108 lines
2.4 KiB
Markdown
108 lines
2.4 KiB
Markdown
# britt, machine physique (gisors)
|
||
|
||
## Matériel
|
||
|
||
Carte mère : 1 × Asus KGPN-D16 Rev 1.03G
|
||
CPU : 1 × AMD Opteron 6280SE
|
||
RAM : 16 Gio
|
||
Alimentation : *(à compléter)*
|
||
Casier : Antec P101
|
||
Stockage de masse : disque dur 1To WDC WD10EZEX-00W
|
||
|
||
## Logiciel
|
||
|
||
Micro-programme : Coreboot 4.6 + SeaBIOS, sans blob privateur
|
||
Système d'exploitation : Debian GNU/Linux-libre 11 (Bullseye)
|
||
Noyau : Linux-libre LTS (`linux-libre-lts` des dépôts https://linux-libre.fsfla.org)
|
||
Virtualisation : QEMU/KVM (`libvirt`)
|
||
Audit des paquets mensuel : `vrms`
|
||
Sécurités de la maintenance : `etckeeper`, `mollyguard`, `tig`, `lm-sensors`, `fancontrol`, `screen`
|
||
Mail Transfer Agent : `postfix`
|
||
|
||
## Caractéristiques notables
|
||
|
||
Domaine : `britt.libre-en-communs.org`
|
||
Adresse ipv4 publique : `80.67.179.113`
|
||
Adresse ipv4 locale : `192.168.2.244`
|
||
Adresse ipv6 publique : `2001:910:1371::244`
|
||
|
||
### Configuration réseau
|
||
|
||
#### /etc/network/interfaces
|
||
<details>
|
||
|
||
# The loopback network interface
|
||
auto lo
|
||
iface lo inet loopback
|
||
|
||
# The primary network interface
|
||
allow-hotplug ens10
|
||
|
||
# bridge for vm
|
||
auto br0
|
||
iface br0 inet dhcp
|
||
bridge_ports ens10
|
||
bridge_stp off # disable Spanning Tree Protocol
|
||
|
||
iface br0 inet6 static
|
||
bridge_ports ens10
|
||
address 2001:910:1371:0::244/128
|
||
gateway 2001:910:1371::1
|
||
bridge_stp off # disable Spanning Tree Protocol
|
||
bridge_waitport 0 # no delay before a port becomes available
|
||
bridge_fd 0 # no forwarding delay
|
||
|
||
</details>
|
||
|
||
## Configuration SSH
|
||
|
||
### /etc/ssh/sshd_config
|
||
<details>
|
||
|
||
Port 222
|
||
AddressFamily any
|
||
ListenAddress 0.0.0.0
|
||
ListenAddress ::
|
||
|
||
PubkeyAuthentication yes
|
||
|
||
PasswordAuthentication no
|
||
PermitEmptyPasswords no
|
||
|
||
ChallengeResponseAuthentication no
|
||
|
||
UsePAM yes
|
||
|
||
AllowAgentForwarding yes
|
||
AllowTcpForwarding yes
|
||
GatewayPorts yes
|
||
X11Forwarding no
|
||
|
||
PrintMotd no
|
||
|
||
TCPKeepAlive yes
|
||
|
||
PermitTunnel yes
|
||
|
||
AcceptEnv LANG LC_* GIT_*
|
||
|
||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||
|
||
Match User admin666 Address *,!127.0.0.1,!::1
|
||
DenyUsers admin666
|
||
|
||
|
||
</details>
|
||
|
||
## Configuration MTA
|
||
|
||
### /etc/postfix/transport
|
||
|
||
a-lec.org :
|
||
* discard:
|
||
|
||
### /etc/postfix/virtual
|
||
|
||
@localhost admin@a-lec.org
|
||
@britt.libre-en-communs.org admin@a-lec.org
|