admin/demo2026-1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eb367e3c4ecc6bfe278070c12cb7e55d408cd0ad
demo2026-1/files/notepad.txt
shiraorie 7e0d902de8 Update notepad.txt
2026-03-10 08:36:18 +05:00

700 lines
42 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
ÌÎÄÓËÜ 2
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
1)BR-SRV:
apt update && apt install -y samba* krb5* winbind smbclient && apt install -y ansible && apt install -y chrony && apt install -y curl && apt install -y dos2unix
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
2)HQ-CLI:
apt-get update && apt-get remove -y alterator-datetime && apt-get install -y task-auth-ad-sssd && apt-get install -y admc && apt-get install -y openssh-server && apt-get install -y chrony && apt-get install -y yandex-browser-stable
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
3)HQ-RTR:
apt update && apt install -y curl && apt install -y dos2unix
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
4)ISP, BR-RTR è HQ-SRV:
apt update && apt install -y chrony && apt install -y curl && apt install -y dos2unix
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
5)BR-SRV:
hostname && domainname au-team.irpo && rm -f /etc/samba/smb.conf && rm -rf /var/lib/samba/ && rm -rf /var/cache/samba/ && mkdir -p /var/lib/samba/sysvol
reboot
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
6)BR-SRV:
samba-tool domain provision
reboot
samba-tool domain info 127.0.0.1
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
7)HQ-CLI:
cat /etc/resolv.conf && host au-team.irpo
reboot
kinit Administrator
id && klist && admc
nano /etc/sudoers
%hq ALL=(ALL) NOPASSWD: /bin/cat, /bin/grep, /usr/bin/id
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
8)HQ-SRV:
lsblk
apt update && apt install -y mdadm
sudo mdadm --create --verbose /dev/md0 -l 0 -n 2 /dev/sdb /dev/sdc
lsblk
sudo mdadm --detail --scan --verbose | tee -a /etc/mdadm.conf
sudo mkfs.ext4 /dev/md0
mkdir -p /raid0
nano /etc/fstab
/dev/md0 /raid0 ext4 defaults 0 0
sudo mount -av && sudo df -h
apt-get update && apt-get install -y nfs-server cifs-utils
mkdir /raid0/nfs && chmod 777 /raid0/nfs
nano /etc/exports
/raid0/nfs 192.168.10.0/28(rw,no_root_squash)
sudo exportfs -arv
sudo update-initramfs -u
systemctl enable --now nfs-server
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
9)HQ-CLI:
apt-get update && apt-get install -y nfs-utils nfs-clients
mkdir /mnt/nfs && chmod 777 /mnt/nfs
nano /etc/fstab
192.168.100.2:raid0/nfs /mnt/nfs nfs defaults 0 0
sudo mount -av && sudo df -h
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
10)CHRONY:ISP:
apt update && apt install -y chrony
nano /etc/chrony/chrony.conf
server 127.0.0.1 iburst prefer
hwtimestamp *
local stratum 5
allow 0/0
systemctl enable --now chrony && systemctl restart chrony
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
11)CHRONY:BR-RTR, HQ-SRV è BR-SRV:
apt update && apt install -y chrony
nano /etc/chrony/chrony.conf
server 172.16.1.1 iburst prefer
systemctl enable --now chrony && systemctl restart chrony
chronyc sources
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
12)CHRONY:HQ-CLI:
apt-get update && apt-get install -y chrony
nano /etc/chrony.conf
server 172.16.1.1 iburst prefer
systemctl enable --now chronyd && systemctl restart chronyd
chronyc sources
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
13)CHRONY:ISP:
chronyc clients
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
14)BR-SRV:
apt update && apt install -y ansible
mkdir -p /etc/ansible
curl -o /etc/ansible/hosts https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/hosts.file && dos2unix /etc/ansible/hosts
nano /etc/ansible/hosts
ssh-keygen -t rsa -b 2048
!systemctl restart sshd íà HQ-CLI!
ssh-copy-id hq-rtr.au-team.irpo
ssh-copy-id br-rtr.au-team.irpo
ssh-copy-id hq-cli.au-team.irpo
ssh-copy-id -p 2026 sshuser@hq-srv.au-team.irpo
ansible all -m ping
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
15)BR-SRV:
apt update && apt install -y docker.io docker-compose && systemctl enable --now docker.service && mount /dev/sr0 /mnt/ && docker load < /mnt/docker/site_latest.tar && docker load < /mnt/docker/mariadb_latest.tar && docker image ls && curl -o ~/compose.yaml https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/compose.yaml
!Äàëåå íàñòðîéêà ïðîâîäèòñÿ íàïðÿìóþ íà BR-SRV!
HQ-CLI --> 192.168.200.2:8080
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
16)HQ-SRV:
apt update && apt install -y apache* && apt install -y php php8.2 php-curl php-zip php-xml libapache2-mod-php php-mysql php-mbstring php-gd php-intl php-soap && apt install -y mariadb-* && systemctl enable --now mariadb && systemctl enable --now apache2 && mount /dev/sr0 /mnt/ && cp /mnt/web/index.php /var/www/html && cp /mnt/web/logo.png /var/www/html
!Äàëåå íàñòðîéêà ïðîâîäèòñÿ íàïðÿìóþ íà HQ-SRV!
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
17)HQ-SRV:nano /var/www/html/index.php:
<?php
$servername = "localhost";
$username = "webc";
$password = "P@ssw0rd";
$dbname = "webdb";
!Äàëåå íàñòðîéêà ïðîâîäèòñÿ íàïðÿìóþ íà HQ-SRV!
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
18)HQ-SRV:
mariadb u webc p D webdb < ~/dump.sql
rm /var/www/html/index.html && systemctl enable --now apache2 && systemctl restart apache2
HQ-CLI --> 192.168.100.2
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
19)NFTABLES:HQ-RTR:
curl -o /etc/nftables.conf https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/hq-rtr/nftables.conf && dos2unix /etc/nftables.conf
nano /etc/nftables.conf
systemctl restart nftables && systemctl enable --now nftables && /etc/nftables.conf
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
20)NFTABLES:BR-RTR:
curl -o /etc/nftables.conf https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/br-rtr/nftables.conf && dos2unix /etc/nftables.conf
nano /etc/nftables.conf
systemctl restart nftables && systemctl enable --now nftables && /etc/nftables.conf
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
21)ISP:
apt update && apt-get install -y nginx && systemctl start nginx && systemctl enable nginx && curl -o /etc/nginx/sites-available/default https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/reverse-proxy.conf && curl -o /etc/nginx/sites-available/reverse-proxy.conf https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/reverse-proxy.conf && dos2unix /etc/nginx/sites-available/default && dos2unix /etc/nginx/sites-available/reverse-proxy.conf
nano /etc/nginx/sites-available/reverse-proxy.conf
ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/ && ln -s /etc/nginx/sites-available/default/etc/nginx/sites-enabled/
nginx -t && systemctl enable --now nginx
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
22)HQ-CLI:
nano /etc/hosts
172.16.1.1 web.au-team.irpo
172.16.2.1 docker.au-team.irpo
192.168.100.2 hq-srv.au-team.irpo hq-srv
http://web.au-team.irpo/
http://docker.au-team.irpo/
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
23)ISP:
apt update && apt install -y apache2
!Äàëåå íàñòðîéêà ïðîâîäèòñÿ íàïðÿìóþ íà ISP!
nano /etc/nginx/sites-available/default
nginx -t && systemctl restart nginx
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
24)BR-SRV:
cp /mnt/Users.csv /opt/ && curl -o /opt/import_users.sh https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/import_users.sh && dos2unix /opt/import_users.sh && ls /opt
nano /opt/import_users.sh
chmod +x /opt/import_users.sh
!Èìïîðò ïîëüçîâàòåëåé ëó÷øå ïðîâîäèòü íàïðÿìóþ íà BR-SRV!
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
25)HQ-SRV:
apt update && apt install -y openssl ca-certificates
mkdir -p /etc/pki/CA/{private,certs,newcerts,crl} && touch /etc/pki/CA/index.txt && echo 1000 > /etc/pki/CA/serial && chmod 700 /etc/pki/CA/private
openssl req -x509 -new -nodes -keyout /etc/pki/CA/private/ca.key -out /etc/pki/CA/certs/ca.crt -days 3650 -sha256 -subj "/CN=AU-TEAM Root CA" && openssl genrsa -out /etc/pki/CA/private/web.au-team.irpo.key 2048 && openssl req -new -key /etc/pki/CA/private/web.au-team.irpo.key -out /etc/pki/CA/web.au-team.irpo.csr -subj "/CN=web.au-team.irpo" && openssl genrsa -out /etc/pki/CA/private/docker.au-team.irpo.key 2048 && openssl req -new -key /etc/pki/CA/private/docker.au-team.irpo.key -out /etc/pki/CA/docker.au-team.irpo.csr -subj "/CN=docker.au-team.irpo"
curl -o /etc/ssl/openssl-ca.cnf https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/openssl-gost.cnf
nano /etc/ssl/openssl-ca.cnf
openssl ca -config /etc/ssl/openssl-ca.cnf -in /etc/pki/CA/web.au-team.irpo.csr -out /etc/pki/CA/certs/web.au-team.irpo.crt -extensions server_cert -days 30 -batch && openssl ca -config /etc/ssl/openssl-ca.cnf -in /etc/pki/CA/docker.au-team.irpo.csr -out /etc/pki/CA/certs/docker.au-team.irpo.crt -extensions server_cert -days 30 -batch
!Äàëåå íàñòðîéêà ïðîâîäèòñÿ íàïðÿìóþ íà HQ-SRV!
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
26)HQ-CLI:
cp /mnt/nfs/ca.crt /etc/pki/ca-trust/source/anchors/ && update-ca-trust
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
27)HQ-SRV:
nano /etc/ssh/sshd_config
systemctl restart sshd
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
28)ISP:
curl -o /etc/nginx/sites-available/default https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/reverse-proxy-ssl.conf
mkdir -p /etc/nginx/ssl
scp -P 2026 root@172.16.1.2:/etc/pki/CA/certs/web.au-team.irpo.crt /etc/nginx/ssl/ && scp -P 2026 root@172.16.1.2:/etc/pki/CA/private/web.au-team.irpo.key /etc/nginx/ssl/ && scp -P 2026 root@172.16.1.2:/etc/pki/CA/certs/docker.au-team.irpo.crt /etc/nginx/ssl/ && scp -P 2026 root@172.16.1.2:/etc/pki/CA/private/docker.au-team.irpo.key /etc/nginx/ssl/
chown root:root /etc/nginx/ssl/* && chmod 600 /etc/nginx/ssl/*.key && nginx -t && systemctl reload nginx
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
29)HQ-CLI:
https://docker.au-team.irpo/
https://web.au-team.irpo/
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
30)HQ-RTR:
!ÂÀÆÍÎ! Çàéòè íà HQ-SRV è ðàñêîìåíòèòü ñòðî÷êè ssh â ôàéëå - nano /etc/ssh/sshd_config è ïåðåçàãðóçèòü - systemctl restart sshd!
apt update && apt install -y strongswan
nano /etc/ipsec.conf
conn gre-tunnel
auto=start
left=172.16.1.2
leftsubnet=0.0.0.0/0
leftprotoport=47
right=172.16.2.2
rightsubnet=0.0.0.0/0
rightprotoport=47
authby=secret
nano /etc/ipsec.secrets
172.16.1.2 172.16.2.2 : PSK “123qweR%”
nano /etc/strongswan.d/charon.conf
!"Ctrl" + "Shift" + "-" = 133!
ipsec restart
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
31)BR-RTR:
apt update && apt install -y strongswan
nano /etc/ipsec.conf
conn gre-tunnel
auto=start
left=172.16.2.2
leftsubnet=0.0.0.0/0
leftprotoport=47
right=172.16.1.2
rightsubnet=0.0.0.0/0
rightprotoport=47
authby=secret
nano /etc/ipsec.secrets
172.16.2.2 172.16.1.2 : PSK “123qweR%”
nano /etc/strongswan.d/charon.conf
!"Ctrl" + "Shift" + "-" = 133!
ipsec restart
apt update && apt install -y tcpdump
tcpdump -i ens18 -n -p esp
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
32)HQ-RTR:
ping 192.168.200.2
ipsec status
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
33)HQ-CLI:
ping 192.168.200.2
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
34)HQ-SRV:
apt update && apt install -y cups cups-pdf
systemctl enable --now cups
sudo cupsctl --share-printers --remote-any
systemctl restart cups
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
35)HQ-CLI:
apt-get update && apt-get install -y cups system-config-printer
nano /etc/hosts
192.168.100.2 hq-srv.au-team.irpo hq-srv
http://192.168.100.2:631/printers/PDF
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
36)HQ-SRV:
apt update && apt install -y rsyslog
nano /etc/rsyslog.conf
$template RemoteLogs, "/opt/%HOSTNAME%/rsyslog.txt"
*.* ?RemoteLogs
& stop
systemctl enable rsyslog && systemctl restart rsyslog
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
37)HQ-RTR:
apt update && apt install -y rsyslog
nano /etc/rsyslog.conf
module(load="imjournal")
*.* @@hq-srv.au-team.irpo:514
*.warning @@192.168.100.2:514
systemctl restart rsyslog
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
38)BR-RTR:
apt update && apt install -y rsyslog
nano /etc/rsyslog.conf
module(load="imjournal")
*.* @@hq-srv.au-team.irpo:514
*.warning @@192.168.100.2:514
systemctl restart rsyslog
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
39)BR-SRV:
apt update && apt install -y rsyslog
nano /etc/rsyslog.conf
module(load="imjournal")
*.warning @@192.168.100.2:514
systemctl enable rsyslog && systemctl restart rsyslog
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
40)HQ-SRV:
ls /opt/
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
41)BR-SRV:
logger -p user.info “Test info” && logger -p user.warning “Test warning” && logger -p user.error “Test error”
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
42)HQ-SRV:
sudo cat /opt/br-srv/rsyslog.txt
nano /etc/logrotate.d/rsyslog
/opt/*/rsyslog.txt {
weekly
minsize 10M
compress
missingok
notifempty
create 0644 root root
rotate 4
}
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
43)HQ-SRV:
wget https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_7.4-0.2+debian12_all.deb
sudo dpkg -i zabbix-release_7.4-0.2+debian12_all.deb
sudo apt update && sudo apt install -y zabbix-server-mysql zabbix-frontend-php zabbix-agent php php-mysql php-bcmath php-mbstring zabbix-sql-scripts zabbix-apache-conf mariadb-server
!Äàëåå íàñòðîéêà ïðîâîäèòñÿ íàïðÿìóþ íà HQ-SRV!
zcat /usr/share/zabbix/sql-scripts/mysql/server.sql.gz | sudo mysql -u zabbix -p zabbix
sudo nano /etc/zabbix/zabbix_server.conf
!"Ctrl" + "Shift" + "-" = 100, 116, 124!
sudo systemctl enable --now zabbix-server
ln -s /usr/share/zabbix /var/www/html/mon
sudo nano /etc/php/8.2/apache2/php.ini
!"Ctrl" + "Shift" + "-" = 409, 419, 703!
curl -o /etc/apache2/sites-avaliable/zabbix.conf https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/zabbix.conf
systemctl restart apache2
nano /etc/apache2/sites-available/zabbix.conf
<VirtualHost *:80>
ServerName au-team.irpo
ServerAlias mon.au-team.irpo
DocumentRoot /var/www/html/zabbix/ui
Alias /zabbix /usr/share/zabbix/ui
<Directory "/usr/share/zabbix/ui">
AllowOverride All
Options -Indexes +FollowSymLinks
</Directory>
</VirtualHost>
sudo rm -rf /etc/apache2/sites-available/000-default.conf
ln -s /etc/apache2/sites-available/zabbix.conf /etc/apache2/sites-enabled/
sudo systemctl restart apache2
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
44)HQ-SRV:
!Ñòàðûå IP-àäðåñà web è docker ìåíÿþòñÿ íà íîâûå!
nano /etc/dnsmasq.conf
host-record=web.au-team.irpo,172.16.1.2
host-record=docker.au-team.irpo,172.16.2.2
cname=mon.au-team.irpo,hq-srv.au-team.irpo
systemctl restart dnsmasq
HQ-CLI --> http://mon.au-team.irpo/zabbix
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
45)BR-SRV:
wget https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_7.4-0.2+debian12_all.deb
sudo dpkg -i zabbix-release_7.4-0.2+debian12_all.deb
sudo apt update && apt install -y zabbix-agent
nano /etc/zabbix/zabbix_agentd.conf
!"Ctrl" + "Shift" + "-" = 117 - Server=192.168.100.2!
!"Ctrl" + "Shift" + "-" = 173 - ServerActive=192.168.100.2!
!"Ctrl" + "Shift" + "-" = 184 - Hostname=br-srv
systemctl restart zabbix-agent.service
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
46)HQ-CLI:
Monitoring --> Hosts --> Create host
Host name=br-srv
Templates=Linux by Zabbix agent
Host groups=Linux servers, Zabbix servers
Add --> Agent --> IP address=192.168.200.2, DNS name=br-srv.au-team.irpo
Add
Dashboards --> Edit dashboard --> +Add
Type=Graph
host patterns --> Select --> Host group=Zabbix servers --> br-srv --> Select
item patterns --> Select --> Host=br-srv --> Available memory in %, Free swap space, Load average (1m avg) --> Select
Add
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
47)BR-SRV:
mkdir /etc/ansible/PC_INFO
curl -o /etc/ansible/inventory.yml https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/inventory.yml && dos2unix /etc/ansible/inventory.yml
nano /etc/ansible/inventory.yml
ansible-playbook /etc/ansible/inventory.yml
ls -la /etc/ansible/PC_INFO
cat /etc/ansible/PC_INFO/hq-cli.yml
cat /etc/ansible/PC_INFO/hq-srv.yml
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
48)BR-SRV:
mkdir /etc/ansible/NETWORK_INFO
curl -o /etc/ansible/backup.yml https://raw.githubusercontent.com/shiraorie/demo2026-1/main/files/backup.yml && dos2unix /etc/ansible/backup.yml
nano /etc/ansible/backup.yml
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
49)HQ-RTR è BR-RTR:
apt update && apt install -y sudo
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
50)BR-SRV:
ansible-playbook /etc/ansible/backup.yml
ls -la /etc/ansible/NETWORK_INFO
ls -la /etc/ansible/NETWORK_INFO/HQ-RTR
ls -la /etc/ansible/NETWORK_INFO/BR-RTR
cat /etc/ansible/NETWORK_INFO/HQ-RTR/interfaces
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Reference in New Issue View Git Blame Copy Permalink