diff --git a/files/notepad.txt b/files/notepad.txt index 49c6410..9637cd1 100644 --- a/files/notepad.txt +++ b/files/notepad.txt @@ -1,54 +1,134 @@ -МОДУЛЬ 2 +SSH: + +ISP: ssh 172.16.1.1 + +HQ-RTR: ssh 172.16.1.2 + +BR-RTR: ssh 172.16.2.2 + +HQ-SRV: ssh -p 2026 sshuser@192.168.100.2 (MODULE 2-3) + +BR-SRV: ssh -p 2026 sshuser@192.168.200.2 (MODULE 2-3) + +HQ-SRV: ssh 192.168.100.2 (MODULE 1) + +BR-SRV: ssh 192.168.200.2 (MODULE 1) ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -1)BR-SRV: -apt update && apt install -y samba* krb5* winbind smbclient && apt install -y ansible && apt install -y chrony && apt install -y curl && apt install -y dos2unix +MODULE 1 + ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -2)HQ-CLI: +1)HQ-SRV, BR-SRV: -apt-get update && apt-get remove -y alterator-datetime && apt-get install -y task-auth-ad-sssd && apt-get install -y admc && apt-get install -y openssh-server && apt-get install -y chrony && apt-get install -y yandex-browser-stable +useradd -u 2026 -m -s /bin/bash sshuser + +passwd sshuser + +echo "sshuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -3)HQ-RTR: +2)HQ-RTR, BR-RTR: -apt update && apt install -y curl && apt install -y dos2unix +useradd -m -s /bin/bash net_admin + +passwd net_admin + +echo "net_admin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -4)ISP, BR-RTR и HQ-SRV: +3)HQ-SRV, BR-SRV: -apt update && apt install -y chrony && apt install -y curl && apt install -y dos2unix +apt update && apt install -y openssh-server openssh-client + +nano /etc/ssh/sshd_config + +Port 2026 + +AllowUsers sshuser +MaxAuthTries 2 +Banner /etc/issue.net + +echo "Authorized access only" > /etc/issue.net + +systemctl restart sshd ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -5)BR-SRV: +4)HQ-RTR, BR-RTR, HQ-SRV, BR-SRV: -hostname && domainname au-team.irpo && rm -f /etc/samba/smb.conf && rm -rf /var/lib/samba/ && rm -rf /var/cache/samba/ && mkdir -p /var/lib/samba/sysvol +nano /etc/resolv.conf + +nameserver 192.168.100.2 + +apt update + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +5)HQ-CLI: + +timedatectl set-timezone Asia/Yekaterinburg && timedatectl status + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + + +MODULE 2 -reboot ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 6)BR-SRV: -samba-tool domain provision - -reboot - -samba-tool domain info 127.0.0.1 +apt update && apt install -y samba* krb5* winbind smbclient && apt install -y ansible && apt install -y chrony && apt install -y curl && apt install -y dos2unix ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 7)HQ-CLI: +apt-get update && apt-get remove -y alterator-datetime && apt-get install -y task-auth-ad-sssd && apt-get install -y admc && apt-get install -y openssh-server && apt-get install -y chrony && apt-get install -y yandex-browser-stable + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +8)HQ-RTR: + +apt update && apt install -y curl && apt install -y dos2unix + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +9)ISP, BR-RTR, HQ-SRV: + +apt update && apt install -y chrony && apt install -y curl && apt install -y dos2unix + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +10)BR-SRV: + +hostname && domainname au-team.irpo && rm -f /etc/samba/smb.conf && rm -rf /var/lib/samba/ && rm -rf /var/cache/samba/ && mkdir -p /var/lib/samba/sysvol + +sudo shutdown -r now + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +11)BR-SRV: + +samba-tool domain provision + +sudo shutdown -r now + +samba-tool domain info 127.0.0.1 + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +12)HQ-CLI: + cat /etc/resolv.conf && host au-team.irpo -reboot +!!! restart !!! kinit Administrator @@ -60,7 +140,7 @@ nano /etc/sudoers ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -8)HQ-SRV: +13)HQ-SRV: lsblk @@ -98,7 +178,7 @@ systemctl enable --now nfs-server ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -9)HQ-CLI: +14)HQ-CLI: apt-get update && apt-get install -y nfs-utils nfs-clients @@ -108,11 +188,11 @@ nano /etc/fstab 192.168.100.2:raid0/nfs /mnt/nfs nfs defaults 0 0 -sudo mount -av && sudo df -h +mount -av && df -h ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -10)CHRONY:ISP: +15)CHRONY:ISP: apt update && apt install -y chrony @@ -127,7 +207,7 @@ systemctl enable --now chrony && systemctl restart chrony ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -11)CHRONY:BR-RTR, HQ-SRV и BR-SRV: +16)CHRONY:BR-RTR, HQ-SRV, BR-SRV: apt update && apt install -y chrony @@ -141,7 +221,7 @@ chronyc sources ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -12)CHRONY:HQ-CLI: +17)CHRONY:HQ-CLI: apt-get update && apt-get install -y chrony @@ -155,13 +235,15 @@ chronyc sources ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -13)CHRONY:ISP: +18)CHRONY:ISP: chronyc clients ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -14)BR-SRV: +19)BR-SRV: + +!!! HQ-CLI --> systemctl restart sshd !!! apt update && apt install -y ansible @@ -173,8 +255,6 @@ nano /etc/ansible/hosts ssh-keygen -t rsa -b 2048 -!systemctl restart sshd на HQ-CLI! - ssh-copy-id hq-rtr.au-team.irpo ssh-copy-id br-rtr.au-team.irpo @@ -187,25 +267,25 @@ ansible all -m ping ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -15)BR-SRV: +20)BR-SRV: apt update && apt install -y docker.io docker-compose && systemctl enable --now docker.service && mount /dev/sr0 /mnt/ && docker load < /mnt/docker/site_latest.tar && docker load < /mnt/docker/mariadb_latest.tar && docker image ls && curl -o ~/compose.yaml https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/compose.yaml -!Далее настройка проводится напрямую на BR-SRV! +!!! --> BR-SRV !!! HQ-CLI --> 192.168.200.2:8080 ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -16)HQ-SRV: +21)HQ-SRV: apt update && apt install -y apache* && apt install -y php php8.2 php-curl php-zip php-xml libapache2-mod-php php-mysql php-mbstring php-gd php-intl php-soap && apt install -y mariadb-* && systemctl enable --now mariadb && systemctl enable --now apache2 && mount /dev/sr0 /mnt/ && cp /mnt/web/index.php /var/www/html && cp /mnt/web/logo.png /var/www/html -!Далее настройка проводится напрямую на HQ-SRV! +!!! --> HQ-SRV !!! ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -17)HQ-SRV:nano /var/www/html/index.php: +22)HQ-SRV:nano /var/www/html/index.php: HQ-SRV !!! ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -18)HQ-SRV: +23)HQ-SRV: -mariadb –u webc –p –D webdb < ~/dump.sql +mariadb -u webc -p -D webdb < ~/dump.sql rm /var/www/html/index.html && systemctl enable --now apache2 && systemctl restart apache2 @@ -227,7 +307,7 @@ HQ-CLI --> 192.168.100.2 ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -19)NFTABLES:HQ-RTR: +24)NFTABLES:HQ-RTR: curl -o /etc/nftables.conf https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/hq-rtr/nftables.conf && dos2unix /etc/nftables.conf @@ -237,7 +317,7 @@ systemctl restart nftables && systemctl enable --now nftables && /etc/nftables.c ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -20)NFTABLES:BR-RTR: +25)NFTABLES:BR-RTR: curl -o /etc/nftables.conf https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/br-rtr/nftables.conf && dos2unix /etc/nftables.conf @@ -247,19 +327,19 @@ systemctl restart nftables && systemctl enable --now nftables && /etc/nftables.c ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -21)ISP: +26)ISP: apt update && apt-get install -y nginx && systemctl start nginx && systemctl enable nginx && curl -o /etc/nginx/sites-available/default https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/reverse-proxy.conf && curl -o /etc/nginx/sites-available/reverse-proxy.conf https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/reverse-proxy.conf && dos2unix /etc/nginx/sites-available/default && dos2unix /etc/nginx/sites-available/reverse-proxy.conf nano /etc/nginx/sites-available/reverse-proxy.conf -ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/ && ln -s /etc/nginx/sites-available/default/etc/nginx/sites-enabled/ +ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/ nginx -t && systemctl enable --now nginx ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -22)HQ-CLI: +27)HQ-CLI: nano /etc/hosts @@ -273,11 +353,11 @@ http://docker.au-team.irpo/ ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -23)ISP: +28)ISP: apt update && apt install -y apache2 -!Далее настройка проводится напрямую на ISP! +!!! --> ISP !!! nano /etc/nginx/sites-available/default @@ -285,7 +365,13 @@ nginx -t && systemctl restart nginx ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -24)BR-SRV: + +MODULE 3 + + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +29)BR-SRV: cp /mnt/Users.csv /opt/ && curl -o /opt/import_users.sh https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/import_users.sh && dos2unix /opt/import_users.sh && ls /opt @@ -293,11 +379,11 @@ nano /opt/import_users.sh chmod +x /opt/import_users.sh -!Импорт пользователей лучше проводить напрямую на BR-SRV! +!!! BR-SRV --> /opt/import_users.sh !!! ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -25)HQ-SRV: +30)HQ-SRV: apt update && apt install -y openssl ca-certificates @@ -311,17 +397,17 @@ nano /etc/ssl/openssl-ca.cnf openssl ca -config /etc/ssl/openssl-ca.cnf -in /etc/pki/CA/web.au-team.irpo.csr -out /etc/pki/CA/certs/web.au-team.irpo.crt -extensions server_cert -days 30 -batch && openssl ca -config /etc/ssl/openssl-ca.cnf -in /etc/pki/CA/docker.au-team.irpo.csr -out /etc/pki/CA/certs/docker.au-team.irpo.crt -extensions server_cert -days 30 -batch -!Далее настройка проводится напрямую на HQ-SRV! +!!! --> HQ-SRV !!! ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -26)HQ-CLI: +31)HQ-CLI: cp /mnt/nfs/ca.crt /etc/pki/ca-trust/source/anchors/ && update-ca-trust ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -27)HQ-SRV: +32)HQ-SRV: nano /etc/ssh/sshd_config @@ -329,7 +415,7 @@ systemctl restart sshd ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -28)ISP: +33)ISP: curl -o /etc/nginx/sites-available/default https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/reverse-proxy-ssl.conf @@ -341,7 +427,7 @@ chown root:root /etc/nginx/ssl/* && chmod 600 /etc/nginx/ssl/*.key && nginx -t & ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -29)HQ-CLI: +34)HQ-CLI: https://docker.au-team.irpo/ @@ -349,9 +435,9 @@ https://web.au-team.irpo/ ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -30)HQ-RTR: +35)HQ-RTR: -!ВАЖНО! Зайти на HQ-SRV и раскоментить строчки ssh в файле - nano /etc/ssh/sshd_config и перезагрузить - systemctl restart sshd! +!!! HQ-SRV --> nano /etc/ssh/sshd_config --> systemctl restart sshd !!! apt update && apt install -y strongswan @@ -369,17 +455,17 @@ conn gre-tunnel nano /etc/ipsec.secrets -172.16.1.2 172.16.2.2 : PSK “123qweR%” +172.16.1.2 172.16.2.2 : PSK "123qweR%" nano /etc/strongswan.d/charon.conf -!"Ctrl" + "Shift" + "-" = 133! +!!! "Ctrl" + "Shift" + "-" = 133 !!! ipsec restart ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -31)BR-RTR: +36)BR-RTR: apt update && apt install -y strongswan @@ -397,35 +483,35 @@ conn gre-tunnel nano /etc/ipsec.secrets -172.16.2.2 172.16.1.2 : PSK “123qweR%” +172.16.2.2 172.16.1.2 : PSK "123qweR%" nano /etc/strongswan.d/charon.conf -!"Ctrl" + "Shift" + "-" = 133! +!!! "Ctrl" + "Shift" + "-" = 133 !!! ipsec restart apt update && apt install -y tcpdump -tcpdump -i ens18 -n -p esp +!!! BR-RTR --> tcpdump -i ens18 -n -p esp !!! ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -32)HQ-RTR: +37)HQ-RTR: -ping 192.168.200.2 +!!! HQ-RTR --> ping 192.168.200.2 !!! ipsec status ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -33)HQ-CLI: +38)HQ-CLI: ping 192.168.200.2 ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -34)HQ-SRV: +39)HQ-SRV: apt update && apt install -y cups cups-pdf @@ -437,7 +523,7 @@ systemctl restart cups ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -35)HQ-CLI: +40)HQ-CLI: apt-get update && apt-get install -y cups system-config-printer @@ -449,7 +535,7 @@ http://192.168.100.2:631/printers/PDF ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -36)HQ-SRV: +41)HQ-SRV: apt update && apt install -y rsyslog @@ -463,7 +549,7 @@ systemctl enable rsyslog && systemctl restart rsyslog ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -37)HQ-RTR: +42)HQ-RTR: apt update && apt install -y rsyslog @@ -479,7 +565,7 @@ systemctl restart rsyslog ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -38)BR-RTR: +43)BR-RTR: apt update && apt install -y rsyslog @@ -495,7 +581,7 @@ systemctl restart rsyslog ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -39)BR-SRV: +44)BR-SRV: apt update && apt install -y rsyslog @@ -509,19 +595,19 @@ systemctl enable rsyslog && systemctl restart rsyslog ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -40)HQ-SRV: +45)HQ-SRV: ls /opt/ ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -41)BR-SRV: +46)BR-SRV: -logger -p user.info “Test info” && logger -p user.warning “Test warning” && logger -p user.error “Test error” +logger -p user.info "Test info" && logger -p user.warning "Test warning" && logger -p user.error "Test error" ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -42)HQ-SRV: +47)HQ-SRV: sudo cat /opt/br-srv/rsyslog.txt @@ -539,7 +625,7 @@ nano /etc/logrotate.d/rsyslog ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -43)HQ-SRV: +48)HQ-SRV: wget https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_7.4-0.2+debian12_all.deb @@ -547,13 +633,13 @@ sudo dpkg -i zabbix-release_7.4-0.2+debian12_all.deb sudo apt update && sudo apt install -y zabbix-server-mysql zabbix-frontend-php zabbix-agent php php-mysql php-bcmath php-mbstring zabbix-sql-scripts zabbix-apache-conf mariadb-server -!Далее настройка проводится напрямую на HQ-SRV! +!!! --> HQ-SRV !!! zcat /usr/share/zabbix/sql-scripts/mysql/server.sql.gz | sudo mysql -u zabbix -p zabbix sudo nano /etc/zabbix/zabbix_server.conf -!"Ctrl" + "Shift" + "-" = 100, 116, 124! +!!! "Ctrl" + "Shift" + "-" = 100, 116, 124 !!! sudo systemctl enable --now zabbix-server @@ -561,25 +647,10 @@ ln -s /usr/share/zabbix /var/www/html/mon sudo nano /etc/php/8.2/apache2/php.ini -!"Ctrl" + "Shift" + "-" = 409, 419, 703! - -curl -o /etc/apache2/sites-avaliable/zabbix.conf https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/zabbix.conf +!!! "Ctrl" + "Shift" + "-" = 409, 419, 703 !!! systemctl restart apache2 -nano /etc/apache2/sites-available/zabbix.conf - - - ServerName au-team.irpo - ServerAlias mon.au-team.irpo - DocumentRoot /var/www/html/zabbix/ui - Alias /zabbix /usr/share/zabbix/ui - - AllowOverride All - Options -Indexes +FollowSymLinks - - - sudo rm -rf /etc/apache2/sites-available/000-default.conf ln -s /etc/apache2/sites-available/zabbix.conf /etc/apache2/sites-enabled/ @@ -588,9 +659,7 @@ sudo systemctl restart apache2 ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -44)HQ-SRV: - -!Старые IP-адреса web и docker меняются на новые! +49)HQ-SRV: nano /etc/dnsmasq.conf @@ -605,7 +674,7 @@ HQ-CLI --> http://mon.au-team.irpo/zabbix ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -45)BR-SRV: +50)BR-SRV: wget https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_7.4-0.2+debian12_all.deb @@ -615,17 +684,17 @@ sudo apt update && apt install -y zabbix-agent nano /etc/zabbix/zabbix_agentd.conf -!"Ctrl" + "Shift" + "-" = 117 - Server=192.168.100.2! +!!! "Ctrl" + "Shift" + "-" = 117 - Server=192.168.100.2 !!! -!"Ctrl" + "Shift" + "-" = 173 - ServerActive=192.168.100.2! +!!! "Ctrl" + "Shift" + "-" = 173 - ServerActive=192.168.100.2 !!! -!"Ctrl" + "Shift" + "-" = 184 - Hostname=br-srv +!!! "Ctrl" + "Shift" + "-" = 184 - Hostname=br-srv !!! systemctl restart zabbix-agent.service ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -46)HQ-CLI: +51)HQ-CLI: Monitoring --> Hosts --> Create host @@ -651,7 +720,7 @@ Add ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -47)BR-SRV: +52)BR-SRV: mkdir /etc/ansible/PC_INFO @@ -669,7 +738,7 @@ cat /etc/ansible/PC_INFO/hq-srv.yml ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -48)BR-SRV: +53)BR-SRV: mkdir /etc/ansible/NETWORK_INFO @@ -679,13 +748,13 @@ nano /etc/ansible/backup.yml ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -49)HQ-RTR и BR-RTR: +54)HQ-RTR, BR-RTR: apt update && apt install -y sudo ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -50)BR-SRV: +55)BR-SRV: ansible-playbook /etc/ansible/backup.yml @@ -697,4 +766,4 @@ ls -la /etc/ansible/NETWORK_INFO/BR-RTR cat /etc/ansible/NETWORK_INFO/HQ-RTR/interfaces -............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. \ No newline at end of file +.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................