Sur les tablettes Windows Surface Pro il y a un problème d’affichage sur Vcenter (VMware), certains boutons ne sont pas accessibles et l’affichage est tronqué par moment. Pour y remédier il faut faire un clic droit sur l’icône puis propriétés/compatibilité et cocher “Désactiver la mise à l’échelle de l’affichage pour les résolutions élevées “
[Linux] Installation d’Openvpn V2
Installation d’Openvpn Version de l’OS: Centos 7 (minimal version) Version d’Openvpn: 2.1.4 Pré-requis Voir l’article Préparation d’une machine Centos 7.x Version feignant, j’utilise le scrypt de Nyr disponible sur https://github.com/Nyr/openvpn-install Installation de quelques outils utiles
1 |
$ sudo yum install wget vim bind-utils net-tools |
Récupération du script et installation du serveur openvpn
1 |
$ sudo wget https://git.io/vpn -O openvpn-install.sh && sudo bash openvpn-install.sh |
Renseigner le champ IP […]
[Linux] Installation d’Openvpn V1
Installation d’Openvpn Version de l’OS: Centos 6.8 (minimal version) Version d’Openvpn: 2.1.4 Pré-requis Voir l’article Préparation d’une machine Centos 6.x Version feignant, j’utilise le scrypt de Nyr disponible sur https://github.com/Nyr/openvpn-install
1 |
$ sudo wget https://git.io/vpn -O openvpn-install.sh && sudo bash openvpn-install.sh |
Renseigner le champ IP adress par l’IP Public le port par défaut est 1194 (UDP) ou 443 (TCP) Ensuite on le […]
[Linux] Installation de Teampass
Installation de Teampass Version de l’OS: Centos 6.8 (minimal version) Version de Teampass: 2.1.27 Pré requis: Voir l’article Préparation d’une machine Centos 6.x Apache v2.0 ou supérieur MySQL v5.1 ou supérieur PHP v5.5.0 ou supérieur PHP enabled modules: mcrypt mbstring openssl gd bcmath iconv xml LDAP if using LDAP identification Installation […]
[Windows] Nettoyer le répertoire repository
Testé sur Windows 7 pro Windows conserve les différentes versions des drivers installés, notamment les mises a jours. Celle ci se trouve sur \Windows\System32\DriverStore\FileRepository Sur ma machine, ce répertoire fait 12GO d’espace utilisé sur un SSD de 80GO :/ Nvidia a la palme, a lui seul j’ai plus de 6GO de drivers (15x […]
[Windows] Supprimer popup certificat TSE
Supprimer la popup du certificat quand on fait du bureau distance, c’est lourd .. Testé sous Windows 7 pro Ouvrir un prompt dos en “exécuter en tant qu’administrateur” Copier/coller la commande suivante
1 |
reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client" /v "AuthenticationLevelOverride" /t "REG_DWORD" /d 0 /f |
Il est possible aussi de passer directement par la bdr via les paramètres ci dessous […]
[Zimbra] Mise en place de Fail2ban
Fail2ban Version de l’OS: Centos 6.8 Logiciel de messagerie: Zimbra 8.7.5 Pour bloquer les tentatives de connexions par brute force et autres Il faut installer le paquet epel-release
1 |
$ sudo yum install epel-release |
puis lancer l’installation de fail2ban
1 |
$ sudo yum install fail2ban |
Ensuite faire une sauvegarde et éditer le fichier jail.conf
1 |
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local |
1 |
$ sudo vim /etc/fail2ban/jail.local |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 |
# # WARNING: heavily refactored in 0.9.0 release. Please review and # customize settings for your setup. # # Changes: in most of the cases you should not modify this # file, but provide customizations in jail.local file, # or separate .conf files under jail.d/ directory, e.g.: # # HOW TO ACTIVATE JAILS: # # YOU SHOULD NOT MODIFY THIS FILE. # # It will probably be overwritten or improved in a distribution update. # # Provide customizations in a jail.local file or a jail.d/customisation.local. # For example to change the default bantime for all jails and to enable the # ssh-iptables jail the following (uncommented) would appear in the .local file. # See man 5 jail.conf for details. # # [DEFAULT] # bantime = 3600 # # [sshd] # enabled = true # # See jail.conf(5) man page for more information # Comments: use '#' for comment lines and ';' (following a space) for inline comments [INCLUDES] #before = paths-distro.conf before = paths-fedora.conf # The DEFAULT allows a global definition of the options. They can be overridden # in each jail afterwards. [DEFAULT] # # MISCELLANEOUS OPTIONS # # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space (and/or comma) separator. ignoreip = 127.0.0.1/8 <span style="color: #ff0000;">ippublic/et/ou/local</span> # External command that will take an tagged arguments to ignore, e.g. <ip>, # and return true if the IP is to be ignored. False otherwise. # # ignorecommand = /path/to/command <ip> ignorecommand = # "bantime" is the number of seconds that a host is banned. bantime = -1 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 600 # "maxretry" is the number of failures before a host get banned. maxretry = 3 # "backend" specifies the backend used to get files modification. # Available options are "pyinotify", "gamin", "polling", "systemd" and "auto". # This option can be overridden in each jail as well. # # pyinotify: requires pyinotify (a file alteration monitor) to be installed. # If pyinotify is not installed, Fail2ban will use auto. # gamin: requires Gamin (a file alteration monitor) to be installed. # If Gamin is not installed, Fail2ban will use auto. # polling: uses a polling algorithm which does not require external libraries. # systemd: uses systemd python library to access the systemd journal. # Specifying "logpath" is not valid for this backend. # See "journalmatch" in the jails associated filter config # auto: will try to use the following backends, in order: # pyinotify, gamin, polling. # # Note: if systemd backend is chosen as the default but you enable a jail # for which logs are present only in its own log files, specify some other # backend for that jail (e.g. polling) and provide empty value for # journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200 backend = auto # "usedns" specifies if jails should trust hostnames in logs, # warn when DNS lookups are performed, or ignore all hostnames in logs # # yes: if a hostname is encountered, a DNS lookup will be performed. # warn: if a hostname is encountered, a DNS lookup will be performed, # but it will be logged as a warning. # no: if a hostname is encountered, will not be used for banning, # but it will be logged as info. usedns = no # "logencoding" specifies the encoding of the log files handled by the jail # This is used to decode the lines from the log file. # Typical examples: "ascii", "utf-8" # # auto: will use the system locale setting logencoding = auto # "enabled" enables the jails. # By default all jails are disabled, and it should stay this way. # Enable only relevant to your setup jails in your .local or jail.d/*.conf # # true: jail will be enabled and log files will get monitored for changes # false: jail is not enabled enabled = false # "filter" defines the filter to use by the jail. # By default jails have names matching their filter name # filter = %(__name__)s # # ACTIONS # # Some options used for actions # Destination email address used solely for the interpolations in # jail.{conf,local,d/*} configuration files. #destemail = adressemail # Sender email address used solely for some actions #sender = root@localhost # E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the # mailing. Change mta configuration parameter to mail if you want to # revert to conventional 'mail'. mta = sendmail # Default protocol protocol = tcp # Specify chain where jumps would need to be added in iptables-* actions chain = INPUT # Ports to be banned # Usually should be overridden in a particular jail port = 0:65535 # Format of user-agent https://tools.ietf.org/html/rfc7231#section-5.5.3 fail2ban_agent = Fail2Ban/%(fail2ban_version)s # # Action shortcuts. To be used to define action parameter # Default banning action (e.g. iptables, iptables-new, # iptables-multiport, shorewall, etc) It is used to define # action_* variables. Can be overridden globally or per # section within jail.local file banaction = iptables-multiport banaction_allports = iptables-allports # The simplest action to take: ban only action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] # ban & send an e-mail with whois report to the destemail. action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] # ban & send an e-mail with whois report and relevant log lines # to the destemail. action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] # See the IMPORTANT note in action.d/xarf-login-attack for when to use this action # # ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines # to the destemail. action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"] # ban IP on CloudFlare & send an e-mail with whois report and relevant log lines # to the destemail. action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] # Report block via blocklist.de fail2ban reporting service API # # See the IMPORTANT note in action.d/blocklist_de.conf for when to # use this action. Create a file jail.d/blocklist_de.local containing # [Init] # blocklist_de_apikey = {api key from registration] # action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] # Report ban via badips.com, and use as blacklist # # See BadIPsAction docstring in config/action.d/badips.py for # documentation for this action. # # NOTE: This action relies on banaction being present on start and therefore # should be last action defined for a jail. # action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"] # # Report ban via badips.com (uses action.d/badips.conf for reporting only) # action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"] # Choose default action. To change, just override value of 'action' with the # interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local # globally (section [DEFAULT]) or per specific section action = %(action_)s # # JAILS # # # SSH servers # [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=<span style="color: #ff0000;">adressemail</span>, sender=fail2ban@localhost] logpath = /var/log/secure maxretry = 3 # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip" # option is overridden in this jail. Moreover, the action "mail-whois" defines # the variable "name" which contains a comma using "". The characters '' are # valid too. [zimbra-account] enabled = true filter = zimbra action = iptables-allports[name=zimbra-account] sendmail-whois[name=Zimbra-account, dest=<span style="color: #ff0000;">adressemail</span>, sender=fail2ban@localhost] logpath = /opt/zimbra/log/mailbox.log bantime = -1 maxretry = 3 [zimbra-audit] enabled = true filter = zimbra action = iptables-allports[name=zimbra-audit] sendmail-whois[name=Zimbra-audit, dest=<span style="color: #ff0000;">adressemail</span>, sender=fail2ban@localhost] logpath = /opt/zimbra/log/audit.log bantime = -1 maxretry = 3 [zimbra-recipient] enabled = true filter = zimbra action = iptables-allports[name=zimbra-recipient] sendmail-whois[name=Zimbra-recipient, dest=<span style="color: #ff0000;">adressemail</span>, sender=fail2ban@localhost] logpath = /var/log/zimbra.log #findtime = 604800 bantime = -1 maxretry = 3 [postfix] enabled = true filter = postfix action = iptables-multiport[name=postfix, port=smtp, protocol=tcp] sendmail-whois[name=Zimbra-postfix, dest=<span style="color: #ff0000;">adressemail</span>, sender=fail2ban@localhost] logpath = /var/log/zimbra.log maxretry = 3 |
Puis créer le fichier zimbra.conf […]
[Jeux] Quelques jeux gratuit en vrac ..
Quelques jeux pour Linux & Windows .. [Win / Lnx] Netpanzer – http://www.netpanzer.info/ [Win / Lnx] Wolfenstein: Enemy Territory – http://www.enemy-territory.fr/ [Win / Lnx] Transport Tycoon Deluxe – https://www.openttd.org [Win] Trackmania Nation Forever – http://store.steampowered.com/app/11020/?l=french [Win / Lnx] OpenRA – http://www.openra.net Le remake de C&C Red Alert ( Westwood studios ) sortie en 1996 […]
[CMS] Installation d’un WordPress
Installation de WordPress Version de l’OS: Centos 6.8 (minimal version) Version d’Openvpn: 4.7.3 Pré-requis Voir l’article Préparation d’une machine Centos 6.x Installer Apache/Mysql/Php + extension phpmysql
1 |
$ sudo yum install httpd mysql-server php php-mysqli -y |
1 |
$ sudo yum install mod_ssl |
Une fois installé, faire un vhost du fqdn
1 |
$ sudo vim /etc/httpd/conf.d/monsite.domaine.local |
1 2 3 4 |
<VirtualHost *:80> DocumentRoot /opt/wordpress <span style="color: #ff0000;"><-- par défaut /var/www</span> ServerName monsite.domaine.local <span style="color: #ff0000;"><-- nom du site</span> </VirtualHost> |
Installer phpmyadmin, pas obligatoire mais ça reste une interface graphique agréable pour gérer […]
[Zimbra] Les mails systèmes et Zimbra
Les mails systèmes et Zimbra Version de l’OS: 6.8 Version de Zimbra: 8.7.5 Postfix local étant désactivé au dépend du Postfix de Zimbra, les mails systèmes envoyés par cron, fail2ban, .. reste coincé dans le mailq local. Voici un script pour rerouter tous ces mails vers le Posfix de Zimbra qui lui […]
[Script bash] Envoyer un SMS + cron
Mon premier script sur une Centos 6.8 Il est assez basic, je lance un ping de 4 paquets, si l’ip répond il ne se passe rien. a l’inverse, après un échec de 4 paquets, je reçois un sms avec un message personnalisé. j’utilise pour cela l’API de free créer le script
1 |
$ sudo vim /usr/local/sbin/script_sms.sh |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
#!/bin/bash MONADRESSEIP="192.168.3.12" NOMBREDESAUT=4 pingtest(){ for myHost in "$@" do ping -c "$NOMBREDESAUT" "$myHost" && return 1 done return 0 } if pingtest $MONADRESSEIP then # Si echec des 4 paquets, envoyé un SMS via API Free curl --insecure "https://smsapi.free-mobile.<wbr />fr/sendmsg?user=COMPTE_FREE&pass=MDP_FREE=MSG_A_ENVOYER" && echo "Message envoyé par SMS" && exit 0 fi |
[…]
[Linux] Préparation d’une machine Centos 7.x
Préparation d’une machine Centos 7.3 Pour gagner du temps, voici un mémo/template , vérifier ces 11 points puis redémarrer. 1.Mettre a jour le système
1 |
$ sudo yum update && yum upgrade |
2.Désactivé SELinux (=permissif si on veut logger les blocages)
1 2 |
$ sudo setenforce=0 <span style="color: #ff0000;"><-- temporaire jusqu'au redémarrage</span> $ sudo vi /etc/selinux/config |
1 |
SELINUX=disabled <span style="color: #ff0000;"><-- permanent après redémarrage</span> |
3.Désactivé firewalld temporairement (a réactiver a l’issu de l’installe)
1 2 |
$ sudo systemctl stop firewalld $ sudo systemctl disable firewalld |
4.Vérifier hostname
1 |
$ sudo vi /etc/hostname |
1 |
nomduserveur |
[…]
[Linux] Installation d’une Centos 7
Installation d’une Centos 7 en minimal version Installation en interface graphique, il est préférable de laisser le système en anglais, les logs sont plus parlant. Ensuite configurer le clavier en Français, la région, activer le réseau et personnalisé l’IP si besoin, puis le partitionnement. Par défaut la carte réseau n’est […]
[Windows] Retrouver sa clé product Windows toutes versions
Ouvrir un bloc-notes, copier/coller le script ci dessous et enregistrer au format .vbs. puis double cliquer pour l’exécuter
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
Set WshShell = CreateObject("WScript.Shell") MsgBox ConvertToKey(WshShell.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId")) Function ConvertToKey(Key) Const KeyOffset = 52 i = 28 Chars = "BCDFGHJKMPQRTVWXY2346789" Do Cur = 0 x = 14 Do Cur = Cur * 256 Cur = Key(x + KeyOffset) + Cur Key(x + KeyOffset) = (Cur \ 24) And 255 Cur = Cur Mod 24 x = x -1 Loop While x >= 0 i = i -1 KeyOutput = Mid(Chars, Cur + 1, 1) & KeyOutput If (((29 - i) Mod 6) = 0) And (i <> -1) Then i = i -1 KeyOutput = "-" & KeyOutput End If Loop While i >= 0 ConvertToKey = KeyOutput End Function |
[Linux] Visualisation d’un log
Différentes façon de lire un log, ceux ci se trouve par défaut dans /var/log mais aussi dans le répertoire de l’application. Lire un log archivé (.gz)
1 |
# zcat nomdufichier |
Lire un log
1 |
# cat nomdufichier |
Voir les derniers connexions utilisateurs
1 |
# lastlog |
Voir les connexions/déconnexions réussies
1 |
# last -f /var/log/wtmp |
Voir les connexions échouées
1 |
# last -f /var/log/btmp |
La commande la plus utile pour suivre un […]