.

Confs/srv1/dhcpd.conf

@@ -0,0 +1,41 @@
+# Arquivo de configuração do servidor DHCP
+
+# Desabilita as atualizações dinâmicas de DNS
+ddns-update-style none;
+
+# Define o tempo de concessão padrão (default lease time) para 600 segundos (10 minutos)
+default-lease-time 600;
+
+# Define o tempo máximo de concessão (max lease time) para 7200 segundos (2 horas)
+max-lease-time 7200;
+
+# Define que este servidor DHCP é autoritativo (envia respostas de maneira mais agressiva)
+authoritative;
+
+# Definição da rede (subnet) e máscara de rede
+subnet 172.17.0.0 netmask 255.255.255.0 {
+
+    # Define o intervalo de endereços IP que o DHCP pode atribuir aos clientes
+    range 172.17.0.100 172.17.0.199;
+
+    # Define o endereço IP do roteador (gateway) padrão
+    option routers 172.17.0.1;
+
+    # Define os servidores DNS que serão atribuídos aos clientes
+    option domain-name-servers 172.17.0.1, 172.17.0.2;
+
+    # Define o endereço de broadcast para a rede
+    option broadcast-address 172.17.0.255;
+
+    # Impede que clientes não conhecidos (não listados explicitamente) recebam um IP
+    #deny unknown-clients;
+}
+
+# Definição de um cliente específico (host) com IP fixo
+host PC-01 {
+#    # Endereço MAC da máquina
+    hardware ethernet 08:00:27:80:FF:2D;
+
+#    # Endereço IP fixo atribuído ao cliente
+    fixed-address 172.17.0.150;
+}

Confs/srv1/dns/db.0.17.172

@@ -0,0 +1,17 @@
+$TTL 3600 ; Tempo de vida das respostas fornecidas pelo DNS (cache)
+@ IN SOA ns1.fatecseg.edu.br. hostmaster.fatecseg.edu.br. (
+    2024020901 ; Serial para controle de atualizações entre master e slave
+    28800      ; Tempo de atualizações entre master e slave (refresh)
+    7200       ; Tempo de atualizações caso o refresh falhe
+    604800     ; Tempo de expiração do slave caso não contate o master
+    7200 )     ; Tempo de vida das respostas negativas do servidor
+
+	NS ns1.fatecseg.edu.br.
+
+1   PTR ns1.fatecseg.edu.br.
+2   PTR ns2.fatecseg.edu.br.
+2   PTR www.fatecseg.edu.br.
+3   PTR smtp.fatecseg.edu.br.
+4   PTR smtp2.fatecseg.edu.br.
+5   PTR pop3.fatecseg.edu.br.
+6   PTR blog.fatecseg.edu.br.

Confs/srv1/dns/db.fatecseg.edu.br

@@ -0,0 +1,24 @@
+$TTL 3600 ; Tempo de vida das respostas fornecidas pelo DNS (cache) (1H)
+@ IN SOA ns1.fatecseg.edu.br. hostmaster.fatecseg.edu.br. (
+             2024020901 ; Serial para controle de atualizações entre master e slave
+             28800      ; Tempo de atualizações entre master e slave (refresh) (8H)
+             7200       ; Tempo de atualizações caso o refresh falhe (2H)
+             604800     ; Tempo de expiração do slave caso não contate o master (7 dias)
+             7200 )     ; Tempo de vida das repostas negativas do servidor (2H)
+
+            NS ns1.fatecseg.edu.br.
+	    NS ns2.fatecseg.edu.br.
+            IN MX 10 smtp.fatecseg.edu.br.
+            IN MX 20 smtp2.fatecseg.edu.br.
+
+fatecseg.edu.br. 	A 	172.17.0.2
+ns1 			A 	172.17.0.1
+ns2			A	172.17.0.2
+www			A 	172.17.0.2
+smtp 			A 	172.17.0.3
+smtp2 			A 	172.17.0.4
+pop3 			A	172.17.0.5
+blog			A	172.17.0.6
+ftp			A	172.17.0.3
+webmail			CNAME 	pop3
+zabbix			CNAME 	www

Confs/srv1/dns/named.conf.local

@@ -0,0 +1,15 @@
+// DNS
+zone "fatecseg.edu.br" IN {
+    type master;
+    file "/etc/bind/domains/fatecseg/db.fatecseg.edu.br";
+    allow-transfer { 172.17.0.2; };  // Permite a transferência de zona para o IP especificado
+    also-notify { 172.17.0.2; };     // Notifica este IP sobre alterações na zona
+};
+
+// DNS Reverso
+zone "0.17.172.in-addr.arpa" {
+    type master;
+    file "/etc/bind/domains/fatecseg/db.0.17.172";
+    allow-transfer { 172.17.0.2; };  // Permite a transferência de zona reversa para o IP especificado
+    also-notify { 172.17.0.2; };     // Notifica este IP sobre alterações na zona reversa
+};

Confs/srv1/dns/named.conf.options

@@ -0,0 +1,34 @@
+acl "rede_interna" {
+    172.17.0.0/24;  // Definição de uma ACL (Access Control List) chamada "rede_interna", permitindo o intervalo de IPs 172.17.0.0/24.
+};
+
+options {
+    directory "/var/cache/bind";  // Diretório onde o BIND armazena arquivos de cache.
+
+    // If there is a firewall between you and nameservers you want
+    // to talk to, you may need to fix the firewall to allow multiple
+    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+    // If your ISP provided one or more IP addresses for stable
+    // nameservers, you probably want to use them as forwarders.
+    // Uncomment the following block, and insert the addresses replacing
+    // the all-0's placeholder.
+
+    forwarders {  // Configuração de servidores de encaminhamento para resolver consultas DNS.
+        8.8.8.8;  // Google Public DNS (primário).
+        8.8.4.4;  // Google Public DNS (secundário).
+    };
+
+    //========================================================================
+    // If BIND logs error messages about the root key being expired,
+    // you will need to update your keys.  See https://www.isc.org/bind-keys
+    //========================================================================
+
+    dnssec-validation no;  // Desativa a validação DNSSEC.
+    minimal-responses yes;  // Respostas mínimas, enviando apenas os dados necessários na resposta DNS.
+    version "Empresa FatecSeg";  // Define uma string personalizada para a versão do BIND que será exibida.
+    allow-query-cache { rede_interna; };  // Permite cache de consultas para a ACL "rede_interna".
+    allow-query { any; };  // Permite consultas DNS de qualquer origem.
+    allow-recursion { rede_interna; };  // Permite recursão DNS apenas para a ACL "rede_interna".
+    listen-on-v6 { any; };  // Escuta requisições em qualquer interface IPv6.
+};

Confs/srv1/interfaces

@@ -0,0 +1,24 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+auto enp0s8
+iface enp0s8 inet static
+	address 172.17.0.1
+	netmask 255.255.255.0
+	network 172.17.0.0
+	broadcast 172.17.0.255
+
+
+auto enp0s3
+iface enp0s3 inet dhcp
+
+
+auto enp0s9
+iface enp0s9 inet static
+	address 192.168.56.102/24

Confs/srv1/isc-dhcp-server

@@ -0,0 +1,18 @@
+# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
+#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPDv4_PID=/var/run/dhcpd.pid
+#DHCPDv6_PID=/var/run/dhcpd6.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="enp0s3"
+INTERFACESv6=""

Confs/srv1/nftables.conf

@@ -0,0 +1,24 @@
+table inet filter {
+	chain input {
+		type filter hook input priority filter; policy accept;
+	}
+
+	chain forward {
+		type filter hook forward priority filter; policy accept;
+	}
+
+	chain output {
+		type filter hook output priority filter; policy accept;
+	}
+}
+table ip nat {
+	chain POSTROUTING {
+		type nat hook postrouting priority srcnat; policy accept;
+		oifname "enp0s3" counter packets 0 bytes 0 masquerade
+	}
+
+	chain PREROUTING {
+		type nat hook prerouting priority dstnat; policy accept;
+		ip saddr 192.168.56.1 ip daddr 192.168.56.200 tcp dport 10001 counter packets 0 bytes 0 dnat to 172.17.0.2:22
+	}
+}

Confs/srv1/sysctl.conf

@@ -0,0 +1,68 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+###################################################################
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+#net.ipv6.conf.all.forwarding=1
+
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all, >1 bitmask of sysrq functions
+# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
+# for what other values do
+#kernel.sysrq=438
+