Dépôt remis en public.

nouveau fichier : bts_annee_2/sisr2/pxe/dhcpd.conf
	nouveau fichier : bts_annee_2/sisr2/pxe/isc-dhcp-server
	nouveau fichier : bts_annee_2/sisr2/pxe/nftables.conf
	nouveau fichier : bts_annee_2/sisr2/seance_04/README.md
	nouveau fichier : bts_annee_2/sisr2/seance_04/lvs/haproxy.cfg
	nouveau fichier : bts_annee_2/sisr2/seance_04/lvs/ipvs.sh

README.md

@@ -1 +1,5 @@
-Dépôt de fichiers personnels provenant de machines virtuelles utilisées en TP.
+Dépôt de fichiers personnels provenant de machines virtuelles utilisées en TP.
+
+Ce Gitea contient aussi un script d'automatisation du processus de push et de pull, adaptés aux deux branches.
+
+Dépôt anciennement privé, devenu public le 16 Septembre 2024.

automate.sh

@@ -2,20 +2,61 @@
 # Script utilisé pour "automatiser" (raccourcir) le processus de pull, d'ajout, de commit et de push pour le répositoire Gitea personnel.
 # Ajout de messages et de délais pour mieux se repérer et se situer dans le processus.
 # Ajout d'un système de choix
+# Ajout d'un export de proxy HTTP/HTTPS automatique vers ceux du lycée pour la machine en salle 214.
+# Ajout d'un système de gestion d'erreur très basique pour éviter qu'un push/un pull se produise en cas de réponses incorrectes.
 
-echo "Voulez-vous récupérer les fichiers à jour ou effectuer un push ? [1 = Pull, 2 = Push]"
+export http_proxy="http://10.121.38.1:8080/"
+export https_proxy="http://10.121.38.1:8080/"
+
+echo "Voulez-vous récupérer les fichiers du dépôt ou effectuer un push sur le dépôt ? [1 = Pull, 2 = Push]"
 read answer
-if [ $answer == 1 ] ; then
-	echo "Récupération des fichiers à jour..."
-	git pull
+
+echo "Quelle branche est concernée ? [1 = main, 2 = test]"
+read branch
+
+if [ $branch == 1 ] ; then
+	if [ $answer == 1 ] ; then
+		git checkout main
+		echo "Récupération des fichiers à jour, branche main..."
+		git pull -q origin main
+	else
+		git checkout main
+		echo "Ajout des fichiers au Gitea..."
+		sleep 1
+		git add .
+		echo "Commit en cours..."
+		sleep 1
+		git commit
+		echo "Entrez la version du tag:"
+		read tag
+		git tag $tag
+		echo "Push des fichiers au Gitea, branche main..."
+		sleep 1
+		git push -q origin main --tag
+	fi
+
+elif [ $branch == 2 ] ; then
+	if [ $answer == 1 ] ; then
+		git checkout test
+		echo "Récupération des fichiers à jour dans la branche test..."
+		git pull -q origin test
+	else
+		git checkout test
+		echo "Ajout des fichiers au Gitea, branche test..."
+		sleep 1
+		git add .
+		echo "Commit en cours..."
+		sleep 1
+		git commit
+		echo "Entrez la version du tag:"
+		read tag
+		git tag $tag
+		echo "Push des fichiers au Gitea, branche test..."
+		sleep 1
+		git push -q origin test --tag
+	fi
+
 else
-	echo "Ajout des fichiers au Gitea..."
-	sleep 2
-	git add .
-	echo "Commit en cours..."
-	sleep 2
-	git commit
-	echo "Push des fichiers au Gitea..."
-	sleep 2
-	git push
-fi
+	echo "Choisissez une branche et une option valide. Veuillez relancer le script"
+
+fi

bts_annee_2/README.md

@@ -0,0 +1,2 @@
+Dépôt de seconde année de BTS.
+Divisé en deux, un côté SISR, un côté Cybersécurité.

bts_annee_2/cyber2/README.md

@@ -0,0 +1,2 @@
+Dépôt de seconde année de Cybersécurité.
+Chaque dossier porte le numéro de la séance associée.

bts_annee_2/sisr2/README.md

@@ -0,0 +1,2 @@
+Dépôt de seconde année de SISR.
+Chaque dossier porte le numéro de la séance associée.

bts_annee_2/sisr2/pxe/README.md

@@ -0,0 +1 @@
+Fichiers de configuration de la cinquième séance de SISR, sur PXE et le Netboot.

bts_annee_2/sisr2/pxe/dhcpd.conf

@@ -0,0 +1,112 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+#option domain-name "example.org";
+option domain-name-servers 10.121.38.7, 10.121.38.8;
+
+default-lease-time 100000;
+max-lease-time 7200000;
+
+allow booting;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+subnet 192.168.1.0 netmask 255.255.255.0 {
+  range 192.168.1.10 192.168.1.20;
+  option broadcast-address 192.168.1.255;
+  option routers 192.168.1.100;
+  next-server 192.168.1.100;
+  filename "pxelinux.0";
+}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.example.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}

bts_annee_2/sisr2/pxe/nftables.conf

@@ -0,0 +1,24 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+	chain input {
+		type filter hook input priority filter;
+	}
+	chain forward {
+		type filter hook forward priority filter;
+	}
+	chain output {
+		type filter hook output priority filter;
+	}
+}
+table inet nat {
+	chain prerouting {
+		type nat hook prerouting priority 0;
+	}
+	chain postrouting {
+		type nat hook postrouting priority 100;
+		oifname "enp0s3" masquerade
+	}
+}

bts_annee_2/sisr2/seance_03/README.md

@@ -0,0 +1,2 @@
+Vagrantfiles de la troisième séance en SISR, et scripts pour le heartbeat.
+Les dossiers nominaux sont les machines du heartbeat.

bts_annee_2/sisr2/seance_03/hb1/inst-hb1.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+# les bases 
+#  noeud hb1  : 192.168.0.101 
+#  noeud hb2  : 192.168.0.102 
+#  addr virt. : 192.168.0.103 
+    
+sed -i 's/bookworm/hb1/g' /etc/host{s,name}
+apt update
+apt install -y heartbeat apache2 net-tools
+systemctl disable apache2
+
+cat <<EOT> /etc/network/interfaces.d/enp0s3
+allow-hotplug enp0s3
+iface enp0s3 inet static
+address 192.168.0.101/24 # a adapter pour hb2
+EOT
+
+cat <<EOT> /etc/network/interfaces.d/enp0s8
+allow-hotplug enp0s8
+iface enp0s8 inet static
+address 10.0.0.1/24      # a adapter pour hb2
+EOT
+
+cd /usr/share/doc/heartbeat
+gunzip *.gz
+cp ha.cf /etc/ha.d
+cp haresources /etc/ha.d
+cp authkeys /etc/ha.d
+cd /etc/ha.d
+echo "192.168.0.102 hb2" >> /etc/hosts # a adapter pour hb2
+
+cat <<EOT >> /etc/ha.d/ha.cf
+bcast enp0s8
+node hb1
+node hb2
+pacemaker off
+EOT
+
+# echo " hb1 192.168.0.103 apache2" >> /etc/ha.d/haresources pou Debian buster
+echo " hb1 192.168.0.103/24/enp0s3 apache2" >> /etc/ha.d/haresources 
+
+cat <<EOT >> /etc/ha.d/authkeys
+auth 1
+1 crc
+EOT
+
+chmod 600 /etc/ha.d/authkeys
+echo hb1 > /var/www/html/index.html # a adapter pour hb2
+ #

bts_annee_2/sisr2/seance_03/hb2/inst-hb2.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+# les bases 
+#  noeud hb1  : 192.168.0.101 
+#  noeud hb2  : 192.168.0.102 
+#  addr virt. : 192.168.0.103 
+    
+sed -i 's/bookworm/hb2/g' /etc/host{s,name}
+apt update
+apt install -y heartbeat apache2 net-tools
+systemctl disable apache2
+
+cat <<EOT> /etc/network/interfaces.d/enp0s3
+allow-hotplug enp0s3
+iface enp0s3 inet static
+address 192.168.0.102/24 # a adapter pour hb2
+EOT
+
+cat <<EOT> /etc/network/interfaces.d/enp0s8
+allow-hotplug enp0s8
+iface enp0s8 inet static
+address 10.0.0.2/24      # a adapter pour hb2
+EOT
+
+cd /usr/share/doc/heartbeat
+gunzip *.gz
+cp ha.cf /etc/ha.d
+cp haresources /etc/ha.d
+cp authkeys /etc/ha.d
+cd /etc/ha.d
+echo "192.168.0.101 hb1" >> /etc/hosts # a adapter pour hb2
+
+cat <<EOT >> /etc/ha.d/ha.cf
+bcast enp0s8
+node hb1
+node hb2
+pacemaker off
+EOT
+
+# echo " hb1 192.168.0.103 apache2" >> /etc/ha.d/haresources pou Debian buster
+echo " hb1 192.168.0.103/24/enp0s3 apache2" >> /etc/ha.d/haresources 
+
+cat <<EOT >> /etc/ha.d/authkeys
+auth 1
+1 crc
+EOT
+
+chmod 600 /etc/ha.d/authkeys
+echo hb2 > /var/www/html/index.html # a adapter pour hb2
+ #

bts_annee_2/sisr2/seance_03/vagrant/Vagrantfile_bookworm

@@ -0,0 +1,79 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+ 
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+ 
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "bookworm"
+ 
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+ 
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+ 
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+ 
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+ 
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+ 
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessable to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+ 
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+ 
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
+     apt-get update
+     apt-get install -y vim wget curl neovim mc
+   SHELL
+end

bts_annee_2/sisr2/seance_03/vagrant/Vagrantfile_rsync

@@ -0,0 +1,28 @@
+    # -*- mode: ruby -*-
+    # vi: set ft=ruby :
+    Vagrant.configure("2") do |config|
+      config.vm.provision "shell", inline: "apt-get update" # execute pour chacune des machines
+     
+      config.vm.define "srv1" do |srv1|#VM No'1
+        srv1.vm.box = "debian/bookworm64" #Setting machine type
+        srv1.vm.hostname = "srv1" #Setting machine type
+        srv1.vm.network "public_network", ip: "192.168.0.111"#Set static IP
+        srv1.vm.provision "shell", inline: <<-SHELL
+         timedatectl set-timezone Europe/Paris
+         apt-get install -y wget curl vim unzip apache2
+         echo "192.168.0.112 srv2" >> /etc/hosts
+       SHELL
+      end
+     
+      config.vm.define "srv2" do |srv2|# VM No2
+        srv2.vm.box = "debian/bookworm64" #Setting machine type
+        srv2.vm.hostname = "srv2" #Setting machine type
+        srv2.vm.network "public_network", ip: "192.168.0.112"  #Set static IP
+        srv2.vm.provision "shell", inline: <<-SHELL
+         timedatectl set-timezone Europe/Paris
+         apt-get install -y wget curl vim unzip apache2
+         echo "192.168.0.111 srv1" >> /etc/hosts
+        SHELL
+      end
+    end
+

bts_annee_2/sisr2/seance_04/README.md

@@ -0,0 +1 @@
+Dossier avec les fichiers provenant de la machine LVS pour l'équilibrage des charges.

bts_annee_2/sisr2/seance_04/lvs/haproxy.cfg

@@ -0,0 +1,44 @@
+global
+	log /dev/log	local0
+	log /dev/log	local1 notice
+	chroot /var/lib/haproxy
+	stats socket /run/haproxy/admin.sock mode 660 level admin
+	stats timeout 30s
+	user haproxy
+	group haproxy
+	daemon
+
+	# Default SSL material locations
+	ca-base /etc/ssl/certs
+	crt-base /etc/ssl/private
+
+	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
+        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
+
+defaults
+	log	global
+	mode	http
+	option	httplog
+	option	dontlognull
+        timeout connect 5000
+        timeout client  50000
+        timeout server  50000
+	errorfile 400 /etc/haproxy/errors/400.http
+	errorfile 403 /etc/haproxy/errors/403.http
+	errorfile 408 /etc/haproxy/errors/408.http
+	errorfile 500 /etc/haproxy/errors/500.http
+	errorfile 502 /etc/haproxy/errors/502.http
+	errorfile 503 /etc/haproxy/errors/503.http
+	errorfile 504 /etc/haproxy/errors/504.http
+# conf perso
+frontend front_webservers
+	bind *:80
+	default_backend backend_webservers
+	option forwardfor
+
+backend backend_webservers
+	balance roundrobin
+	server web1-ge 172.16.1.1:80 check
+	server web2-ge 172.16.1.2:80 check

bts_annee_2/sisr2/seance_04/lvs/ipvs.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+ipvsadm -A -t 192.168.0.150:80 -s rr
+ipvsadm -a -t 192.168.0.150:80 -r 172.16.1.1:80 -m
+ipvsadm -a -t 192.168.0.150:80 -r 172.16.1.2:80 -m
+ipvsadm -L

sisr1/README.md

@@ -1 +1,17 @@
-Chaque dossier porte le nom du TP associé.
+Chaque dossier porte le numéro et la description du TP associé.
+
+01: Mise en oeuvre d'une infrastructure DHCP et routage.
+
+02: Paramétrage d'un serveur DNS.
+
+03: Création d'un réseau privé à administrer.
+
+04: Administration d'un réseau privé.
+
+05: Création d'un partage de fichiers Samba.
+
+06: Paramétrage d'un serveur proxy.
+
+07: Firewall avec netfilter et nftables.
+
+08: Modification d'une infrastructure.

sisr1/tp01-02/files_dhcp/README.md

@@ -1 +0,0 @@
-Files for the srv-dhcp-ge Virtual Machine, from the FIRST and SECOND TPs.

sisr1/tp01-02/files_dns1/README.md

@@ -1 +0,0 @@
-Files for the srv-dns1-ge Virtual Machine, from the FIRST and SECOND TPs.

sisr1/tp01-02/files_dns2/README.md

@@ -1 +0,0 @@
-Files for the srv-dns2-ge Virtual Machine, from the FIRST AND SECOND TPs.

sisr1/tp01-02_dhcp_dns/files_dhcp_vm/README.md

@@ -0,0 +1 @@
+Fichiers du premier et deuxième TP pour la machine srv-dhcp-ge.

sisr1/tp01-02_dhcp_dns/files_dhcp_vm/isc-dhcp-server

@@ -0,0 +1,18 @@
+# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
+#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+DHCPDv4_PID=/var/run/dhcpd.pid
+#DHCPDv6_PID=/var/run/dhcpd6.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="enp0s8"
+INTERFACESv6=""

sisr1/tp01-02_dhcp_dns/files_dns1_vm/README.md

@@ -0,0 +1 @@
+Fichiers du premier et deuxième TP pour la machine srv-dns1-ge.

sisr1/tp01-02_dhcp_dns/files_dns2_vm/README.md

@@ -0,0 +1 @@
+Fichiers du premier et deuxième TP pour la machine srv-dns2-ge.

sisr1/tp03/files_admin/README.md

@@ -1 +0,0 @@
-Files for the srv-admin-ge Virtual Machine.

sisr1/tp03/files_dns2/README.md

@@ -1 +0,0 @@
-Files for the srv-dns2-ge Virtual Machine.

sisr1/tp03/files_service/README.md

@@ -1 +0,0 @@
-Files for the srv-dns1-ge Virtual Machine.

sisr1/tp03_reseau_prive_creation/files_admin_vm/README.md

@@ -0,0 +1 @@
+Fichiers de la machine srv-admin-ge.

sisr1/tp03_reseau_prive_creation/files_dns2_vm/README.md

@@ -0,0 +1 @@
+Fichiers pour la machine srv-dns2-ge.

sisr1/tp03_reseau_prive_creation/files_service_vm/README.md

@@ -0,0 +1 @@
+Fichiers de la machine srv-service-ge.

sisr1/tp04/auto_nat/README.md

@@ -1,2 +0,0 @@
-Copy to /etc/systemd/system.
-This file is a service to automate the NAT on the Virtual Machine.

sisr1/tp04/scripts_and_files/README.md

@@ -1 +0,0 @@
-This folder holds every single file and script done in the FOURTH TP.

sisr1/tp04_reseau_prive_administration/auto_nat/README.md

@@ -0,0 +1,2 @@
+Copy to /etc/systemd/system.
+C'est un service systemd pour automatiser la NAT.

sisr1/tp04_reseau_prive_administration/scripts_and_files/README.md

@@ -0,0 +1 @@
+Ce dossier content les fichiers et les scripts.