From 281b5895274d48abbc5dd2b9313bfd3ab2537060 Mon Sep 17 00:00:00 2001
From: Andgel Sassignol <andgel.sassignol@ip-192-168-0-39>
Date: Wed, 9 Nov 2022 17:47:40 +0100
Subject: [PATCH] SDIS29

---
 SDIS29-P2/config                              |  3 +
 SDIS29-P2/ppe34test/hosts                     |  3 +
 SDIS29-P2/ppe34test/ppebase.yml               | 13 +++
 SDIS29-P2/ppe34test/ppedb.yml                 |  9 ++
 SDIS29-P2/ppe34test/ppedbdump.yml             |  9 ++
 .../ppe34test/roles/ppebase/defaults/main.yml |  2 +
 .../ppe34test/roles/ppebase/tasks/main.yml    | 96 +++++++++++++++++++
 .../roles/ppebase/templates/context.xml.j2    | 19 ++++
 .../ppebase/templates/tomcat-users.xml.j2     | 44 +++++++++
 .../roles/ppebase/templates/tomcat.service.j2 | 22 +++++
 .../ppe34test/roles/ppebase/vars/main.yml     |  2 +
 .../ppe34test/roles/ppedb/handlers/main.yml   |  4 +
 .../ppe34test/roles/ppedb/tasks/main.yml      | 31 ++++++
 .../roles/ppedbdump/tasks/createdump.yml      |  5 +
 .../roles/ppedbdump/tasks/createdump.yml.sv1  | 15 +++
 SDIS29/ap34prod/goss.yaml                     | 37 +++++++
 SDIS29/ap34prod/rsyslog.conf                  | 94 ++++++++++++++++++
 SDIS29/ap34wiki/script-dokuwiki               | 22 +++++
 SDIS29/gwsio4/redirp.sh                       |  5 +
 SDIS29/svwar.sh                               |  8 ++
 SDIS29/syslog/journald.conf                   | 44 +++++++++
 SDIS29/syslog/logrotate.conf                  | 23 +++++
 SDIS29/syslog/rsyslog.conf                    | 92 ++++++++++++++++++
 SDIS29/vpn/journald.conf                      | 44 +++++++++
 SDIS29/vpn/rsyslog.conf                       | 92 ++++++++++++++++++
 SDIS29/vpn/wg0.conf                           | 21 ++++
 26 files changed, 759 insertions(+)
 create mode 100644 SDIS29-P2/config
 create mode 100644 SDIS29-P2/ppe34test/hosts
 create mode 100644 SDIS29-P2/ppe34test/ppebase.yml
 create mode 100644 SDIS29-P2/ppe34test/ppedb.yml
 create mode 100644 SDIS29-P2/ppe34test/ppedbdump.yml
 create mode 100644 SDIS29-P2/ppe34test/roles/ppebase/defaults/main.yml
 create mode 100644 SDIS29-P2/ppe34test/roles/ppebase/tasks/main.yml
 create mode 100644 SDIS29-P2/ppe34test/roles/ppebase/templates/context.xml.j2
 create mode 100644 SDIS29-P2/ppe34test/roles/ppebase/templates/tomcat-users.xml.j2
 create mode 100644 SDIS29-P2/ppe34test/roles/ppebase/templates/tomcat.service.j2
 create mode 100644 SDIS29-P2/ppe34test/roles/ppebase/vars/main.yml
 create mode 100644 SDIS29-P2/ppe34test/roles/ppedb/handlers/main.yml
 create mode 100755 SDIS29-P2/ppe34test/roles/ppedb/tasks/main.yml
 create mode 100644 SDIS29-P2/ppe34test/roles/ppedbdump/tasks/createdump.yml
 create mode 100644 SDIS29-P2/ppe34test/roles/ppedbdump/tasks/createdump.yml.sv1
 create mode 100644 SDIS29/ap34prod/goss.yaml
 create mode 100644 SDIS29/ap34prod/rsyslog.conf
 create mode 100755 SDIS29/ap34wiki/script-dokuwiki
 create mode 100755 SDIS29/gwsio4/redirp.sh
 create mode 100755 SDIS29/svwar.sh
 create mode 100644 SDIS29/syslog/journald.conf
 create mode 100644 SDIS29/syslog/logrotate.conf
 create mode 100644 SDIS29/syslog/rsyslog.conf
 create mode 100644 SDIS29/vpn/journald.conf
 create mode 100644 SDIS29/vpn/rsyslog.conf
 create mode 100644 SDIS29/vpn/wg0.conf

diff --git a/SDIS29-P2/config b/SDIS29-P2/config
new file mode 100644
index 0000000..d43614d
--- /dev/null
+++ b/SDIS29-P2/config
@@ -0,0 +1,3 @@
+host localhost
+        user root
+	hostname 127.0.0.1
diff --git a/SDIS29-P2/ppe34test/hosts b/SDIS29-P2/ppe34test/hosts
new file mode 100644
index 0000000..8aff93e
--- /dev/null
+++ b/SDIS29-P2/ppe34test/hosts
@@ -0,0 +1,3 @@
+[local]
+localhost
+127.0.0.1
diff --git a/SDIS29-P2/ppe34test/ppebase.yml b/SDIS29-P2/ppe34test/ppebase.yml
new file mode 100644
index 0000000..ab301bb
--- /dev/null
+++ b/SDIS29-P2/ppe34test/ppebase.yml
@@ -0,0 +1,13 @@
+- name: Installer Tomcat et MariaDB puis lancer les services
+  hosts: all       # Inventory hosts group / server to act on
+  become: yes               # If to escalate privilege
+  become_method: sudo       # Set become method
+  remote_user: root         # Update username for remote server
+  vars:
+    tomcat_ver: 10.0.13                          # Tomcat version to install
+    ui_manager_user: manager                    # User who can access the UI manager section only
+    ui_manager_pass: root      # UI manager user password
+    ui_admin_username: admin                    # User who can access bpth manager and admin UI sections
+    ui_admin_pass: root          # UI admin password
+  roles:
+    - ppebase
diff --git a/SDIS29-P2/ppe34test/ppedb.yml b/SDIS29-P2/ppe34test/ppedb.yml
new file mode 100644
index 0000000..7748ef2
--- /dev/null
+++ b/SDIS29-P2/ppe34test/ppedb.yml
@@ -0,0 +1,9 @@
+---
+- name: Creer la BDD, creer les comptes et injecter la BDD
+  hosts: all
+  become: yes
+  become_method: sudo
+  remote_user: root
+
+  roles:
+    - ppedb
diff --git a/SDIS29-P2/ppe34test/ppedbdump.yml b/SDIS29-P2/ppe34test/ppedbdump.yml
new file mode 100644
index 0000000..5456474
--- /dev/null
+++ b/SDIS29-P2/ppe34test/ppedbdump.yml
@@ -0,0 +1,9 @@
+---
+- name: Sauvegarder la BDD
+  hosts: all
+  become: yes
+  become_method: sudo
+  remote_user: root
+
+  roles:
+    - ppedbdump
diff --git a/SDIS29-P2/ppe34test/roles/ppebase/defaults/main.yml b/SDIS29-P2/ppe34test/roles/ppebase/defaults/main.yml
new file mode 100644
index 0000000..3ab700f
--- /dev/null
+++ b/SDIS29-P2/ppe34test/roles/ppebase/defaults/main.yml
@@ -0,0 +1,2 @@
+tomcat_archive_url: http://depl/store/apache-tomcat-10.0.13.tar.gz
+tomcat_archive_dest: /usr/share/tomcat/
diff --git a/SDIS29-P2/ppe34test/roles/ppebase/tasks/main.yml b/SDIS29-P2/ppe34test/roles/ppebase/tasks/main.yml
new file mode 100644
index 0000000..24cd880
--- /dev/null
+++ b/SDIS29-P2/ppe34test/roles/ppebase/tasks/main.yml
@@ -0,0 +1,96 @@
+  - name: Install basic packages
+    package:
+      name: ['vim','aptitude','bash-completion','tmux','tree','htop','wget','unzip','curl','git','python']
+      state: present
+      update_cache: yes
+
+  - name: installer JDK
+    apt:
+      name: openjdk-11-jdk
+      state: present
+
+  - name: creer le repertoire /opt/tomcat
+    file:
+      path: /usr/share/tomcat
+      state: directory
+      mode: 0755
+
+  - name: creer le groupe tomcat
+    group:
+      name: tomcat
+
+  - name: creer l'utilisateur tomcat
+    user:
+      name: tomcat
+      group: tomcat
+      home: /usr/share/tomcat
+      createhome: no
+
+  - name: installer TomCat
+    unarchive:
+      src: http://depl/store/apache-tomcat-10.0.13.tar.gz
+      dest: /usr/share/tomcat
+      remote_src: yes
+
+  - name: Change ownership
+    file:
+      path: /usr/share/tomcat
+      owner: tomcat
+      group: tomcat
+      mode: "u+rwx,g+rx,o=rx"
+      recurse: yes
+      state: directory
+
+  - name: Templating Tomcat service from local to remote
+    template:
+      src: tomcat.service.j2
+      dest: /etc/systemd/system/tomcat.service
+    when: ansible_service_mgr == "systemd"
+
+  - name: Demarrer tomcat
+    local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/startup.sh
+
+  - name: Definition des utilisateurs
+    template:
+      src: tomcat-users.xml.j2
+      dest: /usr/share/tomcat/apache-tomcat-10.0.13/conf/tomcat-users.xml
+
+  - name: Autorisation des différentes ips de connexions
+    template:
+      src: context.xml.j2
+      dest: "{{ item }}" 
+    with_items:
+      - /usr/share/tomcat/apache-tomcat-10.0.13/webapps/host-manager/META-INF/context.xml
+      - /usr/share/tomcat/apache-tomcat-10.0.13/webapps/manager/META-INF/context.xml
+
+  - name: Redemarrer le service tomcat (1)
+    local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/shutdown.sh
+
+  - name: Redemarrer le service tomcat (2)
+    local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/startup.sh
+
+  - name: Redemarrer le service tomcat (3)
+    local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/catalina.sh start
+
+
+  - name: on installe java
+    apt:
+      name: default-jdk
+      state: present
+
+  - name: on installe les paquets de MariaDB
+    apt:
+      name: mariadb-server
+      state: latest
+      update_cache: yes
+
+  - name: on installe Python3
+    apt:
+      name: python3-pymysql
+      state: latest
+
+  - name: on lance MariaDB
+    service:
+      name: mysql
+      state: started
+
diff --git a/SDIS29-P2/ppe34test/roles/ppebase/templates/context.xml.j2 b/SDIS29-P2/ppe34test/roles/ppebase/templates/context.xml.j2
new file mode 100644
index 0000000..9265673
--- /dev/null
+++ b/SDIS29-P2/ppe34test/roles/ppebase/templates/context.xml.j2
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+</Context>
diff --git a/SDIS29-P2/ppe34test/roles/ppebase/templates/tomcat-users.xml.j2 b/SDIS29-P2/ppe34test/roles/ppebase/templates/tomcat-users.xml.j2
new file mode 100644
index 0000000..dd9bff3
--- /dev/null
+++ b/SDIS29-P2/ppe34test/roles/ppebase/templates/tomcat-users.xml.j2
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+<!--
+  NOTE:  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
+  you must define such a user - the username and password are arbitrary. It is
+  strongly recommended that you do NOT use one of the users in the commented out
+  section below since they are intended for use with the examples web
+  application.
+-->
+<!--
+  NOTE:  The sample user and role entries below are intended for use with the
+  examples web application. They are wrapped in a comment and thus are ignored
+  when reading this file. If you wish to configure these users for use with the
+  examples web application, do not forget to remove the <!.. ..> that surrounds
+  them. You will also need to set the passwords to something appropriate.
+-->
+<!-- user manager can access only manager section -->
+<role rolename="manager-gui" />
+<user username="{{ ui_manager_user }}" password="{{ ui_manager_pass }}" roles="manager-gui" />
+
+<!-- user admin can access manager and admin section both -->
+<role rolename="admin-gui" />
+<user username="{{ ui_admin_username }}" password="{{ ui_admin_pass }}" roles="manager-gui,admin-gui" />
+</tomcat-users>
diff --git a/SDIS29-P2/ppe34test/roles/ppebase/templates/tomcat.service.j2 b/SDIS29-P2/ppe34test/roles/ppebase/templates/tomcat.service.j2
new file mode 100644
index 0000000..1c902f5
--- /dev/null
+++ b/SDIS29-P2/ppe34test/roles/ppebase/templates/tomcat.service.j2
@@ -0,0 +1,22 @@
+[Unit]
+Description=Tomcat
+After=syslog.target network.target
+
+[Service]
+Type=forking
+
+User=tomcat
+Group=tomcat
+
+Environment=JAVA_HOME={{ JAVA_HOME }}
+Environment='JAVA_OPTS=-Djava.awt.headless=true'
+
+Environment=CATALINA_HOME=/usr/share/tomcat/apache-tomcat-10.0.13
+Environment=CATALINA_BASE=/usr/share/tomcat/apache-tomcat-10.0.13
+Environment=CATALINA_PID=/usr/share/tomcat/apache-tomcat-10.0.13/temp/tomcat.pid
+
+ExecStart=catalina.sh start
+ExecStop=catalina.sh stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/SDIS29-P2/ppe34test/roles/ppebase/vars/main.yml b/SDIS29-P2/ppe34test/roles/ppebase/vars/main.yml
new file mode 100644
index 0000000..aae9205
--- /dev/null
+++ b/SDIS29-P2/ppe34test/roles/ppebase/vars/main.yml
@@ -0,0 +1,2 @@
+---
+JAVA_HOME: /usr/lib/jvm/default-java
diff --git a/SDIS29-P2/ppe34test/roles/ppedb/handlers/main.yml b/SDIS29-P2/ppe34test/roles/ppedb/handlers/main.yml
new file mode 100644
index 0000000..fd495eb
--- /dev/null
+++ b/SDIS29-P2/ppe34test/roles/ppedb/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: Restart MySQL
+  service:
+    name: mysqld
+    state: restarted
diff --git a/SDIS29-P2/ppe34test/roles/ppedb/tasks/main.yml b/SDIS29-P2/ppe34test/roles/ppedb/tasks/main.yml
new file mode 100755
index 0000000..ee6f392
--- /dev/null
+++ b/SDIS29-P2/ppe34test/roles/ppedb/tasks/main.yml
@@ -0,0 +1,31 @@
+- name: on lance MariaDB
+  service:
+    name: mysql
+    state: started
+
+- name: creation de la BDD sdis29
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: sdis29
+      
+- name: creation de l'utilisateur slam
+  mysql_user:
+    name: slam
+    password: Azerty1+
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+      #- name: injection de la BDD
+      #command: scp sio@10.121.38.95:/home/sio/bdd/sdis29.sql /tmp
+
+- name: restauration de la bdd
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: sdis29
+    state: import
+    target: /tmp/sdis29.sql
+    login_user: slam
+    login_password: Azerty1+
+  notify: Restart MySQL
+
diff --git a/SDIS29-P2/ppe34test/roles/ppedbdump/tasks/createdump.yml b/SDIS29-P2/ppe34test/roles/ppedbdump/tasks/createdump.yml
new file mode 100644
index 0000000..0935ad6
--- /dev/null
+++ b/SDIS29-P2/ppe34test/roles/ppedbdump/tasks/createdump.yml
@@ -0,0 +1,5 @@
+- name: Copie de la sauv distante
+  ansible.builtin.fetch:
+    src: /tmp/sdis29.sql
+    dest: /sauvegarde
+    flat: yes
diff --git a/SDIS29-P2/ppe34test/roles/ppedbdump/tasks/createdump.yml.sv1 b/SDIS29-P2/ppe34test/roles/ppedbdump/tasks/createdump.yml.sv1
new file mode 100644
index 0000000..97da50a
--- /dev/null
+++ b/SDIS29-P2/ppe34test/roles/ppedbdump/tasks/createdump.yml.sv1
@@ -0,0 +1,15 @@
+- name: creer une sauvegarde
+  mysql_db:
+    name: sdis29
+    state: dump
+    target: /tmp/sdis29.sql
+    login_host: localhost
+    login_user: slam
+    login_password: Azerty1+
+    login_unix_user: /var/run/mysqld/mysqld.sock
+
+- name: Copie de la sauv distante
+  ansible.builtin.fetch:
+    src: /tmp/sdis29.sql
+    dest: /root/sauvegarde/sql/
+    flat: yes
diff --git a/SDIS29/ap34prod/goss.yaml b/SDIS29/ap34prod/goss.yaml
new file mode 100644
index 0000000..1ab5e8d
--- /dev/null
+++ b/SDIS29/ap34prod/goss.yaml
@@ -0,0 +1,37 @@
+package:
+  mariadb-server:
+    installed: true
+    versions:
+    - 1:10.5.12-0+deb11u1
+  openjdk-11-jdk:
+    installed: true
+    versions:
+    - 11.0.12+7-2
+  ssh:
+    installed: true
+    versions:
+    - 1:8.4p1-5
+port:
+  tcp:3306:
+    listening: true
+    ip:
+    - 127.0.0.1
+group:
+  ssh:
+    exists: true
+    gid: 108
+command:
+  git clone https://gitea.lyc-lecastel.fr/uap34-r/SISR.git:
+    exit-status: 128
+    stdout: []
+    stderr:
+    - 'fatal: destination path ''SISR'' already exists and is not an empty directory.'
+    timeout: 10000
+http:
+  http://10.121.38.72:8080:
+    status: 200
+    allow-insecure: false
+    no-follow-redirects: false
+    timeout: 5000
+    body:
+    - Tomcat
diff --git a/SDIS29/ap34prod/rsyslog.conf b/SDIS29/ap34prod/rsyslog.conf
new file mode 100644
index 0000000..f58256f
--- /dev/null
+++ b/SDIS29/ap34prod/rsyslog.conf
@@ -0,0 +1,94 @@
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+#module(load="imudp")
+#input(type="imudp" port="514")
+
+# provides TCP syslog reception
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*			/var/log/auth.log
+*.*;auth,authpriv.none		-/var/log/syslog
+#cron.*				/var/log/cron.log
+daemon.*			-/var/log/daemon.log
+kern.*				-/var/log/kern.log
+lpr.*				-/var/log/lpr.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info			-/var/log/mail.info
+mail.warn			-/var/log/mail.warn
+mail.err			/var/log/mail.err
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+	auth,authpriv.none;\
+	mail.none		-/var/log/debug
+*.=info;*.=notice;*.=warn;\
+	auth,authpriv.none;\
+	cron,daemon.none;\
+	mail.none		-/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*
+
+*.* @10.121.38.34:515
diff --git a/SDIS29/ap34wiki/script-dokuwiki b/SDIS29/ap34wiki/script-dokuwiki
new file mode 100755
index 0000000..c3382cb
--- /dev/null
+++ b/SDIS29/ap34wiki/script-dokuwiki
@@ -0,0 +1,22 @@
+#!/bin/bash
+chemin=/var/www/html/doku #on definit le chemin.
+
+apt install -y apache2 php php-mbstring php-gd php-xml #installation des paquets et dependances.
+
+cd /root #on se deplace dans root
+[ -r dokuwiki-stable.tgz ] || wget http://depl/store/dokuwiki-stable.tgz #on verifie si le dokuwiki est installe, sinon, on le telecharge.
+
+if [ $? !=0 ]; then
+	echo "$0 : erreurwget" 1>&2 #si le telechargement echoue, on renvoit une erreur.
+	exit 1
+fi
+
+tar xvfz dokuwiki-stable.tgz #on decompresse l'archive.
+[ -d "${chemin}" ] || mkdir "${chemin}" #on creee le repertoire si il n'existe pas.
+
+cp -a dokuwiki-2020-07-29/* "${chemin}" #on copie le dossier d'installation dans le repertoir definit plus tot.
+cd "${chemin}" #on se place dans le repertoire.
+chown -R root:root . #on definit les permissions root.
+chmod -R 755 . #on definit les permissions dans toute l'arborescence.
+chown -R www-data:www-data data lib conf . #On accorde les permissions a php.
+exit 0
diff --git a/SDIS29/gwsio4/redirp.sh b/SDIS29/gwsio4/redirp.sh
new file mode 100755
index 0000000..297945f
--- /dev/null
+++ b/SDIS29/gwsio4/redirp.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+echo "1" > /proc/sys/net/ipv4/ip_forward
+sudo iptables -t nat -A PREROUTING -d 10.121.38.34 -p udp --dport 515 -j DNAT --to-dest 192.168.0.100:514
+sudo iptables -t nat -A POSTROUTING -d 192.168.0.100 -p udp --dport 515 -j SNAT --to 10.121.38.34
diff --git a/SDIS29/svwar.sh b/SDIS29/svwar.sh
new file mode 100755
index 0000000..7a2f5c8
--- /dev/null
+++ b/SDIS29/svwar.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -o nounset
+DATH=$(date "+%X")
+DATJ=$(date "+%u")
+
+scp /home/frederic.duhin/NetBeansProjects/Projet_SIDS29/dist/Projet_SIDS29.war root@10.121.38.72:/usr/libexec/tomcat10/webapps
+scp /home/frederic.duhin/NetBeansProjects/Projet_SIDS29/dist/Projet_SIDS29.war root@10.121.38.72:/root/svwar
diff --git a/SDIS29/syslog/journald.conf b/SDIS29/syslog/journald.conf
new file mode 100644
index 0000000..e23ec85
--- /dev/null
+++ b/SDIS29/syslog/journald.conf
@@ -0,0 +1,44 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See journald.conf(5) for details.
+
+[Journal]
+#Storage=auto
+#Compress=yes
+#Seal=yes
+#SplitMode=uid
+#SyncIntervalSec=5m
+#RateLimitIntervalSec=30s
+#RateLimitBurst=10000
+#SystemMaxUse=
+#SystemKeepFree=
+#SystemMaxFileSize=
+#SystemMaxFiles=100
+#RuntimeMaxUse=
+#RuntimeKeepFree=
+#RuntimeMaxFileSize=
+#RuntimeMaxFiles=100
+#MaxRetentionSec=
+#MaxFileSec=1month
+ForwardToSyslog=yes
+#ForwardToKMsg=no
+#ForwardToConsole=no
+#ForwardToWall=yes
+#TTYPath=/dev/console
+#MaxLevelStore=debug
+#MaxLevelSyslog=debug
+#MaxLevelKMsg=notice
+#MaxLevelConsole=info
+#MaxLevelWall=emerg
+#LineMax=48K
+#ReadKMsg=yes
+#Audit=no
diff --git a/SDIS29/syslog/logrotate.conf b/SDIS29/syslog/logrotate.conf
new file mode 100644
index 0000000..521fada
--- /dev/null
+++ b/SDIS29/syslog/logrotate.conf
@@ -0,0 +1,23 @@
+# see "man logrotate" for details
+
+# global options do not affect preceding include directives
+
+# rotate log files weekly
+weekly
+
+# keep 4 weeks worth of backlogs
+rotate 4
+
+# create new (empty) log files after rotating old ones
+create
+
+# use date as a suffix of the rotated file
+#dateext
+
+# uncomment this if you want your log files compressed
+compress
+
+# packages drop log rotation information into this directory
+include /etc/logrotate.d
+
+# system-specific logs may also be configured here.
diff --git a/SDIS29/syslog/rsyslog.conf b/SDIS29/syslog/rsyslog.conf
new file mode 100644
index 0000000..8a18884
--- /dev/null
+++ b/SDIS29/syslog/rsyslog.conf
@@ -0,0 +1,92 @@
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+module(load="imudp")
+input(type="imudp" port="514")
+
+# provides TCP syslog reception
+module(load="imtcp")
+input(type="imtcp" port="514")
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*			/var/log/auth.log
+*.*;auth,authpriv.none		-/var/log/syslog
+#cron.*				/var/log/cron.log
+daemon.*			-/var/log/daemon.log
+kern.*				-/var/log/kern.log
+lpr.*				-/var/log/lpr.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info			-/var/log/mail.info
+mail.warn			-/var/log/mail.warn
+mail.err			/var/log/mail.err
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+	auth,authpriv.none;\
+	mail.none		-/var/log/debug
+*.=info;*.=notice;*.=warn;\
+	auth,authpriv.none;\
+	cron,daemon.none;\
+	mail.none		-/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*
diff --git a/SDIS29/vpn/journald.conf b/SDIS29/vpn/journald.conf
new file mode 100644
index 0000000..e23ec85
--- /dev/null
+++ b/SDIS29/vpn/journald.conf
@@ -0,0 +1,44 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See journald.conf(5) for details.
+
+[Journal]
+#Storage=auto
+#Compress=yes
+#Seal=yes
+#SplitMode=uid
+#SyncIntervalSec=5m
+#RateLimitIntervalSec=30s
+#RateLimitBurst=10000
+#SystemMaxUse=
+#SystemKeepFree=
+#SystemMaxFileSize=
+#SystemMaxFiles=100
+#RuntimeMaxUse=
+#RuntimeKeepFree=
+#RuntimeMaxFileSize=
+#RuntimeMaxFiles=100
+#MaxRetentionSec=
+#MaxFileSec=1month
+ForwardToSyslog=yes
+#ForwardToKMsg=no
+#ForwardToConsole=no
+#ForwardToWall=yes
+#TTYPath=/dev/console
+#MaxLevelStore=debug
+#MaxLevelSyslog=debug
+#MaxLevelKMsg=notice
+#MaxLevelConsole=info
+#MaxLevelWall=emerg
+#LineMax=48K
+#ReadKMsg=yes
+#Audit=no
diff --git a/SDIS29/vpn/rsyslog.conf b/SDIS29/vpn/rsyslog.conf
new file mode 100644
index 0000000..d3d0755
--- /dev/null
+++ b/SDIS29/vpn/rsyslog.conf
@@ -0,0 +1,92 @@
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+module(load="imudp")
+input(type="imudp" port="514")
+
+# provides TCP syslog reception
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*			/var/log/auth.log
+*.*;auth,authpriv.none		-/var/log/syslog
+#cron.*				/var/log/cron.log
+daemon.*			-/var/log/daemon.log
+kern.*				-/var/log/kern.log
+lpr.*				-/var/log/lpr.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info			-/var/log/mail.info
+mail.warn			-/var/log/mail.warn
+mail.err			/var/log/mail.err
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+	auth,authpriv.none;\
+	mail.none		-/var/log/debug
+*.=info;*.=notice;*.=warn;\
+	auth,authpriv.none;\
+	cron,daemon.none;\
+	mail.none		-/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*
diff --git a/SDIS29/vpn/wg0.conf b/SDIS29/vpn/wg0.conf
new file mode 100644
index 0000000..024aa0c
--- /dev/null
+++ b/SDIS29/vpn/wg0.conf
@@ -0,0 +1,21 @@
+[Interface]
+
+# VPN server private IP address
+Address = 10.0.2.1/24
+# Clef privee serveur
+PrivateKey = EOBiuF/rtF0LoYzTUWiJgfDXIU292jiY/INHJoQbCno=
+ListenPort = 51820
+
+[Peer]
+
+# Clef publique client
+PublicKey = ABBhn4p6vzj9swWqVXKw1De2OldsTpeEivx2DKfmNR8=
+# Adresses IP que le client VPN est autorisé à utiliser
+AllowedIPs = 10.0.2.1/24
+
+[Peer]
+
+# Clef publique client
+PublicKey = 0iV6dUPJtqUd0jpE7GAKMBrmfOjWp0hxcEi2Ue+ACkw=
+# Adresses IP que le client VPN est autorisé à utiliser
+AllowedIPs = 10.0.2.1/24