Add projet administration-linux

This commit is contained in:
flyingscorpio@clevo 2023-03-03 17:26:15 +01:00
parent 14c25b1098
commit 74694156e1
4 changed files with 350 additions and 0 deletions

View file

@ -0,0 +1,16 @@
filename=$(shell basename $(shell pwd))
timestamp=$(shell date +%Y-%m-%d_%H:%M)
all: snapshot
snapshot: main.tex
@latexmk -pdf main.tex
@if ! cmp --silent build/main.pdf ${filename}_*.pdf; then \
touch ${filename}_tmp.pdf; \
rm ${filename}*.pdf; \
cp build/main.pdf ${filename}_${timestamp}.pdf; \
echo "Updated"; \
fi
clean:
@rm -rf build 2>/dev/null

Binary file not shown.

After

Width:  |  Height:  |  Size: 146 KiB

View file

@ -0,0 +1,232 @@
\documentclass[a4paper,french,12pt]{article}
\title{Administration Linux \\ Projet}
\author{Tunui Franken, Thomas Jubault}
\date{Dernière compilation~: \today{} à \currenttime}
\usepackage{styles}
\usepackage{enumitem}
\begin{document}
\maketitle
\clearpage
L'objectif de ce projet est de réaliser la topologie ci-dessous, en y respectant un cahier des charges précis~:
\includegraphics[width=\linewidth]{./img/archi.png}
Le cahier des charges en question nous impose l'adressage suivant~:
\begin{tabularx}{\linewidth}{XXX}
\toprule
\textbf{Machine} & \textbf{@IP} & \textbf{@Gateway} \\
\toprule
m1 (ens4) & DHCP & 192.168.10.5 \\
\midrule
m2 (ens4) & DHCP & 192.168.10.5 \\
\midrule
nfs (ens4) & DHCP & 192.168.40.5 \\
\midrule
firewall (ens4) & 192.168.50.5/24 & 192.168.50.1 \\
firewall (ens5.10) & 192.168.10.5/24 & --- \\
firewall (ens5.20) & 192.168.40.5/24 & --- \\
firewall (ens6) & 192.168.20.5/24 & --- \\
\midrule
gateway (ens4) & DHCP & DHCP \\
gateway (ens5) & 192.168.50.1/24 & --- \\
\midrule
dns (ens4) & DHCP & 192.168.20.5 \\
\midrule
dhcp (ens4) & 192.168.20.1/24 & 192.168.20.5 \\
\midrule
m3 (ens4) & DHCP & 192.168.20.5 \\
\midrule
m4 (ens4) & DHCP & 192.168.20.5 \\
\bottomrule
\end{tabularx}
Plusieurs machines d'administration sont prévues~:
\begin{itemize}
\item \texttt{nfs} ---
Permet la synchronisation des différents documents partagés entre les employés de l'établissement.
\item \texttt{firewall} ---
Routeur qui permet de jouer plusieurs rôles~:
\begin{itemize}
\item permettre aux machines d'acquérir une adresse IP au démarrage
\item permettre de filtrer les paquets échanges entre les réseaux des postes de travail
\end{itemize}
\item \texttt{dhcp} ---
Permet d'attribuer aux équipements du système d'information des adresses IP\@.
\item \texttt{dns} ---
Permet de définir un nom de domaine \texttt{st-potache.fr} servant de résolveur DNS sur le réseau de l'étabblissement.
\item \texttt{debian hôte} ---
Permet d'héberger le site intranet de l'établissement.
\item \texttt{gateway} ---
Permet le routage vers l'intranet de l'établissement ainsi que vers la passerelle pour accéder à Internet.
\item \texttt{nat} ---
Permet de rejoindre le monde extérieur grâce au NAT fourni par l'hyperviseur.
\end{itemize}
\section{Configuration des interfaces des machines}
\subsection{gateway}
\texttt{/etc/network/interfaces}
\begin{lstlisting}[gobble=4]
auto ens4
iface ens4 inet dhcp
auto ens5
iface ens5 inet static
address 192.168.50.1/24
\end{lstlisting}
Il faut également ajouter une route vers les réseaux internes~:
\texttt{/etc/network/if-up.d/internal-networks}
\begin{lstlisting}[gobble=4]
#!/bin/sh
ip route replace 192.168.0.0/16 via 192.168.50.5 dev ens5
\end{lstlisting}
Si l'on veut que les machines internes puissent sortir sur Internet, il faudra également ajouter faire du NAT masquerade~:
\texttt{/etc/nftables.conf}
\begin{lstlisting}[gobble=4]
flush ruleset
table inet nat {
chain nat prerouting {
type nat hook prerouting priority -100;
}
chain nat postrouting {
type nat hook postrouting priority 100;
oif "ens4" masquerade;
}
}
\end{lstlisting}
Puis, on lance \texttt{systemctl start nftables; systemctl enable nftables}.
Pour finir, il faut autoriser le routage en décommentant~:
\texttt{/etc/sysctl.conf}
\begin{lstlisting}[gobble=4]
net.ipv4.ip_forward=1
\end{lstlisting}
\subsection{firewall}
\texttt{/etc/network/interfaces}
\begin{lstlisting}[gobble=4]
auto ens4
iface ens4 inet static
address 192.168.50.5/24
gateway 192.168.50.1
auto ens5.10
iface ens5.10 inet static
address 192.168.10.5/24
auto ens5.20
iface ens5.20 inet static
address 192.168.40.5/24
auto ens6
iface ens6 inet static
address 192.168.20.5/24
\end{lstlisting}
Pas besoin de routage supplémentaire ni de NAT ici.
Par contre, il faut comme pour \texttt{gateway} autoriser le routage~:
\texttt{/etc/sysctl.conf}
\begin{lstlisting}[gobble=4]
net.ipv4.ip_forward=1
\end{lstlisting}
\subsection{nfs}
\texttt{/etc/network/interfaces}
\begin{lstlisting}[gobble=4]
auto ens4
iface ens4 inet dhcp
\end{lstlisting}
\subsection{dns}
\texttt{/etc/network/interfaces}
\begin{lstlisting}[gobble=4]
auto ens4
iface ens4 inet dhcp
\end{lstlisting}
\subsection{dhcp}
\texttt{/etc/network/interfaces}
\begin{lstlisting}[gobble=4]
auto ens4
iface ens4 inet static
address 192.168.20.1/24
gateway 192.168.20.5
\end{lstlisting}
\subsection{m1, m2, m3, m4}
\texttt{/etc/network/interfaces}
\begin{lstlisting}[gobble=4]
auto ens4
iface ens4 inet dhcp
\end{lstlisting}
\section{Configuration du serveur DHCP}
\texttt{/etc/default/isc-dhcp-server}
\begin{lstlisting}[gobble=4]
INTERFACESv4="ens4"
\end{lstlisting}
\texttt{/etc/dhcp/dhcpd.conf}
\begin{lstlisting}[gobble=4]
option domain-name "st-potache.fr";
option domain-name-servers dns.st-potache.fr;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
# Réseau A (m1, m2)
subnet 192.168.10.0 netmask 255.255.255.0 {
option domain-name-servers 192.168.20.2;
option routers 192.168.10.5;
range 192.168.10.10 192.168.10.19;
}
# Réseau B (nfs)
subnet 192.168.40.0 netmask 255.255.255.0 {
option domain-name-servers 192.168.20.2;
option routers 192.168.40.5;
range 192.168.40.10 192.168.40.19;
host NFS {
hardware ethernet 0c:4a:07:3c:00:00;
fixed-address 192.168.40.1;
}
}
# Réseau C (dns, dhcp, m3, m4)
subnet 192.168.20.0 netmask 255.255.255.0 {
option domain-name-servers 192.168.20.2;
option routers 192.168.20.5;
range 192.168.20.10 192.168.20.24;
host DNS {
hardware ethernet 0c:40:4d:27:00:00;
fixed-address 192.168.20.2;
}
}
\end{lstlisting}
\end{document}

View file

@ -0,0 +1,102 @@
\ProvidesPackage{styles}
\usepackage[
%showframe,
a4paper,includeheadfoot,margin=2cm,top=1cm,bottom=1cm
]{geometry}
\setcounter{tocdepth}{2}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage{babel}
\usepackage{datetime}
\usepackage{color}
\usepackage{xcolor,colortbl}
\usepackage{amsmath}
\usepackage{amsfonts}
\everymath{\displaystyle}
\newcommand*\dif{\mathop{}\!\mathrm{d}}
\usepackage{xfrac}
\usepackage{booktabs}
\usepackage{tabularx}
\newcolumntype{Y}{>{\centering\arraybackslash}X}
\definecolor{Red}{rgb}{1,0.2,0.2}
\newcolumntype{r}{>{\columncolor{Red}}Y}
\usepackage{multicol}
\usepackage{multirow}
\usepackage{makecell}
\usepackage{parskip}
\usepackage{microtype}
\usepackage{enumitem}
\usepackage{listingsutf8}
\lstset{%
inputencoding=utf8/latin1,
basicstyle=\small\ttfamily,
columns=flexible,
breaklines=true,
extendedchars=true,
literate=
{á}{{\'a}}1 {é}{{\'e}}1 {í}{{\'\i}}1 {ó}{{\'o}}1 {ú}{{\'u}}1
{Á}{{\'A}}1 {É}{{\'E}}1 {Í}{{\'I}}1 {Ó}{{\'O}}1 {Ú}{{\'U}}1
{à}{{\`a}}1 {è}{{\`e}}1 {ì}{{\`\i}}1 {ò}{{\`o}}1 {ù}{{\`u}}1
{À}{{\`A}}1 {È}{{\`E}}1 {Ì}{{\`I}}1 {Ò}{{\`O}}1 {Ù}{{\`U}}1
{ä}{{\"a}}1 {ë}{{\"e}}1 {ï}{{\"\i}}1 {ö}{{\"o}}1 {ü}{{\"u}}1
{Ä}{{\"A}}1 {Ë}{{\"E}}1 {Ï}{{\"I}}1 {Ö}{{\"O}}1 {Ü}{{\"U}}1
{â}{{\^a}}1 {ê}{{\^e}}1 {î}{{\^\i}}1 {ô}{{\^o}}1 {û}{{\^u}}1
{Â}{{\^A}}1 {Ê}{{\^E}}1 {Î}{{\^I}}1 {Ô}{{\^O}}1 {Û}{{\^U}}1
{Ã}{{\~A}}1 {ã}{{\~a}}1 {Õ}{{\~O}}1 {õ}{{\~o}}1 {œ}{{\oe}}1
{Œ}{{\OE}}1 {æ}{{\ae}}1 {Æ}{{\AE}}1 {ß}{{\ss}}1 {ű}{{\H{u}}}1
{Ű}{{\H{U}}}1 {ő}{{\H{o}}}1 {Ő}{{\H{O}}}1 {ç}{{\c c}}1
{Ç}{{\c C}}1 {ø}{{\o}}1 {å}{{\r a}}1 {Å}{{\r A}}1
{€}{{\euro}}1 {£}{{\pounds}}1 {«}{{\guillemotleft}}1
{»}{{\guillemotright}}1 {ñ}{{\~n}}1 {Ñ}{{\~N}}1 {¿}{{?`}}1
}
\let\oldlstinputlisting\lstinputlisting
% make \lstinputlisting always have frame
\renewcommand{\lstinputlisting}[2][]{\oldlstinputlisting[frame=single,#1]{#2}}
\lstnewenvironment{console}[1][]{%
\lstset{%
inputencoding=utf8/latin1,
basicstyle=\small\ttfamily\color{white},
columns=flexible,
breaklines=true,
extendedchars=true,
literate=
{á}{{\'a}}1 {é}{{\'e}}1 {í}{{\'\i}}1 {ó}{{\'o}}1 {ú}{{\'u}}1
{Á}{{\'A}}1 {É}{{\'E}}1 {Í}{{\'I}}1 {Ó}{{\'O}}1 {Ú}{{\'U}}1
{à}{{\`a}}1 {è}{{\`e}}1 {ì}{{\`\i}}1 {ò}{{\`o}}1 {ù}{{\`u}}1
{À}{{\`A}}1 {È}{{\`E}}1 {Ì}{{\`I}}1 {Ò}{{\`O}}1 {Ù}{{\`U}}1
{ä}{{\"a}}1 {ë}{{\"e}}1 {ï}{{\"\i}}1 {ö}{{\"o}}1 {ü}{{\"u}}1
{Ä}{{\"A}}1 {Ë}{{\"E}}1 {Ï}{{\"I}}1 {Ö}{{\"O}}1 {Ü}{{\"U}}1
{â}{{\^a}}1 {ê}{{\^e}}1 {î}{{\^\i}}1 {ô}{{\^o}}1 {û}{{\^u}}1
{Â}{{\^A}}1 {Ê}{{\^E}}1 {Î}{{\^I}}1 {Ô}{{\^O}}1 {Û}{{\^U}}1
{Ã}{{\~A}}1 {ã}{{\~a}}1 {Õ}{{\~O}}1 {õ}{{\~o}}1 {œ}{{\oe}}1
{Œ}{{\OE}}1 {æ}{{\ae}}1 {Æ}{{\AE}}1 {ß}{{\ss}}1 {ű}{{\H{u}}}1
{Ű}{{\H{U}}}1 {ő}{{\H{o}}}1 {Ő}{{\H{O}}}1 {ç}{{\c c}}1
{Ç}{{\c C}}1 {ø}{{\o}}1 {å}{{\r a}}1 {Å}{{\r A}}1
{€}{{\euro}}1 {£}{{\pounds}}1 {«}{{\guillemotleft}}1
{»}{{\guillemotright}}1 {ñ}{{\~n}}1 {Ñ}{{\~N}}1 {¿}{{?`}}1,
backgroundcolor=\color{black}, #1
}%
}{}
\usepackage{graphicx}
\usepackage[hyphens]{url}
\usepackage[colorlinks,hidelinks]{hyperref}
\usepackage{tikz}
\usetikzlibrary{shapes}
\usepackage{letltxmacro}
\LetLtxMacro{\normalparagraph}{\paragraph}
\renewcommand{\paragraph}[1]{\normalparagraph{#1}\mbox{}}
\sloppy