Compare commits
	
		
			5 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | b922c7b009 | ||
|  | 8dde9a9e9f | ||
|  | 2c6ab59e82 | ||
|  | 7ecbfcd3e6 | ||
|  | a8125f9062 | 
							
								
								
									
										4
									
								
								sio2/ct-ansible/hosts
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								sio2/ct-ansible/hosts
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| [user] | ||||
| srv | ||||
|  | ||||
|  | ||||
							
								
								
									
										4
									
								
								sio2/ct-ansible/resolv.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								sio2/ct-ansible/resolv.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | ||||
| search sio.lan | ||||
| domain sio.lan | ||||
| nameserver 10.121.38.7 | ||||
| nameserver 10.121.38.8 | ||||
							
								
								
									
										125
									
								
								sio2/ct-ansible/sshd_config
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										125
									
								
								sio2/ct-ansible/sshd_config
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,125 @@ | ||||
| #	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ | ||||
|  | ||||
| # This is the sshd server system-wide configuration file.  See | ||||
| # sshd_config(5) for more information. | ||||
|  | ||||
| # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin | ||||
|  | ||||
| # The strategy used for options in the default sshd_config shipped with | ||||
| # OpenSSH is to specify options with their default value where | ||||
| # possible, but leave them commented.  Uncommented options override the | ||||
| # default value. | ||||
|  | ||||
| Include /etc/ssh/sshd_config.d/*.conf | ||||
|  | ||||
| #Port 22 | ||||
| #AddressFamily any | ||||
| #ListenAddress 0.0.0.0 | ||||
| #ListenAddress :: | ||||
|  | ||||
| #HostKey /etc/ssh/ssh_host_rsa_key | ||||
| #HostKey /etc/ssh/ssh_host_ecdsa_key | ||||
| #HostKey /etc/ssh/ssh_host_ed25519_key | ||||
|  | ||||
| # Ciphers and keying | ||||
| #RekeyLimit default none | ||||
|  | ||||
| # Logging | ||||
| #SyslogFacility AUTH | ||||
| #LogLevel INFO | ||||
|  | ||||
| # Authentication: | ||||
|  | ||||
| #LoginGraceTime 2m | ||||
| #PermitRootLogin prohibit-password | ||||
| #StrictModes yes | ||||
| #MaxAuthTries 6 | ||||
| #MaxSessions 10 | ||||
|  | ||||
| #PubkeyAuthentication yes | ||||
|  | ||||
| # Expect .ssh/authorized_keys2 to be disregarded by default in future. | ||||
| #AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2 | ||||
|  | ||||
| #AuthorizedPrincipalsFile none | ||||
|  | ||||
| #AuthorizedKeysCommand none | ||||
| #AuthorizedKeysCommandUser nobody | ||||
|  | ||||
| # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | ||||
| #HostbasedAuthentication no | ||||
| # Change to yes if you don't trust ~/.ssh/known_hosts for | ||||
| # HostbasedAuthentication | ||||
| #IgnoreUserKnownHosts no | ||||
| # Don't read the user's ~/.rhosts and ~/.shosts files | ||||
| #IgnoreRhosts yes | ||||
|  | ||||
| # To disable tunneled clear text passwords, change to no here! | ||||
| #PasswordAuthentication yes | ||||
| #PermitEmptyPasswords no | ||||
|  | ||||
| # Change to yes to enable challenge-response passwords (beware issues with | ||||
| # some PAM modules and threads) | ||||
| ChallengeResponseAuthentication no | ||||
|  | ||||
| # Kerberos options | ||||
| #KerberosAuthentication no | ||||
| #KerberosOrLocalPasswd yes | ||||
| #KerberosTicketCleanup yes | ||||
| #KerberosGetAFSToken no | ||||
|  | ||||
| # GSSAPI options | ||||
| #GSSAPIAuthentication no | ||||
| #GSSAPICleanupCredentials yes | ||||
| #GSSAPIStrictAcceptorCheck yes | ||||
| #GSSAPIKeyExchange no | ||||
|  | ||||
| # Set this to 'yes' to enable PAM authentication, account processing, | ||||
| # and session processing. If this is enabled, PAM authentication will | ||||
| # be allowed through the ChallengeResponseAuthentication and | ||||
| # PasswordAuthentication.  Depending on your PAM configuration, | ||||
| # PAM authentication via ChallengeResponseAuthentication may bypass | ||||
| # the setting of "PermitRootLogin without-password". | ||||
| # If you just want the PAM account and session checks to run without | ||||
| # PAM authentication, then enable this but set PasswordAuthentication | ||||
| # and ChallengeResponseAuthentication to 'no'. | ||||
| UsePAM yes | ||||
|  | ||||
| #AllowAgentForwarding yes | ||||
| #AllowTcpForwarding yes | ||||
| #GatewayPorts no | ||||
| X11Forwarding yes | ||||
| #X11DisplayOffset 10 | ||||
| #X11UseLocalhost yes | ||||
| #PermitTTY yes | ||||
| PrintMotd no | ||||
| #PrintLastLog yes | ||||
| #TCPKeepAlive yes | ||||
| #PermitUserEnvironment no | ||||
| #Compression delayed | ||||
| #ClientAliveInterval 0 | ||||
| #ClientAliveCountMax 3 | ||||
| #UseDNS no | ||||
| #PidFile /var/run/sshd.pid | ||||
| #MaxStartups 10:30:100 | ||||
| #PermitTunnel no | ||||
| #ChrootDirectory none | ||||
| #VersionAddendum none | ||||
|  | ||||
| # no default banner path | ||||
| #Banner none | ||||
|  | ||||
| # Allow client to pass locale environment variables | ||||
| AcceptEnv LANG LC_* | ||||
|  | ||||
| # override default of no subsystems | ||||
| Subsystem	sftp	/usr/lib/openssh/sftp-server | ||||
|  | ||||
| # Example of overriding settings on a per-user basis | ||||
| #Match User anoncvs | ||||
| #	X11Forwarding no | ||||
| #	AllowTcpForwarding no | ||||
| #	PermitTTY no | ||||
| #	ForceCommand cvs server | ||||
| PermitRootLogin yes | ||||
| PermitRootLogin prohibit-password | ||||
							
								
								
									
										36
									
								
								sio2/ct-ansible/utilisateur.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										36
									
								
								sio2/ct-ansible/utilisateur.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,36 @@ | ||||
| --- | ||||
| - hosts: srv | ||||
|   vars: | ||||
|     password: Azerty1+ | ||||
|   tasks: | ||||
|  | ||||
|     - name: creation de l'utilisateur sioadm | ||||
|       user: | ||||
|         name: sioadm | ||||
|         state: present | ||||
|         generate_ssh_key: yes | ||||
|         uid: 1200 | ||||
|         groups: sudo | ||||
|         append: yes | ||||
|         password: "{{ 'Azerty1+' | password_hash('sha512') }}" | ||||
|        | ||||
|     - name: desinstallation du paquet wpasupplicant | ||||
|       apt: | ||||
|          name: wpasupplicant | ||||
|          state: absent | ||||
|  | ||||
|     - name: desinstallation du paquet rpcbind | ||||
|       apt: | ||||
|          name: rpcbind | ||||
|          state: absent | ||||
|  | ||||
|     - name: copie du fichier /etc/resolv.conf | ||||
|       copy: | ||||
|         src: resolv.conf | ||||
|         dest: /etc/resolv.conf | ||||
|  | ||||
|     - name: ajout de la ligne PermitRootLogin prohibit-password dans /etc/ssh/sshd_config | ||||
|       lineinfile: | ||||
|         path: /etc/ssh/sshd_config | ||||
|         line: 'PermitRootLogin prohibit-password' | ||||
|         create: yes | ||||
							
								
								
									
										11
									
								
								sio2/cyber/10-WireGuard/wg0.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								sio2/cyber/10-WireGuard/wg0.conf
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | ||||
| [Interface] | ||||
| PrivateKey = GIOgHwIs/0uNvwn/iAX5dP5PGjDY7+OpM/c50X6ry2k= | ||||
| Address = 10.0.2.2/32 | ||||
| #DNS = 192.168.1.254 | ||||
|  | ||||
| [Peer] | ||||
| PublicKey = COah6qTtwZo4h9GhtBHBhySOwmH4g78sI49NLGmze3M= | ||||
| #AllowedIPs = 10.0.0.0/8, 192.168.1.0/24 | ||||
| AllowedIPs = 0.0.0.0/0 | ||||
| Endpoint = 192.168.0.40:51820 | ||||
| PersistentKeepalive = 20 | ||||
		Reference in New Issue
	
	Block a user