{"id":215,"date":"2022-11-23T19:52:46","date_gmt":"2022-11-23T19:52:46","guid":{"rendered":"http:\/\/prof-tim.cstj.qc.ca\/cours\/assemblage\/wp\/?page_id=215"},"modified":"2024-03-18T15:37:53","modified_gmt":"2024-03-18T15:37:53","slug":"epreuve-synthese","status":"publish","type":"page","link":"https:\/\/ve2cuy.com\/420-21e\/index.php\/evaluations\/epreuve-synthese\/","title":{"rendered":"\u00c9preuve synth\u00e8se &#8211; A2-2022"},"content":{"rendered":"\n<h1 class=\"has-text-align-center has-text-color wp-block-heading\" id=\"deployer-un-serveur-multi-services-en-nuage\" style=\"color:#0d4d70\">D\u00e9ployer un serveur multi-services<\/h1>\n\n\n\n<h2 class=\"has-text-align-center has-text-color wp-block-heading\" id=\"deployer-un-serveur-multi-services-en-nuage\" style=\"color:#0d4d70\">V1.0-2022.11.23<\/h2>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/11\/250-2505860_web-designer-team-animation-hd-png-download.png\" alt=\"\" class=\"wp-image-2415\" width=\"645\" height=\"374\" srcset=\"https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/11\/250-2505860_web-designer-team-animation-hd-png-download.png 860w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/11\/250-2505860_web-designer-team-animation-hd-png-download-300x174.png 300w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/11\/250-2505860_web-designer-team-animation-hd-png-download-768x446.png 768w\" sizes=\"auto, (max-width: 645px) 100vw, 645px\" \/><\/figure>\n<\/div>\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h5 class=\"has-text-align-center has-cyan-bluish-gray-color has-text-color wp-block-heading\" id=\"attention-a-vos-mots-de-passe-votre-serveur-est-sur-le-reseau-internet-ne-pas-utiliser-password-comme-mot-de-passe-pour-aucun-service\">ATTENTION \u00c0 VOS MOTS DE PASSE, VOTRE SERVEUR EST SUR LE R\u00c9SEAU INTERNET.<br>NE PAS UTILISER &lsquo;<span class=\"has-inline-color has-vivid-purple-color\">PASSWORD<\/span>&lsquo; COMME MOT DE PASSE, POUR AUCUN SERVICE <\/h5>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"has-text-color wp-block-heading\" id=\"ponderation\" style=\"color:#0d4d70\">Pond\u00e9ration<\/h2>\n\n\n\n<p>Projet: <strong>50%<\/strong><br>Journal de bord: <strong>10%<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"has-text-color wp-block-heading\" id=\"remise\" style=\"color:#0d4d70\">Remise<\/h2>\n\n\n\n<p class=\"has-black-color has-text-color\"><strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">Vendredi, le 16 d\u00e9cembre 2022, 16h00<\/span><\/strong> <\/p>\n\n\n\n<p class=\"has-black-color has-text-color\"><strong>Voir au bas du document pour les directives de remise<\/strong>.<\/p>\n\n\n\n<p class=\"has-black-color has-text-color\"><strong>NOTE<\/strong>: Il faut m&rsquo;envoyer (via Teams) les URL des deux sites avant le 30 novembre.  <br>Par exemple, <strong><em>http:\/\/es.matricule.x.y<\/em><\/strong>, <strong><em>https:\/\/jb.matricule.x.y<\/em><\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"has-text-color wp-block-heading\" id=\"enonce\" style=\"color:#0d4d70\">1 &#8211; \u00c9nonc\u00e9<\/h2>\n\n\n\n<p class=\"has-black-color has-text-color\"><span style=\"color: #ff9900;\"><strong><span class=\"has-inline-color has-black-color\">Il faut d\u00e9ployer les fonctions et syst\u00e8mes suivants:<\/span><\/strong><\/span><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Un serveur Linux en nuage (<a href=\"https:\/\/console.cloud.google.com\">cloud.google.com<\/a>) avec un minimum de <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">4 Go<\/span><\/strong> de RAM,<\/li>\n\n\n\n<li>Une pile <strong><em>AMP<\/em><\/strong>,<\/li>\n\n\n\n<li><a href=\"https:\/\/wordpress.org\/download\/\">WordPress<\/a> (latest),\n<ul class=\"wp-block-list\">\n<li>2 sites virtuels \n<ul class=\"wp-block-list\">\n<li><span style=\"color:#cf2e2e\" class=\"tadv-color\">Attention, les deux wordpress doivent-\u00eatre d\u00e9finis en site virtuel<\/span>, <\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>un th\u00e8me par site, <\/li>\n\n\n\n<li>deux extensions <strong><em>WordPress<\/em><\/strong>, au choix,<\/li>\n\n\n\n<li>un certificat <strong><em>SSL<\/em><\/strong> pour le site du<strong> <em>journal de bord<\/em><\/strong>, <\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Un domaine <strong><a href=\"https:\/\/www.noip.com\" data-type=\"URL\" data-id=\"https:\/\/www.noip.com\">noip<\/a><\/strong> et\/ou <a href=\"https:\/\/www.dynu.com\/\"><strong>dynu.com<\/strong><\/a> par site:  <em><strong><span style=\"color:#9b51e0\" class=\"tadv-color\">es-matricule.x.y <\/span><\/strong><\/em>et <em><strong><span style=\"color:#9b51e0\" class=\"tadv-color\">jb-matricule.x.y<\/span><\/strong><\/em> ,<\/li>\n\n\n\n<li><a href=\"https:\/\/www.zabbix.com\/download?zabbix=5.4&amp;os_distribution=ubuntu&amp;os_version=20.04_focal&amp;db=mysql&amp;ws=apache\">Zabbix<\/a> (un bon d\u00e9fi d&rsquo;installation, <strong>vaut 6 points<\/strong>) &#8211; <span style=\"color:#cf2e2e\" class=\"tadv-color\">documenter les probl\u00e8mes rencontr\u00e9s<\/span>,<\/li>\n\n\n\n<li><a href=\"https:\/\/nodered.org\">NodeRed<\/a> (<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">Astuce <\/mark>pour installation facile: <strong>snap install node-red<\/strong>). Ouvrir le port <strong>1880<\/strong> sur le pare feu,<\/li>\n\n\n\n<li><a href=\"https:\/\/docs.mattermost.com\/install\/installing-ubuntu-2004-LTS.html\">Mattermost<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/docs.nextcloud.com\/server\/latest\/admin_manual\/installation\/example_ubuntu.html\">NextCloud<\/a>,\n<ul class=\"wp-block-list\">\n<li><strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">Attention<\/span><\/strong>, pour NextCloud, ne pas installer dans le r\u00e9pertoire du site principale &lsquo;.&rsquo; mais bien dans un sous r\u00e9pertoire.  Comme par exemple, &lsquo;nextcloud&rsquo;,  <\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Un service de serveur <a href=\"http:\/\/ve2cuy.com\/420-21e\/index.php\/installation-dun-serveur-ftp-sous-linux\/\" data-type=\"page\" data-id=\"1460\">FTP<\/a>, en mode &lsquo;anonyme&rsquo; avec acc\u00e8s \u00e0 un fichier de citations du jour,<\/li>\n\n\n\n<li>Une paire de Cl\u00e9s RSA pour la connexion <strong><em>ssh<\/em><\/strong>,<\/li>\n\n\n\n<li><a href=\"https:\/\/jb-42021e.hopto.org\">Un journal de bord<\/a> (utilisant WordPress), sur le site <em><strong>jb-matricule.x.y<\/strong><\/em> (<strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">Attention<\/span><\/strong>: Contenu prot\u00e9g\u00e9 par un mot de passe)<\/li>\n\n\n\n<li>Pour <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">5 points bonis<\/mark><\/strong>, installer <a href=\"https:\/\/packages.cisofy.com\/community\/\">Lynis<\/a> et impl\u00e9menter 5 recommandations (\u00e0 documenter dans le journal).<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<p class=\"has-cyan-bluish-gray-color has-text-color\"><strong>Un exemple du projet  <a href=\"http:\/\/projet-42021e.hopto.org\/\">est disponible ici:<\/a><\/strong>  <br>Note: certains modules ne sont pas install\u00e9s dans cet exemple<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"http:\/\/projet-42021e.hopto.org\/\"><img loading=\"lazy\" decoding=\"async\" width=\"1022\" height=\"429\" src=\"http:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/02\/Capture-decran-le-2022-02-01-a-16.41.02.png\" alt=\"\" class=\"wp-image-2094\" srcset=\"https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/02\/Capture-decran-le-2022-02-01-a-16.41.02.png 1022w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/02\/Capture-decran-le-2022-02-01-a-16.41.02-300x126.png 300w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/02\/Capture-decran-le-2022-02-01-a-16.41.02-768x322.png 768w\" sizes=\"auto, (max-width: 1022px) 100vw, 1022px\" \/><\/a><\/figure>\n\n\n\n<p>NOTE: pour tester zabbix: Admin:zabbix<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"has-text-color wp-block-heading\" style=\"color:#0d4d70\">1.1 &#8211; Directives suppl\u00e9mentaires<\/h2>\n\n\n\n<p>Dans un nouveau projet <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">cloud.google<\/mark><\/strong> nomm\u00e9 <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">projet42021e<\/mark><\/strong>, il faut cr\u00e9er une VM <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">Ubuntu 20.04<\/mark><\/strong>; 15GO disque, au moins <strong><span style=\"color:#9b51e0\" class=\"tadv-color\">4 Go de RAM (Zabbix est tr\u00e8s gourmand en ressources)<\/span><\/strong>, nomm\u00e9 <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">vm-votreMatricule-42021e<\/mark><\/strong> et mettre en place un site web <strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">WordPress<\/mark><\/strong> proposant un menu offrant les options suivantes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u00c0 propos<\/strong> -&gt; pour vous pr\u00e9senter<\/li>\n\n\n\n<li><strong>Dashboard<\/strong> -&gt; pour lancer Zabbix<\/li>\n\n\n\n<li><strong>Fichiers<\/strong> -&gt; pour afficher une page expliquant comment se connecter au serveur ftp<\/li>\n\n\n\n<li><strong>NodeRed<\/strong> -&gt; pour lancer NodeRed<\/li>\n\n\n\n<li><strong>Journal<\/strong> -&gt; pour afficher votre journal de bord -&gt; Lien vers <em><strong>https:\/\/jb-matricule.x.y<\/strong><\/em><\/li>\n\n\n\n<li><a href=\"https:\/\/docs.mattermost.com\/install\/installing-ubuntu-2004-LTS.html\"><strong>Mattermost<\/strong><\/a> -&gt; pour lancer Mattermost<\/li>\n\n\n\n<li><a href=\"https:\/\/docs.nextcloud.com\/server\/latest\/admin_manual\/installation\/example_ubuntu.html\"><strong>NextCloud<\/strong><\/a> -&gt; pour lancer NextCloud<\/li>\n\n\n\n<li><strong>Lynis<\/strong> (facultatif) -&gt; pour afficher une page pr\u00e9sentant les correctifs apport\u00e9s au syst\u00e8me<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Il faut g\u00e9n\u00e9rer une paire de cl\u00e9s RSA pour le projet de session.\n<ul class=\"wp-block-list\">\n<li>Associer la cl\u00e9 publique \u00e0 la VM.<\/li>\n\n\n\n<li>Tester la cl\u00e9 \u00e0 partir d&rsquo;une session &lsquo;ssh&rsquo;.<\/li>\n\n\n\n<li>Note: Il faudra m&rsquo;envoyer la cl\u00e9 priv\u00e9e pour la correction du projet.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Le site WordPress doit proposer un th\u00e8me autre que le th\u00e8me install\u00e9 par d\u00e9faut.  \n<ul class=\"wp-block-list\">\n<li>Choisissez un th\u00e8me qui vous repr\u00e9sente.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Il faut installer au moins deux extensions (\u00e0 votre choix) &lsquo;wordpress&rsquo;. <\/li>\n\n\n\n<li>Il faut associer l&rsquo;adresse IP externe de votre VM du projet \u00e0 un nom de domaine.  \n<ul class=\"wp-block-list\">\n<li>Vous pouvez utiliser <a href=\"http:\/\/noip.com\"><span class=\"has-inline-color has-vivid-cyan-blue-color\">noip.com<\/span><\/a> ou <a href=\"https:\/\/www.dynu.com\/\">dynu.com<\/a>&nbsp;pour les noms de domaine.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h3 class=\"has-text-color wp-block-heading\" id=\"les-applications-a-installer-autre-que-wordpress-sur-votre-serveur-linux\" style=\"color:#0d4d70\">1.2 &#8211; Les applications \u00e0 installer, autre que WordPress<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Zabbix<\/li>\n\n\n\n<li>nodeRed (<span style=\"color:#9b51e0\" class=\"tadv-color\">2 points extras si nodeRed est prot\u00e9g\u00e9e par une fen\u00eatre de login<\/span>)<\/li>\n\n\n\n<li>vsftpd (voir mon document <a href=\"http:\/\/ve2cuy.com\/420-3c3\/?page_id=1460\">ici<\/a>)<\/li>\n\n\n\n<li><a href=\"https:\/\/docs.mattermost.com\/install\/installing-ubuntu-2004-LTS.html\">Mattermost<\/a> <\/li>\n\n\n\n<li><a href=\"https:\/\/docs.nextcloud.com\/server\/latest\/admin_manual\/installation\/example_ubuntu.html\">NextCloud<\/a><\/li>\n\n\n\n<li>Lynis (facultatif) <\/li>\n<\/ul>\n\n\n\n<p class=\"has-black-color has-text-color\">C&rsquo;est \u00e0 vous de faire les recherches n\u00e9cessaires pour les \u00e9tapes d&rsquo;installation de <strong>Zabbix<\/strong>, <strong>Mattermost<\/strong>, <strong>NextCloud<\/strong> et <strong>NodeRed<\/strong> sur le serveur de votre projet.  <\/p>\n\n\n\n<p class=\"has-vivid-red-color has-text-color\">Il faut documenter votre d\u00e9marche dans le journal de bord.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"has-text-color wp-block-heading\" style=\"color:#0d4d70\">2 \u2013 Le journal de bord (10%)<\/h2>\n\n\n\n<p>Le lien \u2018<strong>Journal<\/strong>\u2018 du site principal doit pointer sur une deuxi\u00e8me installation de WordPress, dans un site de type \u2018hote virtuel\u2019 et s\u00e9curis\u00e9 par un certificat (certbot).<\/p>\n\n\n\n<p>Le contenu du journal bord doit-\u00eatre prot\u00e9g\u00e9 par un mot de passe (<strong><em>\u00e0 fournir \u00e0 l\u2019enseignant lors de la remise<\/em><\/strong>).<\/p>\n\n\n\n<p>Il faut tenir dans ce journal de bord toutes les \u00e9tapes de r\u00e9alisation de l\u2019\u00e9preuve synth\u00e8se<strong>: commandes, recherches, difficult\u00e9s, solutions, \u2026<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"has-text-align-left has-text-color wp-block-heading\" id=\"lynis\" style=\"color:#0d4d70\">3 &#8211; Lynis &#8211; \u00c9tape optionnelle pour 5 points<\/h2>\n\n\n\n<p>Lynis est un outil &lsquo;open source&rsquo; d&rsquo;analyse des failles de s\u00e9curit\u00e9 d&rsquo;un serveur Linux.  Le d\u00e9p\u00f4t public git est disponible <a href=\"https:\/\/github.com\/CISOfy\/lynis\">ici<\/a>.<\/p>\n\n\n\n<p>Il est possible d&rsquo;installer cet outil de deux fa\u00e7ons :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>en installant un paquet: yum, <a href=\"https:\/\/packages.cisofy.com\/community\/\">apt<\/a>, &#8230;<\/li>\n\n\n\n<li>en clonant le projet: git clone &#8230;<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h3 class=\"has-luminous-vivid-amber-color has-text-color wp-block-heading\" id=\"installer-lynis\">Instructions pour l&rsquo;installation de <a href=\"https:\/\/packages.cisofy.com\/community\/\">Lynis<\/a><\/h3>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h3 class=\"has-text-color wp-block-heading\" id=\"analyser-les-failles-du-systeme\" style=\"color:#0d4d70\">3.1 &#8211; Analyser les failles du syst\u00e8me<\/h3>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">$ sudo lynis audit system<\/pre>\n\n\n\n<h3 class=\"has-text-color wp-block-heading\" id=\"extrait-d-une-analyse\" style=\"color:#0d4d70\">3.2 &#8211; Extrait d&rsquo;une analyse <\/h3>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[+] Initializing program\n------------------------------------\n  - Detecting OS...                                           [ DONE ]\n  - Checking profiles...                                      [ DONE ]\n  ---------------------------------------------------\n  Program version:           3.0.6\n  Operating system:          Linux\n  Operating system name:     Ubuntu\n  Operating system version:  20.04\n  Kernel version:            5.11.0\n  Hardware platform:         x86_64\n  Hostname:                  projet-session-420-21e-1\n  ---------------------------------------------------\n  Profiles:                  \/etc\/lynis\/default.prf\n  Log file:                  \/var\/log\/lynis.log\n  Report file:               \/var\/log\/lynis-report.dat\n  Report version:            1.0\n  Plugin directory:          \/usr\/share\/lynis\/plugins\n  ---------------------------------------------------\n  Auditor:                   [Not Specified]\n  Language:                  en\n  Test category:             all\n  Test group:                all\n  ---------------------------------------------------\n  - Program update status...                                  [ SKIPPED ]\n[+] System tools\n------------------------------------\n  - Scanning available tools...\n  - Checking system binaries...\n[+] Plugins (phase 1)\n------------------------------------\n Note: plugins have more extensive tests and may take several minutes to complete\n  - Plugins enabled                                           [ NONE ]\n[+] Boot and services\n------------------------------------\n  - Service Manager                                           [ systemd ]\n  - Checking UEFI boot                                        [ ENABLED ]\n  - Checking Secure Boot                                      [ DISABLED ]\n  - Checking presence GRUB2                                   [ FOUND ]\n    - Checking for password protection                        [ NONE ]\n  - Check running services (systemctl)                        [ DONE ]\n        Result: found 25 running services\n  - Check enabled services at boot (systemctl)                [ DONE ]\n        Result: found 54 enabled services\n  - Check startup files (permissions)                         [ OK ]\n  - Running 'systemd-analyze security'\n        - apache2.service:                                    [ UNSAFE ]\n        - apport.service:                                     [ UNSAFE ]\n        - atd.service:                                        [ UNSAFE ]\n        - chrony.service:                                     [ EXPOSED ]<\/pre>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h3 class=\"has-text-color wp-block-heading\" id=\"implementer-5-recommandations-pour-augmenter-le-hardening-index\" style=\"color:#0d4d70\">3.3 &#8211; Impl\u00e9menter 5 recommandations pour augmenter le &lsquo;Hardening index&rsquo;<\/h3>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Lynis security scan details:\n  Hardening index : 70 [##############      ]\n  Tests performed : 255\n  Plugins enabled : 0\n<\/pre>\n\n\n\n<h3 class=\"has-text-color wp-block-heading\" id=\"extrait-de-la-liste-des-recommandations\" style=\"color:#0d4d70\">3.4 &#8211; Extrait de la liste des recommandations<\/h3>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">* Consider hardening system services [BOOT-5264]\n    - Details  : Run '\/usr\/bin\/systemd-analyze security SERVICE' for each service\n      https:\/\/cisofy.com\/lynis\/controls\/BOOT-5264\/\n* Default umask in \/etc\/login.defs could be more strict like 027 [AUTH-9328]\n      https:\/\/cisofy.com\/lynis\/controls\/AUTH-9328\/\n* Purge old\/removed packages (1 found) with aptitude purge or dpkg --purge command. This will cleanup old configuration files, cron jobs and startup scripts. [PKGS-7346]\n      https:\/\/cisofy.com\/lynis\/controls\/PKGS-7346\/\n* Install Apache mod_evasive to guard webserver against DoS\/brute force attempts [HTTP-6640]\n      https:\/\/cisofy.com\/lynis\/controls\/HTTP-6640\/\n  * Install Apache modsecurity to guard webserver against web application attacks [HTTP-6643]\n      https:\/\/cisofy.com\/lynis\/controls\/HTTP-6643\/\n  * Consider hardening SSH configuration [SSH-7408]\n    - Details  : AllowTcpForwarding (set YES to NO)\n      https:\/\/cisofy.com\/lynis\/controls\/SSH-7408\/\n<\/pre>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h3 class=\"has-vivid-red-color has-text-color wp-block-heading\" id=\"si-vous-decidez-de-relever-ce-defi-sur-votre-serveur-de-l-epreuve-synthese-il-faut-alors\">Si vous d\u00e9cidez de relever ce d\u00e9fi sur votre serveur de l&rsquo;\u00e9preuve synth\u00e8se il faut alors:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ajouter l&rsquo;item &lsquo;<strong>Lynis<\/strong>&lsquo; au menu du site.<\/li>\n\n\n\n<li>Afficher la valeur du &lsquo;<strong>Hardening index<\/strong>&lsquo; avant l&rsquo;impl\u00e9mentation des 5 recommandations.<\/li>\n\n\n\n<li>Impl\u00e9menter 5 recommandations propos\u00e9es par Lynis.<\/li>\n\n\n\n<li>Lister les 5 recommandations que vous avez impl\u00e9ment\u00e9es.<\/li>\n\n\n\n<li>Afficher la valeur du &lsquo;<strong>Hardening index<\/strong>&lsquo; apr\u00e8s l&rsquo;impl\u00e9mentation des 5 recommandations.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"has-text-color wp-block-heading\" id=\"regles-du-pare-feu\" style=\"color:#0d4d70\">4 &#8211; R\u00e8gles du pare feu<\/h2>\n\n\n\n<p>Par d\u00e9faut, l&rsquo;acc\u00e8s \u00e0 des ports autres que 22, 80 et 443 est bloqu\u00e9.<\/p>\n\n\n\n<p>Cette contrainte bloquera l&rsquo;acc\u00e8s, par exemple, au port de Node-RED:1880.<\/p>\n\n\n\n<p>Il est possible d&rsquo;ajouter des r\u00e8gles suppl\u00e9mentaires au niveau du projet:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"704\" src=\"http:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/12\/firewall-1024x704.png\" alt=\"\" class=\"wp-image-1910\" srcset=\"https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/12\/firewall-1024x704.png 1024w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/12\/firewall-300x206.png 300w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/12\/firewall-768x528.png 768w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2021\/12\/firewall.png 1228w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"has-text-color wp-block-heading\" id=\"directives-de-remise\" style=\"color:#0d4d70\"> 5 &#8211; <strong>Directives de<\/strong> remise <\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Renseigner un fichier texte (<em><strong>matricule.txt<\/strong><\/em>) avec les informations suivantes:\n<ul class=\"wp-block-list\">\n<li>L&rsquo;URL de votre projet et du journal.  Par exemple, <strong><em>http:\/\/es.matricule.x.y<\/em><\/strong><\/li>\n\n\n\n<li>Les acc\u00e8s (user:psw) aux services;\n<ul class=\"wp-block-list\">\n<li>mysql (root)<\/li>\n\n\n\n<li>compte d&rsquo;administration de wordpress (projet et journal)<\/li>\n\n\n\n<li>Zabbix<\/li>\n\n\n\n<li>NodeRED<\/li>\n\n\n\n<li>ftp<\/li>\n\n\n\n<li>NextCloud<\/li>\n\n\n\n<li>MatterMost<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>la commande <em><strong>ssh<\/strong><\/em> d&rsquo;acc\u00e8s au serveur. Par exemple;\n<ul class=\"wp-block-list\">\n<li><em><strong>ssh votreCompteGoogle@nomDomaineDuProjet(ou adresse IP)<\/strong><\/em><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Le <span style=\"text-decoration: underline\" class=\"underline\">mot de passe pour la page de contenu du journal <\/span>de bord (<strong>attention<\/strong> &#8211; pas un mot de passe facile \u00e0 deviner!)<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Le fichier de la <strong><em>cl\u00e9 priv\u00e9e<\/em><\/strong> (avec votre login &lsquo;<strong><em>google<\/em><\/strong>&lsquo; pour que je puisse faire: <strong><em>ssh -i votreCl\u00e9 votreLogin@votreNomDeDomaine<\/em><\/strong>).  <strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">ATTENTION<\/span><\/strong>: Ne pas envoyer le contenu du fichier (copier\/coller), mais bien le fichier, sinon la cl\u00e9 sera inutilisable.<\/li>\n<\/ol>\n\n\n\n<p>Envoyer le fichier <em>&lsquo;<strong>matricule.txt<\/strong>&lsquo;<\/em> ainsi que votre cl\u00e9 priv\u00e9e (dans un fichier <strong><em>matricule.zip<\/em><\/strong>) \u00e0 <strong><span class=\"has-inline-color has-vivid-purple-color\">aboudrea@cstj.qc.ca<\/span><\/strong> avec comme ent\u00eate: <strong><em><span style=\"color:#9b51e0\" class=\"tadv-color\">Remise du projet 21E-VotreMatricule<\/span><\/em><\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"has-text-color wp-block-heading\" style=\"color:#0d4d70\">6 &#8211; Voici les liens vers vos projets:<\/h2>\n\n\n\n<p class=\"has-black-color has-text-color\"><strong>NOTE<\/strong>: Il faut m&rsquo;envoyer (via Teams) les deux URL de votre projet avant le <strong>30 novembre<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table><tbody><tr><td>Matricule<\/td><td>Nom<\/td><td>Projet<\/td><\/tr><tr><td>1234567<\/td><td>Alain Boudreault<\/td><td><a href=\"http:\/\/projet-42021e.hopto.org\">http:\/\/projet-42021e.hopto.org<\/a><br><a href=\"https:\/\/jb-42021e.hopto.org\">https:\/\/jb-42021e.hopto.org<\/a><\/td><\/tr><tr><td>1135623<\/td><td>Olivier Moreau<\/td><td><a href=\"http:\/\/es-1135623.ddns.net\">http:\/\/es-1135623.ddns.net<\/a><br><a href=\"https:\/\/jb-1135623.ddnsfree.com\">https:\/\/jb-1135623.ddnsfree.com<\/a><br>pouchie47798<\/td><\/tr><tr><td>1369092<\/td><td>Gabriel Rh\u00e9aume<\/td><td><a rel=\"noreferrer noopener\" href=\"http:\/\/es-1369092.ddns.net\/\" target=\"_blank\">http:\/\/es-1369092.ddns.net\/<\/a><br><a rel=\"noreferrer noopener\" href=\"http:\/\/es-1369092.ddns.net\/\" target=\"_blank\"><\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/jb-1369092.kozow.com\/\" target=\"_blank\"><\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/jb-1369092.kozow.com\/\" target=\"_blank\">https:\/\/jb-1369092.kozow.com\/<\/a><br>passwordSUPERcompliqu\u00e9<\/td><\/tr><tr><td>9246343<\/td><td>Patrick Gingras<\/td><td><a rel=\"noreferrer noopener\" href=\"http:\/\/es9246343.freeddns.org\/\" target=\"_blank\">http:\/\/es9246343.freeddns.org<\/a><br><a rel=\"noreferrer noopener\" href=\"https:\/\/jb9246343.freeddns.org\/\" target=\"_blank\">https:\/\/jb9246343.freeddns.org<\/a><br>9m**CotA3ypWMuYcF1MRd5S9o2e<br>Bp2mrrvlhk1U40^@ee9^0F&amp;<\/td><\/tr><tr><td>1573062<\/td><td>J\u00e9r\u00e9mie Maill\u00e9<\/td><td><a href=\"http:\/\/es1573062.freeddns.org\">http:\/\/es1573062.freeddns.org<\/a><br><a href=\"https:\/\/jb1573062.freeddns.org\">https:\/\/jb1573062.freeddns.org<\/a><br>Pierre27!!<\/td><\/tr><tr><td>1624506<\/td><td>Hugo Claessens<\/td><td><a href=\"http:\/\/es-1624506.freeddns.org\">http:\/\/es-1624506.freeddns.org<\/a><br><a href=\"https:\/\/jb-1624506.freeddns.org\">https:\/\/jb-1624506.freeddns.org<\/a><br>Meilleur15243<\/td><\/tr><tr><td>1308617<\/td><td>Danick M\u00e9thot<\/td><td><a href=\"http:\/\/es-1308617.freeddns.org\">http:\/\/es-1308617.freeddns.org<\/a><br><a href=\"https:\/\/jb-1308617.freeddns.org\">https:\/\/jb-1308617.freeddns.org<\/a><br>(attention \u2013 pas un mot de passe facile \u00e0 deviner!)<\/td><\/tr><tr><td>1765891<\/td><td>Davio Robitaille<\/td><td><a rel=\"noreferrer noopener\" href=\"http:\/\/es-1765891.ddnsfree.com\/\" target=\"_blank\">http:\/\/es-1765891.ddnsfree.com<\/a><br><a rel=\"noreferrer noopener\" href=\"http:\/\/jb-1765891.ddnsfree.com\/\" target=\"_blank\">http:\/\/jb-1765891.ddnsfree.com<\/a><br>je1reve2de3soleil4<\/td><\/tr><tr><td>6173424<\/td><td>Miriame Laure Dibago Ndjapa<\/td><td><a rel=\"noreferrer noopener\" href=\"http:\/\/es-6173424.ddns.net\/\" target=\"_blank\">http:\/\/es-6173424.ddns.net<\/a><br><a rel=\"noreferrer noopener\" href=\"https:\/\/jb-6173424.ddnsfree.com\/\" target=\"_blank\">https:\/\/jb-6173424.ddnsfree.com<\/a><br>passw0rd!23<\/td><\/tr><tr><td>8961241<\/td><td>David Duchesne<\/td><td><a rel=\"noreferrer noopener\" href=\"http:\/\/es-8961241.freeddns.org\/\" target=\"_blank\">http:\/\/es-8961241.freeddns.org\/<\/a><br><a rel=\"noreferrer noopener\" href=\"http:\/\/jb-8961241.freeddns.org\/\" target=\"_blank\">http:\/\/jb-8961241.freeddns.org\/<\/a><br>alainprof ??  \ud83d\ude09<\/td><\/tr><tr><td>0471351<\/td><td>Samuel Tremblay<\/td><td><a rel=\"noreferrer noopener\" href=\"http:\/\/es-0471351.ddns.net\/\" target=\"_blank\">http:\/\/es-0471351.ddns.net\/<\/a><br><a rel=\"noreferrer noopener\" href=\"https:\/\/jb-0471351.freeddns.org\/\" target=\"_blank\">https:\/\/jb-0471351.freeddns.org<\/a><br>0471351<\/td><\/tr><tr><td>1546960<\/td><td>Nicolas Paquette<\/td><td><a href=\"http:\/\/es-1546960.freeddns.org\">http:\/\/es-1546960.freeddns.org<\/a><br><a href=\"https:\/\/jb-1546960.freeddns.org\">https:\/\/jb-1546960.freeddns.org<\/a><br>nicopacman2104<\/td><\/tr><tr><td>9555901<\/td><td>Benoit Chevalier<\/td><td><a rel=\"noreferrer noopener\" href=\"https:\/\/es-9555901.ddns.net\/\" target=\"_blank\">https:\/\/es-9555901.ddns.net<\/a><br><a rel=\"noreferrer noopener\" href=\"https:\/\/jb-9555901.freeddns.org\/\" target=\"_blank\">https:\/\/jb-9555901.freeddns.org<\/a><br>benoit-synthese-9555901<\/td><\/tr><tr><td>1072742<\/td><td>Pier-Alexandre Auger-Matteau<\/td><td><a rel=\"noreferrer noopener\" href=\"http:\/\/es-1072742.ddns.net\/\" target=\"_blank\">http:\/\/es-1072742.ddns.net\/<\/a><br><a rel=\"noreferrer noopener\" href=\"https:\/\/jb-1072742.ddnsfree.com\/\" target=\"_blank\">https:\/\/jb-1072742.ddnsfree.com\/<\/a><br>SyntheseEnvWeb02 <\/td><\/tr><tr><td>0819696<\/td><td>Jacqueline Lebel<\/td><td><a rel=\"noreferrer noopener\" href=\"http:\/\/es-0819696.ddns.net\/\" target=\"_blank\">http:\/\/es-0819696.ddns.net\/<\/a><br><a rel=\"noreferrer noopener\" href=\"https:\/\/jb-0819696.freeddns.org\/\" target=\"_blank\">https:\/\/jb-0819696.freeddns.org\/<\/a><br>lebel42021e<\/td><\/tr><tr><td>0877044<\/td><td>William Arcand-Flibotte<\/td><td><a href=\"http:\/\/es-0877044.ddnsfree.com\/\">http:\/\/es-0877044.ddnsfree.com\/<\/a><br><a href=\"https:\/\/jb-0877044.ddnsfree.com\/\">https:\/\/jb-0877044.ddnsfree.com\/<\/a><br>SecretDefense007!<\/td><\/tr><tr><td>1573670<\/td><td>Alexandre Boudreault<\/td><td><a href=\"http:\/\/es-1573670.ddns.net\/\">http:\/\/es-1573670.ddns.net\/<\/a><br><a href=\"https:\/\/jb-1573670.ddnsfree.com\/\">https:\/\/jb-1573670.ddnsfree.com\/<\/a><br>pasunmotdepassefacileadeviner1573670<\/td><\/tr><tr><td><\/td><td>Vanessa Sara Aubin C\u00f4t\u00e9<\/td><td><a href=\"https:\/\/jb9816526.mywire.org\/\">https:\/\/jb9816526.mywire.org\/<\/a><br><a href=\"http:\/\/es9816526.hopto.org\/\">http:\/\/es9816526.hopto.org\/<\/a><br>patatedynamique42<\/td><\/tr><tr><td><\/td><td>Jean-Victor Brindamour<\/td><td><a href=\"http:\/\/es-1725951.freeddns.org\">http:\/\/es-1725951.freeddns.org<\/a><br><a href=\"https:\/\/jb-1725951.ddnsfree.com\">https:\/\/jb-1725951.ddnsfree.com<\/a><br>journaldebord!1234$<\/td><\/tr><tr><td><\/td><td>Alessia Esposito<\/td><td><a rel=\"noreferrer noopener\" href=\"http:\/\/es-1760981.freeddns.org\/\" target=\"_blank\">http:\/\/es-1760981.freeddns.org\/<\/a><br><a rel=\"noreferrer noopener\" href=\"https:\/\/jb-1760981.freeddns.org\/\" target=\"_blank\">https:\/\/jb-1760981.freeddns.org\/<\/a><br>aespo123<\/td><\/tr><tr><td><\/td><td>Olivier Leblanc<\/td><td><a href=\"http:\/\/www.es-6181380.ddnsfree.com\">http:\/\/www.es-6181380.ddnsfree.com<\/a><br><a href=\"https:\/\/www.jb-6181380.ddnsfree.com\">https:\/\/www.jb-6181380.ddnsfree.com<\/a><br>Ee0142570<\/td><\/tr><tr><td><\/td><td>Patricia Massie<\/td><td><a href=\"http:\/\/es-1139073.ddns.net\">http:\/\/es-1139073.ddns.net<\/a><br><a href=\"https:\/\/jb-1139073.freeddns.org\">https:\/\/jb-1139073.freeddns.org<\/a><br>pat1139073massie<\/td><\/tr><tr><td><\/td><td>Mohamed Sbaiti<\/td><td><a href=\"http:\/\/es2226332.ddnsgeek.com\">http:\/\/es2226332.ddnsgeek.com<\/a><br><a href=\"https:\/\/jb2226332.ddnsgeek.com\">https:\/\/jb2226332.ddnsgeek.com<\/a><br>bd42021e%2226332<\/td><\/tr><tr><td><\/td><td>Wylliam S\u00e9n\u00e9chal<\/td><td><a rel=\"noreferrer noopener\" href=\"http:\/\/es1980193.ddnsfree.com\/\" target=\"_blank\">http:\/\/es1980193.ddnsfree.com\/<\/a><br><a rel=\"noreferrer noopener\" href=\"http:\/\/jb1980193.ddnsfree.com\/\" target=\"_blank\">https:\/\/jb1980193.ddnsfree.com\/<\/a><br>12qazwsxedc1277<\/td><\/tr><tr><td><\/td><td>Martin Ulrich<\/td><td><a href=\"http:\/\/es-1526461.freeddns.org\">http:\/\/es-1526461.freeddns.org<\/a><br><a href=\"https:\/\/jb-1526461.freeddns.org\">https:\/\/jb-1526461.freeddns.org<\/a><br>jortex (vortex)<\/td><\/tr><tr><td><\/td><td>Carolann Th\u00e9or\u00eat<\/td><td><a href=\"http:\/\/es-1348512.ddns.net\n\">http:\/\/es-1348512.ddns.net<br><\/a><a href=\"https:\/\/jb-1348512.ddnsfree.com\">https:\/\/jb-1348512.ddnsfree.com<\/a><br>Carolann0802<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>D\u00e9ployer un serveur multi-services V1.0-2022.11.23 ATTENTION \u00c0 VOS MOTS DE PASSE, VOTRE SERVEUR EST SUR LE R\u00c9SEAU INTERNET.NE PAS UTILISER &lsquo;PASSWORD&lsquo; COMME MOT DE PASSE, POUR AUCUN SERVICE Pond\u00e9ration Projet: 50%Journal de bord: 10% Remise Vendredi, le 16 d\u00e9cembre 2022, 16h00 Voir au bas du document pour les directives de remise. NOTE: Il faut m&rsquo;envoyer [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":864,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-215","page","type-page","status-publish","hentry"],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false},"uagb_author_info":{"display_name":"Alain","author_link":"https:\/\/ve2cuy.com\/420-21e\/index.php\/author\/alain\/"},"uagb_comment_info":0,"uagb_excerpt":"D\u00e9ployer un serveur multi-services V1.0-2022.11.23 ATTENTION \u00c0 VOS MOTS DE PASSE, VOTRE SERVEUR EST SUR LE R\u00c9SEAU INTERNET.NE PAS UTILISER &lsquo;PASSWORD&lsquo; COMME MOT DE PASSE, POUR AUCUN SERVICE Pond\u00e9ration Projet: 50%Journal de bord: 10% Remise Vendredi, le 16 d\u00e9cembre 2022, 16h00 Voir au bas du document pour les directives de remise. NOTE: Il faut m&rsquo;envoyer&hellip;","_links":{"self":[{"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/pages\/215","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/comments?post=215"}],"version-history":[{"count":109,"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/pages\/215\/revisions"}],"predecessor-version":[{"id":2485,"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/pages\/215\/revisions\/2485"}],"up":[{"embeddable":true,"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/pages\/864"}],"wp:attachment":[{"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/media?parent=215"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}