Scans NMAP

AP4/onfarbo41/ansible/adminer.yml

@@ -0,0 +1,8 @@
+- name: Playbook pour adminer 
+  hosts: onfarbo 
+  become: yes
+  become_method: sudo
+  become_user: root
+  
+  roles:
+    - adminer

AP4/onfarbo41/ansible/db.yml

@@ -0,0 +1,8 @@
+- name: Playbook pour la BDD 
+  hosts: onfarbo 
+  become: yes
+  become_method: sudo
+  become_user: root
+  
+  roles:
+    - db

AP4/onfarbo41/ansible/dokuwiki.yml

@@ -0,0 +1,8 @@
+- name: Playbook pour le dokuwiki 
+  hosts: onfarbo 
+  become: yes
+  become_method: sudo
+  become_user: root
+  
+  roles:
+    - dokuwiki 

AP4/onfarbo41/ansible/hosts

@@ -0,0 +1,2 @@
+[onfarbo]
+onfarbo41

AP4/onfarbo41/ansible/playbook.yml

@@ -0,0 +1,10 @@
+- name: Playbook pour onfarbo41
+  hosts: onfarbo 
+  become: yes
+  become_method: sudo
+  become_user: root
+  
+  roles:
+    - adminer
+    - db
+    - dokuwiki 

AP4/onfarbo41/ansible/roles/adminer/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

AP4/onfarbo41/ansible/roles/adminer/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart apache
+  service:
+    name: apache2
+    state: restarted

AP4/onfarbo41/ansible/roles/adminer/tasks/main.yml

@@ -0,0 +1,34 @@
+- name: apt update
+  tags: update
+  apt:
+    update-cache: yes
+    cache_valid_time: 3600
+
+- name: install utils
+  tags: utils
+  apt:
+    name:
+      - apache2
+      - php
+      - php-common
+      - libapache2-mod-php
+      - php-cli
+      - php-xml
+      - php-mysql
+      - php-curl
+      - mariadb-server
+      - adminer
+      - python3-pymysql
+    state: present
+
+- name: On créer un lien symbolique
+  tags: link
+  file:
+    src: /usr/share/adminer/adminer
+    dest: /var/www/html/adminer
+    state: link
+
+- name: Message d'information
+  tags: msg
+  debug: msg="Adminer sera accessible depuis l'adresse http://onfarbo41/adminer.php"
+

AP4/onfarbo41/ansible/roles/adminer/vars/main.yml

@@ -0,0 +1 @@
+alias: "Alias /adminer.php /usr/share/adminer/adminer.php"

AP4/onfarbo41/ansible/roles/db/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart apache
+  service:
+    name: apache2
+    state: restarted

AP4/onfarbo41/ansible/roles/db/tasks/main.yml

@@ -0,0 +1,20 @@
+- name: On démarre MariaDB
+  tags: mariadb
+  service:
+    name: mysql
+    state: started
+
+- name: Création de la BDD bdarbre
+  tags: bdarbre
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: bdarbre
+
+- name: Création de l'utilisateur slam
+  tags: user
+  mysql_user:
+    name: slam
+    password: Azerty1+
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock

AP4/onfarbo41/ansible/roles/dokuwiki/files/dokuwiki.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+chemin=/var/www/html/doku
+
+apt install -y apache2 php php-mbstring php-gd php-xml
+cd /root
+[ -r dokuwiki-stable.tgz ] || wget http://depl/store/dokuwiki-stable.tgz
+
+if [ $? !=0 ]; then
+	echo "$0 : erreurwget" 1>&2
+	exit 1
+fi
+tar xvfz dokuwiki-stable.tgz
+[ -d "${chemin}" ] || mkdir "${chemin}"
+
+cp -a dokuwiki-2020-07-29/* "${chemin}"
+cd "${chemin}"
+chown -R root:root .
+chmod -R 755 .
+chown -R www-data:www-data data lib conf
+exit 0

AP4/onfarbo41/ansible/roles/dokuwiki/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart apache
+  service:
+    name: apache2
+    state: restarted

AP4/onfarbo41/ansible/roles/dokuwiki/tasks/main.yml

@@ -0,0 +1,26 @@
+- name: Création du dossier DokuWiki
+  tags: createfile
+  file:
+    path: /root/dokuwiki
+    state: directory
+    mode: 0755
+
+- name: copie du fichier script d'install de dokuwiki
+  tags: sh
+  copy:
+    src: dokuwiki.sh
+    dest: /root/dokuwiki
+
+- name: On rend exécutable le script d'install
+  tags: chmod
+  file:
+    path: /root/dokuwiki/dokuwiki.sh
+    mode: 0755
+
+- name: exécution du script d'install de dokuwiki
+  tags: exec
+  command: bash /root/dokuwiki/dokuwiki.sh
+
+- name: Message d'information pour dokuwiki
+  tags: msg2
+  debug: msg="Le dokuwiki devra être installer depuis l'adresse http://onfarbo41/doku/install.php"

AP4/onfarbo41/gosstest/goss.yaml

@@ -0,0 +1,36 @@
+#Ici, on test MariaDB
+port:
+  tcp:3306:
+    listening: true
+    ip:
+    - 127.0.0.1
+
+#Ici, on test ssh
+service:
+  ssh:
+    enabled: true
+    running: true
+group:
+  ssh:
+    exists: true
+    gid: 111
+
+#Ici, on test le serveur web
+http:
+  http://10.121.38.206:
+    status: 200
+    allow-insecure: false
+    no-follow-redirects: false
+    timeout: 5000
+    body:
+    - works
+
+#Ici, on test dokuwiki
+http:
+  http://10.121.38.206/doku/:
+    status: 200
+    allow-insecure: false
+    no-follow-redirects: false
+    timeout: 5000
+    body:
+    - Trace

AP4/onfarbo41/onfinfra/ansible/glpi.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  connection: local
+  roles:
+    - glpi

AP4/onfarbo41/onfinfra/ansible/roles/glpi/defaults/main.yml

@@ -0,0 +1,10 @@
+depl_url: "http://depl/store"
+glpi_tgz: "glpi-9.5.7.tgz"
+fusion: "fusioninventory-9.5+3.0.tar.bz2"
+fusion64: "fusioninventory-agent_windows-x64_2.6.exe"
+glpi_dir: "/var/www/html/glpi"
+glpi_dbhost: "127.0.0.1"
+glpi_dbname: "glpi"
+glpi_dbuser: "glpi"
+glpi_dbpasswd: "glpi"
+

AP4/onfarbo41/onfinfra/ansible/roles/glpi/files/glpi.conf

@@ -0,0 +1,12 @@
+DocumentRoot /var/www/glpi
+        <Directory /var/www/glpi>
+                Options Indexes FollowSymLinks MultiViews
+                AllowOverride All
+                Order allow,deny
+                allow from all
+                AuthType Basic
+        </Directory>
+
+        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
+        CustomLog ${APACHE_LOG_DIR}/glpi_access.log combined
+        ErrorLog  ${APACHE_LOG_DIR}/glpi_error.log

AP4/onfarbo41/onfinfra/ansible/roles/glpi/files/my.cnf

@@ -0,0 +1,3 @@
+[client]
+user=root
+password=root

AP4/onfarbo41/onfinfra/ansible/roles/glpi/handlers/main.yml

@@ -0,0 +1,18 @@
+---
+- name: restart php-fpm
+  service:
+    name: php-fpm
+    state: restarted
+    enabled: yes
+
+- name: restart nginx
+  service:
+    name: nginx
+    state : restarted
+    enabled: yes  
+
+- name: restart mariadb-server
+  service: 
+    name: mariadb-server
+    state: restarted
+    enabled: yes

AP4/onfarbo41/onfinfra/ansible/roles/glpi/tasks/main.yml

@@ -0,0 +1,134 @@
+---
+  - name: Installation des paquets
+    apt:
+      state: latest
+      name:
+      - nginx
+      - php-fpm
+      - php-mbstring
+      - php-mysql
+      - php-gd
+      - php-curl
+      - php-xml
+      - php-apcu
+      - php-ldap
+      - php-imap
+      - php-xmlrpc
+      - php-cas
+      - python3-mysqldb
+      - mariadb-server
+      - python3-pymysql
+      - php-intl
+      - php-bz2
+      - php-zip
+      - postfix
+      - mailutils
+
+  - name: Changement listen dans le fichier conf de php
+    replace:
+      dest: /etc/php/7.4/fpm/pool.d/www.conf
+      regexp: 'listen = /run/php/php7.4-fpm.sock'
+      replace: 'listen = 127.0.0.1:9000'
+      backup: yes
+
+  - name: Effacement block nginx default
+    file:
+      path: /etc/nginx/sites-enabled/default 
+      state: absent
+
+  - name: Creation fichier block nginx
+    template: 
+      src: block.j2 
+      dest: /etc/nginx/sites-enabled/glpi
+
+  - name: Remplacement dans le fichier de conf php du timeout
+    replace:
+      dest: /etc/php/7.4/fpm/php.ini
+      regexp: 'max_execution_time = 30'
+      replace: 'max_execution_time = 600'
+      backup: yes
+
+    notify:
+      - restart nginx
+
+  - name: Creation de la base de donnee mysql
+    mysql_db:
+      name: "{{ glpi_dbname }}"
+      check_implicit_admin: yes
+      state: present
+      login_unix_socket: /var/run/mysqld/mysqld.sock
+
+  - name: Creation de l'utilisateur mysql avec tous les privileges
+    mysql_user:
+      user: "{{ glpi_dbuser }}"
+      password: "{{ glpi_dbpasswd }}"
+      priv: "*.*:ALL,GRANT"
+      login_unix_socket: /var/run/mysqld/mysqld.sock
+      state: present
+ #   with_items:
+  #    - 127.0.0.1
+
+  - name: Creation du repertoire {{ glpi_dir }}
+    file: 
+      path: "{{ glpi_dir }}"
+      state: directory
+      owner: www-data
+      group: www-data
+
+  - name: Installation de GLPI
+    unarchive:
+      src: "{{ depl_url }}/{{ glpi_tgz }}"
+      dest: /var/www/html
+      remote_src: yes
+      owner: www-data
+      group: www-data
+
+  - name: Changement des attributs {{ glpi_dir }}
+    file: 
+      path: "{{ glpi_dir }}" 
+      owner: www-data 
+      group: www-data 
+      mode: 0755 
+      recurse: yes
+
+  - name: Changement des attributs {{ glpi_dir }}/plugins
+    file:
+      path: "{{ glpi_dir }}/plugins"
+      mode: 0777
+      owner: www-data
+      group: www-data
+      recurse: yes
+
+  - name: Installation de Fusioninventory pour Linux
+    unarchive:
+      src: "{{ depl_url }}/{{ fusion }}"
+      dest: "/var/www/html/glpi/plugins"
+      remote_src: yes
+
+  - name: Creation de ficlient
+    file:
+      path: /var/www/html/ficlients
+      state: directory
+      owner: www-data
+      group: www-data
+      mode: 0775
+
+  - name: Attribution des droits nginx.index
+    file:
+      path: /var/www/html/index.nginx-debian.html
+      owner: www-data
+      group: www-data
+      mode: 0775
+
+  - name: Installation de FusionInventory windows x64
+    get_url:
+      url: "{{ depl_url }}/{{ fusion64 }}"
+      dest: "/var/www/html/ficlients"
+
+  - name: Attribution des permissions sur repertoire /plugins/fusioninventory
+    file:
+      path: /var/www/html/glpi/plugins/fusioninventory
+      owner: www-data
+      group: www-data
+      recurse: yes
+      state: directory

AP4/onfarbo41/onfinfra/ansible/roles/glpi/templates/block.j2

@@ -0,0 +1,23 @@
+server {
+        listen   80 default_server;
+        root {{ glpi_dir }};
+        index index.php;
+        server_name localhost;
+
+        location / {try_files $uri $uri/ index.php;}
+
+        #prise en charge PHP
+        location ~ \.php$ {
+                fastcgi_pass 127.0.0.1:9000;
+                fastcgi_index index.php;
+                include /etc/nginx/fastcgi_params;
+                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                include fastcgi_params;
+                fastcgi_param SERVER_NAME $host;
+  	 }
+
+	location /ficlients {
+		root /var/www/html;
+		autoindex on;
+	}
+}

AP4/onfarbo41/onfinfra/goss/goss.yaml

@@ -0,0 +1,39 @@
+port:
+  tcp:80:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp:3306:
+    listening: true
+    ip:
+    - 127.0.0.1
+service:
+  mysql:
+    enabled: true
+    running: true
+user:
+  mysql:
+    exists: true
+    uid: 106
+    gid: 112
+    groups:
+    - mysql
+    home: /nonexistent
+    shell: /bin/false
+group:
+  mysql:
+    exists: true
+    gid: 112
+interface:
+  enp0s3:
+    exists: true
+    addrs:
+    - 192.168.2.12/24
+    - fe80::a00:27ff:fea2:45fd/64
+    mtu: 1500
+  enp0s8:
+    exists: true
+    addrs:
+    - 192.168.0.39/24
+    - fe80::a00:27ff:fe66:36e3/64
+    mtu: 1500

AP4/onfarbo41/onfnmap/nmap/nmap-int.txt

@@ -0,0 +1,120 @@
+Starting Nmap 7.80 ( https://nmap.org ) at 2022-02-10 15:14 CET
+NSE: Loaded 151 scripts for scanning.
+NSE: Script Pre-scanning.
+Initiating NSE at 15:14
+Completed NSE at 15:14, 0.00s elapsed
+Initiating NSE at 15:14
+Completed NSE at 15:14, 0.00s elapsed
+Initiating NSE at 15:14
+Completed NSE at 15:14, 0.00s elapsed
+Initiating ARP Ping Scan at 15:14
+Scanning 192.168.2.1 [1 port]
+Completed ARP Ping Scan at 15:14, 0.00s elapsed (1 total hosts)
+Initiating Parallel DNS resolution of 1 host. at 15:14
+Completed Parallel DNS resolution of 1 host. at 15:14, 0.00s elapsed
+Initiating SYN Stealth Scan at 15:14
+Scanning onfdc.onf41.lan (192.168.2.1) [1000 ports]
+Discovered open port 53/tcp on 192.168.2.1
+Discovered open port 139/tcp on 192.168.2.1
+Discovered open port 135/tcp on 192.168.2.1
+Discovered open port 445/tcp on 192.168.2.1
+Discovered open port 88/tcp on 192.168.2.1
+Discovered open port 3269/tcp on 192.168.2.1
+Discovered open port 636/tcp on 192.168.2.1
+Discovered open port 464/tcp on 192.168.2.1
+Discovered open port 593/tcp on 192.168.2.1
+Discovered open port 3268/tcp on 192.168.2.1
+Discovered open port 389/tcp on 192.168.2.1
+Completed SYN Stealth Scan at 15:14, 4.67s elapsed (1000 total ports)
+Initiating Service scan at 15:14
+Scanning 11 services on onfdc.onf41.lan (192.168.2.1)
+Stats: 0:01:03 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
+Service scan Timing: About 90.91% done; ETC: 15:15 (0:00:06 remaining)
+Completed Service scan at 15:16, 141.12s elapsed (11 services on 1 host)
+Initiating OS detection (try #1) against onfdc.onf41.lan (192.168.2.1)
+NSE: Script scanning 192.168.2.1.
+Initiating NSE at 15:16
+Completed NSE at 15:17, 40.11s elapsed
+Initiating NSE at 15:17
+Completed NSE at 15:17, 23.52s elapsed
+Initiating NSE at 15:17
+Completed NSE at 15:17, 0.00s elapsed
+Nmap scan report for onfdc.onf41.lan (192.168.2.1)
+Host is up (0.00053s latency).
+Not shown: 989 filtered ports
+PORT     STATE SERVICE      VERSION
+53/tcp   open  domain?
+| fingerprint-strings: 
+|   DNSVersionBindReqTCP: 
+|     version
+|_    bind
+88/tcp   open  kerberos-sec Microsoft Windows Kerberos (server time: 2022-02-10 14:14:26Z)
+135/tcp  open  msrpc        Microsoft Windows RPC
+139/tcp  open  netbios-ssn  Microsoft Windows netbios-ssn
+389/tcp  open  ldap         Microsoft Windows Active Directory LDAP (Domain: onf41.lan, Site: Default-First-Site-Name)
+445/tcp  open  microsoft-ds Windows Server 2016 Standard 14393 microsoft-ds (workgroup: onf41)
+464/tcp  open  kpasswd5?
+593/tcp  open  ncacn_http   Microsoft Windows RPC over HTTP 1.0
+636/tcp  open  tcpwrapped
+3268/tcp open  ldap         Microsoft Windows Active Directory LDAP (Domain: onf41.lan, Site: Default-First-Site-Name)
+3269/tcp open  tcpwrapped
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port53-TCP:V=7.80%I=7%D=2/10%Time=62051DC9%P=x86_64-pc-linux-gnu%r(DNSV
+SF:ersionBindReqTCP,20,"\0\x1e\0\x06\x81\x04\0\x01\0\0\0\0\0\0\x07version\
+SF:x04bind\0\0\x10\0\x03");
+MAC Address: 08:00:27:D0:A5:B6 (Oracle VirtualBox virtual NIC)
+Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
+Device type: general purpose
+Running: Microsoft Windows 2016
+OS CPE: cpe:/o:microsoft:windows_server_2016
+OS details: Microsoft Windows Server 2016
+Uptime guess: 0.027 days (since Thu Feb 10 14:38:47 2022)
+Network Distance: 1 hop
+TCP Sequence Prediction: Difficulty=261 (Good luck!)
+IP ID Sequence Generation: Incremental
+Service Info: Host: ONFDC; OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Host script results:
+|_clock-skew: mean: -20m02s, deviation: 34m38s, median: -2s
+| nbstat: NetBIOS name: ONFDC, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:d0:a5:b6 (Oracle VirtualBox virtual NIC)
+| Names:
+|   ONFDC<00>            Flags: <unique><active>
+|   ONF41<1c>            Flags: <group><active>
+|   ONF41<00>            Flags: <group><active>
+|   ONFDC<20>            Flags: <unique><active>
+|_  ONF41<1b>            Flags: <unique><active>
+| smb-os-discovery: 
+|   OS: Windows Server 2016 Standard 14393 (Windows Server 2016 Standard 6.3)
+|   Computer name: onfdc
+|   NetBIOS computer name: ONFDC\x00
+|   Domain name: onf41.lan
+|   Forest name: onf41.lan
+|   FQDN: onfdc.onf41.lan
+|_  System time: 2022-02-10T15:16:43+01:00
+| smb-security-mode: 
+|   account_used: guest
+|   authentication_level: user
+|   challenge_response: supported
+|_  message_signing: required
+| smb2-security-mode: 
+|   2.02: 
+|_    Message signing enabled and required
+| smb2-time: 
+|   date: 2022-02-10T14:16:43
+|_  start_date: 2022-02-10T13:39:07
+
+TRACEROUTE
+HOP RTT     ADDRESS
+1   0.53 ms onfdc.onf41.lan (192.168.2.1)
+
+NSE: Script Post-scanning.
+Initiating NSE at 15:17
+Completed NSE at 15:17, 0.00s elapsed
+Initiating NSE at 15:17
+Completed NSE at 15:17, 0.00s elapsed
+Initiating NSE at 15:17
+Completed NSE at 15:17, 0.00s elapsed
+Read data files from: /usr/bin/../share/nmap
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 211.71 seconds
+           Raw packets sent: 2027 (91.026KB) | Rcvd: 21 (1.246KB)

AP4/onfarbo41/onfnmap/nmap/nmap-pt.txt

@@ -0,0 +1,118 @@
+Starting Nmap 7.80 ( https://nmap.org ) at 2022-02-10 15:21 CET
+NSE: Loaded 151 scripts for scanning.
+NSE: Script Pre-scanning.
+Initiating NSE at 15:21
+Completed NSE at 15:21, 0.00s elapsed
+Initiating NSE at 15:21
+Completed NSE at 15:21, 0.00s elapsed
+Initiating NSE at 15:21
+Completed NSE at 15:21, 0.00s elapsed
+Initiating ARP Ping Scan at 15:21
+Scanning 192.168.0.36 [1 port]
+Completed ARP Ping Scan at 15:21, 0.00s elapsed (1 total hosts)
+Initiating Parallel DNS resolution of 1 host. at 15:21
+Completed Parallel DNS resolution of 1 host. at 15:21, 0.00s elapsed
+Initiating SYN Stealth Scan at 15:21
+Scanning 192.168.0.36 [1000 ports]
+Discovered open port 445/tcp on 192.168.0.36
+Discovered open port 139/tcp on 192.168.0.36
+Discovered open port 135/tcp on 192.168.0.36
+Discovered open port 53/tcp on 192.168.0.36
+Discovered open port 3268/tcp on 192.168.0.36
+Discovered open port 389/tcp on 192.168.0.36
+Discovered open port 3269/tcp on 192.168.0.36
+Discovered open port 593/tcp on 192.168.0.36
+Discovered open port 88/tcp on 192.168.0.36
+Discovered open port 464/tcp on 192.168.0.36
+Discovered open port 636/tcp on 192.168.0.36
+Completed SYN Stealth Scan at 15:21, 4.83s elapsed (1000 total ports)
+Initiating Service scan at 15:21
+Scanning 11 services on 192.168.0.36
+Completed Service scan at 15:23, 141.12s elapsed (11 services on 1 host)
+Initiating OS detection (try #1) against 192.168.0.36
+NSE: Script scanning 192.168.0.36.
+Initiating NSE at 15:23
+Completed NSE at 15:24, 40.09s elapsed
+Initiating NSE at 15:24
+Completed NSE at 15:24, 17.01s elapsed
+Initiating NSE at 15:24
+Completed NSE at 15:24, 0.00s elapsed
+Nmap scan report for 192.168.0.36
+Host is up (0.00048s latency).
+Not shown: 989 filtered ports
+PORT     STATE SERVICE      VERSION
+53/tcp   open  domain?
+| fingerprint-strings: 
+|   DNSVersionBindReqTCP: 
+|     version
+|_    bind
+88/tcp   open  kerberos-sec Microsoft Windows Kerberos (server time: 2022-02-10 14:21:28Z)
+135/tcp  open  msrpc        Microsoft Windows RPC
+139/tcp  open  netbios-ssn  Microsoft Windows netbios-ssn
+389/tcp  open  ldap         Microsoft Windows Active Directory LDAP (Domain: onf41.lan, Site: Default-First-Site-Name)
+445/tcp  open  microsoft-ds Windows Server 2016 Standard 14393 microsoft-ds (workgroup: onf41)
+464/tcp  open  kpasswd5?
+593/tcp  open  ncacn_http   Microsoft Windows RPC over HTTP 1.0
+636/tcp  open  tcpwrapped
+3268/tcp open  ldap         Microsoft Windows Active Directory LDAP (Domain: onf41.lan, Site: Default-First-Site-Name)
+3269/tcp open  tcpwrapped
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port53-TCP:V=7.80%I=7%D=2/10%Time=62051F6F%P=x86_64-pc-linux-gnu%r(DNSV
+SF:ersionBindReqTCP,20,"\0\x1e\0\x06\x81\x04\0\x01\0\0\0\0\0\0\x07version\
+SF:x04bind\0\0\x10\0\x03");
+MAC Address: 08:00:27:3A:E3:56 (Oracle VirtualBox virtual NIC)
+Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
+Device type: general purpose
+Running: Microsoft Windows 2016
+OS CPE: cpe:/o:microsoft:windows_server_2016
+OS details: Microsoft Windows Server 2016
+Uptime guess: 0.032 days (since Thu Feb 10 14:38:47 2022)
+Network Distance: 1 hop
+TCP Sequence Prediction: Difficulty=263 (Good luck!)
+IP ID Sequence Generation: Incremental
+Service Info: Host: ONFDC; OS: Windows; CPE: cpe:/o:microsoft:windows
+
+Host script results:
+|_clock-skew: mean: -20m02s, deviation: 34m38s, median: -2s
+| nbstat: NetBIOS name: ONFDC, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:3a:e3:56 (Oracle VirtualBox virtual NIC)
+| Names:
+|   ONFDC<00>            Flags: <unique><active>
+|   ONF41<1c>            Flags: <group><active>
+|   ONF41<00>            Flags: <group><active>
+|   ONFDC<20>            Flags: <unique><active>
+|_  ONF41<1b>            Flags: <unique><active>
+| smb-os-discovery: 
+|   OS: Windows Server 2016 Standard 14393 (Windows Server 2016 Standard 6.3)
+|   Computer name: onfdc
+|   NetBIOS computer name: ONFDC\x00
+|   Domain name: onf41.lan
+|   Forest name: onf41.lan
+|   FQDN: onfdc.onf41.lan
+|_  System time: 2022-02-10T15:23:45+01:00
+| smb-security-mode: 
+|   account_used: guest
+|   authentication_level: user
+|   challenge_response: supported
+|_  message_signing: required
+| smb2-security-mode: 
+|   2.02: 
+|_    Message signing enabled and required
+| smb2-time: 
+|   date: 2022-02-10T14:23:45
+|_  start_date: 2022-02-10T13:39:07
+
+TRACEROUTE
+HOP RTT     ADDRESS
+1   0.48 ms 192.168.0.36
+
+NSE: Script Post-scanning.
+Initiating NSE at 15:24
+Completed NSE at 15:24, 0.00s elapsed
+Initiating NSE at 15:24
+Completed NSE at 15:24, 0.00s elapsed
+Initiating NSE at 15:24
+Completed NSE at 15:24, 0.00s elapsed
+Read data files from: /usr/bin/../share/nmap
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 205.32 seconds
+           Raw packets sent: 2027 (91.026KB) | Rcvd: 22 (1.298KB)

AP4/onfarbo41/wireguard/wireguard-confcli/endpoint-b.key

@@ -0,0 +1 @@
+KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=

AP4/onfarbo41/wireguard/wireguard-confcli/endpoint-b.pub

@@ -0,0 +1 @@
+GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=

AP4/onfarbo41/wireguard/wireguard-confcli/wg0.conf

@@ -0,0 +1,11 @@
+# local settings for Endpoint B
+[Interface]
+PrivateKey = KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=       #Clé privée du client
+Address = 10.0.0.2/32   #Adresse du client
+ListenPort = 51820
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=       #Clé publique du serveur vpn
+Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn

AP4/onfarbo41/wireguard/wireguard-confsrv/endpoint-a.key

@@ -0,0 +1 @@
+qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=

AP4/onfarbo41/wireguard/wireguard-confsrv/endpoint-a.pub

@@ -0,0 +1 @@
+qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=

AP4/onfarbo41/wireguard/wireguard-confsrv/wg0.conf

@@ -0,0 +1,15 @@
+# local settings for Endpoint A
+[Interface]
+PrivateKey = qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=       #Clé privée du serveur vpn
+Address = 10.0.0.1/32   #Adresse du serveur vpn
+ListenPort = 51820
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=        #Clé publique du client
+AllowedIPs = 10.0.0.2/32 #Adresse vpn du client
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE=        #Clé publique du client
+AllowedIPs = 10.0.0.3/32 #Adresse vpn du client

AP4/onfarbo41/wireguard/wireguard-script/endpoint-a.key

@@ -0,0 +1 @@
+qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-a.pub

@@ -0,0 +1 @@
+qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-b.key

@@ -0,0 +1 @@
+KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-b.pub

@@ -0,0 +1 @@
+GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-c.key

@@ -0,0 +1 @@
+cD01vjVVw642INlyE+Rmbwf9/Y6Msz6pLTI1zCRjeWM=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-c.pub

@@ -0,0 +1 @@
+e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE=

AP4/onfarbo41/wireguard/wireguard-script/wg0-a.conf

@@ -0,0 +1,15 @@
+# local settings for Endpoint A
+[Interface]
+PrivateKey = qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=       #Clé privée du serveur vpn
+Address = 10.0.0.1/32   #Adresse du serveur vpn
+ListenPort = 51820
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=        #Clé publique du client
+AllowedIPs = 10.0.0.2/32 #Adresse vpn du client
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE=        #Clé publique du client
+AllowedIPs = 10.0.0.3/32 #Adresse vpn du client

AP4/onfarbo41/wireguard/wireguard-script/wg0-b.conf

@@ -0,0 +1,11 @@
+# local settings for Endpoint B
+[Interface]
+PrivateKey = KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=       #Clé privée du client
+Address = 10.0.0.2/32   #Adresse du client
+ListenPort = 51820
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=       #Clé publique du serveur vpn
+Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn

AP4/onfarbo41/wireguard/wireguard-script/wg0-c.conf

@@ -0,0 +1,11 @@
+# local settings for Endpoint C
+[Interface]
+PrivateKey = cD01vjVVw642INlyE+Rmbwf9/Y6Msz6pLTI1zCRjeWM=       #Clé privée du client
+Address = 10.0.0.3/32   #Adresse du client
+ListenPort = 51820
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=       #Clé publique du serveur vpn
+Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn

AP4/onfarbo41/wireguard/wireguard-script/wireguard-init.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+bash wireguard.sh
+cp endpoint-a.* wg0-a.conf /etc/wireguard
+cd /etc/wireguard
+mv wg0-a.conf wg0.conf
+systemctl start wg-quick@wg0
+systemctl enable wg-quick@wg0

AP4/onfarbo41/wireguard/wireguard-script/wireguard.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+set -u
+set -e
+
+AddressAwg=10.0.0.1/32  # Adresse VPN Wireguard extremite A
+EndpointA=10.121.38.66 # Adresse extremite A
+PortA=51820             # Port ecoute extremite A
+AddressBwg=10.0.0.2/32  # Adresse VPN Wireguard extremite B
+EndpointB=192.168.2.14  # Adresse extremite B
+PortB=51820             # Port ecoute extremite B
+AddressCwg=10.0.0.3/32  # Adresse VPN Wireguard extremite C
+EndpointC=192.168.2.15  # Adresse extremite C
+PortC=51820             # Port ecoute extremite C
+
+umask 077 ;
+wg genkey > endpoint-a.key
+wg pubkey < endpoint-a.key > endpoint-a.pub
+
+wg genkey > endpoint-b.key
+wg pubkey < endpoint-b.key > endpoint-b.pub
+
+wg genkey > endpoint-c.key
+wg pubkey < endpoint-c.key > endpoint-c.pub
+
+PKA=$(cat endpoint-a.key)
+pKA=$(cat endpoint-a.pub)
+PKB=$(cat endpoint-b.key)
+pKB=$(cat endpoint-b.pub)
+PKC=$(cat endpoint-c.key)
+pKC=$(cat endpoint-c.pub)
+
+cat <<FINI > wg0-a.conf
+# local settings for Endpoint A
+[Interface]
+PrivateKey = $PKA       #Clé privée du serveur vpn
+Address = $AddressAwg   #Adresse du serveur vpn
+ListenPort = $PortA
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = $pKB        #Clé publique du client
+AllowedIPs = $AddressBwg #Adresse vpn du client
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = $pKC        #Clé publique du client
+AllowedIPs = $AddressCwg #Adresse vpn du client
+FINI
+
+
+cat <<FINI > wg0-b.conf
+# local settings for Endpoint B
+[Interface]
+PrivateKey = $PKB       #Clé privée du client
+Address = $AddressBwg   #Adresse du client
+ListenPort = $PortB
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA       #Clé publique du serveur vpn
+Endpoint = ${EndpointA}:$PortA #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = $AddressAwg #Adresse du serveur vpn
+FINI
+
+
+cat <<FINI > wg0-c.conf
+# local settings for Endpoint C
+[Interface]
+PrivateKey = $PKC       #Clé privée du client
+Address = $AddressCwg   #Adresse du client
+ListenPort = $PortC
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA       #Clé publique du serveur vpn
+Endpoint = ${EndpointA}:$PortA #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = $AddressAwg #Adresse du serveur vpn
+FINI