a secure server since basic
+# authentication transmits passwords in the clear.
+#
+# Important:  Do not define a default username unless you are
+# running a secure web server and are sure that everyone who has
+# access to the CGIs has been authenticated in some manner!  If you
+# define this variable, anyone who has not authenticated to the web
+# server will inherit all rights you assign to this user!
+
+#default_user_name=guest
+
+
+
+# SYSTEM/PROCESS INFORMATION ACCESS
+# This option is a comma-delimited list of all usernames that
+# have access to viewing the Nagios process information as
+# provided by the Extended Information CGI (extinfo.cgi).  By
+# default, *no one* has access to this unless you choose to
+# not use authorization.  You may use an asterisk (*) to
+# authorize any user who has authenticated to the web server.
+
+authorized_for_system_information=nagiosadmin
+
+
+
+# CONFIGURATION INFORMATION ACCESS
+# This option is a comma-delimited list of all usernames that
+# can view ALL configuration information (hosts, commands, etc).
+# By default, users can only view configuration information
+# for the hosts and services they are contacts for. You may use
+# an asterisk (*) to authorize any user who has authenticated
+# to the web server.
+
+authorized_for_configuration_information=nagiosadmin
+
+
+
+# SYSTEM/PROCESS COMMAND ACCESS
+# This option is a comma-delimited list of all usernames that
+# can issue shutdown and restart commands to Nagios via the
+# command CGI (cmd.cgi).  Users in this list can also change
+# the program mode to active or standby. By default, *no one*
+# has access to this unless you choose to not use authorization.
+# You may use an asterisk (*) to authorize any user who has
+# authenticated to the web server.
+
+authorized_for_system_commands=nagiosadmin
+
+
+
+# GLOBAL HOST/SERVICE VIEW ACCESS
+# These two options are comma-delimited lists of all usernames that
+# can view information for all hosts and services that are being
+# monitored.  By default, users can only view information
+# for hosts or services that they are contacts for (unless you
+# you choose to not use authorization). You may use an asterisk (*)
+# to authorize any user who has authenticated to the web server.
+
+authorized_for_all_services=nagiosadmin
+authorized_for_all_hosts=nagiosadmin
+
+
+
+# GLOBAL HOST/SERVICE COMMAND ACCESS
+# These two options are comma-delimited lists of all usernames that
+# can issue host or service related commands via the command
+# CGI (cmd.cgi) for all hosts and services that are being monitored.
+# By default, users can only issue commands for hosts or services
+# that they are contacts for (unless you you choose to not use
+# authorization).  You may use an asterisk (*) to authorize any
+# user who has authenticated to the web server.
+
+authorized_for_all_service_commands=nagiosadmin
+authorized_for_all_host_commands=nagiosadmin
+
+
+
+# READ-ONLY USERS
+# A comma-delimited list of usernames that have read-only rights in
+# the CGIs.  This will block any service or host commands normally shown
+# on the extinfo CGI pages.  It will also block comments from being shown
+# to read-only users.
+
+#authorized_for_read_only=user1,user2
+
+
+
+# STATUSMAP BACKGROUND IMAGE
+# This option allows you to specify an image to be used as a
+# background in the statusmap CGI.  It is assumed that the image
+# resides in the HTML images path (i.e. /usr/local/nagios/share/images).
+# This path is automatically determined by appending "/images"
+# to the path specified by the 'physical_html_path' directive.
+# Note:  The image file may be in GIF, PNG, JPEG, or GD2 format.
+# However, I recommend that you convert your image to GD2 format
+# (uncompressed) but ONLY IF YOU WILL USE THE LEGACY MAP EXCLUSIVELY,
+# as this will cause less CPU load when the CGI generates the image.
+
+#statusmap_background_image=smbackground.gd2
+
+
+
+# STATUSMAP TRANSPARENCY INDEX COLOR
+# These options set the r,g,b values of the background color used the statusmap CGI,
+# so normal browsers that can't show real png transparency set the desired color as
+# a background color instead (to make it look pretty).
+# Defaults to white: (R,G,B) = (255,255,255).
+
+#color_transparency_index_r=255
+#color_transparency_index_g=255
+#color_transparency_index_b=255
+
+
+
+# DEFAULT STATUSMAP LAYOUT METHOD
+# This option allows you to specify the default layout method
+# the statusmap CGI should use for drawing hosts.  If you do
+# not use this option, the default for the legacy map is to use
+# user-defined coordinates and the default for the new map is "6"
+# (Circular Balloon).
+# Valid options for the legacy map are as follows:
+#	0 = User-defined coordinates
+#	1 = Depth layers
+#	2 = Collapsed tree
+#	3 = Balanced tree
+#	4 = Circular
+#	5 = Circular (Marked Up)
+# Valid options for the new map are as follows:
+#	0 = User-defined coordinates
+#	1 = Depth Layers (Horizontal)
+#	2 = Collapsed tree (Horizontal)
+#	3 = Balanced tree (Horizontal)
+#	4 = DON'T USE
+#	5 = Circular Markup
+#	6 = Circular Balloon
+#	7 = Balanced tree (Vertical)
+#	8 = Collapsed tree (Vertical)
+#	9 = Depth Layers (Vertical)
+#	10 = Force Map
+
+#default_statusmap_layout=6
+
+
+
+# DEFAULT STATUSWRL LAYOUT METHOD
+# This option allows you to specify the default layout method
+# the statuswrl (VRML) CGI should use for drawing hosts.  If you
+# do not use this option, the default is to use user-defined
+# coordinates.  Valid options are as follows:
+#	0 = User-defined coordinates
+#       2 = Collapsed tree
+#       3 = Balanced tree
+#       4 = Circular
+
+default_statuswrl_layout=4
+
+
+
+# STATUSWRL INCLUDE
+# This option allows you to include your own objects in the
+# generated VRML world.  It is assumed that the file
+# resides in the HTML path (i.e. /usr/local/nagios/share).
+
+#statuswrl_include=myworld.wrl
+
+
+
+# PING SYNTAX
+# This option determines what syntax should be used when
+# attempting to ping a host from the WAP interface (using
+# the statuswml CGI.  You must include the full path to
+# the ping binary, along with all required options.  The
+# $HOSTADDRESS$ macro is substituted with the address of
+# the host before the command is executed.
+# Please note that the syntax for the ping binary is
+# notorious for being different on virtually ever *NIX
+# OS and distribution, so you may have to tweak this to
+# work on your system.
+
+ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$
+
+
+
+# REFRESH RATE
+# This option allows you to specify the refresh rate in seconds
+# of various CGIs (status, statusmap, extinfo, and outages).
+
+refresh_rate=90
+
+
+
+# PAGE TOUR
+# Enable page tour for helpful tips and tricks on various pages
+
+#enable_page_tour=1
+
+
+
+# DEFAULT PAGE LIMIT
+# This option allows you to specify the default number of results
+# displayed on the status.cgi.  This number can be adjusted from
+# within the UI after the initial page load. Setting this to 0
+# will show all results.
+
+result_limit=100
+
+
+
+# ESCAPE HTML TAGS
+# This option determines whether HTML tags in host and service
+# status output is escaped in the web interface.  If enabled,
+# your plugin output will not be able to contain clickable links.
+
+escape_html_tags=1
+
+
+
+# SOUND OPTIONS
+# These options allow you to specify an optional audio file
+# that should be played in your browser window when there are
+# problems on the network.  The audio files are used only in
+# the status CGI.  Only the sound for the most critical problem
+# will be played.  Order of importance (higher to lower) is as
+# follows: unreachable hosts, down hosts, critical services,
+# warning services, and unknown services. If there are no
+# visible problems, the sound file optionally specified by
+# 'normal_sound' variable will be played.
+#
+#
+# <varname>=<sound_file>
+#
+# Note: All audio files must be placed in the /media subdirectory
+# under the HTML path (i.e. /usr/local/nagios/share/media/).
+
+#host_unreachable_sound=hostdown.wav
+#host_down_sound=hostdown.wav
+#service_critical_sound=critical.wav
+#service_warning_sound=warning.wav
+#service_unknown_sound=warning.wav
+#normal_sound=noproblem.wav
+
+
+
+# URL TARGET FRAMES
+# These options determine the target frames in which notes and
+# action URLs will open.
+
+action_url_target=_blank
+notes_url_target=_blank
+
+
+
+# LOCK AUTHOR NAMES OPTION
+# This option determines whether users can change the author name
+# when submitting comments, scheduling downtime.  If disabled, the
+# author names will be locked into their contact name, as defined in Nagios.
+# Values: 0 = allow editing author names
+#         1 = lock author names (disallow editing)
+
+lock_author_names=1
+
+
+
+# SPLUNK INTEGRATION OPTIONS
+# These options allow you to enable integration with Splunk
+# in the web interface.  If enabled, you'll be presented with
+# "Splunk It" links in various places in the CGIs (log file,
+# alert history, host/service detail, etc).  Useful if you're
+# trying to research why a particular problem occurred.
+# For more information on Splunk, visit http://www.splunk.com/
+
+# This option determines whether the Splunk integration is enabled
+# Values: 0 = disable Splunk integration
+#         1 = enable Splunk integration
+
+#enable_splunk_integration=1
+
+# This option should be the URL used to access your instance of Splunk
+#splunk_url=http://127.0.0.1:8000/
+
+
+
+# NAVIGATION BAR SEARCH OPTIONS
+# The following options allow to configure the navbar search. Default
+# is to search for hostnames. With enabled navbar_search_for_addresses,
+# the navbar search queries IP addresses as well. It's also possible
+# to enable search for aliases by setting navbar_search_for_aliases=1.
+
+navbar_search_for_addresses=1
+navbar_search_for_aliases=1
+
+
+
+# DEFAULTS FOR CHECKBOXES FOR ACKNOWLEDGEMENTS
+# Enabling ack_no_sticky will default the "Sticky Acknowledgement" to
+# be unchecked.
+# Enabling ack_no_send will default the "Send Notification" to
+# be unchecked.
+
+#ack_no_sticky=0
+#ack_no_send=0
+
+
+
+# SHOW ONLY HARD STATES IS TACTICAL OVERVIEW
+# This option controls whether only HARD states are counted on the
+# Tactical Overview, or if both HARD and SOFT states are counted.
+# Set to 1 to show only HARD states. Defaults to 0 (HARD+SOFT).
+
+#tac_cgi_hard_only=0
+
+
+
+# COMMAND COMMENTS
+# These options control whether or not comments are required, optional,
+# or not allowed for specific commands. The format for each line is:
+#    cmd-name=req,def-comment
+#
+#    cmd-name     is "CMT_" plus a command such as ADD_HOST_COMMENT
+#    req          0 = not allowed, 1 = optional, 2 = required
+#    def-comment  optional default comment that will be put in the input field
+#
+# The following examples override the default comment requirements in
+# some way.
+
+#CMT_ADD_HOST_COMMENT=1
+#CMT_ACKNOWLEDGE_HOST_PROBLEM=2,"Problem is being looked into"
+#CMT_SCHEDULE_SVC_CHECK=1
+#CMT_SCHEDULE_HOST_DOWNTIME=0

sio2/cyber/05-nagios/srv.cfg

@@ -0,0 +1,20 @@
+define host {
+	use linux-server
+	host_name		srv
+	alias			srv
+	address			192.168.0.28
+}
+
+define service {
+	use			generic-service
+	host_name		srv
+	service_description	WWW
+	check_command		check_http
+}
+
+define service {
+	use			generic-service
+	host_name		srv
+	service_description	SSH
+	check_command		check_ssh
+}

sio2/cyber/10-WireGuard/wg0.conf

@@ -0,0 +1,11 @@
+[Interface]
+PrivateKey = GIOgHwIs/0uNvwn/iAX5dP5PGjDY7+OpM/c50X6ry2k=
+Address = 10.0.2.2/32
+#DNS = 192.168.1.254
+
+[Peer]
+PublicKey = COah6qTtwZo4h9GhtBHBhySOwmH4g78sI49NLGmze3M=
+#AllowedIPs = 10.0.0.0/8, 192.168.1.0/24
+AllowedIPs = 0.0.0.0/0
+Endpoint = 192.168.0.40:51820
+PersistentKeepalive = 20

sio2/sisr/20-python/Exercice1

@@ -0,0 +1,4 @@
+#!/usr/bin/python3
+rayon = input('donnez la valeur du rayon : ')
+perimetre = 2 * 3.141592 * int(rayon)
+print (perimetre, " cm ")

sio2/sisr/20-python/Exercice2

@@ -0,0 +1,18 @@
+#!/usr/bin/python3
+tableau = []
+for i in range(3)
+	entier = int(input('chiffre : '))
+	tableau.append(entier)
+
+moy= sum(tableau)/len(tableau)
+
+def maximum(tableau):
+	vmax = tableau[0]
+
+
+
+
+def minimum(tableau):
+	vmax = tableau[0]
+
+

sio2/sisr/20-python/Exercice3

@@ -0,0 +1,13 @@
+#!/usr/bin/python3
+phrase = input ("Phrase : ")
+tabmot = phrase.split(' ')
+cptmot = {}
+for mot in tabmot :
+	if mot in tabmot:
+		cptmot [mot]=cptmot[mot] +1
+	else:
+		cptmot[mot]=1
+for key in cptmot.keys():
+	print (key, " ",cptmot[key])
+
+

sio2/sisr/20-python/cptmot.py

@@ -0,0 +1,13 @@
+#!/usr/bin/python3
+phrase = input('Phrase : ')
+tabmot = phrase.split(' ')
+cptmot = {}
+
+for mot in tabmot : 
+    if mot in cptmot :
+        cptmot[mot] = cptmot[mot] + 1
+    else :
+        cptmot[mot] = 1
+
+for key in cptmot.keys() :
+    print (key, " ", cptmot[key])

sio2/sisr/20-python/creatusr.py

@@ -0,0 +1,26 @@
+#!/usr/bin/python3
+
+import sys
+nbarg = len(sys.arg)
+
+if nbarg !=2
+	print ("Nombre d'arguments invalides")
+	exit (1)
+filename = sys.arg[1]
+
+try:
+    fh = open("user.txt", "r")
+except:
+    print ("Fichier user.txt inconnu")
+else:
+    line = fh.readline ()
+    while line:
+	nouvline = line.rstrip()
+	login.nomlong = nouvline.split(':')
+	print (nbarg)
+	#useradd (login)
+        line = fh.readline()
+
+    fh.close()
+
+

sio2/sisr/20-python/log.py

@@ -0,0 +1,10 @@
+#!/bin/usr/python3
+import re
+import  sys
+group = {}
+regexp = '^(\S+) (\S+) (\S+) \[([^]]+)\] "(\w+) (\S+).*" (\d+) (\S+)'
+for line in sys.stdin:
+    line = line.rstrip ( )
+    match = re.match (regexp, line)
+    if match:
+        print (match.group(1)," ",match.group(8))

sio2/sisr/20-python/user.txt

@@ -0,0 +1,3 @@
+jdaniel      : Jack Daniel
+wpeel        : William Peel
+ngraphaneaud : Noe Graphaneaud