First sync

01-ssh/00-basic

@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# get load averages
+IFS=" " read LOAD1 LOAD5 LOAD15 <<<$(awk '{ print $1,$2,$3 }' /proc/loadavg)
+# get free memory
+IFS=" " read USED AVAIL TOTAL <<<$(free -htm | awk '/Mem/ { print $3,$7,$2 }')
+# get processes
+PROCESS=$(ps -eo user=|sort|uniq -c | awk '{ print $2 " " $1 }')
+PROCESS_ALL=$(echo "$PROCESS"| awk {'print $2'} | awk '{ SUM += $1} END { print SUM }')
+PROCESS_ROOT=$(echo "$PROCESS" | awk '/root/ { print $2}')
+PROCESS_USER=$(echo "$PROCESS" | awk '!/root/ { SUM += $2} END { print SUM }')
+# get processors
+PROCESSOR_NAME=$(awk -F": " '/model name/ { print $2 }' /proc/cpuinfo | head -1)
+PROCESSOR_COUNT=$(grep -ioPc 'processor\t:' /proc/cpuinfo)
+
+# colors
+W="\e[0;39m"
+G="\e[1;32m"
+R="\e[1;31m"
+dim="\e[2m"
+undim="\e[0m"
+
+echo -e "${W}System info:
+$W  Hostname$dim····$undim: $W${HOSTNAME}
+$W  Distro$dim······$undim: $W$(grep "PRETTY_NAME" /etc/*release | cut -d "=" -f 2- | sed 's/"//g')
+$W  Kernel$dim······$undim: $W$(uname -sr)
+$W  Uptime$dim······$undim: $W$(uptime -p)
+$W  Load$dim········$undim: $G$LOAD1$W (1m), $G$LOAD5$W (5m), $G$LOAD15$W (15m)
+$W  Processes$dim···$undim: $G$PROCESS_ROOT$W (root), $G$PROCESS_USER$W (user), $G$PROCESS_ALL$W (total)
+$W  CPU$dim·········$undim: $W$PROCESSOR_NAME ($G$PROCESSOR_COUNT$W vCPU)
+$W  Memory$dim······$undim: $G$USED$W used, $G$AVAIL$W avail, $G$TOTAL$W total"
+
+# config
+max_usage=90
+bar_width=50
+
+# disk usage: ignore zfs, squashfs & tmpfs
+printf "\nDisk usage:\n"
+
+while read line; do
+    # get disk usage
+    usage=$(echo "$line" | awk '{print $2}' | sed 's/%//')
+    used_width=$((($usage*$bar_width)/100))
+    # color is green if usage < max_usage, else red
+    if [ "${usage}" -ge "${max_usage}" ]; then
+        color=$R
+    else
+        color=$G
+    fi
+    # print green/red bar until used_width
+    bar="[${color}"
+    for ((i=0; i<$used_width; i++)); do
+        bar+="="
+    done
+    # print dimmmed bar until end
+    bar+="${W}${dim}"
+    for ((i=$used_width; i<$bar_width; i++)); do
+        bar+="·"
+    done
+    bar+="${undim}]"
+    # print usage line & bar
+    echo "${line}" | awk '{ printf("%-31s%+3s used out of %+4s\n", $1, $2, $3); }' | sed -e 's/^/  /'
+    echo -e "${bar}" | sed -e 's/^/  /'
+done < <(df -H -x zfs -x squashfs -x tmpfs -x devtmpfs -x overlay -x nfs -x nfs4 -x cifs --output=target,pcent,size | tail -n+2)
+
+printf "\n"

01-ssh/authorized_keys

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQA

01-ssh/banner

@@ -0,0 +1,25 @@
+
+  _______          _                                              
+ |__   __|        (_)                                             
+    | | __ _ _ __  _ ___                                          
+    | |/ _` | '_ \| / __|                                         
+    | | (_| | |_) | \__ \                                         
+    |_|\__,_| .__/|_|___/                                         
+   _____    | |_       _        __  __            _             
+  / ____|   |_(_)     | |      |  \/  |          | |            
+ | (___   __ _ _ _ __ | |_  __ | \  / | __ _  ___| | ___  _   _ 
+  \___ \ / _` | | '_ \| __||__|| |\/| |/ _` |/ __| |/ _ \| | | |
+  ____) | (_| | | | | | |_     | |  | | (_| | (__| | (_) | |_| |
+ |_____/ \__,_|_|_| |_|\__|    |_|  |_|\__,_|\___|_|\___/ \__,_|
+                                                                  
+AVERTISSEMENT : L'accès à ce système est réservé aux utilisateurs 
+dûment autorisés.
+
+Toute tentative d'accès, d'accès à ce système sans autorisation ou 
+de maintien frauduleux dans ce système fera l'objet de poursuites
+conformément à la politique de Tapis-Saint-Maclou.
+
+Tout utilisateur autorisé est informé et reconnaît que ses actions
+peuvent être enregistrées, conservées et auditées conformément aux
+chartes/politiques internes de aux chartes/politiques internes de
+Tapis-Saint-Maclou.

01-ssh/script.sh

@@ -0,0 +1,66 @@
+#!/bin/sh
+# Pour la configuration du ssh
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NOCOLOR='\033[0m'
+
+echo "${YELLOW} ** ${NOCOLOR} Début du script : 01-ssh"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Copie du fichier : authorized_keys"
+echo "${NOCOLOR}"
+
+cp 01-ssh/authorized_keys /root/.ssh/authorized_keys >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Copie du fichier : authorized_keys : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Copie des fichiers : ssh"
+echo "${NOCOLOR}"
+
+cp 01-ssh/ssh_config /etc/ssh/ssh_config >> /dev/null
+cp 01-ssh/sshd_config /etc/ssh/sshd_config >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Copie des fichiers : ssh : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Copie du fichier : banner"
+echo "${NOCOLOR}"
+
+cp 01-ssh/banner /etc/banner >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Copie du fichier : banner : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Copie du fichier : 00-basic"
+echo "${NOCOLOR}"
+
+cp 01-ssh/00-basic /etc/update-motd.d/00-basic >> /dev/null
+chmod +x /etc/update-motd.d/00-basic >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Copie du fichier : 00-basic : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Création du lien synbolique"
+echo "${NOCOLOR}"
+
+mkdir -p /etc/ssh/authorized_keys/ >> /dev/null
+
+cd /etc/ssh/authorized_keys/ >> /dev/null
+
+ln -s /root/.ssh/authorized_keys root >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Création du lien synbolique : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Relance du service sshd"
+echo "${NOCOLOR}"
+
+systemctl restart sshd >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Relance du service sshd : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} ** ${NOCOLOR} Fin du script : 01-ssh"
+echo "${NOCOLOR}"

01-ssh/ssh_config

@@ -0,0 +1,53 @@
+
+# This is the ssh client system-wide configuration file.  See
+# ssh_config(5) for more information.  This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
+
+# Configuration data is parsed as follows:
+#  1. command line options
+#  2. user-specific file
+#  3. system-wide file
+# Any configuration value is only changed the first time it is set.
+# Thus, host-specific definitions should be at the beginning of the
+# configuration file, and defaults at the end.
+
+# Site-wide defaults for some commonly used options.  For a comprehensive
+# list of available options, their meanings and defaults, please see the
+# ssh_config(5) man page.
+
+Include /etc/ssh/ssh_config.d/*.conf
+
+Host *
+#   ForwardAgent no
+#   ForwardX11 no
+#   ForwardX11Trusted yes
+#   PasswordAuthentication yes
+#   HostbasedAuthentication no
+#   GSSAPIAuthentication no
+#   GSSAPIDelegateCredentials no
+#   GSSAPIKeyExchange no
+#   GSSAPITrustDNS no
+#   BatchMode no
+#   CheckHostIP yes
+#   AddressFamily any
+#   ConnectTimeout 0
+#   StrictHostKeyChecking ask
+#   IdentityFile ~/.ssh/id_rsa
+#   IdentityFile ~/.ssh/id_dsa
+#   IdentityFile ~/.ssh/id_ecdsa
+#   IdentityFile ~/.ssh/id_ed25519
+#   Port 22
+#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
+#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
+#   EscapeChar ~
+#   Tunnel no
+#   TunnelDevice any:any
+#   PermitLocalCommand no
+#   VisualHostKey no
+#   ProxyCommand ssh -q -W %h:%p gateway.example.com
+#   RekeyLimit 1G 1h
+#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k
+    SendEnv LANG LC_*
+    HashKnownHosts yes
+    GSSAPIAuthentication yes

01-ssh/sshd_config

@@ -0,0 +1,124 @@
+#       $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+Port 2222
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin prohibit-password
+#StrictModes yes
+MaxAuthTries 3
+MaxSessions 5
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+AuthorizedKeysFile      /etc/ssh/authorized_keys/%u
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+Banner /etc/banner
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem       sftp    /usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#       X11Forwarding no
+#       AllowTcpForwarding no
+#       PermitTTY no
+#       ForceCommand cvs server

02-apt/02proxy

@@ -0,0 +1,3 @@
+Acquire::http::proxy "http://serv-proxy.fr.dgs.group:3128";
+Acquire::https::proxy "http://serv-proxy.fr.dgs.group:3128";
+Acquire::ftp::proxy "http://serv-proxy.fr.dgs.group:3128";

02-apt/script.sh

@@ -0,0 +1,36 @@
+#!/bin/sh
+# Pour la configuration de l'APT d'utiliser le proxy
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NOCOLOR='\033[0m'
+
+echo "${YELLOW} ** ${NOCOLOR} Début du script : 02-apt"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Copie du fichier : 02proxy"
+echo "${NOCOLOR}"
+
+cp 02-apt/02proxy /etc/apt/apt.conf.d/02proxy >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Copie du fichier : 02proxy : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Référence update"
+echo "${NOCOLOR}"
+
+apt update >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Référence update : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Mise à jour"
+echo "${NOCOLOR}"
+
+apt full-upgrade -y >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Mise à jour : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} ** ${NOCOLOR} Fin du script : 02-apt"
+echo "${NOCOLOR}"

03-cortex/etc/panw/cortex.conf

@@ -0,0 +1,2 @@
+--distribution-id 896dc20f132a45369e53e479b245d244
+--distribution-server https://distributions.traps.paloaltonetworks.com/

03-cortex/script.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+# Pour installer Cortex sur un serveur Debian
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NOCOLOR='\033[0m'
+
+echo "${YELLOW} ** ${NOCOLOR} Début du script : 03-cortex"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Création du dossier"
+echo "${NOCOLOR}"
+
+mkdir -p /etc/panw >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Création du dossier : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Copie du fichier : cortex.conf"
+echo "${NOCOLOR}"
+
+cp 03-cortex/etc/panw/cortex.conf /etc/panw/cortex.conf >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Copie du fichier : cortex.conf : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Installation iptables"
+echo "${NOCOLOR}"
+
+apt install -y iptables >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Installation iptables : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Installation Cortex"
+echo "${NOCOLOR}"
+
+dpkg -i 03-cortex/cortex-8.7.0.131661.deb
+
+echo "${YELLOW} * ${NOCOLOR} Installation Cortex : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} ** ${NOCOLOR} Fin du script : 03-cortex"
+echo "${NOCOLOR}"

04-agent-glpi/root-ca.cer

@@ -0,0 +1,48 @@
+-----BEGIN CERTIFICATE-----
+MIIETDCCAzSgAwIBAgIUakLbjyx8At7pHJM9JixKNMb3JGMwDQYJKoZIhvcNAQEL
+BQAwgdMxCzAJBgNVBAYTAkZSMQ0wCwYDVQQIDAROT1JEMRIwEAYDVQQHDAlXYXR0
+cmVsb3MxGzAZBgNVBAoMElRhcGlzLVNhaW50LU1hY2xvdTEeMBwGA1UECwwVVGFw
+aXMtU2FpbnQtTWFjbG91IElUMTYwNAYDVQQDDC1UYXBpcy1TYWludC1NYWNsb3Ug
+Q2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMjQxLDAqBgkqhkiG9w0BCQEWHWV4cGxv
+aXRhdGlvbkBzYWludC1tYWNsb3UuY29tMB4XDTI0MDcwNDEzMjcwMloXDTI1MDcw
+NDEzMjcwMlowgYkxCzAJBgNVBAYTAkZSMQ0wCwYDVQQIDAROb3JkMRIwEAYDVQQH
+DAlXYXR0cmVsb3MxGzAZBgNVBAoMElRhcGlzLVNhaW50LU1hY2xvdTEeMBwGA1UE
+CwwVVGFwaXMtU2FpbnQtTWFjbG91IElUMRowGAYDVQQDDBFnbHBpLmZyLmRncy5n
+cm91cDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKB0/EZL2sT6OGrL
+5c3cDCZDVSHKBgCDVo/GeMXQRdrpCnZpjKJhE2uP3LJlSwy2h5jgriS23+pF1Smd
+Kc7jZEYQGkSYLspgUqkVdtnNjqzxn7wKkr8g6QSKgtNGXg2/xy1iF9aVpf654Cl6
+8r4n68vPcAVO1WqQPAIHKpO9FYseSb8On4t+7dzOF7tUPPjl4CA9pC8Iv683MMSC
+f48OqWRrvrxMnEzTmCb0IZvR1n7gB2t8u7iN8s/Qn22GKelnhMW8o5/zik6HXu48
+tXGDUUvC8O7qKFVxE9q/WmZsgsNGkLZUbwY3M0oVI+D1foBr5UCLf2NGVwM4unr/
+e/AzLzsCAwEAAaNgMF4wHAYDVR0RBBUwE4IRZ2xwaS5mci5kZ3MuZ3JvdXAwHQYD
+VR0OBBYEFMREv0D1AVXfvSBtfPji6f3/SB2QMB8GA1UdIwQYMBaAFO1nBqs3suJm
+RmXwdUV89xkG9BygMA0GCSqGSIb3DQEBCwUAA4IBAQAmksi0sDQCKa/EfELK9l3D
+j51yO54CGJNPaqUBIpXrJmzO5WlJhQI6QMvsQzWURwVAes8UA5Uhl4H9+yqIzFnF
+F79m12n6HiOSXwQqzpbVFnT4T/i7/xpyGLiaeIL9JKKGGaxLNAa0sxCCE28aP0an
+/+JOIOu2Gxj8taC7mk+PuespT8Fvw7x8RLYFsrenL/XKij7NK4hpLig8Z74MvsS5
+aNdzfA3RdZHX0xygl69CJB2+d/Q9UNh0Q39VBWCBj/B0LWmF+80jaVBQHjbzx2HI
+JnA1zci9IuBuZPwtLShtKgjp7SvdjtwATkzqvvUJdnp8jm+/GTBj6WrQIbWGVdlg
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIQM71UEU7HOKBCy4ZKr6IUQjANBgkqhkiG9w0BAQsFADBQ
+MRUwEwYKCZImiZPyLGQBGRYFZ3JvdXAxEzARBgoJkiaJk/IsZAEZFgNkZ3MxEjAQ
+BgoJkiaJk/IsZAEZFgJmcjEOMAwGA1UEAxMFZnItQ0EwHhcNMjIwMzE2MDkyMzEz
+WhcNMzIwMzE2MDkzMzEyWjBQMRUwEwYKCZImiZPyLGQBGRYFZ3JvdXAxEzARBgoJ
+kiaJk/IsZAEZFgNkZ3MxEjAQBgoJkiaJk/IsZAEZFgJmcjEOMAwGA1UEAxMFZnIt
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMpNPLuf+6HONRTnTv
+R3DYPnmu3mal/L3FQTedkSPq0Ht+ucY9dJMaIVLtbm6boC9+8miNW2nndEn0Ny2k
+DKs5PAUUxNVb8FNRF0j8j4ltVbD6fPvtNhGUclyV10++4VLLKOll9WAcqopu9box
+CvmlIgJUK4yet3A8SPHcYwyIoFPIzlCkKLCJRT4exD2t+oiMhBbHZKIBjp659Zxy
+XQMj9yV2piUw3+70KiyCuFiSScp7kLqyQC6nFPGb+D1ixXJV5p5auOpS0l2henKG
+jlzqpnblunoX5TTfrQoXykAUAwOls3/3kwo7oxKmjG7zbLj+O7nvk7AxXgwfbXT/
+MW4xAgMBAAGjeDB2MAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBRas1Zc/+1piP2D1Rl9bSWFlamEEjASBgkrBgEEAYI3FQEEBQIDAgACMCMG
+CSsGAQQBgjcVAgQWBBR2qW7vDPnF71yDtFU+OQ8B6zFSTDANBgkqhkiG9w0BAQsF
+AAOCAQEAZCWITXnbPNOb7Vk39BYexrm0aufKsDj1L5H4P45P2V9RuSEsx+xi6sEu
+mrgqnO7KqGG1T64xUbQ7Uv+SzZrP47Zsuov4hNGbEbSH7X+gXHPDMD/G6fOgubpj
+boBEnnjOKXXKdskL1Zn6ntQfUA1JC67OxX9kdzgtzaJnkPCm9PuZ1swj3tm61xDv
+1h9hQ+wVaZEPSrjSI6kPu/O25WaHeHkFbbwH/MWHi36Z3Mlm9qzQCrWeDUqLnMUM
+aPdfxkaS+G92Rgb/RS6g1AJdPWwZTjVVJDf+qY3v6NNgjdRZKP6z2QID+8UhxcG0
+7wdLPp2QNon+RCXITakOlyPx6LxbEQ==
+-----END CERTIFICATE-----

04-agent-glpi/script.sh

@@ -0,0 +1,54 @@
+#!/bin/sh
+# Pour install l'agent GLPI
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NOCOLOR='\033[0m'
+
+echo "${YELLOW} ** ${NOCOLOR} Début du script : 04-glpi"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Déclaration du proxy"
+echo "${NOCOLOR}"
+
+export http_proxy='http://serv-proxy.fr.dgs.group:3128'
+export https_proxy='http://serv-proxy.fr.dgs.group:3128'
+export ftp_proxy='http://serv-proxy.fr.dgs.group:3128'
+
+echo "${YELLOW} * ${NOCOLOR} Déclaration du proxy : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Installation Wget"
+echo "${NOCOLOR}"
+
+apt install -y wget >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR}Installation Wget : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Copie du certificat"
+echo "${NOCOLOR}"
+
+cp 04-agent-glpi/root-ca.cer /etc/ssl/certs/root-ca.cer >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Copie du certificat : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Telechargement de l'installer"
+echo "${NOCOLOR}"
+
+wget https://github.com/glpi-project/glpi-agent/releases/download/1.11/glpi-agent-1.11-linux-installer.pl  >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Telechargement de l'installer : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Installation"
+echo "${NOCOLOR}"
+
+perl glpi-agent-1.11-linux-installer.pl --reinstall -s "https://glpi.fr.dgs.group/marketplace/glpiinventory/" -t "ServeurProd" --ca-cert-file=/etc/ssl/certs/root-ca.cer --type=all -v  >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Installation : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} ** ${NOCOLOR} Fin du script : 04-glpi"
+echo "${NOCOLOR}"

05-manageengine/DMRootCA-Server.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqzCCApOgAwIBAgIIX4tkL0r71OIwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgMAkNBMRUwEwYDVQQLDAxNYW5hZ2VFbmdpbmUxGTAXBgNV
+BAoMEFpvaG8gQ29ycG9yYXRpb24xFzAVBgNVBAMMDk1hbmFnZUVuZ2luZUNBMCAX
+DTIzMTEyNzA5NDU1MloYDzIxMjMxMTI3MDk0NTUyWjBlMQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCQ0ExFTATBgNVBAsMDE1hbmFnZUVuZ2luZTEZMBcGA1UECgwQWm9o
+byBDb3Jwb3JhdGlvbjEXMBUGA1UEAwwOTWFuYWdlRW5naW5lQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYtJmarYc7ha7LbrwE5BlOlGP1zzzZcOTn
+oglnnAg898yx+AOc0sjIf55OFESU919nqqD1+tyZ6GmuFtNhDhrM7znLLMECMjbC
+CvvJHcoXZ3iO/gSjhiXfQuKiU1vvRjfz/+9A+76PW+Y4gM0BGe+z68L/dHYaZ5ys
+NwOwtDDR55eM1c0K0AUNkQuQd9wgP/T25N2e5HpY/2gLDUTzZuAdd3ytjpMvtDwV
+5jFp2SXa37sguMlWf1nMvEmp+U+JteYRWMHjFkA3jnd46vTwcU7dxt2XE7hfkpKZ
+9cyUVRawxrEpMqiAGRicjxC8TAjdmbQND78SI6QsnUGXsnnMA7h1AgMBAAGjXTBb
+MAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIVVLITsk2JL4QxDgF2Gp7Y+nSTlMB8G
+A1UdIwQYMBaAFIVVLITsk2JL4QxDgF2Gp7Y+nSTlMAsGA1UdDwQEAwIBpjANBgkq
+hkiG9w0BAQsFAAOCAQEAdowKymGU89QBpliVMvDcdtZJL1KceYbFB5C+lTiQI7H3
+CQSD0w7MHOrZc4gc3GqhCeEpNxf2XQ09eDwY8iVixKv+JeQOyp+eyXd2QisXzI93
+KOi5sej4DMQ7llszQyN508u0742ZqdfSk+Sc/QNRazsTHkYet/TxaYFDZrdCCRT5
+12FB1ny8S0DbhjXRaSSylTwl7Lt3aQu7cXvvMuUyfZRjdvBEQlQhfd7viRgwf7Tg
+lbjgSUZrW0U1gg/4O2FAQlet9N3hQwRHLCYNV+IFe6CbnN8HZC5awN9kMUaZv+Kt
+QyCF8AJ4rD8SLiM4LpLYH5igWo7S5irxFpPSMGKDeg==
+-----END CERTIFICATE-----

05-manageengine/DMRootCA.crt

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJTCCAw2gAwIBAgIIFzT5z/ZF2ukwDQYJKoZIhvcNAQELBQAwgaExCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UECwwMTWFuYWdlRW5naW5lMRkwFwYD
+VQQKDBBab2hvIENvcnBvcmF0aW9uMRcwFQYDVQQDDA5NYW5hZ2VFbmdpbmVDQTEd
+MBsGA1UEAwwUTWFuYWdlRW5naW5lQ0EtRFMtQ0ExGzAZBgNVBAsMEk1hbmFnZUVu
+Z2luZS1EUy1DQTAgFw0yMzExMjcwOTU0MTdaGA8yMTIzMTEyNzA5NTQxN1owgaEx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UECwwMTWFuYWdlRW5naW5l
+MRkwFwYDVQQKDBBab2hvIENvcnBvcmF0aW9uMRcwFQYDVQQDDA5NYW5hZ2VFbmdp
+bmVDQTEdMBsGA1UEAwwUTWFuYWdlRW5naW5lQ0EtRFMtQ0ExGzAZBgNVBAsMEk1h
+bmFnZUVuZ2luZS1EUy1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKbxxy6hEEt/q4eiVB8a+q6QQb8p3wCh9pIgGctZ9BKiVTmtBUZDKHjny4Aj9Qm1
+Ry6+FwBRozlwHcSlMp71y9SSd1ZMaKhLDNWORGDCymzH+dXipUT4ArMXqW+uHyxc
+Re0jd+Zqdl9xakVz16DjDyFTEuAQl00MmCc10tr2GOUDdmfSCSWSm+fUNsI0SyG2
+/Jkef+qzENUYdjaL6ye+uYZD8chPxVdsKUskgfUhD93Wxf3+C3wXl9jr0W8W16mD
+SBQnMgRXjei3X+8joyYPDKISjg8gmJ3w+BzR+T4OZz8SeAEbNVKvx70UOXGN9PJD
+/S0wOKRinu8S6IF+YQei6qECAwEAAaNdMFswDAYDVR0TBAUwAwEB/zAdBgNVHQ4E
+FgQUNiYnU17lxyB30CeJ/FZL8/AoA5kwHwYDVR0jBBgwFoAUNiYnU17lxyB30CeJ
+/FZL8/AoA5kwCwYDVR0PBAQDAgGmMA0GCSqGSIb3DQEBCwUAA4IBAQB/MQesQM9K
+Ujrosp/I3+nxhBoSWrsySLenklsDOeCGG1yHOOj73C0D1CuEIU8/4ATuZFhnv//j
+o/DSw7/6gfNd1MFMXZJt9gtsTQiKSiCe6BIRvSYvUih9EcBXwJfAZGHdG3kgEPkN
+LNwWoI2AcsyUit15MTe6XXr1xIVVa89xYUoqyj1+ypmbdLzEtpFuJvVlqPivYcA3
+PQshDBESmsPmZOXsjJMadM4YGo9Huczhpo7URqYqLPsWxZC+gv9AKkyy/FSZ8D5b
+zJKHdiMLkEJLjsGqjjq/9VOZIrZdZ+F+nn5m5Y+HOgGCbRdhk+vuzte9Gp1dkwW9
+RzeVkfMHgMNo
+-----END CERTIFICATE-----

05-manageengine/LINUX_README.txt

@@ -0,0 +1,78 @@
+# README
+
+Administrators can use Endpoint Central to manage computers running Linux operating system. This document will explain you on the following:
+
+	- Supported Linux OS
+	- Installing Endpoint Central Agents
+	- Installing Endpoint Central Agent Remotely
+	- Uninstalling Endpoint Central Agents
+
+# Supported Linux OS
+--------------------
+    Endpoint Central currently supports the following Linux versions:
+
+	- Ubuntu 10.04 and later versions
+	- RedHat Enterprise Linux 6 and later versions
+	- CentOS 6 and later versions
+	- Fedora  19 and later versions
+	- Mandriva 2010  and later versions
+	- Debian 7 and later versions
+	- Linux Mint 13 and later versions
+	- OpenSuSE 11 and later
+	- SuSE Enterprise Linux 11 and later
+
+# Installing Endpoint Central Agents
+-----------------------------------
+
+    Linux agents can be installed manually in the computers that need to be managed.  Agents should be downloaded on the Linux computer manually before initiating the installation process. Follow the steps mentioned below.
+
+	1. Go to the terminal as a root user. If you do not login as a root user, open the terminal and use sudo command to perform each operation mentioned below and enter password whenever prompted. This 		   provides you the root privilege.
+	2. Move to the Directory where you have downloaded the Agent, and verify "UEMS_LinuxAgent.bin" and serverinfo.json" are there.
+	3. Execute the Command, "chmod +x UEMS_LinuxAgent.bin" as a root user. This prepares the executable for installation.
+	4. Run the Installer using "./UEMS_LinuxAgent.bin". Agent will be installed by default in "/usr/local/desktopcentralagent" directory.
+	5. If you wanted to change the installation location of the agent, use this command "./UEMS_LinuxAgent.bin -d <new_location>" .
+
+    You can see that the Endpoint Central agent is successfully installed on the Linux computer. You need to install the agents manually on the computers, which needs to be managed using Endpoint Central. Once the agent installation is completed, the computer will be scanned automatically and the following details will be updated to the Endpoint Central server:
+
+	~ System Details : All details about the comptuer, like Users, Groups and Services. This does not include details on the network shares mapped to the computer.
+	~ Hardware  Details : All hardware details of the computer like, BIOS, Disk Drives, Physical Memory, Processors, Network Adapters etc. This does not include details on Printers and Ports.
+	~ Software Details : All details on the software that is installed on the managed computer, with the version of the application and installation date etc.
+
+# Installing Endpoint Central Agent Remotely
+-------------------------------------------
+
+    When you wanted to install Endpoint Central agent remotely on  Linux computers,  you can install  them using SSH. Follow the steps mentioned below to install Endpoint Central agent using SSH:
+
+	- Copy the downloaded Endpoint Central agent to the remote computer on which the agent needs to be installed
+		1. Go to terminal as root user
+		2. Navigate to the location where the agent is being copied/downloaded
+		3. Type "scp DCLinuxAgent.zip username@hostname:<Path_To_Storage_Directory_If_Needed>" to copy the agent to the target computer, enter password if prompted
+		   where username refers to the root user name of the target computer
+		   hostname refers to the local host name of the target computer
+		   If no path is specified, then the agent will be copied to "/home/username" in the target computer
+
+	- Install the agent by following the steps mentioned below:
+		1. Go to the terminal and Type "ssh rootusername@hostname"  to login to the target computer
+		2. Login as a root user. If you do not login as rootuser, open the terminal and use sudo command to perform each operation mentioned below and enter password whenever prompted. This 			   provides you the root privilege.
+		3. Navigate to the location, where the agent is downloaded/copied, if the downloaded agent is a remote office agent, then extract <Remote_Office_Name>.zip  and navigate to Unzip the 			   DCLinuxAgent.zip by using the command "unzip -e DCLinuxAgent.zip".
+		4. Verify if,  "UEMS_LinuxAgent.bin" & "serverinfo.json" are located in the same path
+		5. Execute the Command, "chmod +x UEMS_LinuxAgent.bin" as a root user. This prepares the executable for installation.
+		6. Run the Installer using "./UEMS_LinuxAgent.bin".  Ensure that the Property File "severinfo.json" exists in the Same Directory as "UEMS_LinuxAgent.bin".  Agent will 			   be installed by default in "/usr/local/desktopcentralagent" directory.
+		7. If you wanted to change the installation location of the agent, use this command "./UEMS_LinuxAgent.bin -d <new_location>" .
+
+	You have successfully installed the Endpoint Central agent on a remote computer using SSH.
+
+# Uninstalling Endpoint Central Agents
+-------------------------------------
+
+	If you do not want to manage a computer, you can follow the steps mentioned below to uninstall the Endpoint Central agent. Once Endpoint Central agent is uninstalled, all the details related to 	the computer will be removed from Endpoint Central server. If you wanted to manage this computer again, then you will have to re-install Endpoint Central agent in it. However the previous details 	related to the computer will not be available. To uninstall the agents from the computers, follow the steps mentioned below:
+
+	1. Go to the terminal as a root user. If you do not login as root user, open the terminal and use sudo command to perform each operation mentioned below and enter password whenever prompted. 		   		   This provides you the root privilege.
+	2. Navigate to the location, where the agent is installed, (default Location : /usr/local/desktopcentralagent) execute this command to "chmod +x RemoveDCAgent.sh" to initiate the uninstaller. 	   		   You need to have root privilege to uninstall the agent.
+	3. Execute this command "./RemoveDCAgent.sh"  to uninstall the agent.
+
+	You can see that the Endpoint Central agent has been uninstalled successfully from the computer.
+
+ 
+
+ 

05-manageengine/script.sh

@@ -0,0 +1,36 @@
+#!/bin/sh
+# Pour install l'agent ManageEngine
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NOCOLOR='\033[0m'
+
+echo "${YELLOW} ** ${NOCOLOR} Début du script : 05-manageengine"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Installation composant"
+echo "${NOCOLOR}"
+
+apt install -y xz-utils >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Installation composant : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Mise en place des droits sur fichiers"
+echo "${NOCOLOR}"
+
+chmod +x 05-manageengine/UEMS_LinuxAgent.bin >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Mise en place des droits sur fichiers : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Installation"
+echo "${NOCOLOR}"
+
+./05-manageengine/UEMS_LinuxAgent.bin
+
+echo "${YELLOW} * ${NOCOLOR} Installation : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} ** ${NOCOLOR} Fin du script : 05-manageengine"
+echo "${NOCOLOR}"

05-manageengine/serverinfo.json

@@ -0,0 +1 @@
+{"branchid":"303","productcode":"DCEE","performpostinstall":"yes","value2":"013de50e0ca7020a3c1da5f834f859e5","value1":"cb9c1566f735d8a2c0b1a41b4cfa2278d3ad01ded23363b0c9bb2e1a8bb159b476da39fb1868f7cc91a82fb13f1477b3","serverflatname":"SWEPCEVEP01","unique_id_status_linux":"false","data_transfer_rate":"0","unique_id_param":"SERVICE_TAG","directdownloadenabled":"false","serverprotocol":"https","enableproxy":"no","linux_ad_domain":"linuxosgroup","linuxagentversion":"11.3.2416.28.L","usejson":"true","unique_id_status":"false","enable_captcha":"yes","uemsproductcode":"[DCEE]","customername":"DC_CUSTOMER","performassetscan":"yes","DID":"901","serveripaddress":"sgepc.saint-maclou.com","autodetect_proxy":"false","serversecipaddress":"10.78.56.39","serverrootcert":"-----BEGIN CERTIFICATE-----\r\nMIIDqzCCApOgAwIBAgIIX4tkL0r71OIwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UE\r\nBhMCVVMxCzAJBgNVBAgMAkNBMRUwEwYDVQQLDAxNYW5hZ2VFbmdpbmUxGTAXBgNV\r\nBAoMEFpvaG8gQ29ycG9yYXRpb24xFzAVBgNVBAMMDk1hbmFnZUVuZ2luZUNBMCAX\r\nDTIzMTEyNzA5NDU1MloYDzIxMjMxMTI3MDk0NTUyWjBlMQswCQYDVQQGEwJVUzEL\r\nMAkGA1UECAwCQ0ExFTATBgNVBAsMDE1hbmFnZUVuZ2luZTEZMBcGA1UECgwQWm9o\r\nbyBDb3Jwb3JhdGlvbjEXMBUGA1UEAwwOTWFuYWdlRW5naW5lQ0EwggEiMA0GCSqG\r\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYtJmarYc7ha7LbrwE5BlOlGP1zzzZcOTn\r\noglnnAg898yx+AOc0sjIf55OFESU919nqqD1+tyZ6GmuFtNhDhrM7znLLMECMjbC\r\nCvvJHcoXZ3iO/gSjhiXfQuKiU1vvRjfz/+9A+76PW+Y4gM0BGe+z68L/dHYaZ5ys\r\nNwOwtDDR55eM1c0K0AUNkQuQd9wgP/T25N2e5HpY/2gLDUTzZuAdd3ytjpMvtDwV\r\n5jFp2SXa37sguMlWf1nMvEmp+U+JteYRWMHjFkA3jnd46vTwcU7dxt2XE7hfkpKZ\r\n9cyUVRawxrEpMqiAGRicjxC8TAjdmbQND78SI6QsnUGXsnnMA7h1AgMBAAGjXTBb\r\nMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFIVVLITsk2JL4QxDgF2Gp7Y+nSTlMB8G\r\nA1UdIwQYMBaAFIVVLITsk2JL4QxDgF2Gp7Y+nSTlMAsGA1UdDwQEAwIBpjANBgkq\r\nhkiG9w0BAQsFAAOCAQEAdowKymGU89QBpliVMvDcdtZJL1KceYbFB5C+lTiQI7H3\r\nCQSD0w7MHOrZc4gc3GqhCeEpNxf2XQ09eDwY8iVixKv+JeQOyp+eyXd2QisXzI93\r\nKOi5sej4DMQ7llszQyN508u0742ZqdfSk+Sc/QNRazsTHkYet/TxaYFDZrdCCRT5\r\n12FB1ny8S0DbhjXRaSSylTwl7Lt3aQu7cXvvMuUyfZRjdvBEQlQhfd7viRgwf7Tg\r\nlbjgSUZrW0U1gg/4O2FAQlet9N3hQwRHLCYNV+IFe6CbnN8HZC5awN9kMUaZv+Kt\r\nQyCF8AJ4rD8SLiM4LpLYH5igWo7S5irxFpPSMGKDeg==\r\n-----END CERTIFICATE-----\r\n","currentcertificatetype":"2","linux_domain":"linuxosgroup","agentpollinginterval":"30","rosummaryenabled":"true","serverport":"8383","remoteofficeid":"303","performpatchscan":"yes","mspname":"DC_MSP","servername":"SWEPCEVEP01.fr.dgs.group","customerid":"1","installtime":"1701078855","customerrootcert":"-----BEGIN CERTIFICATE-----\r\nMIIEJTCCAw2gAwIBAgIIFzT5z/ZF2ukwDQYJKoZIhvcNAQELBQAwgaExCzAJBgNV\r\nBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UECwwMTWFuYWdlRW5naW5lMRkwFwYD\r\nVQQKDBBab2hvIENvcnBvcmF0aW9uMRcwFQYDVQQDDA5NYW5hZ2VFbmdpbmVDQTEd\r\nMBsGA1UEAwwUTWFuYWdlRW5naW5lQ0EtRFMtQ0ExGzAZBgNVBAsMEk1hbmFnZUVu\r\nZ2luZS1EUy1DQTAgFw0yMzExMjcwOTU0MTdaGA8yMTIzMTEyNzA5NTQxN1owgaEx\r\nCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEVMBMGA1UECwwMTWFuYWdlRW5naW5l\r\nMRkwFwYDVQQKDBBab2hvIENvcnBvcmF0aW9uMRcwFQYDVQQDDA5NYW5hZ2VFbmdp\r\nbmVDQTEdMBsGA1UEAwwUTWFuYWdlRW5naW5lQ0EtRFMtQ0ExGzAZBgNVBAsMEk1h\r\nbmFnZUVuZ2luZS1EUy1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\r\nAKbxxy6hEEt/q4eiVB8a+q6QQb8p3wCh9pIgGctZ9BKiVTmtBUZDKHjny4Aj9Qm1\r\nRy6+FwBRozlwHcSlMp71y9SSd1ZMaKhLDNWORGDCymzH+dXipUT4ArMXqW+uHyxc\r\nRe0jd+Zqdl9xakVz16DjDyFTEuAQl00MmCc10tr2GOUDdmfSCSWSm+fUNsI0SyG2\r\n/Jkef+qzENUYdjaL6ye+uYZD8chPxVdsKUskgfUhD93Wxf3+C3wXl9jr0W8W16mD\r\nSBQnMgRXjei3X+8joyYPDKISjg8gmJ3w+BzR+T4OZz8SeAEbNVKvx70UOXGN9PJD\r\n/S0wOKRinu8S6IF+YQei6qECAwEAAaNdMFswDAYDVR0TBAUwAwEB/zAdBgNVHQ4E\r\nFgQUNiYnU17lxyB30CeJ/FZL8/AoA5kwHwYDVR0jBBgwFoAUNiYnU17lxyB30CeJ\r\n/FZL8/AoA5kwCwYDVR0PBAQDAgGmMA0GCSqGSIb3DQEBCwUAA4IBAQB/MQesQM9K\r\nUjrosp/I3+nxhBoSWrsySLenklsDOeCGG1yHOOj73C0D1CuEIU8/4ATuZFhnv//j\r\no/DSw7/6gfNd1MFMXZJt9gtsTQiKSiCe6BIRvSYvUih9EcBXwJfAZGHdG3kgEPkN\r\nLNwWoI2AcsyUit15MTe6XXr1xIVVa89xYUoqyj1+ypmbdLzEtpFuJvVlqPivYcA3\r\nPQshDBESmsPmZOXsjJMadM4YGo9Huczhpo7URqYqLPsWxZC+gv9AKkyy/FSZ8D5b\r\nzJKHdiMLkEJLjsGqjjq/9VOZIrZdZ+F+nn5m5Y+HOgGCbRdhk+vuzte9Gp1dkwW9\r\nRzeVkfMHgMNo\r\n-----END CERTIFICATE-----\r\n","sc_value":"1","remoteofficeauthkey":"013de50e0ca7020a3c1da5f834f859e5","enabledistributionserver":"no","serversecureport":"8383","remoteofficename":"Serveur-Tiers1"}

06-snmp/script.sh

@@ -0,0 +1,36 @@
+#!/bin/sh
+# Pour la configuration SNMP
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NOCOLOR='\033[0m'
+
+echo "${YELLOW} ** ${NOCOLOR} Début du script : 06-snmp"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Installation composant"
+echo "${NOCOLOR}"
+
+apt install -y snmp snmpd >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Installation composant : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Copie du fichier : snmpd.conf"
+echo "${NOCOLOR}"
+
+cp 06-snmp/snmpd.conf /etc/snmp/ >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Copie du fichier : snmpd.conf : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Relance de service"
+echo "${NOCOLOR}"
+
+systemctl restart snmpd
+
+echo "${YELLOW} * ${NOCOLOR} Relance de service : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} ** ${NOCOLOR} Fin du script : 06-snmp"
+echo "${NOCOLOR}"

06-snmp/snmpd.conf

@@ -0,0 +1,6 @@
+rocommunity eveagroup 10.78.56.100
+rocommunity SUP-TSM-PRIV 10.78.56.16
+rocommunity public 10.78.56.100
+rocommunity SUP-TSM-PRIV 10.78.56.45
+
+extend docker /etc/snmp/docker-stats.py

07-DNS/resolv.conf

@@ -0,0 +1,5 @@
+nameserver 10.78.56.8
+nameserver 10.78.56.9
+
+search fr.dgs.group
+domain fr.dgs.group

07-DNS/script.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+# Pour la configuration DNS
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NOCOLOR='\033[0m'
+
+echo "${YELLOW} ** ${NOCOLOR} Début du script : 07-DNS"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Configuration DNS"
+echo "${NOCOLOR}"
+
+cp 07-DNS/resolv.conf /etc/resolv.conf >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Configuration DNS : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} ** ${NOCOLOR} Fin du script : 07-DNS"
+echo "${NOCOLOR}"

08-NRPE/script.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+# Pour la configuration NRPE
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NOCOLOR='\033[0m'
+
+echo "${YELLOW} ** ${NOCOLOR} Début du script : 08-nrpe"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Installation composant"
+echo "${NOCOLOR}"
+
+apt install -y nagios-nrpe-server nagios-nrpe-plugin >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Installation composant : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} ** ${NOCOLOR} Fin du script : 08-nrpe"
+echo "${NOCOLOR}"

09-Firewall/script.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+# Pour la configuration firewall
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NOCOLOR='\033[0m'
+
+echo "${YELLOW} ** ${NOCOLOR} Début du script : 09-Firewall"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Installation composant"
+echo "${NOCOLOR}"
+
+apt install -y ufw >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Installation composant : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Configuration"
+echo "${NOCOLOR}"
+
+ufw default deny incoming
+ufw default allow outgoing
+ufw allow 2222/tcp # Votre port SSH
+ufw enable
+
+echo "${YELLOW} * ${NOCOLOR} Configuration : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} ** ${NOCOLOR} Fin du script : 09-Firewall"
+echo "${NOCOLOR}"

10-Fail2ban/script.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+# Pour la configuration Fail2Ban
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NOCOLOR='\033[0m'
+
+echo "${YELLOW} ** ${NOCOLOR} Début du script : 10-Fail2Ban"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} * ${NOCOLOR} Installation composant"
+echo "${NOCOLOR}"
+
+apt install -y fail2ban >> /dev/null
+
+echo "${YELLOW} * ${NOCOLOR} Installation composant : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} ** ${NOCOLOR} Fin du script : 10-Fail2Ban"
+echo "${NOCOLOR}"

README.md

@@ -1,3 +1,72 @@
-# Linux-Template
+# 1. Prerequis-install-deb
 
-installation de base d'un linux
+Depuis un terminal, faire un copié/collé du code ci-dessous
+
+```shell
+apt update
+apt install -y git
+
+git clone https://gitea.tips-of-mine.com/hcornet/Linux-Template.git
+```
+
+# 2. Installation
+
+Depuis un terminal, faire un copié/collé du code ci-dessous
+```shell
+cd ./Linux-Template/
+
+chmod +x script.sh
+
+./script.sh
+```
+
+## 01-ssh
+
+Configuration du SSH sur la VM
+Et rajout de l'interface motd
+
+## 02-apt
+
+Mise en place de la configuration proxy, puis lancement de l'update
+
+## 03-cortex
+
+Installation de l'agent Cortex
+
+## 04-agent-glpi
+
+Installation de l'agent GLPI
+
+## 05-manageEngine
+
+Installation de l'agent ManageEngine
+
+## 06-SNMP
+
+Installation du service SNMP avec la configuration
+
+## 07-DNS
+
+Installation du paramétrage DNS
+
+## 08-NRPE
+
+Installation du paramétrage nrpe
+
+## 09-Firewall
+
+## 10-Fail2Ban
+
+# 3. Update
+
+Depuis un terminal, Aller dans le dossier.
+```shell
+cd ./prerequis-install-deb/
+```
+
+Faire un copié/collé du code ci-dessous
+```shell
+git fetch
+
+git rebase origin/master
+```

script.sh

@@ -0,0 +1,77 @@
+#!/bin/sh
+# Pour install l'agent GLPI
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NOCOLOR='\033[0m'
+
+echo "${YELLOW} *** ${NOCOLOR} Mise en place des droits"
+echo "${NOCOLOR}"
+
+chmod +x ./01-ssh/script.sh >> /dev/null
+chmod +x ./02-apt/script.sh >> /dev/null
+chmod +x ./03-cortex/script.sh >> /dev/null
+chmod +x ./04-agent-glpi/script.sh >> /dev/null
+chmod +x ./05-manageengine/script.sh >> /dev/null
+chmod +x ./06-snmp/script.sh >> /dev/null
+chmod +x ./07-DNS/script.sh >> /dev/null
+chmod +x ./08-NRPE/script.sh >> /dev/null
+
+echo "${YELLOW} *** ${NOCOLOR} Mise en place des droits : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} *** ${NOCOLOR} Lancement du script : SSH"
+echo "${NOCOLOR}"
+
+./01-ssh/script.sh
+
+echo "${YELLOW} *** ${NOCOLOR} Fin du script : SSH : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} *** ${NOCOLOR} Lancement du script : APT"
+echo "${NOCOLOR}"
+
+./02-apt/script.sh
+
+echo "${YELLOW} *** ${NOCOLOR} Fin du script : APT : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} *** ${NOCOLOR} Lancement du script : Cortex"
+echo "${NOCOLOR}"
+
+./03-cortex/script.sh
+
+echo "${YELLOW} *** ${NOCOLOR} Fin du script : Cortex : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} *** ${NOCOLOR} Lancement du script : GLPI"
+echo "${NOCOLOR}"
+
+./04-agent-glpi/script.sh
+
+echo "${YELLOW} *** ${NOCOLOR} Fin du script : GLPI : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} *** ${NOCOLOR} Lancement du script : SNMP"
+echo "${NOCOLOR}"
+
+./06-snmp/script.sh
+
+echo "${YELLOW} *** ${NOCOLOR} Fin du script : SNMP : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} *** ${NOCOLOR} Lancement du script : DNS"
+echo "${NOCOLOR}"
+
+./07-DNS/script.sh
+
+echo "${YELLOW} *** ${NOCOLOR} Fin du script : DNS : ${GREEN} OK"
+echo "${NOCOLOR}"
+
+echo "${YELLOW} *** ${NOCOLOR} Lancement du script : NRPE"
+echo "${NOCOLOR}"
+
+./08-NRPE/script.sh
+
+echo "${YELLOW} *** ${NOCOLOR} Fin du script : NRPE : ${GREEN} OK"
+echo "${NOCOLOR}"