migré vers le projet "Notes"
This commit is contained in:
@@ -1,118 +0,0 @@
|
||||
alias=8.8.8.8,192.168.100.3
|
||||
|
||||
listen-address=127.0.0.1,192.168.100.1
|
||||
# Never forward plain names (without a dot or domain part)
|
||||
domain-needed
|
||||
# Never forward addresses in the non-routed address spaces
|
||||
bind-dynamic
|
||||
bogus-priv
|
||||
filterwin2k
|
||||
#localise-queries
|
||||
# Add local-only domains here, queries in these domains are answered
|
||||
# from /etc/hosts or DHCP only.
|
||||
local=/acegrp.lan/
|
||||
domain=acegrp.lan
|
||||
#expand-hosts
|
||||
#no-negcache
|
||||
#no-resolv
|
||||
clear-on-reload
|
||||
resolv-file=/tmp/resolv.conf.auto
|
||||
|
||||
#dhcp-authoritative
|
||||
dhcp-leasefile=/tmp/dhcp.leases
|
||||
|
||||
#log-queries
|
||||
#log-dhcp
|
||||
|
||||
# use /etc/ethers for static hosts; same format as --dhcp-host
|
||||
#read-ethers
|
||||
|
||||
# activez le serveur DHCP:
|
||||
# Plage DHCP
|
||||
dhcp-range=192.168.100.2,192.168.100.251,1h
|
||||
# Netmask
|
||||
dhcp-option=1,255.255.255.0
|
||||
# Route
|
||||
dhcp-option=3,192.168.100.254
|
||||
dhcp-option=option:dns-server,192.168.100.3
|
||||
# Set the NIS domain name to "acegrp.lan"
|
||||
dhcp-option=40,acegrp.lan
|
||||
|
||||
# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
|
||||
dhcp-option=252,"\n"
|
||||
# If a DHCP client claims that its name is "wpad", ignore that.
|
||||
# This fixes a security hole. see CERT Vulnerability VU#598349
|
||||
dhcp-name-match=set:wpad-ignore,wpad
|
||||
dhcp-ignore-names=tag:wpad-ignore
|
||||
|
||||
|
||||
#upstream
|
||||
#server=1.1.1.1
|
||||
server=9.9.9.10
|
||||
|
||||
# Catherine AlienWare
|
||||
dhcp-host=00:0e:c6:fe:4d:97,,192.168.100.250,infinite
|
||||
|
||||
|
||||
# Cedric Desktop
|
||||
dhcp-host=74:d4:35:5b:42:0d,,192.168.100.155,infinite
|
||||
|
||||
# Luc Desktop - Carte mère
|
||||
dhcp-host=00:22:4d:9d:47:03,,192.168.100.26,infinite
|
||||
|
||||
# Ethernet USB - Glaabit
|
||||
dhcp-host=00:E0:4C:68:95:37,,192.168.100.28,infinite
|
||||
# Ordinateur Portable
|
||||
dhcp-host=80:fa:5b:49:c1:38,,192.168.100.27,infinite
|
||||
|
||||
# lexmark41
|
||||
dhcp-host=00:21:b7:6d:ae:65,,192.168.100.146,infinite
|
||||
|
||||
# rpiampere
|
||||
dhcp-host=b8:27:eb:7b:d0:83,,192.168.100.206,infinite
|
||||
|
||||
# Freebox
|
||||
dhcp-host=34:27:92:85:cb:78,,192.168.100.82,infinite
|
||||
|
||||
# acenetwifi
|
||||
dhcp-host=dc:a6:32:3d:6e:42,,192.168.100.163,infinite
|
||||
|
||||
# rpisalon
|
||||
dhcp-host=b8:27:eb:94:a5:67,,192.168.100.25,infinite
|
||||
|
||||
# rpiluc - alias DNS
|
||||
dhcp-host=dc:a6:32:33:f7:a7,,,192.168.100.59,infinite
|
||||
cname=ampere.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=api.ampere.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=acegbd.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=awsadmin.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=bt.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=dolibarr.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=dolibarr-3.6.2.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=erdsystem.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=ged.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=memoprix.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=minecraft.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=osseam.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=speedtest.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=pma.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=planning.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=zmhome.rpiluc001.acegrp.lan,rpiluc001.acegrp.lan
|
||||
cname=zamba.acegrp.lan,rpinas.acegrp.lan
|
||||
cname=wpad.acegrp.lan,rpiluc001.acegrp.lan
|
||||
|
||||
# dskosm001
|
||||
#dhcp-host=,,192.168.100.61,infinite
|
||||
#dhcp-host=,,192.168.100.62,infinite
|
||||
|
||||
|
||||
|
||||
#dhcp-host=,,192.168.100.,infinite
|
||||
|
||||
# -- invité --
|
||||
dhcp-host=d4:5d:64:67:3b:13,dskjojo001,192.168.100.159,infinite
|
||||
dhcp-host=b0:5a:da:58:57:7b,catwin001,192.168.100.158,infinite
|
||||
|
||||
# Delays sending DHCPOFFER and proxydhcp replies for at least the specified number of seconds.
|
||||
dhcp-mac=set:client_is_a_pi,B8:27:EB:*:*:*
|
||||
dhcp-reply-delay=tag:client_is_a_pi,2
|
||||
@@ -1,2 +0,0 @@
|
||||
# Generated by resolvconf
|
||||
nameserver 127.0.0.1
|
||||
@@ -1 +0,0 @@
|
||||
nameserver 9.9.9.9
|
||||
@@ -1,149 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Vérifier si le script est exécuté en root
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "Ce script doit être exécuté en tant que root."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
### Fonction pour mettre à jour le système
|
||||
update_system() {
|
||||
echo "Mise à jour du système..."
|
||||
apt update && apt upgrade -y
|
||||
}
|
||||
|
||||
### Fonction pour installer sudo s'il n'est pas déjà présent
|
||||
install_sudo() {
|
||||
if command -v sudo &>/dev/null; then
|
||||
echo "Sudo est déjà installé."
|
||||
else
|
||||
echo "Installation de sudo..."
|
||||
apt install -y sudo
|
||||
fi
|
||||
}
|
||||
|
||||
### Fonction pour ajouter un utilisateur administrateur
|
||||
add_admin_user() {
|
||||
# Vérifier s'il existe déjà un utilisateur autre que root
|
||||
EXISTING_USER=$(awk -F: '$3 >= 1000 && $3 < 60000 {print $1; exit}' /etc/passwd)
|
||||
|
||||
if [[ -n "$EXISTING_USER" ]]; then
|
||||
echo "Un utilisateur ($EXISTING_USER) existe déjà sur le système."
|
||||
read -p "Voulez-vous ajouter un autre utilisateur administrateur ? (o/N) " ADD_NEW_USER
|
||||
if [[ ! "$ADD_NEW_USER" =~ ^[Oo]$ ]]; then
|
||||
echo "Aucun nouvel utilisateur ajouté."
|
||||
return
|
||||
fi
|
||||
fi
|
||||
|
||||
read -p "Entrez le nom du nouvel utilisateur : " NEW_USER
|
||||
|
||||
# Vérifier si l'utilisateur existe déjà
|
||||
if id "$NEW_USER" &>/dev/null; then
|
||||
echo "L'utilisateur $NEW_USER existe déjà."
|
||||
else
|
||||
adduser "$NEW_USER"
|
||||
echo "Utilisateur $NEW_USER créé."
|
||||
fi
|
||||
|
||||
# Vérifier si l'utilisateur est dans le groupe sudo
|
||||
if groups "$NEW_USER" | grep -q "\bsudo\b"; then
|
||||
echo "$NEW_USER est déjà dans le groupe sudo."
|
||||
else
|
||||
usermod -aG sudo "$NEW_USER"
|
||||
echo "$NEW_USER ajouté au groupe sudo."
|
||||
fi
|
||||
# Vérifier si les permissions sudo sont déjà définies
|
||||
if [ -f "/etc/sudoers.d/$NEW_USER" ]; then
|
||||
echo "Les permissions sudo sont déjà configurées pour $NEW_USER."
|
||||
else
|
||||
echo "$NEW_USER ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$NEW_USER"
|
||||
chmod 0440 "/etc/sudoers.d/$NEW_USER"
|
||||
echo "Configuration sudo appliquée pour $NEW_USER."
|
||||
fi
|
||||
|
||||
# Demander si on veut ajouter une clé SSH
|
||||
read -p "Voulez-vous ajouter une clé SSH pour $NEW_USER ? (o/N) " ADD_SSH
|
||||
if [[ "$ADD_SSH" =~ ^[Oo]$ ]]; then
|
||||
SSH_DIR="/home/$NEW_USER/.ssh"
|
||||
AUTH_KEYS="$SSH_DIR/authorized_keys"
|
||||
|
||||
# Créer le dossier .ssh s'il n'existe pas
|
||||
if [ ! -d "$SSH_DIR" ]; then
|
||||
mkdir -p "$SSH_DIR"
|
||||
chown "$NEW_USER:$NEW_USER" "$SSH_DIR"
|
||||
chmod 700 "$SSH_DIR"
|
||||
echo "Dossier .ssh créé pour $NEW_USER."
|
||||
fi
|
||||
|
||||
read -p "Collez la clé publique SSH : " SSH_KEY
|
||||
|
||||
# Vérifier si la clé est déjà présente
|
||||
if grep -qxF "$SSH_KEY" "$AUTH_KEYS" 2>/dev/null; then
|
||||
echo "Cette clé SSH est déjà ajoutée."
|
||||
else
|
||||
echo "$SSH_KEY" >> "$AUTH_KEYS"
|
||||
chown "$NEW_USER:$NEW_USER" "$AUTH_KEYS"
|
||||
chmod 600 "$AUTH_KEYS"
|
||||
echo "Clé SSH ajoutée pour $NEW_USER."
|
||||
fi
|
||||
else
|
||||
echo "Aucune clé SSH ajoutée."
|
||||
fi
|
||||
}
|
||||
|
||||
### Fonction pour configurer SSH de manière sécurisée
|
||||
configure_ssh() {
|
||||
if grep -q "^PermitRootLogin no" /etc/ssh/sshd_config; then
|
||||
echo "La connexion root SSH est déjà désactivée."
|
||||
else
|
||||
echo "Désactivation de la connexion root via SSH..."
|
||||
sed -i 's/^#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||
sed -i 's/^PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||
systemctl restart ssh
|
||||
echo "Sécurisation SSH appliquée."
|
||||
fi
|
||||
}
|
||||
|
||||
### Fonction pour installer et configurer Fail2Ban
|
||||
install_fail2ban() {
|
||||
if dpkg -l | grep -q "^ii fail2ban"; then
|
||||
echo "Fail2Ban est déjà installé."
|
||||
else
|
||||
echo "Installation de Fail2Ban..."
|
||||
apt install -y fail2ban
|
||||
fi
|
||||
}
|
||||
|
||||
### Fonction pour configurer les locales en français UTF-8
|
||||
configure_locales() {
|
||||
echo "Configuration des locales en français UTF-8..."
|
||||
apt install -y locales
|
||||
|
||||
# Vérifier si fr_FR.UTF-8 est déjà activé
|
||||
if locale -a | grep -q "fr_FR.utf8"; then
|
||||
echo "Les locales en fr_FR.UTF-8 sont déjà activées."
|
||||
else
|
||||
sed -i 's/# fr_FR.UTF-8 UTF-8/fr_FR.UTF-8 UTF-8/' /etc/locale.gen
|
||||
locale-gen
|
||||
fi
|
||||
|
||||
# Appliquer les variables locales si nécessaire
|
||||
if grep -q "LANG=fr_FR.UTF-8" /etc/default/locale; then
|
||||
echo "Les variables locales sont déjà configurées."
|
||||
else
|
||||
update-locale LANG=fr_FR.UTF-8 LANGUAGE=fr_FR.UTF-8 LC_ALL=fr_FR.UTF-8
|
||||
echo "Variables locales mises à jour."
|
||||
fi
|
||||
}
|
||||
|
||||
### SECTION PRINCIPALE : Activer/Désactiver les options ici
|
||||
update_system
|
||||
install_sudo
|
||||
add_admin_user
|
||||
configure_ssh
|
||||
install_fail2ban
|
||||
configure_locales
|
||||
|
||||
echo "Installation et configuration de base terminées."
|
||||
echo "Vous pouvez maintenant vous connecter avec l'utilisateur : $NEW_USER"
|
||||
Reference in New Issue
Block a user