New test

README.md

@@ -3,3 +3,4 @@
 Dépôt de suivi des fichiers de configuration réalisés au cours du BTS SIO
 
 **sisr1** : enseignement SISR, première 
+

sisr1/README.md

@@ -9,4 +9,7 @@ Travaux pratiques de première année : option SISR
 **- tp02-dns** : 
   * configuration de serveurs DNS primaires et secondaires 
   * configuration du service DHCP pour utiliser ces DNS
-  * automatisation du lancement du script NAT
+  * automatisation du lancement du script NAT
+
+  # Plage d'adresse personnelle  : 
+    ** 192.168.0.120 à 192.168.0.139 ** 

sisr1/tp02-dns/dns1/db.sio-yl.lan

@@ -0,0 +1,21 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	dns1-yl.sio-yl.lan. root.dns1.sio-yl.lan. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+			NS	dns1-yl.sio-yl.lan.
+dns1-yl.sio-yl.lan.	A 192.168.0.121	
+
+ 
+@	IN	NS	localhost.
+;@	IN	A	127.0.0.1
+deb-dhcp-yl	IN	A	192.168.0.120
+dhcp		CNAME deb-dhcp-yl.sio-yl.lan.
+dns		CNAME dns1-yl.sio-yl.lan.
+dns2-yl		IN	A	192.168.0.122
+;@	IN	AAAA	::1

sisr1/tp02-dns/dns1/db.sio-yl.lan.rev

@@ -0,0 +1,17 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	dns1-yl.sio-yl.lan. root.dns1-yl.sio-yl.lan. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;	
+	IN	NS	dns1-yl.sio.lan.
+	
+
+120	IN	PTR	deb-dhcp-yl.sio-yl.lan.
+121	IN	PTR	dns1-yl.sio-yl.lan.
+122	IN	PTR	dns2-yl.sio-yl.lan.

sisr1/tp02-dns/dns1/dhcpd.conf

@@ -0,0 +1,109 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+option domain-name "example.org";
+option domain-name-servers ns1.example.org, ns2.example.org;
+
+default-lease-time 3600;
+max-lease-time 604800;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+subnet 192.168.2.0 netmask 255.255.255.0 {
+	range 192.168.2.5 192.168.2.104;
+	option routers 192.168.2.1;
+	option domain-name-servers 192.168.0.121;
+	option domain-name "dns1-yl.sio-yl.lan";
+}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+host wxp {
+  hardware ethernet 08:00:27:77:70:0d;
+  fixed-address 192.168.2.105;
+}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}

sisr1/tp02-dns/dns1/hostname

@@ -0,0 +1 @@
+deb-dhcp-yl

sisr1/tp02-dns/dns1/hosts

@@ -0,0 +1,7 @@
+127.0.0.1	localhost
+127.0.1.1	deb-dhcp-yl.sio.lan	deb-dhcp-yl
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters

sisr1/tp02-dns/dns1/named.conf.options

@@ -0,0 +1,24 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	forwarders {
+		10.121.38.7; // Forwarder 1 
+	 };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation no;
+
+	listen-on-v6 { any; };
+};

sisr1/tp02-dns/dns2/db.sio-yl.lan

@@ -0,0 +1,17 @@
+$ORIGIN .
+$TTL 604800	; 1 week
+sio-yl.lan		IN SOA	dns1-yl.sio-yl.lan. root.dns1.sio-yl.lan. (
+				2          ; serial
+				604800     ; refresh (1 week)
+				86400      ; retry (1 day)
+				2419200    ; expire (4 weeks)
+				604800     ; minimum (1 week)
+				)
+			NS	dns1-yl.sio-yl.lan.
+			NS	localhost.
+$ORIGIN sio-yl.lan.
+deb-dhcp-yl		A	192.168.0.120
+dhcp			CNAME	deb-dhcp-yl
+dns			CNAME	dns1-yl
+dns1-yl			A	192.168.0.121
+dns2-yl			A	192.168.0.122

sisr1/tp02-dns/dns2/db.sio-yl.lan.rev

@@ -0,0 +1,14 @@
+$ORIGIN .
+$TTL 604800	; 1 week
+0.168.192.in-addr.arpa	IN SOA	dns1-yl.sio-yl.lan. root.dns1-yl.sio-yl.lan. (
+				2          ; serial
+				604800     ; refresh (1 week)
+				86400      ; retry (1 day)
+				2419200    ; expire (4 weeks)
+				604800     ; minimum (1 week)
+				)
+			NS	dns1-yl.sio.lan.
+$ORIGIN 0.168.192.in-addr.arpa.
+120			PTR	deb-dhcp-yl.sio-yl.lan.
+121			PTR	dns1-yl.sio-yl.lan.
+122			PTR	dns2-yl.sio-yl.lan.

sisr1/tp02-dns/dns2/named.conf

@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";

sisr1/tp02-dns/dns2/named.conf.local

@@ -0,0 +1,24 @@
+//
+// Do any local configuration here
+	// zone directe
+        zone "sio-yl.lan" {
+             type slave;
+             file "/etc/bind/db.sio-yl.lan";
+	     masters { 192.168.0.121; };
+	     masterfile-format text;
+        };
+
+	// zone inverse 
+	zone "0.168.192.in-addr.arpa" {
+	     type slave;
+             notify no;
+             file "/etc/bind/db.sio-yl.lan.rev";
+	     masters { 192.168.0.121; };
+	     masterfile-format text;
+	};
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+

sisr1/tp02-dns/dns2/named.conf.options

@@ -0,0 +1,24 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	forwarders {
+		10.121.38.7; // Forwarder 1 
+	 };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation no;
+
+	listen-on-v6 { any; };
+};

sisr1/tp02-dns/dns2/usr.sbin.named

@@ -0,0 +1,101 @@
+# vim:syntax=apparmor
+# Last Modified: Fri Jun  1 16:43:22 2007
+#include <tunables/global>
+
+profile named /usr/sbin/named flags=(attach_disconnected) {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+
+  capability net_bind_service,
+  capability setgid,
+  capability setuid,
+  capability sys_chroot,
+  capability sys_resource,
+
+  # /etc/bind should be read-only for bind
+  # /var/lib/bind is for dynamically updated zone (and journal) files.
+  # /var/cache/bind is for slave/stub data, since we're not the origin of it.
+  # See /usr/share/doc/bind9/README.Debian.gz
+  /etc/bind/** rw,
+  /var/lib/bind/** rw,
+  /var/lib/bind/ rw,
+  /var/cache/bind/** lrw,
+  /var/cache/bind/ rw,
+
+  # Database file used by allow-new-zones
+  /var/cache/bind/_default.nzd-lock rwk,
+
+  # gssapi
+  /etc/krb5.keytab kr,
+  /etc/bind/krb5.keytab kr,
+
+  # ssl
+  /etc/ssl/*.cnf r,
+  /etc/ssl/*.conf r,
+
+  # root hints from dns-data-root
+  /usr/share/dns/root.* r,
+
+  # GeoIP data files for GeoIP ACLs
+  /usr/share/GeoIP/** r,
+
+  # dnscvsutil package
+  /var/lib/dnscvsutil/compiled/** rw,
+
+  # Allow changing worker thread names
+  owner @{PROC}/@{pid}/task/@{tid}/comm rw,
+
+  # named need to check if hugepages is available
+  /sys/kernel/mm/transparent_hugepage/enabled r,
+
+  @{PROC}/net/if_inet6 r,
+  @{PROC}/*/net/if_inet6 r,
+  @{PROC}/sys/net/ipv4/ip_local_port_range r,
+  /usr/sbin/named mr,
+  /{,var/}run/named/named.pid w,
+  /{,var/}run/named/session.key w,
+  # support for resolvconf
+  /{,var/}run/named/named.options r,
+
+  # some people like to put logs in /var/log/named/ instead of having
+  # syslog do the heavy lifting.
+  /var/log/named/** rw,
+  /var/log/named/ rw,
+
+  # gssapi
+  /var/lib/sss/pubconf/krb5.include.d/** r,
+  /var/lib/sss/pubconf/krb5.include.d/ r,
+  /var/lib/sss/mc/initgroups r,
+  /etc/gss/mech.d/ r,
+
+  # ldap
+  /etc/ldap/ldap.conf r,
+  /{,var/}run/slapd-*.socket rw,
+
+  # dynamic updates
+  /var/tmp/DNS_* rw,
+
+  # dyndb backends
+  /usr/lib/bind/*.so rm,
+
+  # Samba DLZ
+  /{usr/,}lib/@{multiarch}/samba/bind9/*.so rm,
+  /{usr/,}lib/@{multiarch}/samba/gensec/*.so rm,
+  /{usr/,}lib/@{multiarch}/samba/ldb/*.so rm,
+  /{usr/,}lib/@{multiarch}/ldb/modules/ldb/*.so rm,
+  /var/lib/samba/bind-dns/dns.keytab rk,
+  /var/lib/samba/bind-dns/named.conf r,
+  /var/lib/samba/bind-dns/dns/** rwk,
+  /var/lib/samba/private/dns.keytab rk,
+  /var/lib/samba/private/named.conf r,
+  /var/lib/samba/private/dns/** rwk,
+  /etc/samba/smb.conf r,
+  /dev/urandom rwmk,
+  owner /var/tmp/krb5_* rwk,
+
+  # systemd sd_notify
+  /run/systemd/notify w,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.sbin.named>
+}

sisr1/tp02-dns/nat/README.md

@@ -3,4 +3,6 @@
     * Rendre exécutable : <code>chmod +x /root/nat.sh</code>
   * **nat.service** : service lançant le script au démarrage
     * A placer à /etc/systemd/system/nat.service
-    * Activer le service : <code>systemctl enable nat.service</code>
+    * Activer le service : <code>systemctl enable nat.service</code>
+
+    

sisr1/tp03-reseau-prive/srv-admin/cartes_reseau

@@ -0,0 +1,22 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+#allow-hotplug enp0s3
+#iface enp0s3 inet dhcp
+auto enp0s3
+iface enp0s3 inet static
+	address 192.168.0.120/24
+	gateway 192.168.0.1
+
+# The secondary network interface 
+auto enp0s8
+iface enp0s8 inet dhcp
+#iface enp0s8 inet static 
+#	address 172.16.0.1/24

sisr1/tp03-reseau-prive/srv-admin/nat/README.md

@@ -0,0 +1,8 @@
+  * **nat.sh** : script activant la NAT dynamique sans filtrage
+    * A placer à /root/nat.sh
+    * Rendre exécutable : <code>chmod +x /root/nat.sh</code>
+  * **nat.service** : service lançant le script au démarrage
+    * A placer à /etc/systemd/system/nat.service
+    * Activer le service : <code>systemctl enable nat.service</code>
+
+    

sisr1/tp03-reseau-prive/srv-admin/nat/nat.service

@@ -0,0 +1,13 @@
+[Unit]
+ 
+Description=execute /root/nat.sh
+ 
+After=default.target
+ 
+[Service]
+ 
+ExecStart=bash /root/nat.sh
+ 
+[Install]
+ 
+WantedBy=default.target

sisr1/tp03-reseau-prive/srv-admin/nat/nat.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+echo "1" > /proc/sys/net/ipv4/ip_forward
+nft add table basic_nat_table
+nft add chain basic_nat_table prerouting {type nat hook prerouting priority 0 \; }
+nft add chain basic_nat_table postrouting {type nat hook postrouting priority 0 \; }
+nft add rule basic_nat_table postrouting masquerade

sisr1/tp03-reseau-prive/srv-dns2/carte_reseau/interfaces

@@ -0,0 +1,17 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+allow-hotplug enp0s3
+iface enp0s3 inet dhcp
+#auto enp0s3
+#iface enp0s3 inet static
+#	address 172.16.0.200/24
+#	gateway 172.16.0.1
+	

sisr1/tp03-reseau-prive/srv-dns2/dns/README.md

@@ -0,0 +1,2 @@
+- Exportation du fichier named.conf.local uniquement car ce dernier va récuperer la configuration de **srv-service** (serveur DNS primaire). 
+- **named.conf.local** : configuration de ce dernier en mettant le serveur DNS en slave (DNS secondaire)

sisr1/tp03-reseau-prive/srv-dns2/dns/named.conf.local

@@ -0,0 +1,25 @@
+//
+// Do any local configuration here
+	// zone directe
+	zone "monlabo.lan" {
+		type slave;
+		file "/etc/bind/db.monlabo.lan";
+		masters {172.16.0.2; };
+		masterfile-format text;
+	};
+//	
+	// zone inverse
+	zone "0.16.172.in-addr.arpa" {
+                type slave;
+		notify no;
+                file "/etc/bind/db.monlabo.lan.rev";
+		masters {172.16.0.2; };
+		masterfile-format text;
+	};
+
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+

sisr1/tp03-reseau-prive/srv-service/carte_reseau/interfaces

@@ -0,0 +1,17 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+allow-hotplug enp0s3
+#iface enp0s3 inet dhcp
+auto enp0s3
+iface enp0s3 inet static
+	address 172.16.0.2/24
+	gateway 172.16.0.1
+	

sisr1/tp03-reseau-prive/srv-service/dhcp/dhcpd.conf

@@ -0,0 +1,115 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+option domain-name "example.org";
+option domain-name-servers ns1.example.org, ns2.example.org;
+
+default-lease-time 600;
+max-lease-time 7200;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+subnet 172.16.0.0 netmask 255.255.255.0 {
+  range 172.16.0.50 172.16.0.149;
+  #option broadcast-address 10.254.239.31;
+  option routers 172.16.0.1;
+  option domain-name-servers 172.16.0.2, 172.16.0.3;
+  option domain-name "monlabo.lan";
+}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+host srv-admin-yl {
+hardware ethernet 08:00:27:b8:da:8b;
+  fixed-address 172.16.0.1;
+}
+
+host srv-dns2 {
+hardware ethernet 08:00:27:95:ad:90;
+  fixed-address 172.16.0.3;
+}
+
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}

sisr1/tp03-reseau-prive/srv-service/dhcp/isc-dhcp-server

@@ -0,0 +1,18 @@
+# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
+#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPDv4_PID=/var/run/dhcpd.pid
+#DHCPDv6_PID=/var/run/dhcpd6.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="enp0s3"
+INTERFACESv6=""

sisr1/tp03-reseau-prive/srv-service/dns/db.monlabo.lan

@@ -0,0 +1,28 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	srv-service.monlabo.lan. root.monlabo.lan. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+		NS	srv-service.monlabo.lan.
+		NS	srv-dns2.monlabo.lan.	
+srv-service.monlabo.lan.		A	172.16.0.2
+srv-dns2.monlabo.lan.			A	172.16.0.3
+srv-admin-yl.monlabo.lan.		A	172.16.0.1
+
+srvdhcp IN	CNAME	srv-service.monlabo.lan.
+dhcp	IN	CNAME	srv-service.monlabo.lan.
+srvdns	IN	CNAME	srv-service.monlabo.lan.
+srvdns1	IN	CNAME	srv-service.monlabo.lan.
+srvdns2	IN	CNAME	srv-dns2.monlabo.lan.
+dns1	IN	CNAME	srv-service.monlabo.lan.
+dns	IN	CNAME	srv-service.monlabo.lan.	
+dns2	IN	CNAME	srv-dns2.monlabo.lan.
+srvadmin	IN	CNAME	srv-admin-yl.monlabo.lan.
+router		IN	CNAME	srv-admin-yl.monlabo.lan.
+gateway		IN	CNAME	srv-admin-yl.monlabo.lan.
+

sisr1/tp03-reseau-prive/srv-service/dns/db.monlabo.lan.rev

@@ -0,0 +1,30 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	srv-service.monlabo.lan. root.srv-service.monlabo.lan. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+		NS	srv-service.monlabo.lan.
+		NS	srv-dns2.monlabo.lan.
+
+
+3	IN	PTR	srv-dns2.monlabo.lan.
+1	IN	PTR	srv-admin-yl.monlabo.lan.
+2	IN	PTR	srv-service.monlabo.lan.
+
+srvdhcp IN	CNAME	srv-service.monlabo.lan.
+dhcp	IN	CNAME	srv-service.monlabo.lan.
+srvdns	IN	CNAME	srv-service.monlabo.lan.
+srvdns1	IN	CNAME	srv-service.monlabo.lan.
+srvdns2	IN	CNAME	srv-dns2.monlabo.lan.
+dns1	IN	CNAME	srv-service.monlabo.lan.
+dns	IN	CNAME	srv-service.monlabo.lan.	
+dns2	IN	CNAME	srv-dns2.monlabo.lan.
+srvadmin	IN	CNAME	srv-admin-yl.monlabo.lan.
+router		IN	CNAME	srv-admin-yl.monlabo.lan.
+gateway		IN	CNAME	srv-admin-yl.monlabo.lan.
+

sisr1/tp03-reseau-prive/srv-service/dns/named.conf.local

@@ -0,0 +1,20 @@
+//
+// Do any local configuration here
+	// zone directe
+	zone "monlabo.lan" {
+		type master;
+		file "/etc/bind/db.monlabo.lan";
+	};
+
+	// zone inverse
+	zone "0.16.172.in-addr.arpa" {
+		type master;
+		notify no;
+		file "etc/bind/db.monlabo.lan.rev";
+	};   
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+

sisr1/tp03-reseau-prive/srv-service/dns/named.conf.options

@@ -0,0 +1,24 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	forwarders {
+		10.121.38.7; //DNS lycée 
+	};
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation no;
+
+	listen-on-v6 { any; };
+};

sisr1/tp04_scripts_admin/tp04/Users.csv

@@ -0,0 +1,30 @@
+Ermengarde,Berthelmot,eberthelmot0@webmd.com,Female,Accountant,
+Kassi,Bunker,kbunker1@xinhuanet.com,Female,Production,
+Moises,McCallum,mmccallum2@i2i.jp,Male,Production,
+Patrizio,Lune,plune3@upenn.edu,Male,Accountant,
+Blanch,Everix,beverix4@php.net,Female,Accountant,
+Stafani,Kibbel,skibbel5@marriott.com,Female,Production,
+Ignacius,Mosdell,imosdell6@cloudflare.com,Male,Management,
+Jeana,Waller-Bridge,jwallerbridge7@mapy.cz,Female,Management,
+Elroy,Dressel,edressel8@opera.com,Male,Production,
+Thea,Strettell,tstrettell9@nature.com,Female,Production,
+Solomon,Insoll,sinsolla@utexas.edu,Male,Accountant,
+Carri,Feedome,cfeedomeb@ask.com,Female,Accountant,
+Padraic,Chetwind,pchetwindc@last.fm,Male,Management,
+Solly,D'Ugo,sdugod@uiuc.edu,Male,Production,
+Konstanze,MacCostigan,kmaccostigane@seattletimes.com,Female,Accountant,
+Roxane,Powlesland,rpowleslandf@pcworld.com,Female,Management,
+Orelle,Kennealy,okennealyg@arstechnica.com,Female,Production,
+Sukey,Soitoux,ssoitouxh@shinystat.com,Female,Production,
+Nelli,Syce,nsycei@blogger.com,Female,Production,
+Clarisse,Shillam,cshillamj@dailymotion.com,Female,Production,
+Carin,Gueny,cguenyk@naver.com,Female,Management,
+Donny,Riepel,driepell@addtoany.com,Male,Production,
+Daniella,Ralfe,dralfem@wunderground.com,Female,Production,
+Lexy,Clynmans,lclynmansn@furl.net,Female,Production,
+Gardiner,Adamthwaite,gadamthwaiteo@spotify.com,Male,Production,
+Woodman,Lippett,wlippettp@purevolume.com,Male,Production,
+Nadya,Munnion,nmunnionq@flavors.me,Female,Production,
+Llewellyn,Habershon,lhabershonr@alibaba.com,Male,Production,
+Isaak,Greatrex,igreatrexs@seesaa.net,Male,Production,
+Darill,Frostdyke,dfrostdyket@cafepress.com,Male,Production,

sisr1/tp04_scripts_admin/tp04/createGroups.sh

@@ -0,0 +1,32 @@
+#!/bin/bash 
+file='./Users.csv'
+group=""
+while read ligne # Utilisation d'une boucle while car plus paratique pour lire un fichier 
+do
+    metier=$(echo $ligne | cut -d "," -f5 ) # A chaque itération, stocke le métier dans $metier 
+    
+    # Vérification de la présence du groupe accountant -> ajout de la fonction "accountant" à $groups
+    if [[ $(echo $ligne | grep $metier) != "" ]] ; then
+        groupadd $metier
+    fi
+   
+
+    
+    
+
+
+
+done < $file # Permet d'inclure le fichier à la boucle 
+
+# Vérification des groupes crées 
+tail /etc/group 
+
+
+
+
+  # 
+    # if [[$group != $metier]]
+    # then
+    # groupadd $metier
+    # else
+    # echo "Le groupe existe déjà"

sisr1/tp04_scripts_admin/tp04/createLogins.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+file='./Users.csv'
+loginFile='./logins.csv'
+
+
+rm $loginFile 2> /dev/null # Redirection des erreurs
+touch $loginFile
+
+
+
+while read line # Utilisation d'une boucle while car plus paratique pour lire un fichier 
+do
+    # A chaque itération, writeFile va se réinitialiser 
+    writeFile="" 
+    
+    # A chaque itération récupère dans des variables le nom, prénom et le groupe
+    fName=$(echo $line | cut -d "," -f1 )
+    lName=$(echo $line | cut -d "," -f2 )
+    group=$(echo $line | cut -d "," -f5 )
+    login=$(echo $fName | cut -c1)$lName
+    login=$(echo $login | tr [:upper:] [:lower:])
+    login=$(echo $login | tr -dc [:alnum:])
+    
+    # A chaque itération stocke le mot de passer pour chaque utilisateur dans password
+    password=$(tr -dc A-Za-z0-9 </dev/urandom | head -c8; echo)
+
+    # A chaque itération, ajout des infos ci-dessous dans loginFile
+    writeFile="$login;$password;$fName;$lName;$group"
+    echo $writeFile >> $loginFile 
+done < $file

sisr1/tp04_scripts_admin/tp04/createUsers.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+file="./logins.csv"
+
+while read line
+do
+    username=$(echo $line | cut -d ";" -f1)
+    # L'option -m crée le répertoire perso dans /home et -s indique le shell
+    useradd -m -s "/bin/bash" $username 
+    group=$(echo $line | cut -d ";" -f5)
+    usermod -aG $group $username
+    password=$(echo $line | cut -d ";" -f2)
+    # Permet de changer le mot de passe 
+    echo $username:$password | chpasswd
+    # Attribution des droits sur le répertoire personnel *
+    chown $username:$username /home/$username
+    
+done < $file 

sisr1/tp04_scripts_admin/tp04/deployUsers.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Ip passée en paramètre 
+ip=$1
+user=root
+workdir=/$user/deploy
+ssh $user@$ip "mkdir -p $workdir" 2> /dev/null 
+scp "./createGroups.sh" "./logins.csv" "Users.csv" "createUsers.sh" $user@$ip:$workdir
+ssh $user@$ip << EOF
+    cd $workdir
+    bash createGroups.sh
+    bash createUsers.sh
+    rm -R $workdir
+EOF
+# ssh $user@$ip "cd $workdir ; bash $workdir/createGroups.sh ; bash $workdir/createUsers.sh ; rm -R $workdir"

sisr1/tp04_scripts_admin/tp04/gitpush.sh

@@ -0,0 +1,18 @@
+#!/bin/bash 
+# Permet de vérifier si un message a été passé en argument 
+if [ -z "$1" ]; then
+  read -p "Erreur : Entrez un message : " $message
+else 
+  message=$1
+
+   
+fi
+
+ # Ajout des fichiers modifiés
+git add .
+
+# Commit avec le message
+git commit -m "$message"
+
+# Push vers le dépôt Gitea 
+git push -u https://yann.lereuille@gitea.lyc-lecastel.fr/yann.lereuille/siotp.git

sisr1/tp04_scripts_admin/tp04/logins.csv

@@ -0,0 +1,30 @@
+eberthelmot;EV14Ml0y;Ermengarde;Berthelmot;Accountant
+kbunker;UH2lMt0J;Kassi;Bunker;Production
+mmccallum;inL1wFGX;Moises;McCallum;Production
+plune;CdeumP6l;Patrizio;Lune;Accountant
+beverix;XkA92SNB;Blanch;Everix;Accountant
+skibbel;DLPakOJc;Stafani;Kibbel;Production
+imosdell;9zvwKjFJ;Ignacius;Mosdell;Management
+jwallerbridge;Urz5FoAt;Jeana;Waller-Bridge;Management
+edressel;cw2Nkpp4;Elroy;Dressel;Production
+tstrettell;bfFjZ7oz;Thea;Strettell;Production
+sinsoll;xn0Cu8zg;Solomon;Insoll;Accountant
+cfeedome;Otm8KrwT;Carri;Feedome;Accountant
+pchetwind;HM2D6QUl;Padraic;Chetwind;Management
+sdugo;Mk8FhHgQ;Solly;D'Ugo;Production
+kmaccostigan;4pyLSjtz;Konstanze;MacCostigan;Accountant
+rpowlesland;6TqevQaP;Roxane;Powlesland;Management
+okennealy;GGcTSPT2;Orelle;Kennealy;Production
+ssoitoux;bLwFZDvY;Sukey;Soitoux;Production
+nsyce;c3uHw3eB;Nelli;Syce;Production
+cshillam;Pa3pzjrW;Clarisse;Shillam;Production
+cgueny;32wmqRXb;Carin;Gueny;Management
+driepel;bu7RmJUU;Donny;Riepel;Production
+dralfe;UeEW6VTC;Daniella;Ralfe;Production
+lclynmans;YpTIYcR3;Lexy;Clynmans;Production
+gadamthwaite;etWk91hZ;Gardiner;Adamthwaite;Production
+wlippett;Fyr0beDB;Woodman;Lippett;Production
+nmunnion;Lr1cekvC;Nadya;Munnion;Production
+lhabershon;VziwMTYz;Llewellyn;Habershon;Production
+igreatrex;FahUQNQz;Isaak;Greatrex;Production
+dfrostdyke;DcnA65DS;Darill;Frostdyke;Production

sisr1/tp05-proxy/dnsfwd.service

@@ -0,0 +1,13 @@
+[Unit]
+ 
+Description=execute /root/dnsfwd.sh
+ 
+After=default.target
+ 
+[Service]
+ 
+ExecStart=bash /root/dnsfwd.sh
+ 
+[Install]
+ 
+WantedBy=default.target

sisr1/tp05-proxy/dnsfwd.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+echo "1" > /proc/sys/net/ipv4/ip_forward
+nft add table dnsfwd
+nft add chain dnsfwd prerouting {type nat hook prerouting priority 0 \; }
+nft add chain dnsfwd postrouting {type nat hook postrouting priority 0 \; }
+nft add rule dnsfwd postrouting tcp dport 53 masquerade
+nft add rule dnsfwd postrouting udp dport 53 masquerade
+nft add rule dnsfwd prerouting tcp dport 53 masquerade
+nft add rule dnsfwd prerouting udp dport 53 masquerade
+nft add rule dnsfwd prerouting ct state established,related accept
+nft add rule dnsfwd postrouting ct state established,related accept

sisr1/tp05-proxy/gitpush.sh

@@ -0,0 +1,18 @@
+#!/bin/bash 
+# Permet de vérifier si un message a été passé en argument 
+if [ -z "$1" ]; then
+  read -p "Erreur : Entrez un message : " $message
+else 
+  message=$1
+
+   
+fi
+
+ # Ajout des fichiers modifiés
+git add .
+
+# Commit avec le message
+git commit -m "$message"
+
+# Push vers le dépôt Gitea 
+git push -u https://yann.lereuille@gitea.lyc-lecastel.fr/yann.lereuille/siotp.git

sisr1/tp05-proxy/majservice.sh

@@ -0,0 +1,15 @@
+
+
+#!/bin/bash
+ 
+#Script destiné à être paramétré et exécuté depuis un répertoire de votre dépôt Git contenant un fichier de configuration d'un service
+ 
+filename=squid.conf   #Nom du fichier de config
+filepath=/etc/squid   #Emplacement système du fichier de config
+servicename=squid.service   #Nom du service
+ 
+git pull #mise à jour du fichier de config du dépôt
+sudo cp $filepath/$filename $filepath/$filename.old #sauvegarde fichier précédent
+sudo cp  ./$filename  $filepath/$filename #copie du fichier de config mis à jour à son emplacement
+sudo systemctl restart $servicename #redémarrage du service associé
+