2022-12-19 18:09:26 +01:00
|
|
|
|
# anthea, machine physique (fontainebleau)
|
|
|
|
|
|
|
|
|
|
|
|
## Matériel
|
|
|
|
|
|
|
|
|
|
|
|
Carte mère : 1 × Asus KGPN-D16 Rev 1.03G
|
|
|
|
|
|
CPU : 2 × AMD Opteron 6280SE
|
2023-04-18 17:26:48 +02:00
|
|
|
|
RAM : 32 Gio
|
2022-12-19 18:09:26 +01:00
|
|
|
|
Alimentation : *(à compléter)*
|
|
|
|
|
|
Casier : *(à compléter)*
|
|
|
|
|
|
Stockage de masse : *(à compléter)*
|
|
|
|
|
|
|
|
|
|
|
|
## Logiciel
|
|
|
|
|
|
|
|
|
|
|
|
Micro-programme : Coreboot 4.6 + SeaBIOS, sans blob privateur
|
|
|
|
|
|
Système d'exploitation : Debian GNU/Linux-libre 11 (Bullseye)
|
|
|
|
|
|
Noyau : Linux-libre LTS (`linux-libre-lts` des dépôts https://linux-libre.fsfla.org)
|
|
|
|
|
|
Virtualisation : QEMU/KVM (`libvirt`)
|
|
|
|
|
|
Audit des paquets mensuel : `vrms`
|
|
|
|
|
|
Sécurités de la maintenance : `etckeeper`, `mollyguard`, `tig`, `lm-sensors`, `fancontrol`, `screen`
|
|
|
|
|
|
Mail Transfer Agent : `postfix`
|
|
|
|
|
|
|
|
|
|
|
|
## Caractéristiques notables
|
|
|
|
|
|
|
2023-04-18 17:26:48 +02:00
|
|
|
|
Domaine : `anthea.libre-en-communs.org`
|
|
|
|
|
|
Adresse ipv4 publique : `80.67.176.40`
|
|
|
|
|
|
Adresse ipv4 locale : `192.168.1.2`
|
|
|
|
|
|
Adresse ipv6 publique : `2001:910:1028::2`
|
|
|
|
|
|
|
|
|
|
|
|
Emplacement des images de disques des machines virtuelles : `/srv/vmverse`
|
2022-12-19 18:09:26 +01:00
|
|
|
|
|
|
|
|
|
|
### Configuration réseau
|
|
|
|
|
|
|
|
|
|
|
|
#### /etc/network/interfaces
|
|
|
|
|
|
<details>
|
|
|
|
|
|
|
2023-04-18 17:26:48 +02:00
|
|
|
|
auto lo br0
|
|
|
|
|
|
iface lo inet loopback
|
|
|
|
|
|
|
|
|
|
|
|
# The primary network interface
|
|
|
|
|
|
allow-hotplug ens10
|
|
|
|
|
|
allow-hotplug ens9
|
|
|
|
|
|
|
|
|
|
|
|
# bridge for vm
|
|
|
|
|
|
iface br0 inet static
|
|
|
|
|
|
bridge_ports ens10
|
|
|
|
|
|
address 192.168.1.2
|
|
|
|
|
|
gateway 192.168.0.1
|
|
|
|
|
|
broadcast 192.168.255.255
|
|
|
|
|
|
netmask 255.255.0.0
|
|
|
|
|
|
|
|
|
|
|
|
iface br0 inet6 static
|
|
|
|
|
|
bridge_ports ens10
|
|
|
|
|
|
address 2001:910:1028:0::2/128
|
|
|
|
|
|
gateway 2001:910:1028::1
|
|
|
|
|
|
|
2022-12-19 18:09:26 +01:00
|
|
|
|
|
|
|
|
|
|
</details>
|
|
|
|
|
|
|
|
|
|
|
|
## Configuration SSH
|
|
|
|
|
|
|
|
|
|
|
|
### /etc/ssh/sshd_config
|
|
|
|
|
|
<details>
|
|
|
|
|
|
|
2023-04-18 17:26:48 +02:00
|
|
|
|
Port 222
|
|
|
|
|
|
AddressFamily any
|
|
|
|
|
|
ListenAddress 0.0.0.0
|
|
|
|
|
|
ListenAddress ::
|
|
|
|
|
|
|
|
|
|
|
|
PubkeyAuthentication yes
|
|
|
|
|
|
|
|
|
|
|
|
PasswordAuthentication no
|
|
|
|
|
|
PermitEmptyPasswords no
|
|
|
|
|
|
|
|
|
|
|
|
ChallengeResponseAuthentication no
|
|
|
|
|
|
|
|
|
|
|
|
UsePAM yes
|
|
|
|
|
|
|
|
|
|
|
|
AllowAgentForwarding yes
|
|
|
|
|
|
AllowTcpForwarding yes
|
|
|
|
|
|
GatewayPorts yes
|
|
|
|
|
|
X11Forwarding no
|
|
|
|
|
|
|
|
|
|
|
|
PrintMotd no
|
|
|
|
|
|
|
|
|
|
|
|
TCPKeepAlive yes
|
|
|
|
|
|
|
|
|
|
|
|
PermitTunnel yes
|
|
|
|
|
|
|
|
|
|
|
|
AcceptEnv LANG LC_* GIT_*
|
|
|
|
|
|
|
|
|
|
|
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
|
|
|
|
|
|
|
|
|
|
|
Match User admin666 Address *,!192.168.0.0/16,!::1
|
|
|
|
|
|
DenyUsers admin666
|
2022-12-19 18:09:26 +01:00
|
|
|
|
|
|
|
|
|
|
</details>
|
|
|
|
|
|
|
|
|
|
|
|
## Configuration MTA
|
|
|
|
|
|
|
|
|
|
|
|
### /etc/postfix/transport
|
|
|
|
|
|
|
|
|
|
|
|
a-lec.org :
|
|
|
|
|
|
* discard:
|
|
|
|
|
|
|
|
|
|
|
|
### /etc/postfix/virtual
|
|
|
|
|
|
|
|
|
|
|
|
@localhost admin@a-lec.org
|
2023-04-18 17:26:48 +02:00
|
|
|
|
@anthea.libre-en-communs.org admin@a-lec.org
|
