diff --git a/files/notepad.txt b/files/notepad.txt index 39baba9..49c6410 100644 --- a/files/notepad.txt +++ b/files/notepad.txt @@ -1,30 +1,38 @@ МОДУЛЬ 2 +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 1)BR-SRV: apt update && apt install -y samba* krb5* winbind smbclient && apt install -y ansible && apt install -y chrony && apt install -y curl && apt install -y dos2unix +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 2)HQ-CLI: apt-get update && apt-get remove -y alterator-datetime && apt-get install -y task-auth-ad-sssd && apt-get install -y admc && apt-get install -y openssh-server && apt-get install -y chrony && apt-get install -y yandex-browser-stable +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 3)HQ-RTR: apt update && apt install -y curl && apt install -y dos2unix +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 4)ISP, BR-RTR и HQ-SRV: apt update && apt install -y chrony && apt install -y curl && apt install -y dos2unix +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 5)BR-SRV: -hostname && domainname au-team.irpo && rm -f /etc/samba/smb.conf && rm -rf /var/lib/samba/ && rm -rf /var/cache/samba/ && mkdir -p /var/lib/samba/sysvol && reboot +hostname && domainname au-team.irpo && rm -f /etc/samba/smb.conf && rm -rf /var/lib/samba/ && rm -rf /var/cache/samba/ && mkdir -p /var/lib/samba/sysvol +reboot + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 6)BR-SRV: @@ -34,6 +42,7 @@ reboot samba-tool domain info 127.0.0.1 +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 7)HQ-CLI: @@ -47,6 +56,9 @@ id && klist && admc nano /etc/sudoers +%hq ALL=(ALL) NOPASSWD: /bin/cat, /bin/grep, /usr/bin/id + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 8)HQ-SRV: @@ -64,51 +76,95 @@ sudo mkfs.ext4 /dev/md0 mkdir -p /raid0 +nano /etc/fstab + +/dev/md0 /raid0 ext4 defaults 0 0 + +sudo mount -av && sudo df -h + apt-get update && apt-get install -y nfs-server cifs-utils mkdir /raid0/nfs && chmod 777 /raid0/nfs +nano /etc/exports + /raid0/nfs 192.168.10.0/28(rw,no_root_squash) +sudo exportfs -arv + +sudo update-initramfs -u + +systemctl enable --now nfs-server + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 9)HQ-CLI: +apt-get update && apt-get install -y nfs-utils nfs-clients + +mkdir /mnt/nfs && chmod 777 /mnt/nfs + +nano /etc/fstab + 192.168.100.2:raid0/nfs /mnt/nfs nfs defaults 0 0 +sudo mount -av && sudo df -h + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 10)CHRONY:ISP: +apt update && apt install -y chrony + +nano /etc/chrony/chrony.conf + server 127.0.0.1 iburst prefer -hwtimestamp +hwtimestamp * local stratum 5 allow 0/0 systemctl enable --now chrony && systemctl restart chrony +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 11)CHRONY:BR-RTR, HQ-SRV и BR-SRV: +apt update && apt install -y chrony + +nano /etc/chrony/chrony.conf + server 172.16.1.1 iburst prefer systemctl enable --now chrony && systemctl restart chrony +chronyc sources + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 12)CHRONY:HQ-CLI: +apt-get update && apt-get install -y chrony + nano /etc/chrony.conf server 172.16.1.1 iburst prefer systemctl enable --now chronyd && systemctl restart chronyd +chronyc sources + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 13)CHRONY:ISP: chronyc clients +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 14)BR-SRV: +apt update && apt install -y ansible + mkdir -p /etc/ansible curl -o /etc/ansible/hosts https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/hosts.file && dos2unix /etc/ansible/hosts @@ -117,6 +173,8 @@ nano /etc/ansible/hosts ssh-keygen -t rsa -b 2048 +!systemctl restart sshd на HQ-CLI! + ssh-copy-id hq-rtr.au-team.irpo ssh-copy-id br-rtr.au-team.irpo @@ -127,19 +185,25 @@ ssh-copy-id -p 2026 sshuser@hq-srv.au-team.irpo ansible all -m ping +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 15)BR-SRV: -apt update && apt install -y docker.io docker-compose && systemctl enable --now docker.service && mount /dev/sr0 /mnt/ && docker load < /mnt/docker/site_latest.tar && docker load < /mnt/docker/mariadb_latest.tar && curl -o ~/compose.yaml https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/compose.yaml -Далее настройка проводится напрямую на BR-SRV +apt update && apt install -y docker.io docker-compose && systemctl enable --now docker.service && mount /dev/sr0 /mnt/ && docker load < /mnt/docker/site_latest.tar && docker load < /mnt/docker/mariadb_latest.tar && docker image ls && curl -o ~/compose.yaml https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/compose.yaml +!Далее настройка проводится напрямую на BR-SRV! + +HQ-CLI --> 192.168.200.2:8080 + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 16)HQ-SRV: apt update && apt install -y apache* && apt install -y php php8.2 php-curl php-zip php-xml libapache2-mod-php php-mysql php-mbstring php-gd php-intl php-soap && apt install -y mariadb-* && systemctl enable --now mariadb && systemctl enable --now apache2 && mount /dev/sr0 /mnt/ && cp /mnt/web/index.php /var/www/html && cp /mnt/web/logo.png /var/www/html -Далее настройка проводится напрямую на HQ-SRV +!Далее настройка проводится напрямую на HQ-SRV! +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 17)HQ-SRV:nano /var/www/html/index.php: @@ -149,13 +213,19 @@ $username = "webc"; $password = "P@ssw0rd"; $dbname = "webdb"; -Далее настройка проводится напрямую на HQ-SRV +!Далее настройка проводится напрямую на HQ-SRV! +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 18)HQ-SRV: +mariadb –u webc –p –D webdb < ~/dump.sql + rm /var/www/html/index.html && systemctl enable --now apache2 && systemctl restart apache2 +HQ-CLI --> 192.168.100.2 + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 19)NFTABLES:HQ-RTR: @@ -165,6 +235,7 @@ nano /etc/nftables.conf systemctl restart nftables && systemctl enable --now nftables && /etc/nftables.conf +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 20)NFTABLES:BR-RTR: @@ -174,6 +245,7 @@ nano /etc/nftables.conf systemctl restart nftables && systemctl enable --now nftables && /etc/nftables.conf +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 21)ISP: @@ -185,35 +257,51 @@ ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/ && ln -s /etc nginx -t && systemctl enable --now nginx +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 22)HQ-CLI: +nano /etc/hosts + 172.16.1.1 web.au-team.irpo 172.16.2.1 docker.au-team.irpo 192.168.100.2 hq-srv.au-team.irpo hq-srv +http://web.au-team.irpo/ + +http://docker.au-team.irpo/ + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 23)ISP: apt update && apt install -y apache2 -Далее настройка проводится напрямую на ISP +!Далее настройка проводится напрямую на ISP! + +nano /etc/nginx/sites-available/default nginx -t && systemctl restart nginx +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 24)BR-SRV: cp /mnt/Users.csv /opt/ && curl -o /opt/import_users.sh https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/import_users.sh && dos2unix /opt/import_users.sh && ls /opt +nano /opt/import_users.sh + chmod +x /opt/import_users.sh -Импорт пользователей лучше проводить напрямую на BR-SRV +!Импорт пользователей лучше проводить напрямую на BR-SRV! +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 25)HQ-SRV: -apt update && apt install -y openssl ca-certificates && mkdir -p /etc/pki/CA/{private,certs,newcerts,crl} && touch /etc/pki/CA/index.txt && echo 1000 > /etc/pki/CA/serial && chmod 700 /etc/pki/CA/private +apt update && apt install -y openssl ca-certificates + +mkdir -p /etc/pki/CA/{private,certs,newcerts,crl} && touch /etc/pki/CA/index.txt && echo 1000 > /etc/pki/CA/serial && chmod 700 /etc/pki/CA/private openssl req -x509 -new -nodes -keyout /etc/pki/CA/private/ca.key -out /etc/pki/CA/certs/ca.crt -days 3650 -sha256 -subj "/CN=AU-TEAM Root CA" && openssl genrsa -out /etc/pki/CA/private/web.au-team.irpo.key 2048 && openssl req -new -key /etc/pki/CA/private/web.au-team.irpo.key -out /etc/pki/CA/web.au-team.irpo.csr -subj "/CN=web.au-team.irpo" && openssl genrsa -out /etc/pki/CA/private/docker.au-team.irpo.key 2048 && openssl req -new -key /etc/pki/CA/private/docker.au-team.irpo.key -out /etc/pki/CA/docker.au-team.irpo.csr -subj "/CN=docker.au-team.irpo" @@ -223,17 +311,25 @@ nano /etc/ssl/openssl-ca.cnf openssl ca -config /etc/ssl/openssl-ca.cnf -in /etc/pki/CA/web.au-team.irpo.csr -out /etc/pki/CA/certs/web.au-team.irpo.crt -extensions server_cert -days 30 -batch && openssl ca -config /etc/ssl/openssl-ca.cnf -in /etc/pki/CA/docker.au-team.irpo.csr -out /etc/pki/CA/certs/docker.au-team.irpo.crt -extensions server_cert -days 30 -batch -Далее настройка проводится напрямую на HQ-SRV - -nano /etc/ssh/sshd_config +!Далее настройка проводится напрямую на HQ-SRV! +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 26)HQ-CLI: cp /mnt/nfs/ca.crt /etc/pki/ca-trust/source/anchors/ && update-ca-trust +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -27)ISP: +27)HQ-SRV: + +nano /etc/ssh/sshd_config + +systemctl restart sshd + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +28)ISP: curl -o /etc/nginx/sites-available/default https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/reverse-proxy-ssl.conf @@ -243,10 +339,19 @@ scp -P 2026 root@172.16.1.2:/etc/pki/CA/certs/web.au-team.irpo.crt /etc/nginx/ss chown root:root /etc/nginx/ssl/* && chmod 600 /etc/nginx/ssl/*.key && nginx -t && systemctl reload nginx +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -28)HQ-RTR: +29)HQ-CLI: -ВАЖНО! Зайти на HQ-SRV и раскоментить строчки ssh в файле - nano /etc/ssh/sshd_config и перезагрузить - systemctl restart sshd +https://docker.au-team.irpo/ + +https://web.au-team.irpo/ + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +30)HQ-RTR: + +!ВАЖНО! Зайти на HQ-SRV и раскоментить строчки ssh в файле - nano /etc/ssh/sshd_config и перезагрузить - systemctl restart sshd! apt update && apt install -y strongswan @@ -268,10 +373,13 @@ nano /etc/ipsec.secrets nano /etc/strongswan.d/charon.conf +!"Ctrl" + "Shift" + "-" = 133! + ipsec restart +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -29)BR-RTR: +31)BR-RTR: apt update && apt install -y strongswan @@ -293,19 +401,55 @@ nano /etc/ipsec.secrets nano /etc/strongswan.d/charon.conf +!"Ctrl" + "Shift" + "-" = 133! + ipsec restart -apt update && apt install -y tcpdump && tcpdump -i ens18 -n -p esp +apt update && apt install -y tcpdump +tcpdump -i ens18 -n -p esp -30)HQ-SRV: +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +32)HQ-RTR: + +ping 192.168.200.2 + +ipsec status + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +33)HQ-CLI: + +ping 192.168.200.2 + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +34)HQ-SRV: apt update && apt install -y cups cups-pdf -systemctl enable –now cups && cupsctl --share-printers --remote-any && systemctl restart cups +systemctl enable --now cups +sudo cupsctl --share-printers --remote-any -31)HQ-SRV: +systemctl restart cups + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +35)HQ-CLI: + +apt-get update && apt-get install -y cups system-config-printer + +nano /etc/hosts + +192.168.100.2 hq-srv.au-team.irpo hq-srv + +http://192.168.100.2:631/printers/PDF + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +36)HQ-SRV: apt update && apt install -y rsyslog @@ -317,8 +461,9 @@ $template RemoteLogs, "/opt/%HOSTNAME%/rsyslog.txt" systemctl enable rsyslog && systemctl restart rsyslog +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -32)HQ-RTR: +37)HQ-RTR: apt update && apt install -y rsyslog @@ -332,8 +477,9 @@ module(load="imjournal") systemctl restart rsyslog +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -33)BR-RTR: +38)BR-RTR: apt update && apt install -y rsyslog @@ -347,8 +493,9 @@ module(load="imjournal") systemctl restart rsyslog +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -34)BR-SRV: +39)BR-SRV: apt update && apt install -y rsyslog @@ -360,18 +507,21 @@ module(load="imjournal") systemctl enable rsyslog && systemctl restart rsyslog +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -35)HQ-SRV: +40)HQ-SRV: ls /opt/ +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -36)BR-SRV: +41)BR-SRV: logger -p user.info “Test info” && logger -p user.warning “Test warning” && logger -p user.error “Test error” +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -37)HQ-SRV: +42)HQ-SRV: sudo cat /opt/br-srv/rsyslog.txt @@ -387,8 +537,9 @@ nano /etc/logrotate.d/rsyslog rotate 4 } +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -38)HQ-SRV: +43)HQ-SRV: wget https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_7.4-0.2+debian12_all.deb @@ -396,21 +547,25 @@ sudo dpkg -i zabbix-release_7.4-0.2+debian12_all.deb sudo apt update && sudo apt install -y zabbix-server-mysql zabbix-frontend-php zabbix-agent php php-mysql php-bcmath php-mbstring zabbix-sql-scripts zabbix-apache-conf mariadb-server -Далее настройка проводится напрямую на HQ-SRV +!Далее настройка проводится напрямую на HQ-SRV! zcat /usr/share/zabbix/sql-scripts/mysql/server.sql.gz | sudo mysql -u zabbix -p zabbix sudo nano /etc/zabbix/zabbix_server.conf +!"Ctrl" + "Shift" + "-" = 100, 116, 124! + sudo systemctl enable --now zabbix-server ln -s /usr/share/zabbix /var/www/html/mon sudo nano /etc/php/8.2/apache2/php.ini -systemctl restart apache2 +!"Ctrl" + "Shift" + "-" = 409, 419, 703! -!zabbix.conf не доступен для копирования через moodle.conf! +curl -o /etc/apache2/sites-avaliable/zabbix.conf https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/zabbix.conf + +systemctl restart apache2 nano /etc/apache2/sites-available/zabbix.conf @@ -425,14 +580,15 @@ nano /etc/apache2/sites-available/zabbix.conf -rm -rf /etc/apache2/sites-available/000-default.conf +sudo rm -rf /etc/apache2/sites-available/000-default.conf ln -s /etc/apache2/sites-available/zabbix.conf /etc/apache2/sites-enabled/ sudo systemctl restart apache2 +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -39)HQ-SRV: +44)HQ-SRV: !Старые IP-адреса web и docker меняются на новые! @@ -445,6 +601,12 @@ cname=mon.au-team.irpo,hq-srv.au-team.irpo systemctl restart dnsmasq +HQ-CLI --> http://mon.au-team.irpo/zabbix + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +45)BR-SRV: + wget https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_7.4-0.2+debian12_all.deb sudo dpkg -i zabbix-release_7.4-0.2+debian12_all.deb @@ -453,14 +615,47 @@ sudo apt update && apt install -y zabbix-agent nano /etc/zabbix/zabbix_agentd.conf +!"Ctrl" + "Shift" + "-" = 117 - Server=192.168.100.2! + +!"Ctrl" + "Shift" + "-" = 173 - ServerActive=192.168.100.2! + +!"Ctrl" + "Shift" + "-" = 184 - Hostname=br-srv + systemctl restart zabbix-agent.service +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -40)BR-SRV: +46)HQ-CLI: + +Monitoring --> Hosts --> Create host + +Host name=br-srv + +Templates=Linux by Zabbix agent + +Host groups=Linux servers, Zabbix servers + +Add --> Agent --> IP address=192.168.200.2, DNS name=br-srv.au-team.irpo + +Add + +Dashboards --> Edit dashboard --> +Add + +Type=Graph + +host patterns --> Select --> Host group=Zabbix servers --> br-srv --> Select + +item patterns --> Select --> Host=br-srv --> Available memory in %, Free swap space, Load average (1m avg) --> Select + +Add + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. + +47)BR-SRV: mkdir /etc/ansible/PC_INFO -curl -o /etc/ansible/inventory.yml https://raw.githubusercontent.com/shiraorie/dewmo2026-1/main/files/inventory.yml && dos2unix /etc/ansible/inventory.yml +curl -o /etc/ansible/inventory.yml https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/inventory.yml && dos2unix /etc/ansible/inventory.yml nano /etc/ansible/inventory.yml @@ -472,8 +667,9 @@ cat /etc/ansible/PC_INFO/hq-cli.yml cat /etc/ansible/PC_INFO/hq-srv.yml +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -41)BR-SRV: +48)BR-SRV: mkdir /etc/ansible/NETWORK_INFO @@ -481,13 +677,15 @@ curl -o /etc/ansible/backup.yml https://raw.githubusercontent.com/shiraorie/demo nano /etc/ansible/backup.yml +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -42)HQ-RTR и BR-RTR: +49)HQ-RTR и BR-RTR: apt update && apt install -y sudo +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. -43)BR-SRV: +50)BR-SRV: ansible-playbook /etc/ansible/backup.yml @@ -497,4 +695,6 @@ ls -la /etc/ansible/NETWORK_INFO/HQ-RTR ls -la /etc/ansible/NETWORK_INFO/BR-RTR -cat /etc/ansible/NETWORK_INFO/HQ-RTR/interfaces \ No newline at end of file +cat /etc/ansible/NETWORK_INFO/HQ-RTR/interfaces + +............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. \ No newline at end of file