documentation/Machines virtuelles/generic.md

147 lines
3.0 KiB
Markdown
Raw Normal View History

2021-11-17 12:31:10 +01:00
## Machine virtuelle GENERIC
#### (c'est-à-dire le modèle de toutes les machines virtuelles)
...
### Matériel virtuel
2021-11-17 14:18:02 +01:00
CPU : 1
RAM : 1000 Mio
Stockage de masse : 50 Gio (fichier `sparse` i.e les zéros ne sont pas écrits sur le disque)
2021-11-17 12:31:10 +01:00
### Logiciel
Système d'exploitation : Debian GNU/Linux-libre 11 (Bullseye)
Noyau : Linux-libre LTS (`linux-libre-lts` des dépôts https://linux-libre.fsfla.org)
Sécurités de la maintenance : `etckeeper`, `mollyguard`, `git`, `tig`, `screen`
Mail Transfer Agent : `postfix`
### Caractéristiques notables
Domaine : dns.libre-en-communs.org
Adresse ipv4 publique : 80.67.179.96
2021-11-17 14:18:02 +01:00
Adresse ipv4 interne : 192.169.1.195
Adresse ipv6 publique : 2001:910:1360::4
2021-11-17 12:31:10 +01:00
2021-11-17 14:18:02 +01:00
### Configuration réseau
2021-11-17 12:31:10 +01:00
2021-11-17 14:18:02 +01:00
#### /etc/network/interfaces
2021-11-17 12:31:10 +01:00
<details>
# The primary network interface
allow-hotplug enp1s0
iface enp1s0 inet dhcp
iface enp1s0 inet6 static
2021-11-17 14:18:02 +01:00
address 2001:910:1360::4/128
2021-11-17 12:31:10 +01:00
gateway 2001:910:1360::
</details>
2021-11-17 14:18:02 +01:00
### Configuration SSH
#### /etc/ssh/sshd_config
<details>
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
Port 22
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM yes
PrintMotd no
AcceptEnv LANG LC_* GIT_*
Subsystem sftp /usr/lib/openssh/sftp-server
Match Group ssh-login
PasswordAuthentication yes
</details>
#### /etc/host.allow
2021-11-17 12:31:10 +01:00
sshd: 192.169.1.0/24, [2001:910:1360::]/48
2021-11-17 14:18:02 +01:00
#### /etc/host/deny
2021-11-17 12:31:10 +01:00
sshd: ALL
### Pare-feu
Installation :
```
apt-get install ufw
```
Ouvrir le port SSH :
```
ufw allow SSH
ufw enable
systemclt enable ufw
```
2021-11-17 14:18:02 +01:00
### Configuration SUDO
#### /etc/sudoers
<details>
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults env_keep += "GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL"
Defaults mail_badpass, insults
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) NOPASSWD:ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
</details>
2021-11-17 12:31:10 +01:00
### Configuration MTA
#### /etc/postfix/transport
a-lec.org :
* discard:
#### /etc/postfix/virtual
@localhost admin@a-lec.org
@generic.a-lec.org admin@a-lec.org