commit 66fcc33282296a4ae002a58f8baa6d092a74269d Author: tmferreira-ti <163651394+tmferreira-ti@users.noreply.github.com> Date: Tue Sep 16 20:43:33 2025 -0300 . diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..dfe0770 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +# Auto detect text files and perform LF normalization +* text=auto diff --git a/Confs/Comandos SSL.txt b/Confs/Comandos SSL.txt new file mode 100644 index 0000000..6c8c0ef --- /dev/null +++ b/Confs/Comandos SSL.txt @@ -0,0 +1,11 @@ +mkdir -p /etc/apache2/ssl/fatecseg + +openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/fatecseg/apache.csr -keyout /etc/apache2/ssl/fatecseg/apache.key + +ls /etc/apache2/ssl/fatecseg + +wget bit.ly/fatecseg-ssl -O /etc/apache2/sites-available/site.conf + +a2enmod ssl + +systemctl restart apache2 \ No newline at end of file diff --git a/Confs/checkP2.sh b/Confs/checkP2.sh new file mode 100644 index 0000000..3b1d560 --- /dev/null +++ b/Confs/checkP2.sh @@ -0,0 +1,77 @@ +#!/bin/bash + +# Definição de cores para formatação +GREEN="\e[32m" +RED="\e[31m" +CYAN="\e[36m" +YELLOW="\e[33m" +RESET="\e[0m" +BOLD="\e[1m" + +clear +echo -e "${BOLD}${CYAN}####### Script de Diagnóstico de Configuração #######${RESET}" + +read -e -p "Digite os três primeiros octetos do seu IP [192.168.]: " -i "192.168." IP +read -e -p "Digite o seu domínio: " DOMAIN +clear + +echo -e "${BOLD}${CYAN}####### Data de Instalação NS1 #######${RESET}" +echo -e "${YELLOW}$(tune2fs -l /dev/sda1 | grep created | awk '{print $5"/"$4"/"$7" "$6}')${RESET}" +read -p "Pressione para continuar..." + +clear +echo -e "${BOLD}${CYAN}####### Configuração de Rede #######${RESET}" +ip -br addr | egrep -v ^lo +read -p "Pressione para continuar..." + +clear +echo -e "${BOLD}${CYAN}####### Conectividade com a Máquina Web #######${RESET}" +if ping -c1 "$IP.2" > /dev/null; then + echo -e "${GREEN}Conectividade Ok${RESET}" +else + echo -e "${RED}Conectividade não Ok${RESET}" +fi +read -p "Pressione para continuar..." + +clear +echo -e "${BOLD}${CYAN}####### Conectividade com a Internet #######${RESET}" +for server in 8.8.8.8 1.1.1.1; do + if ping -c1 "$server" > /dev/null; then + echo -e "${GREEN}Conectividade $server: Ok${RESET}" + else + echo -e "${RED}Conectividade $server: Não Ok${RESET}" + fi +done +read -p "Pressione para continuar..." + +clear +echo -e "${BOLD}${CYAN}####### Configuração DHCP #######${RESET}" +systemctl status isc-dhcp-server --no-pager +read -p "Pressione para continuar..." + +clear +echo -e "${BOLD}${CYAN}####### Arquivo de Configuração DHCP #######${RESET}" +cat /etc/dhcp/dhcpd.conf +read -p "Pressione para continuar..." + +clear +echo -e "${BOLD}${CYAN}####### Configuração DNS Master #######${RESET}" +for sub in www revista blog; do + if nslookup "$sub.$DOMAIN.com.br" "$IP.1" > /dev/null; then + echo -e "${sub}.${DOMAIN}.com.br: ${GREEN}OK${RESET}" + else + echo -e "${sub}.${DOMAIN}.com.br: ${RED}Não OK${RESET}" + fi +done +read -p "Pressione para continuar..." + +clear +echo -e "${BOLD}${CYAN}####### Configuração DNS Slave #######${RESET}" +for sub in www revista blog; do + if nslookup "$sub.$DOMAIN.com.br" "$IP.2" > /dev/null; then + echo -e "${sub}.${DOMAIN}.com.br: ${GREEN}OK${RESET}" + else + echo -e "${sub}.${DOMAIN}.com.br: ${RED}Não OK${RESET}" + fi +done + diff --git a/Confs/checkP2_WEB.sh b/Confs/checkP2_WEB.sh new file mode 100644 index 0000000..d6bc85b --- /dev/null +++ b/Confs/checkP2_WEB.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +# Definição de cores para formatação +GREEN="\e[32m" +RED="\e[31m" +CYAN="\e[36m" +YELLOW="\e[33m" +RESET="\e[0m" +BOLD="\e[1m" + +clear +echo -e "${BOLD}${CYAN}####### Script de Diagnóstico de Configuração #######${RESET}" + +read -e -p "Digite os três primeiros octetos do seu IP [192.168.]: " -i "192.168." IP +#read -e -p "Digite o seu domínio: " DOMAIN +clear + +echo -e "${BOLD}${CYAN}####### Data de Instalação WEB #######${RESET}" +echo -e "${YELLOW}$(tune2fs -l /dev/sda1 | grep created | awk '{print $5"/"$4"/"$7" "$6}')${RESET}" +read -p "Pressione para continuar..." + +clear +echo -e "${BOLD}${CYAN}####### Configuração de Rede #######${RESET}" +ip -br addr | egrep -v ^lo +read -p "Pressione para continuar..." + +clear +echo -e "${BOLD}${CYAN}####### Conectividade com a Máquina NS1 #######${RESET}" +if ping -c1 "$IP.1" > /dev/null; then + echo -e "${GREEN}Conectividade Ok${RESET}" +else + echo -e "${RED}Conectividade não Ok${RESET}" +fi +read -p "Pressione para continuar..." + +clear +echo -e "${BOLD}${CYAN}####### Conectividade com a Internet #######${RESET}" +for server in 8.8.8.8 1.1.1.1; do + if ping -c1 "$server" > /dev/null; then + echo -e "${GREEN}Conectividade $server: Ok${RESET}" + else + echo -e "${RED}Conectividade $server: Não Ok${RESET}" + fi +done +read -p "Pressione para continuar..." + +clear +echo -e "${BOLD}${CYAN}####### Serviço Apache #######${RESET}" +systemctl status apache2 --no-pager +read -p "Pressione para continuar..." +clear + + diff --git a/Confs/srv1/dhcpd.conf b/Confs/srv1/dhcpd.conf new file mode 100644 index 0000000..ae004a9 --- /dev/null +++ b/Confs/srv1/dhcpd.conf @@ -0,0 +1,41 @@ +# Arquivo de configuração do servidor DHCP + +# Desabilita as atualizações dinâmicas de DNS +ddns-update-style none; + +# Define o tempo de concessão padrão (default lease time) para 600 segundos (10 minutos) +default-lease-time 600; + +# Define o tempo máximo de concessão (max lease time) para 7200 segundos (2 horas) +max-lease-time 7200; + +# Define que este servidor DHCP é autoritativo (envia respostas de maneira mais agressiva) +authoritative; + +# Definição da rede (subnet) e máscara de rede +subnet 172.17.0.0 netmask 255.255.255.0 { + + # Define o intervalo de endereços IP que o DHCP pode atribuir aos clientes + range 172.17.0.100 172.17.0.199; + + # Define o endereço IP do roteador (gateway) padrão + option routers 172.17.0.1; + + # Define os servidores DNS que serão atribuídos aos clientes + option domain-name-servers 172.17.0.1, 172.17.0.2; + + # Define o endereço de broadcast para a rede + option broadcast-address 172.17.0.255; + + # Impede que clientes não conhecidos (não listados explicitamente) recebam um IP + #deny unknown-clients; +} + +# Definição de um cliente específico (host) com IP fixo +host PC-01 { +# # Endereço MAC da máquina + hardware ethernet 08:00:27:80:FF:2D; + +# # Endereço IP fixo atribuído ao cliente + fixed-address 172.17.0.150; +} diff --git a/Confs/srv1/dns/db.0.17.172 b/Confs/srv1/dns/db.0.17.172 new file mode 100644 index 0000000..43d6963 --- /dev/null +++ b/Confs/srv1/dns/db.0.17.172 @@ -0,0 +1,17 @@ +$TTL 3600 ; Tempo de vida das respostas fornecidas pelo DNS (cache) +@ IN SOA ns1.fatecseg.edu.br. hostmaster.fatecseg.edu.br. ( + 2024020901 ; Serial para controle de atualizações entre master e slave + 28800 ; Tempo de atualizações entre master e slave (refresh) + 7200 ; Tempo de atualizações caso o refresh falhe + 604800 ; Tempo de expiração do slave caso não contate o master + 7200 ) ; Tempo de vida das respostas negativas do servidor + + NS ns1.fatecseg.edu.br. + +1 PTR ns1.fatecseg.edu.br. +2 PTR ns2.fatecseg.edu.br. +2 PTR www.fatecseg.edu.br. +3 PTR smtp.fatecseg.edu.br. +4 PTR smtp2.fatecseg.edu.br. +5 PTR pop3.fatecseg.edu.br. +6 PTR blog.fatecseg.edu.br. diff --git a/Confs/srv1/dns/db.fatecseg.edu.br b/Confs/srv1/dns/db.fatecseg.edu.br new file mode 100644 index 0000000..4425738 --- /dev/null +++ b/Confs/srv1/dns/db.fatecseg.edu.br @@ -0,0 +1,24 @@ +$TTL 3600 ; Tempo de vida das respostas fornecidas pelo DNS (cache) (1H) +@ IN SOA ns1.fatecseg.edu.br. hostmaster.fatecseg.edu.br. ( + 2024020901 ; Serial para controle de atualizações entre master e slave + 28800 ; Tempo de atualizações entre master e slave (refresh) (8H) + 7200 ; Tempo de atualizações caso o refresh falhe (2H) + 604800 ; Tempo de expiração do slave caso não contate o master (7 dias) + 7200 ) ; Tempo de vida das repostas negativas do servidor (2H) + + NS ns1.fatecseg.edu.br. + NS ns2.fatecseg.edu.br. + IN MX 10 smtp.fatecseg.edu.br. + IN MX 20 smtp2.fatecseg.edu.br. + +fatecseg.edu.br. A 172.17.0.2 +ns1 A 172.17.0.1 +ns2 A 172.17.0.2 +www A 172.17.0.2 +smtp A 172.17.0.3 +smtp2 A 172.17.0.4 +pop3 A 172.17.0.5 +blog A 172.17.0.6 +ftp A 172.17.0.3 +webmail CNAME pop3 +zabbix CNAME www diff --git a/Confs/srv1/dns/named.conf.local b/Confs/srv1/dns/named.conf.local new file mode 100644 index 0000000..d5f1a79 --- /dev/null +++ b/Confs/srv1/dns/named.conf.local @@ -0,0 +1,15 @@ +// DNS +zone "fatecseg.edu.br" IN { + type master; + file "/etc/bind/domains/fatecseg/db.fatecseg.edu.br"; + allow-transfer { 172.17.0.2; }; // Permite a transferência de zona para o IP especificado + also-notify { 172.17.0.2; }; // Notifica este IP sobre alterações na zona +}; + +// DNS Reverso +zone "0.17.172.in-addr.arpa" { + type master; + file "/etc/bind/domains/fatecseg/db.0.17.172"; + allow-transfer { 172.17.0.2; }; // Permite a transferência de zona reversa para o IP especificado + also-notify { 172.17.0.2; }; // Notifica este IP sobre alterações na zona reversa +}; diff --git a/Confs/srv1/dns/named.conf.options b/Confs/srv1/dns/named.conf.options new file mode 100644 index 0000000..dad5a60 --- /dev/null +++ b/Confs/srv1/dns/named.conf.options @@ -0,0 +1,34 @@ +acl "rede_interna" { + 172.17.0.0/24; // Definição de uma ACL (Access Control List) chamada "rede_interna", permitindo o intervalo de IPs 172.17.0.0/24. +}; + +options { + directory "/var/cache/bind"; // Diretório onde o BIND armazena arquivos de cache. + + // If there is a firewall between you and nameservers you want + // to talk to, you may need to fix the firewall to allow multiple + // ports to talk. See http://www.kb.cert.org/vuls/id/800113 + + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing + // the all-0's placeholder. + + forwarders { // Configuração de servidores de encaminhamento para resolver consultas DNS. + 8.8.8.8; // Google Public DNS (primário). + 8.8.4.4; // Google Public DNS (secundário). + }; + + //======================================================================== + // If BIND logs error messages about the root key being expired, + // you will need to update your keys. See https://www.isc.org/bind-keys + //======================================================================== + + dnssec-validation no; // Desativa a validação DNSSEC. + minimal-responses yes; // Respostas mínimas, enviando apenas os dados necessários na resposta DNS. + version "Empresa FatecSeg"; // Define uma string personalizada para a versão do BIND que será exibida. + allow-query-cache { rede_interna; }; // Permite cache de consultas para a ACL "rede_interna". + allow-query { any; }; // Permite consultas DNS de qualquer origem. + allow-recursion { rede_interna; }; // Permite recursão DNS apenas para a ACL "rede_interna". + listen-on-v6 { any; }; // Escuta requisições em qualquer interface IPv6. +}; diff --git a/Confs/srv1/interfaces b/Confs/srv1/interfaces new file mode 100644 index 0000000..e5b5e95 --- /dev/null +++ b/Confs/srv1/interfaces @@ -0,0 +1,24 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +auto enp0s8 +iface enp0s8 inet static + address 172.17.0.1 + netmask 255.255.255.0 + network 172.17.0.0 + broadcast 172.17.0.255 + + +auto enp0s3 +iface enp0s3 inet dhcp + + +auto enp0s9 +iface enp0s9 inet static + address 192.168.56.102/24 diff --git a/Confs/srv1/isc-dhcp-server b/Confs/srv1/isc-dhcp-server new file mode 100644 index 0000000..35a4bf9 --- /dev/null +++ b/Confs/srv1/isc-dhcp-server @@ -0,0 +1,18 @@ +# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server) + +# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). +#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf +#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf + +# Path to dhcpd's PID file (default: /var/run/dhcpd.pid). +#DHCPDv4_PID=/var/run/dhcpd.pid +#DHCPDv6_PID=/var/run/dhcpd6.pid + +# Additional options to start dhcpd with. +# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead +#OPTIONS="" + +# On what interfaces should the DHCP server (dhcpd) serve DHCP requests? +# Separate multiple interfaces with spaces, e.g. "eth0 eth1". +INTERFACESv4="enp0s3" +INTERFACESv6="" diff --git a/Confs/srv1/nftables.conf b/Confs/srv1/nftables.conf new file mode 100644 index 0000000..d11dfe0 --- /dev/null +++ b/Confs/srv1/nftables.conf @@ -0,0 +1,24 @@ +table inet filter { + chain input { + type filter hook input priority filter; policy accept; + } + + chain forward { + type filter hook forward priority filter; policy accept; + } + + chain output { + type filter hook output priority filter; policy accept; + } +} +table ip nat { + chain POSTROUTING { + type nat hook postrouting priority srcnat; policy accept; + oifname "enp0s3" counter packets 0 bytes 0 masquerade + } + + chain PREROUTING { + type nat hook prerouting priority dstnat; policy accept; + ip saddr 192.168.56.1 ip daddr 192.168.56.200 tcp dport 10001 counter packets 0 bytes 0 dnat to 172.17.0.2:22 + } +} diff --git a/Confs/srv1/sysctl.conf b/Confs/srv1/sysctl.conf new file mode 100644 index 0000000..1fa03b9 --- /dev/null +++ b/Confs/srv1/sysctl.conf @@ -0,0 +1,68 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +################################################################### +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +#net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# + +################################################################### +# Magic system request Key +# 0=disable, 1=enable all, >1 bitmask of sysrq functions +# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html +# for what other values do +#kernel.sysrq=438 + diff --git a/Confs/srv2/Apache/fatecseg.conf b/Confs/srv2/Apache/fatecseg.conf new file mode 100644 index 0000000..5da8243 --- /dev/null +++ b/Confs/srv2/Apache/fatecseg.conf @@ -0,0 +1,14 @@ + +ServerAdmin tiago@fatecourinhos.edu.br +ServerName www.fatecseg.edu.br +DocumentRoot /dados/paginas/fatecseg + + + Options -Indexes + AllowOverRide All + Require all granted + + +ErrorLog /var/log/apache2/error-fatecseg.log +CustomLog /var/log/apache2/access-fatecseg.log combined + diff --git a/Confs/srv2/Apache/fatecseg_ssl.conf b/Confs/srv2/Apache/fatecseg_ssl.conf new file mode 100644 index 0000000..e5aedac --- /dev/null +++ b/Confs/srv2/Apache/fatecseg_ssl.conf @@ -0,0 +1,27 @@ + + ServerAdmin webmaster@fatecseg.edu.br + ServerName www.fatecseg.edu.br + ServerAlias fatecseg.edu.br + Redirect permanent / https://www.fatecseg.edu.br/ + + + + ServerAdmin webmaster@fatecseg.edu.br + ServerName www.fatecseg.edu.br + ServerAlias fatecseg.edu.br + DocumentRoot /dados/paginas/fatecseg/ + + + Options -Indexes + AllowOverride All + Require all granted + + + ErrorLog /var/log/apache2/error_fatecseg_ssl.log + LogLevel warn + CustomLog /var/log/apache2/access_fatecseg_ssl.log combined + + SSLEngine on + SSLCertificateFile /etc/apache2/ssl/fatecseg/apache.csr + SSLCertificateKeyFile /etc/apache2/ssl/fatecseg/apache.key + diff --git a/Confs/srv2/dns/named.conf.local b/Confs/srv2/dns/named.conf.local new file mode 100644 index 0000000..c1592df --- /dev/null +++ b/Confs/srv2/dns/named.conf.local @@ -0,0 +1,13 @@ +// DNS +zone "fatecseg.edu.br" IN { + type slave; + file "/var/lib/bind/db.fatecseg.edu.br"; + masters { 172.17.0.1; }; +}; + +// DNS Reverso +zone "0.17.172.in-addr.arpa" { + type slave; + file "/var/lib/bind/db.0.17.172"; + masters { 172.17.0.1; }; +}; \ No newline at end of file diff --git a/Confs/srv2/dns/named.conf.options b/Confs/srv2/dns/named.conf.options new file mode 100644 index 0000000..4778d18 --- /dev/null +++ b/Confs/srv2/dns/named.conf.options @@ -0,0 +1,24 @@ +options { + directory "/var/cache/bind"; + + // If there is a firewall between you and nameservers you want + // to talk to, you may need to fix the firewall to allow multiple + // ports to talk. See http://www.kb.cert.org/vuls/id/800113 + + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing + // the all-0's placeholder. + + // forwarders { + // 0.0.0.0; + // }; + + //======================================================================== + // If BIND logs error messages about the root key being expired, + // you will need to update your keys. See https://www.isc.org/bind-keys + //======================================================================== + dnssec-validation auto; + + listen-on-v6 { any; }; +}; diff --git a/Confs/srv2/interfaces b/Confs/srv2/interfaces new file mode 100644 index 0000000..42cdcd7 --- /dev/null +++ b/Confs/srv2/interfaces @@ -0,0 +1,14 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +auto enp0s3 +iface enp0s3 inet static + address 172.17.0.2 + netmask 255.255.255.0 + gateway 172.17.0.1 diff --git a/Workgroups.png b/Workgroups.png new file mode 100644 index 0000000..e796325 Binary files /dev/null and b/Workgroups.png differ diff --git a/update_srv1.sh b/update_srv1.sh new file mode 100644 index 0000000..f3f2705 --- /dev/null +++ b/update_srv1.sh @@ -0,0 +1,36 @@ +#!/bin/bash +wget https://raw.githubusercontent.com/tmferreira-ti/ASOR/main/Confs/srv1/sysctl.conf -O /etc/sysctl.conf --no-check-certificate --no-cache +# +wget https://raw.githubusercontent.com/tmferreira-ti/ASOR/main/Confs/srv1/interfaces -O /etc/network/interfaces --no-check-certificate --no-cache +wget https://raw.githubusercontent.com/tmferreira-ti/ASOR/main/Confs/srv1/nftables.conf -O /etc/nftables.conf --no-check-certificate --no-cache +sed -i s'/enp0s8/enp0s3/g' /usr/local/bin/sync-update +#wget https://raw.githubusercontent.com/tmferreira-ti/SSORI/refs/heads/main/configs/sshd_config -O /etc/ssh/sshd_config --no-check-certificate --no-cache + +#apt install isc-dhcp-server -y +#wget https://raw.githubusercontent.com/tmferreira-ti/ASOR/refs/heads/main/Confs/srv1/dhcpd.conf -O /etc/dhcp/dhcpd.conf --no-check-certificate --no-cache +#wget https://raw.githubusercontent.com/tmferreira-ti/ASOR/refs/heads/main/Confs/srv1/isc-dhcp-server -O /etc/default/isc-dhcp-server --no-check-certificate --no-cache + +systemctl enable nftables +#reboot + +#apt install bind9 -y + +#wget github.com/tmferreira-ti/ASOR/raw/refs/heads/main/Confs/srv1/dns/named.conf.options -O /etc/bind/named.conf.options + +#wget https://github.com/tmferreira-ti/ASOR/raw/refs/heads/main/Confs/srv1/dns/named.conf.local -O /etc/bind/named.conf.local --no-check-certificate --no-cache + +#mkdir -p /etc/bind/domains/fatecseg/ + +#wget https://github.com/tmferreira-ti/ASOR/raw/refs/heads/main/Confs/srv1/dns/db.fatecseg.edu.br -O /etc/bind/domains/fatecseg/db.fatecseg.edu.br --no-check-certificate --no-cache + +#wget https://github.com/tmferreira-ti/ASOR/raw/refs/heads/main/Confs/srv1/dns/db.0.17.172 -O /etc/bind/domains/fatecseg/db.0.17.172 --no-check-certificate --no-cache + +#echo "domain fatecseg.edu.br" > /etc/resolv.conf +#echo "search fatecseg.edu.br" >> /etc/resolv.conf +#echo "nameserver 172.17.0.1" >> /etc/resolv.conf +#echo "nameserver 172.17.0.2" >> /etc/resolv.conf + +#chattr +i /etc/resolv.conf + +#systemctl restart named +reboot diff --git a/update_srv2.sh b/update_srv2.sh new file mode 100644 index 0000000..5565fe9 --- /dev/null +++ b/update_srv2.sh @@ -0,0 +1,44 @@ +#!/bin/bash +wget https://raw.githubusercontent.com/tmferreira-ti/ASOR/main/Confs/srv2/interfaces -O /etc/network/interfaces --no-check-certificate --no-cache +#wget https://raw.githubusercontent.com/tmferreira-ti/SSORI/refs/heads/main/configs/sshd_config -O /etc/ssh/sshd_config --no-check-certificate --no-cache + +#apt install bind9 -y + +#wget https://github.com/tmferreira-ti/ASOR/raw/refs/heads/main/Confs/srv2/dns/named.conf.options -O /etc/bind/named.conf.options + +#wget https://github.com/tmferreira-ti/ASOR/raw/refs/heads/main/Confs/srv2/dns/named.conf.local -O /etc/bind/named.conf.local --no-check-certificate --no-cache + +#apt update + +#apt install apache2 -y + +#apt install mariadb-server -y + +#apt install php php-mysql libapache2-mod-php php-curl php-gd php-mbstring php-mcrypt php-xml php-xmlrpc -y + +#wget https://github.com/tmferreira-ti/ASOR/raw/refs/heads/main/Confs/srv2/Apache/fatecseg.conf -O /etc/apache2/sites-available/site.conf --no-check-certificate --no-cache + +#mkdir /dados/paginas/fatecseg -p + +#a2ensite site.conf + +#a2dissite 000-default.conf + +#mysql -u root -p -e "CREATE DATABASE wordpress;" +#mysql -u root -p -e "GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpressuser'@'localhost' IDENTIFIED BY 'password';" +#mysql -u root -p -e "FLUSH PRIVILEGES;" + + +#cd /dados/paginas/fatecseg/ + +#rm -f index.html + +#wget wordpress.org/latest.tar.gz + +#tar --strip-components=1 -xzvf latest.tar.gz + +#rm -f latest.tar.gz + +#chown www-data: -R /dados/paginas/fatecseg/ + +reboot