uap34-r/SISR
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: uap34-r:9ff7cbab3bb5e8ec48734411a678837f68053ebf
Branches Tags
uap34-r:master
uap34-r:update uap34-r:onfinfra uap34-r:onfnmap uap34-r:onfarbo-6-updateAnsible uap34-r:onfarbo-5-wireguard uap34-r:onfarbo-4-wireguard uap34-r:onfarbo-3 uap34-r:onfarbo-2 uap34-r:onfarbo-1
..
compare: uap34-r:onfinfra
Branches Tags
uap34-r:master
uap34-r:update uap34-r:onfinfra uap34-r:onfnmap uap34-r:onfarbo-6-updateAnsible uap34-r:onfarbo-5-wireguard uap34-r:onfarbo-4-wireguard uap34-r:onfarbo-3 uap34-r:onfarbo-2 uap34-r:onfarbo-1

15 Commits
9ff7cbab3b ... onfinfra

Author SHA1 Message Date
de Bastiani Bruno
d1ea47881e Scans NMAP 2022-02-10 16:34:37 +01:00
de Bastiani Bruno
f43128e7b9 Ajout des fichiers de test goss et du playbook d'installation GLPI 2022-02-10 16:27:53 +01:00
uap34-r
0889769008 Mise à jour de 'AP4/onfarbo41/ansible/roles/adminer/tasks/main.yml' 2022-02-10 14:25:01 +01:00
uap34-r
eeff416aea Mise à jour de 'AP4/onfarbo41/ansible/roles/adminer/tasks/main.yml' 2022-02-10 10:48:20 +01:00
uap34-r
713f0d2996 Mise à jour de 'AP4/onfarbo41/ansible/playbook.yml' 2022-02-09 16:09:15 +01:00
IDEZ Ugo
ca000e0b57 Playbook onfarbo41 2022-02-09 16:05:53 +01:00
IDEZ Ugo
e428c52cbe WireGuard 2022-02-09 15:01:11 +01:00
IDEZ Ugo
689aa9faa2 WireGuard 2022-02-09 14:55:41 +01:00
IDEZ Ugo
254b9810be Tests Goss 2022-02-08 09:06:20 +01:00
IDEZ Ugo
47b4a07b23 Ansible Onfarbo 2022-02-07 17:37:14 +01:00
IDEZ Ugo
79bf771c49 Ansible onfarbo 2022-02-07 16:52:24 +01:00
IDEZ Ugo
9fefca1301 Ansible 2021-12-16 17:43:12 +01:00
IDEZ Ugo
bdf870d1d7 Ansible 2021-12-16 17:40:30 +01:00
root
f4fc62bf03 vpn 2021-12-16 16:35:48 +01:00
POPO Toto
83ac8dcbf1 Envoi du fichier war 2021-10-20 10:53:47 +02:00
61 changed files with 1305 additions and 0 deletions
Expand all files Collapse all files

8
AP4/onfarbo41/ansible/adminer.yml Normal file
View File

@@ -0,0 +1,8 @@
- name: Playbook pour adminer
hosts: onfarbo
become: yes
become_method: sudo
become_user: root
roles:
- adminer

8
AP4/onfarbo41/ansible/db.yml Normal file
View File

@@ -0,0 +1,8 @@
- name: Playbook pour la BDD
hosts: onfarbo
become: yes
become_method: sudo
become_user: root
roles:
- db

8
AP4/onfarbo41/ansible/dokuwiki.yml Normal file
View File

@@ -0,0 +1,8 @@
- name: Playbook pour le dokuwiki
hosts: onfarbo
become: yes
become_method: sudo
become_user: root
roles:
- dokuwiki

2
AP4/onfarbo41/ansible/hosts Normal file
View File

@@ -0,0 +1,2 @@
[onfarbo]
onfarbo41

10
AP4/onfarbo41/ansible/playbook.yml Normal file
View File

@@ -0,0 +1,10 @@
- name: Playbook pour onfarbo41
hosts: onfarbo
become: yes
become_method: sudo
become_user: root
roles:
- adminer
- db
- dokuwiki

38
AP4/onfarbo41/ansible/roles/adminer/README.md Normal file
View File

@@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

4
AP4/onfarbo41/ansible/roles/adminer/handlers/main.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: restart apache
service:
name: apache2
state: restarted

34
AP4/onfarbo41/ansible/roles/adminer/tasks/main.yml Normal file
View File

@@ -0,0 +1,34 @@
- name: apt update
tags: update
apt:
update-cache: yes
cache_valid_time: 3600
- name: install utils
tags: utils
apt:
name:
- apache2
- php
- php-common
- libapache2-mod-php
- php-cli
- php-xml
- php-mysql
- php-curl
- mariadb-server
- adminer
- python3-pymysql
state: present
- name: On créer un lien symbolique
tags: link
file:
src: /usr/share/adminer/adminer
dest: /var/www/html/adminer
state: link
- name: Message d'information
tags: msg
debug: msg="Adminer sera accessible depuis l'adresse http://onfarbo41/adminer.php"

1
AP4/onfarbo41/ansible/roles/adminer/vars/main.yml Normal file
View File

@@ -0,0 +1 @@
alias: "Alias /adminer.php /usr/share/adminer/adminer.php"

4
AP4/onfarbo41/ansible/roles/db/handlers/main.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: restart apache
service:
name: apache2
state: restarted

20
AP4/onfarbo41/ansible/roles/db/tasks/main.yml Normal file
View File

@@ -0,0 +1,20 @@
- name: On démarre MariaDB
tags: mariadb
service:
name: mysql
state: started
- name: Création de la BDD bdarbre
tags: bdarbre
mysql_db:
login_unix_socket: /var/run/mysqld/mysqld.sock
name: bdarbre
- name: Création de l'utilisateur slam
tags: user
mysql_user:
name: slam
password: Azerty1+
priv: '*.*:ALL,GRANT'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock

20
AP4/onfarbo41/ansible/roles/dokuwiki/files/dokuwiki.sh Executable file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
chemin=/var/www/html/doku
apt install -y apache2 php php-mbstring php-gd php-xml
cd /root
[ -r dokuwiki-stable.tgz ] || wget http://depl/store/dokuwiki-stable.tgz
if [ $? !=0 ]; then
echo "$0 : erreurwget" 1>&2
exit 1
fi
tar xvfz dokuwiki-stable.tgz
[ -d "${chemin}" ] || mkdir "${chemin}"
cp -a dokuwiki-2020-07-29/* "${chemin}"
cd "${chemin}"
chown -R root:root .
chmod -R 755 .
chown -R www-data:www-data data lib conf
exit 0

4
AP4/onfarbo41/ansible/roles/dokuwiki/handlers/main.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: restart apache
service:
name: apache2
state: restarted

26
AP4/onfarbo41/ansible/roles/dokuwiki/tasks/main.yml Normal file
View File

@@ -0,0 +1,26 @@
- name: Création du dossier DokuWiki
tags: createfile
file:
path: /root/dokuwiki
state: directory
mode: 0755
- name: copie du fichier script d'install de dokuwiki
tags: sh
copy:
src: dokuwiki.sh
dest: /root/dokuwiki
- name: On rend exécutable le script d'install
tags: chmod
file:
path: /root/dokuwiki/dokuwiki.sh
mode: 0755
- name: exécution du script d'install de dokuwiki
tags: exec
command: bash /root/dokuwiki/dokuwiki.sh
- name: Message d'information pour dokuwiki
tags: msg2
debug: msg="Le dokuwiki devra être installer depuis l'adresse http://onfarbo41/doku/install.php"

36
AP4/onfarbo41/gosstest/goss.yaml Normal file
View File

@@ -0,0 +1,36 @@
#Ici, on test MariaDB
port:
tcp:3306:
listening: true
ip:
- 127.0.0.1
#Ici, on test ssh
service:
ssh:
enabled: true
running: true
group:
ssh:
exists: true
gid: 111
#Ici, on test le serveur web
http:
http://10.121.38.206:
status: 200
allow-insecure: false
no-follow-redirects: false
timeout: 5000
body:
- works
#Ici, on test dokuwiki
http:
http://10.121.38.206/doku/:
status: 200
allow-insecure: false
no-follow-redirects: false
timeout: 5000
body:
- Trace

5
AP4/onfarbo41/onfinfra/ansible/glpi.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
connection: local
roles:
- glpi

10
AP4/onfarbo41/onfinfra/ansible/roles/glpi/defaults/main.yml Normal file
View File

@@ -0,0 +1,10 @@
depl_url: "http://depl/store"
glpi_tgz: "glpi-9.5.7.tgz"
fusion: "fusioninventory-9.5+3.0.tar.bz2"
fusion64: "fusioninventory-agent_windows-x64_2.6.exe"
glpi_dir: "/var/www/html/glpi"
glpi_dbhost: "127.0.0.1"
glpi_dbname: "glpi"
glpi_dbuser: "glpi"
glpi_dbpasswd: "glpi"

12
AP4/onfarbo41/onfinfra/ansible/roles/glpi/files/glpi.conf Normal file
View File

@@ -0,0 +1,12 @@
DocumentRoot /var/www/glpi
<Directory /var/www/glpi>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
AuthType Basic
</Directory>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog ${APACHE_LOG_DIR}/glpi_access.log combined
ErrorLog ${APACHE_LOG_DIR}/glpi_error.log

3
AP4/onfarbo41/onfinfra/ansible/roles/glpi/files/my.cnf Normal file
View File

@@ -0,0 +1,3 @@
[client]
user=root
password=root

18
AP4/onfarbo41/onfinfra/ansible/roles/glpi/handlers/main.yml Normal file
View File

@@ -0,0 +1,18 @@
---
- name: restart php-fpm
service:
name: php-fpm
state: restarted
enabled: yes
- name: restart nginx
service:
name: nginx
state : restarted
enabled: yes
- name: restart mariadb-server
service:
name: mariadb-server
state: restarted
enabled: yes

134
AP4/onfarbo41/onfinfra/ansible/roles/glpi/tasks/main.yml Normal file
View File

@@ -0,0 +1,134 @@
---
- name: Installation des paquets
apt:
state: latest
name:
- nginx
- php-fpm
- php-mbstring
- php-mysql
- php-gd
- php-curl
- php-xml
- php-apcu
- php-ldap
- php-imap
- php-xmlrpc
- php-cas
- python3-mysqldb
- mariadb-server
- python3-pymysql
- php-intl
- php-bz2
- php-zip
- postfix
- mailutils
- name: Changement listen dans le fichier conf de php
replace:
dest: /etc/php/7.4/fpm/pool.d/www.conf
regexp: 'listen = /run/php/php7.4-fpm.sock'
replace: 'listen = 127.0.0.1:9000'
backup: yes
- name: Effacement block nginx default
file:
path: /etc/nginx/sites-enabled/default
state: absent
- name: Creation fichier block nginx
template:
src: block.j2
dest: /etc/nginx/sites-enabled/glpi
- name: Remplacement dans le fichier de conf php du timeout
replace:
dest: /etc/php/7.4/fpm/php.ini
regexp: 'max_execution_time = 30'
replace: 'max_execution_time = 600'
backup: yes
notify:
- restart nginx
- name: Creation de la base de donnee mysql
mysql_db:
name: "{{ glpi_dbname }}"
check_implicit_admin: yes
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: Creation de l'utilisateur mysql avec tous les privileges
mysql_user:
user: "{{ glpi_dbuser }}"
password: "{{ glpi_dbpasswd }}"
priv: "*.*:ALL,GRANT"
login_unix_socket: /var/run/mysqld/mysqld.sock
state: present
# with_items:
# - 127.0.0.1
- name: Creation du repertoire {{ glpi_dir }}
file:
path: "{{ glpi_dir }}"
state: directory
owner: www-data
group: www-data
- name: Installation de GLPI
unarchive:
src: "{{ depl_url }}/{{ glpi_tgz }}"
dest: /var/www/html
remote_src: yes
owner: www-data
group: www-data
- name: Changement des attributs {{ glpi_dir }}
file:
path: "{{ glpi_dir }}"
owner: www-data
group: www-data
mode: 0755
recurse: yes
- name: Changement des attributs {{ glpi_dir }}/plugins
file:
path: "{{ glpi_dir }}/plugins"
mode: 0777
owner: www-data
group: www-data
recurse: yes
- name: Installation de Fusioninventory pour Linux
unarchive:
src: "{{ depl_url }}/{{ fusion }}"
dest: "/var/www/html/glpi/plugins"
remote_src: yes
- name: Creation de ficlient
file:
path: /var/www/html/ficlients
state: directory
owner: www-data
group: www-data
mode: 0775
- name: Attribution des droits nginx.index
file:
path: /var/www/html/index.nginx-debian.html
owner: www-data
group: www-data
mode: 0775
- name: Installation de FusionInventory windows x64
get_url:
url: "{{ depl_url }}/{{ fusion64 }}"
dest: "/var/www/html/ficlients"
- name: Attribution des permissions sur repertoire /plugins/fusioninventory
file:
path: /var/www/html/glpi/plugins/fusioninventory
owner: www-data
group: www-data
recurse: yes
state: directory

23
AP4/onfarbo41/onfinfra/ansible/roles/glpi/templates/block.j2 Normal file
View File

@@ -0,0 +1,23 @@
server {
listen 80 default_server;
root {{ glpi_dir }};
index index.php;
server_name localhost;
location / {try_files $uri $uri/ index.php;}
#prise en charge PHP
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param SERVER_NAME $host;
}
location /ficlients {
root /var/www/html;
autoindex on;
}
}

39
AP4/onfarbo41/onfinfra/goss/goss.yaml Normal file
View File

@@ -0,0 +1,39 @@
port:
tcp:80:
listening: true
ip:
- 0.0.0.0
tcp:3306:
listening: true
ip:
- 127.0.0.1
service:
mysql:
enabled: true
running: true
user:
mysql:
exists: true
uid: 106
gid: 112
groups:
- mysql
home: /nonexistent
shell: /bin/false
group:
mysql:
exists: true
gid: 112
interface:
enp0s3:
exists: true
addrs:
- 192.168.2.12/24
- fe80::a00:27ff:fea2:45fd/64
mtu: 1500
enp0s8:
exists: true
addrs:
- 192.168.0.39/24
- fe80::a00:27ff:fe66:36e3/64
mtu: 1500

120
AP4/onfarbo41/onfnmap/nmap/nmap-int.txt Normal file
View File

@@ -0,0 +1,120 @@
Starting Nmap 7.80 ( https://nmap.org ) at 2022-02-10 15:14 CET
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 15:14
Completed NSE at 15:14, 0.00s elapsed
Initiating NSE at 15:14
Completed NSE at 15:14, 0.00s elapsed
Initiating NSE at 15:14
Completed NSE at 15:14, 0.00s elapsed
Initiating ARP Ping Scan at 15:14
Scanning 192.168.2.1 [1 port]
Completed ARP Ping Scan at 15:14, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:14
Completed Parallel DNS resolution of 1 host. at 15:14, 0.00s elapsed
Initiating SYN Stealth Scan at 15:14
Scanning onfdc.onf41.lan (192.168.2.1) [1000 ports]
Discovered open port 53/tcp on 192.168.2.1
Discovered open port 139/tcp on 192.168.2.1
Discovered open port 135/tcp on 192.168.2.1
Discovered open port 445/tcp on 192.168.2.1
Discovered open port 88/tcp on 192.168.2.1
Discovered open port 3269/tcp on 192.168.2.1
Discovered open port 636/tcp on 192.168.2.1
Discovered open port 464/tcp on 192.168.2.1
Discovered open port 593/tcp on 192.168.2.1
Discovered open port 3268/tcp on 192.168.2.1
Discovered open port 389/tcp on 192.168.2.1
Completed SYN Stealth Scan at 15:14, 4.67s elapsed (1000 total ports)
Initiating Service scan at 15:14
Scanning 11 services on onfdc.onf41.lan (192.168.2.1)
Stats: 0:01:03 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 90.91% done; ETC: 15:15 (0:00:06 remaining)
Completed Service scan at 15:16, 141.12s elapsed (11 services on 1 host)
Initiating OS detection (try #1) against onfdc.onf41.lan (192.168.2.1)
NSE: Script scanning 192.168.2.1.
Initiating NSE at 15:16
Completed NSE at 15:17, 40.11s elapsed
Initiating NSE at 15:17
Completed NSE at 15:17, 23.52s elapsed
Initiating NSE at 15:17
Completed NSE at 15:17, 0.00s elapsed
Nmap scan report for onfdc.onf41.lan (192.168.2.1)
Host is up (0.00053s latency).
Not shown: 989 filtered ports
PORT STATE SERVICE VERSION
53/tcp open domain?
| fingerprint-strings:
| DNSVersionBindReqTCP:
| version
|_ bind
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-02-10 14:14:26Z)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: onf41.lan, Site: Default-First-Site-Name)
445/tcp open microsoft-ds Windows Server 2016 Standard 14393 microsoft-ds (workgroup: onf41)
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: onf41.lan, Site: Default-First-Site-Name)
3269/tcp open tcpwrapped
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port53-TCP:V=7.80%I=7%D=2/10%Time=62051DC9%P=x86_64-pc-linux-gnu%r(DNSV
SF:ersionBindReqTCP,20,"\0\x1e\0\x06\x81\x04\0\x01\0\0\0\0\0\0\x07version\
SF:x04bind\0\0\x10\0\x03");
MAC Address: 08:00:27:D0:A5:B6 (Oracle VirtualBox virtual NIC)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Microsoft Windows 2016
OS CPE: cpe:/o:microsoft:windows_server_2016
OS details: Microsoft Windows Server 2016
Uptime guess: 0.027 days (since Thu Feb 10 14:38:47 2022)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Host: ONFDC; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: mean: -20m02s, deviation: 34m38s, median: -2s
| nbstat: NetBIOS name: ONFDC, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:d0:a5:b6 (Oracle VirtualBox virtual NIC)
| Names:
| ONFDC<00> Flags: <unique><active>
| ONF41<1c> Flags: <group><active>
| ONF41<00> Flags: <group><active>
| ONFDC<20> Flags: <unique><active>
|_ ONF41<1b> Flags: <unique><active>
| smb-os-discovery:
| OS: Windows Server 2016 Standard 14393 (Windows Server 2016 Standard 6.3)
| Computer name: onfdc
| NetBIOS computer name: ONFDC\x00
| Domain name: onf41.lan
| Forest name: onf41.lan
| FQDN: onfdc.onf41.lan
|_ System time: 2022-02-10T15:16:43+01:00
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: required
| smb2-security-mode:
| 2.02:
|_ Message signing enabled and required
| smb2-time:
| date: 2022-02-10T14:16:43
|_ start_date: 2022-02-10T13:39:07
TRACEROUTE
HOP RTT ADDRESS
1 0.53 ms onfdc.onf41.lan (192.168.2.1)
NSE: Script Post-scanning.
Initiating NSE at 15:17
Completed NSE at 15:17, 0.00s elapsed
Initiating NSE at 15:17
Completed NSE at 15:17, 0.00s elapsed
Initiating NSE at 15:17
Completed NSE at 15:17, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 211.71 seconds
Raw packets sent: 2027 (91.026KB) | Rcvd: 21 (1.246KB)

118
AP4/onfarbo41/onfnmap/nmap/nmap-pt.txt Normal file
View File

@@ -0,0 +1,118 @@
Starting Nmap 7.80 ( https://nmap.org ) at 2022-02-10 15:21 CET
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 15:21
Completed NSE at 15:21, 0.00s elapsed
Initiating NSE at 15:21
Completed NSE at 15:21, 0.00s elapsed
Initiating NSE at 15:21
Completed NSE at 15:21, 0.00s elapsed
Initiating ARP Ping Scan at 15:21
Scanning 192.168.0.36 [1 port]
Completed ARP Ping Scan at 15:21, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:21
Completed Parallel DNS resolution of 1 host. at 15:21, 0.00s elapsed
Initiating SYN Stealth Scan at 15:21
Scanning 192.168.0.36 [1000 ports]
Discovered open port 445/tcp on 192.168.0.36
Discovered open port 139/tcp on 192.168.0.36
Discovered open port 135/tcp on 192.168.0.36
Discovered open port 53/tcp on 192.168.0.36
Discovered open port 3268/tcp on 192.168.0.36
Discovered open port 389/tcp on 192.168.0.36
Discovered open port 3269/tcp on 192.168.0.36
Discovered open port 593/tcp on 192.168.0.36
Discovered open port 88/tcp on 192.168.0.36
Discovered open port 464/tcp on 192.168.0.36
Discovered open port 636/tcp on 192.168.0.36
Completed SYN Stealth Scan at 15:21, 4.83s elapsed (1000 total ports)
Initiating Service scan at 15:21
Scanning 11 services on 192.168.0.36
Completed Service scan at 15:23, 141.12s elapsed (11 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.36
NSE: Script scanning 192.168.0.36.
Initiating NSE at 15:23
Completed NSE at 15:24, 40.09s elapsed
Initiating NSE at 15:24
Completed NSE at 15:24, 17.01s elapsed
Initiating NSE at 15:24
Completed NSE at 15:24, 0.00s elapsed
Nmap scan report for 192.168.0.36
Host is up (0.00048s latency).
Not shown: 989 filtered ports
PORT STATE SERVICE VERSION
53/tcp open domain?
| fingerprint-strings:
| DNSVersionBindReqTCP:
| version
|_ bind
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2022-02-10 14:21:28Z)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: onf41.lan, Site: Default-First-Site-Name)
445/tcp open microsoft-ds Windows Server 2016 Standard 14393 microsoft-ds (workgroup: onf41)
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: onf41.lan, Site: Default-First-Site-Name)
3269/tcp open tcpwrapped
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port53-TCP:V=7.80%I=7%D=2/10%Time=62051F6F%P=x86_64-pc-linux-gnu%r(DNSV
SF:ersionBindReqTCP,20,"\0\x1e\0\x06\x81\x04\0\x01\0\0\0\0\0\0\x07version\
SF:x04bind\0\0\x10\0\x03");
MAC Address: 08:00:27:3A:E3:56 (Oracle VirtualBox virtual NIC)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Microsoft Windows 2016
OS CPE: cpe:/o:microsoft:windows_server_2016
OS details: Microsoft Windows Server 2016
Uptime guess: 0.032 days (since Thu Feb 10 14:38:47 2022)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Host: ONFDC; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: mean: -20m02s, deviation: 34m38s, median: -2s
| nbstat: NetBIOS name: ONFDC, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:3a:e3:56 (Oracle VirtualBox virtual NIC)
| Names:
| ONFDC<00> Flags: <unique><active>
| ONF41<1c> Flags: <group><active>
| ONF41<00> Flags: <group><active>
| ONFDC<20> Flags: <unique><active>
|_ ONF41<1b> Flags: <unique><active>
| smb-os-discovery:
| OS: Windows Server 2016 Standard 14393 (Windows Server 2016 Standard 6.3)
| Computer name: onfdc
| NetBIOS computer name: ONFDC\x00
| Domain name: onf41.lan
| Forest name: onf41.lan
| FQDN: onfdc.onf41.lan
|_ System time: 2022-02-10T15:23:45+01:00
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: required
| smb2-security-mode:
| 2.02:
|_ Message signing enabled and required
| smb2-time:
| date: 2022-02-10T14:23:45
|_ start_date: 2022-02-10T13:39:07
TRACEROUTE
HOP RTT ADDRESS
1 0.48 ms 192.168.0.36
NSE: Script Post-scanning.
Initiating NSE at 15:24
Completed NSE at 15:24, 0.00s elapsed
Initiating NSE at 15:24
Completed NSE at 15:24, 0.00s elapsed
Initiating NSE at 15:24
Completed NSE at 15:24, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 205.32 seconds
Raw packets sent: 2027 (91.026KB) | Rcvd: 22 (1.298KB)

1
AP4/onfarbo41/wireguard/wireguard-confcli/endpoint-b.key Normal file
View File

@@ -0,0 +1 @@
KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=

1
AP4/onfarbo41/wireguard/wireguard-confcli/endpoint-b.pub Normal file
View File

@@ -0,0 +1 @@
GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=

11
AP4/onfarbo41/wireguard/wireguard-confcli/wg0.conf Normal file
View File

@@ -0,0 +1,11 @@
# local settings for Endpoint B
[Interface]
PrivateKey = KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg= #Clé privée du client
Address = 10.0.0.2/32 #Adresse du client
ListenPort = 51820
# remote settings for Endpoint A
[Peer]
PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o= #Clé publique du serveur vpn
Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn

1
AP4/onfarbo41/wireguard/wireguard-confsrv/endpoint-a.key Normal file
View File

@@ -0,0 +1 @@
qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=

1
AP4/onfarbo41/wireguard/wireguard-confsrv/endpoint-a.pub Normal file
View File

@@ -0,0 +1 @@
qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=

15
AP4/onfarbo41/wireguard/wireguard-confsrv/wg0.conf Normal file
View File

@@ -0,0 +1,15 @@
# local settings for Endpoint A
[Interface]
PrivateKey = qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw= #Clé privée du serveur vpn
Address = 10.0.0.1/32 #Adresse du serveur vpn
ListenPort = 51820
# remote settings for Endpoint B
[Peer]
PublicKey = GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0= #Clé publique du client
AllowedIPs = 10.0.0.2/32 #Adresse vpn du client
# remote settings for Endpoint C
[Peer]
PublicKey = e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE= #Clé publique du client
AllowedIPs = 10.0.0.3/32 #Adresse vpn du client

1
AP4/onfarbo41/wireguard/wireguard-script/endpoint-a.key Normal file
View File

@@ -0,0 +1 @@
qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=

1
AP4/onfarbo41/wireguard/wireguard-script/endpoint-a.pub Normal file
View File

@@ -0,0 +1 @@
qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=

1
AP4/onfarbo41/wireguard/wireguard-script/endpoint-b.key Normal file
View File

@@ -0,0 +1 @@
KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=

1
AP4/onfarbo41/wireguard/wireguard-script/endpoint-b.pub Normal file
View File

@@ -0,0 +1 @@
GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=

1
AP4/onfarbo41/wireguard/wireguard-script/endpoint-c.key Normal file
View File

@@ -0,0 +1 @@
cD01vjVVw642INlyE+Rmbwf9/Y6Msz6pLTI1zCRjeWM=

1
AP4/onfarbo41/wireguard/wireguard-script/endpoint-c.pub Normal file
View File

@@ -0,0 +1 @@
e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE=

15
AP4/onfarbo41/wireguard/wireguard-script/wg0-a.conf Normal file
View File

@@ -0,0 +1,15 @@
# local settings for Endpoint A
[Interface]
PrivateKey = qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw= #Clé privée du serveur vpn
Address = 10.0.0.1/32 #Adresse du serveur vpn
ListenPort = 51820
# remote settings for Endpoint B
[Peer]
PublicKey = GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0= #Clé publique du client
AllowedIPs = 10.0.0.2/32 #Adresse vpn du client
# remote settings for Endpoint C
[Peer]
PublicKey = e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE= #Clé publique du client
AllowedIPs = 10.0.0.3/32 #Adresse vpn du client

11
AP4/onfarbo41/wireguard/wireguard-script/wg0-b.conf Normal file
View File

@@ -0,0 +1,11 @@
# local settings for Endpoint B
[Interface]
PrivateKey = KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg= #Clé privée du client
Address = 10.0.0.2/32 #Adresse du client
ListenPort = 51820
# remote settings for Endpoint A
[Peer]
PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o= #Clé publique du serveur vpn
Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn

11
AP4/onfarbo41/wireguard/wireguard-script/wg0-c.conf Normal file
View File

@@ -0,0 +1,11 @@
# local settings for Endpoint C
[Interface]
PrivateKey = cD01vjVVw642INlyE+Rmbwf9/Y6Msz6pLTI1zCRjeWM= #Clé privée du client
Address = 10.0.0.3/32 #Adresse du client
ListenPort = 51820
# remote settings for Endpoint A
[Peer]
PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o= #Clé publique du serveur vpn
Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn

7
AP4/onfarbo41/wireguard/wireguard-script/wireguard-init.sh Executable file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
bash wireguard.sh
cp endpoint-a.* wg0-a.conf /etc/wireguard
cd /etc/wireguard
mv wg0-a.conf wg0.conf
systemctl start wg-quick@wg0
systemctl enable wg-quick@wg0

78
AP4/onfarbo41/wireguard/wireguard-script/wireguard.sh Executable file
View File

@@ -0,0 +1,78 @@
#!/bin/bash
set -u
set -e
AddressAwg=10.0.0.1/32 # Adresse VPN Wireguard extremite A
EndpointA=10.121.38.66 # Adresse extremite A
PortA=51820 # Port ecoute extremite A
AddressBwg=10.0.0.2/32 # Adresse VPN Wireguard extremite B
EndpointB=192.168.2.14 # Adresse extremite B
PortB=51820 # Port ecoute extremite B
AddressCwg=10.0.0.3/32 # Adresse VPN Wireguard extremite C
EndpointC=192.168.2.15 # Adresse extremite C
PortC=51820 # Port ecoute extremite C
umask 077 ;
wg genkey > endpoint-a.key
wg pubkey < endpoint-a.key > endpoint-a.pub
wg genkey > endpoint-b.key
wg pubkey < endpoint-b.key > endpoint-b.pub
wg genkey > endpoint-c.key
wg pubkey < endpoint-c.key > endpoint-c.pub
PKA=$(cat endpoint-a.key)
pKA=$(cat endpoint-a.pub)
PKB=$(cat endpoint-b.key)
pKB=$(cat endpoint-b.pub)
PKC=$(cat endpoint-c.key)
pKC=$(cat endpoint-c.pub)
cat <<FINI > wg0-a.conf
# local settings for Endpoint A
[Interface]
PrivateKey = $PKA #Clé privée du serveur vpn
Address = $AddressAwg #Adresse du serveur vpn
ListenPort = $PortA
# remote settings for Endpoint B
[Peer]
PublicKey = $pKB #Clé publique du client
AllowedIPs = $AddressBwg #Adresse vpn du client
# remote settings for Endpoint C
[Peer]
PublicKey = $pKC #Clé publique du client
AllowedIPs = $AddressCwg #Adresse vpn du client
FINI
cat <<FINI > wg0-b.conf
# local settings for Endpoint B
[Interface]
PrivateKey = $PKB #Clé privée du client
Address = $AddressBwg #Adresse du client
ListenPort = $PortB
# remote settings for Endpoint A
[Peer]
PublicKey = $pKA #Clé publique du serveur vpn
Endpoint = ${EndpointA}:$PortA #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
AllowedIPs = $AddressAwg #Adresse du serveur vpn
FINI
cat <<FINI > wg0-c.conf
# local settings for Endpoint C
[Interface]
PrivateKey = $PKC #Clé privée du client
Address = $AddressCwg #Adresse du client
ListenPort = $PortC
# remote settings for Endpoint A
[Peer]
PublicKey = $pKA #Clé publique du serveur vpn
Endpoint = ${EndpointA}:$PortA #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
AllowedIPs = $AddressAwg #Adresse du serveur vpn
FINI

3
SDIS29-P2/config Normal file
View File

@@ -0,0 +1,3 @@
host localhost
user root
hostname 127.0.0.1

3
SDIS29-P2/ppe34test/hosts Normal file
View File

@@ -0,0 +1,3 @@
[local]
localhost
127.0.0.1

13
SDIS29-P2/ppe34test/ppebase.yml Normal file
View File

@@ -0,0 +1,13 @@
- name: Installer Tomcat et MariaDB puis lancer les services
hosts: all # Inventory hosts group / server to act on
become: yes # If to escalate privilege
become_method: sudo # Set become method
remote_user: root # Update username for remote server
vars:
tomcat_ver: 10.0.13 # Tomcat version to install
ui_manager_user: manager # User who can access the UI manager section only
ui_manager_pass: root # UI manager user password
ui_admin_username: admin # User who can access bpth manager and admin UI sections
ui_admin_pass: root # UI admin password
roles:
- ppebase

9
SDIS29-P2/ppe34test/ppedb.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- name: Creer la BDD, creer les comptes et injecter la BDD
hosts: all
become: yes
become_method: sudo
remote_user: root
roles:
- ppedb

9
SDIS29-P2/ppe34test/ppedbdump.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- name: Sauvegarder la BDD
hosts: all
become: yes
become_method: sudo
remote_user: root
roles:
- ppedbdump

2
SDIS29-P2/ppe34test/roles/ppebase/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
tomcat_archive_url: http://depl/store/apache-tomcat-10.0.13.tar.gz
tomcat_archive_dest: /usr/share/tomcat/

96
SDIS29-P2/ppe34test/roles/ppebase/tasks/main.yml Normal file
View File

@@ -0,0 +1,96 @@
- name: Install basic packages
package:
name: ['vim','aptitude','bash-completion','tmux','tree','htop','wget','unzip','curl','git','python']
state: present
update_cache: yes
- name: installer JDK
apt:
name: openjdk-11-jdk
state: present
- name: creer le repertoire /opt/tomcat
file:
path: /usr/share/tomcat
state: directory
mode: 0755
- name: creer le groupe tomcat
group:
name: tomcat
- name: creer l'utilisateur tomcat
user:
name: tomcat
group: tomcat
home: /usr/share/tomcat
createhome: no
- name: installer TomCat
unarchive:
src: http://depl/store/apache-tomcat-10.0.13.tar.gz
dest: /usr/share/tomcat
remote_src: yes
- name: Change ownership
file:
path: /usr/share/tomcat
owner: tomcat
group: tomcat
mode: "u+rwx,g+rx,o=rx"
recurse: yes
state: directory
- name: Templating Tomcat service from local to remote
template:
src: tomcat.service.j2
dest: /etc/systemd/system/tomcat.service
when: ansible_service_mgr == "systemd"
- name: Demarrer tomcat
local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/startup.sh
- name: Definition des utilisateurs
template:
src: tomcat-users.xml.j2
dest: /usr/share/tomcat/apache-tomcat-10.0.13/conf/tomcat-users.xml
- name: Autorisation des différentes ips de connexions
template:
src: context.xml.j2
dest: "{{ item }}"
with_items:
- /usr/share/tomcat/apache-tomcat-10.0.13/webapps/host-manager/META-INF/context.xml
- /usr/share/tomcat/apache-tomcat-10.0.13/webapps/manager/META-INF/context.xml
- name: Redemarrer le service tomcat (1)
local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/shutdown.sh
- name: Redemarrer le service tomcat (2)
local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/startup.sh
- name: Redemarrer le service tomcat (3)
local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/catalina.sh start
- name: on installe java
apt:
name: default-jdk
state: present
- name: on installe les paquets de MariaDB
apt:
name: mariadb-server
state: latest
update_cache: yes
- name: on installe Python3
apt:
name: python3-pymysql
state: latest
- name: on lance MariaDB
service:
name: mysql
state: started

19
SDIS29-P2/ppe34test/roles/ppebase/templates/context.xml.j2 Normal file
View File

@@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<Context antiResourceLocking="false" privileged="true" >
</Context>

44
SDIS29-P2/ppe34test/roles/ppebase/templates/tomcat-users.xml.j2 Normal file
View File

@@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary. It is
strongly recommended that you do NOT use one of the users in the commented out
section below since they are intended for use with the examples web
application.
-->
<!--
NOTE: The sample user and role entries below are intended for use with the
examples web application. They are wrapped in a comment and thus are ignored
when reading this file. If you wish to configure these users for use with the
examples web application, do not forget to remove the <!.. ..> that surrounds
them. You will also need to set the passwords to something appropriate.
-->
<!-- user manager can access only manager section -->
<role rolename="manager-gui" />
<user username="{{ ui_manager_user }}" password="{{ ui_manager_pass }}" roles="manager-gui" />
<!-- user admin can access manager and admin section both -->
<role rolename="admin-gui" />
<user username="{{ ui_admin_username }}" password="{{ ui_admin_pass }}" roles="manager-gui,admin-gui" />
</tomcat-users>

22
SDIS29-P2/ppe34test/roles/ppebase/templates/tomcat.service.j2 Normal file
View File

@@ -0,0 +1,22 @@
[Unit]
Description=Tomcat
After=syslog.target network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment=JAVA_HOME={{ JAVA_HOME }}
Environment='JAVA_OPTS=-Djava.awt.headless=true'
Environment=CATALINA_HOME=/usr/share/tomcat/apache-tomcat-10.0.13
Environment=CATALINA_BASE=/usr/share/tomcat/apache-tomcat-10.0.13
Environment=CATALINA_PID=/usr/share/tomcat/apache-tomcat-10.0.13/temp/tomcat.pid
ExecStart=catalina.sh start
ExecStop=catalina.sh stop
[Install]
WantedBy=multi-user.target

2
SDIS29-P2/ppe34test/roles/ppebase/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
JAVA_HOME: /usr/lib/jvm/default-java

4
SDIS29-P2/ppe34test/roles/ppedb/handlers/main.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: Restart MySQL
service:
name: mysqld
state: restarted

31
SDIS29-P2/ppe34test/roles/ppedb/tasks/main.yml Executable file
View File

@@ -0,0 +1,31 @@
- name: on lance MariaDB
service:
name: mysql
state: started
- name: creation de la BDD sdis29
mysql_db:
login_unix_socket: /var/run/mysqld/mysqld.sock
name: sdis29
- name: creation de l'utilisateur slam
mysql_user:
name: slam
password: Azerty1+
priv: '*.*:ALL,GRANT'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
#- name: injection de la BDD
#command: scp sio@10.121.38.95:/home/sio/bdd/sdis29.sql /tmp
- name: restauration de la bdd
mysql_db:
login_unix_socket: /var/run/mysqld/mysqld.sock
name: sdis29
state: import
target: /tmp/sdis29.sql
login_user: slam
login_password: Azerty1+
notify: Restart MySQL

5
SDIS29-P2/ppe34test/roles/ppedbdump/tasks/createdump.yml Normal file
View File

@@ -0,0 +1,5 @@
- name: Copie de la sauv distante
ansible.builtin.fetch:
src: /tmp/sdis29.sql
dest: /sauvegarde
flat: yes

15
SDIS29-P2/ppe34test/roles/ppedbdump/tasks/createdump.yml.sv1 Normal file
View File

@@ -0,0 +1,15 @@
- name: creer une sauvegarde
mysql_db:
name: sdis29
state: dump
target: /tmp/sdis29.sql
login_host: localhost
login_user: slam
login_password: Azerty1+
login_unix_user: /var/run/mysqld/mysqld.sock
- name: Copie de la sauv distante
ansible.builtin.fetch:
src: /tmp/sdis29.sql
dest: /root/sauvegarde/sql/
flat: yes

8
SDIS29/svwar.sh Executable file
View File

@@ -0,0 +1,8 @@
#!/bin/bash
set -o nounset
DATH=$(date "+%X")
DATJ=$(date "+%u")
scp /home/frederic.duhin/NetBeansProjects/Projet_SIDS29/dist/Projet_SIDS29.war root@10.121.38.72:/usr/libexec/tomcat10/webapps
scp /home/frederic.duhin/NetBeansProjects/Projet_SIDS29/dist/Projet_SIDS29.war root@10.121.38.72:/root/svwar

44
SDIS29/vpn/journald.conf Normal file
View File

@@ -0,0 +1,44 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See journald.conf(5) for details.
[Journal]
#Storage=auto
#Compress=yes
#Seal=yes
#SplitMode=uid
#SyncIntervalSec=5m
#RateLimitIntervalSec=30s
#RateLimitBurst=10000
#SystemMaxUse=
#SystemKeepFree=
#SystemMaxFileSize=
#SystemMaxFiles=100
#RuntimeMaxUse=
#RuntimeKeepFree=
#RuntimeMaxFileSize=
#RuntimeMaxFiles=100
#MaxRetentionSec=
#MaxFileSec=1month
ForwardToSyslog=yes
#ForwardToKMsg=no
#ForwardToConsole=no
#ForwardToWall=yes
#TTYPath=/dev/console
#MaxLevelStore=debug
#MaxLevelSyslog=debug
#MaxLevelKMsg=notice
#MaxLevelConsole=info
#MaxLevelWall=emerg
#LineMax=48K
#ReadKMsg=yes
#Audit=no

92
SDIS29/vpn/rsyslog.conf Normal file
View File

@@ -0,0 +1,92 @@
# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # provides kernel logging support
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
###############
#### RULES ####
###############
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
#
# Some "catch-all" log files.
#
*.=debug;\
auth,authpriv.none;\
mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg :omusrmsg:*

21
SDIS29/vpn/wg0.conf Normal file
View File

@@ -0,0 +1,21 @@
[Interface]
# VPN server private IP address
Address = 10.0.2.1/24
# Clef privee serveur
PrivateKey = EOBiuF/rtF0LoYzTUWiJgfDXIU292jiY/INHJoQbCno=
ListenPort = 51820
[Peer]
# Clef publique client
PublicKey = ABBhn4p6vzj9swWqVXKw1De2OldsTpeEivx2DKfmNR8=
# Adresses IP que le client VPN est autorisé à utiliser
AllowedIPs = 10.0.2.1/24
[Peer]
# Clef publique client
PublicKey = 0iV6dUPJtqUd0jpE7GAKMBrmfOjWp0hxcEi2Ue+ACkw=
# Adresses IP que le client VPN est autorisé à utiliser
AllowedIPs = 10.0.2.1/24