From 95ca1393e68c771b23e9a0ae1986d003b93d2514 Mon Sep 17 00:00:00 2001 From: Adrien Bourmault Date: Wed, 17 Nov 2021 13:18:02 +0000 Subject: [PATCH] Configuration VM SSH et SUDO --- Machines virtuelles/generic.md | 94 ++++++++++++++++++++++++++++++---- 1 file changed, 84 insertions(+), 10 deletions(-) diff --git a/Machines virtuelles/generic.md b/Machines virtuelles/generic.md index 2681859..6290952 100644 --- a/Machines virtuelles/generic.md +++ b/Machines virtuelles/generic.md @@ -6,9 +6,9 @@ ### Matériel virtuel -CPU : xxx -RAM : xxx Mio -Stockage de masse : 50 Gio +CPU : 1 +RAM : 1000 Mio +Stockage de masse : 50 Gio (fichier `sparse` i.e les zéros ne sont pas écrits sur le disque) ### Logiciel @@ -21,30 +21,104 @@ Mail Transfer Agent : `postfix` Domaine : dns.libre-en-communs.org Adresse ipv4 publique : 80.67.179.96 -Adresse ipv4 interne : 192.169.1.xxx -Adresse ipv6 publique : xxx +Adresse ipv4 interne : 192.169.1.195 +Adresse ipv6 publique : 2001:910:1360::4 -#### Configuration réseau +### Configuration réseau -##### /etc/network/interfaces +#### /etc/network/interfaces
# The primary network interface allow-hotplug enp1s0 iface enp1s0 inet dhcp iface enp1s0 inet6 static - address 2001:910:1360::xxx/128 + address 2001:910:1360::4/128 gateway 2001:910:1360::
-##### /etc/host.allow +### Configuration SSH + +#### /etc/ssh/sshd_config +
+ + # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + + # This is the sshd server system-wide configuration file. See + # sshd_config(5) for more information. + + # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + + Port 22 + AddressFamily any + ListenAddress 0.0.0.0 + ListenAddress :: + + PubkeyAuthentication yes + + PasswordAuthentication no + PermitEmptyPasswords no + + ChallengeResponseAuthentication no + + UsePAM yes + + PrintMotd no + + AcceptEnv LANG LC_* GIT_* + + Subsystem sftp /usr/lib/openssh/sftp-server + + Match Group ssh-login + PasswordAuthentication yes + +
+ +#### /etc/host.allow sshd: 192.169.1.0/24, [2001:910:1360::]/48 -##### /etc/host/deny +#### /etc/host/deny sshd: ALL +### Configuration SUDO + +#### /etc/sudoers +
+ + # + # This file MUST be edited with the 'visudo' command as root. + # + # Please consider adding local content in /etc/sudoers.d/ instead of + # directly modifying this file. + # + # See the man page for details on how to write a sudoers file. + # + Defaults env_reset + Defaults env_keep += "GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL" + Defaults mail_badpass, insults + Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + + # Host alias specification + + # User alias specification + + # Cmnd alias specification + + # User privilege specification + root ALL=(ALL:ALL) ALL + + # Allow members of group sudo to execute any command + %sudo ALL=(ALL:ALL) NOPASSWD:ALL + + # See sudoers(5) for more information on "#include" directives: + + #includedir /etc/sudoers.d + + +
+ ### Configuration MTA #### /etc/postfix/transport