mstefl/Help
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
ansimstefl 2025-05-29 21:55:04 +02:00
parent 3884a9f9e9
commit a4c2dca44e
70 changed files with 3373 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Ansible/Skripty/ipv6dis Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
sed -i 's/quiet/quiet\ ipv6\.disable\=1/' /etc/default/grub

4
Ansible/Skripty/name_nginx Executable file
View File

@ -0,0 +1,4 @@
#!/bin/bash
hostname=`hostname`
hostname=$hostname.czech-tv.cz
echo "$hostname" | sed -i "s/servername/$hostname/" /etc/nginx/sites-available/default

5
Ansible/Skripty/php_enabled_status Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
phpversion=`systemctl | grep running | grep php | grep fpm | cut -d "-" -f 1 | cut -b 6-8`
sed -i 's/\;ping.path/ping.path/' /etc/php/`echo $phpversion`/fpm/pool.d/www.conf
sed -i 's/\;pm.status/pm.status/' /etc/php/`echo $phpversion`/fpm/pool.d/www.conf

33
Ansible/first_install.yaml Executable file
View File

@ -0,0 +1,33 @@
- name: Provotni instalace serveru
hosts: all
become: true
gather_facts: yes
tasks:
- name: Install NGINX
apt:
name: nginx-full
state: present
- name: Copy config file status
copy:
src: status_nginx
dest: /etc/nginx/sites-available/status
owner: root
group: root
mode: 0644
- name: Add value for nginx
local_action:
module: zabbix_hostmacro
server_url: http://zabbix.czech-tv.cz
login_user: sm233387
login_password: JaNa1975
host_name: "{{inventory_hostname}}"
macro_name: "{$NGINX.STUB_STATUS.PORT}"
macro_value: 8080
state: present
- name: Check system information
shell: "ln -sf /etc/nginx/sites-available/status /etc/nginx/sites-enabled/"
- name: NGINX restart
ansible.builtin.service:
name: nginx
state: restarted
enabled: true

21
Ansible/install_chrony.yaml Executable file
View File

@ -0,0 +1,21 @@
- name: Playbook to install chrony
hosts: all
become: true
gather_facts: false
tasks:
- name: Install Chrony
apt:
name: chrony
state: present
- name: Copy config file
copy:
src: chrony.conf
dest: /etc/chrony/chrony.conf
owner: root
group: root
mode: 0644
- name: chorny restart
ansible.builtin.service:
name: chrony
state: restarted
enabled: true

71
Ansible/install_nginx_zabbix.yaml Executable file
View File

@ -0,0 +1,71 @@
- name: NGINX
hosts: all
become: true
gather_facts: yes
tasks:
- name: Install NGINX
apt:
name: nginx-full
state: present
- name: Copy config file status
copy:
src: status_nginx
dest: /etc/nginx/sites-available/status
owner: root
group: root
mode: 0644
- name: Copy config file status
copy:
src: name_nginx
dest: /tmp/name
owner: root
group: root
mode: 0755
- name: Copy config file default
copy:
src: default_nginx
dest: /etc/nginx/sites-available/default
owner: root
group: root
mode: 0644
- name: Rename hostname
shell:
"/tmp/name"
- name: Delete files name
shell:
"rm -f /tmp/name"
- name: Add value for nginx
local_action:
module: zabbix_hostmacro
server_url: https://zabbix.czech-tv.cz
login_user: ansict
login_password: Sojka123456
host_name: "{{inventory_hostname}}"
macro_name: "{$NGINX.STUB_STATUS.PORT}"
macro_value: 8080
state: present
- name: Symlink na status
shell:
"ln -sf /etc/nginx/sites-available/status /etc/nginx/sites-enabled/"
- name: Create CERT dir
shell:
"mkdir -p /etc/nginx/cert"
- name: Copy key file
copy:
src: CT.key
dest: /etc/nginx/cert/CT.key
owner: root
group: root
mode: 0644
- name: Copy cert file
copy:
src: CT.crt
dest: /etc/nginx/cert/CT.crt
owner: root
group: root
mode: 0644
- name: NGINX restart
ansible.builtin.service:
name: nginx
state: restarted
enabled: true

91
Ansible/install_php-fpm_zabbix.yaml Executable file
View File

@ -0,0 +1,91 @@
- name: PHP
hosts: all
become: true
gather_facts: yes
tasks:
- name: Install PHP
apt:
name: php-fpm
state: present
- name: Copy config file status
copy:
src: status_nginx_php
dest: /etc/nginx/sites-available/status
owner: root
group: root
mode: 0644
- name: Copy config file index.php
copy:
src: index.php
dest: /var/www/html/
owner: www-data
group: www-data
mode: 0644
- name: Copy config file default
copy:
src: default_php_nginx
dest: /etc/nginx/sites-available/default
owner: root
group: root
mode: 0644
- name: Copy php enabled status
copy:
src: php_enabled_status
dest: /tmp/php_enabled_status
owner: root
group: root
mode: 0755
- name: Run php enabled status
shell:
"/tmp/php_enabled_status"
- name: Create a new host or update an existing host's info
local_action:
module: zabbix_host
server_url: https://zabbix.czech-tv.cz
login_user: ansict
login_password: Sojka123456
host_name: '{{inventory_hostname}}'
host_groups:
- Linux servers
link_templates:
- PHP-FPM by Zabbix agent
- Linux by Zabbix agent
- SSH Service
- Nginx by Zabbix agent
interfaces:
- type: 1
main: 1
useip: 1
ip: "{{hostvars[inventory_hostname]['ansible_default_ipv4']['address']}}"
dns: "{{inventory_hostname}}"
port: 10050
- name: Add value for PHP
local_action:
module: zabbix_hostmacro
server_url: https://zabbix.czech-tv.cz
login_user: ansict
login_password: Sojka123456
host_name: "{{inventory_hostname}}"
macro_name: "{$PHP_FPM.PORT}"
macro_value: 8080
state: present
- name: Add value for PHP
local_action:
module: zabbix_hostmacro
server_url: https://zabbix.czech-tv.cz
login_user: ansict
login_password: Sojka123456
host_name: "{{inventory_hostname}}"
macro_name: "{$PHP_FPM.PROCESS_NAME}"
macro_value: php-fpm7.4
state: present
- name: PHP-FPM restart
ansible.builtin.service:
name: php7.4-fpm
state: restarted
enabled: true
- name: NGINX restart
ansible.builtin.service:
name: nginx
c state: restarted
enabled: true

9
Ansible/install_vmtools.yaml Executable file
View File

@ -0,0 +1,9 @@
- name: First install
hosts: all
become: true
gather_facts: yes
tasks:
- name: Install open-vm-tools
apt:
name: open-vm-tools
state: presentcat

43
Ansible/install_zabbix_agent.yaml Executable file
View File

@ -0,0 +1,43 @@
- name: Playbook to install zabbix
hosts: all
vars:
ipa: "hostvars[inventory_hostname]['ansible_default_ipv4']['address']"
become: true
gather_facts: yes
tasks:
- name: Install zabbix
apt:
name: zabbix-agent
state: present
- name: Copy agent config file
copy:
src: zabbix_agentd.conf
dest: /etc/zabbix/zabbix_agentd.conf
owner: root
group: root
mode: 0644
- name: zabbix restart
ansible.builtin.service:
name: zabbix-agent
state: restarted
enabled: true
- debug: var=hostvars[inventory_hostname]['ansible_default_ipv4']['address']
- name: Create a new host or update an existing host's info
local_action:
module: zabbix_host
server_url: https://zabbix.czech-tv.cz
login_user: ansict
login_password: Sojka123456
host_name: '{{inventory_hostname}}'
host_groups:
- Linux servers
link_templates:
- Linux by Zabbix agent
- SSH Service
interfaces:
- type: 1
main: 1
useip: 1
ip: "{{hostvars[inventory_hostname]['ansible_default_ipv4']['address']}}"
dns: "{{inventory_hostname}}"
port: 10050

23
Ansible/last_install.yaml Executable file
View File

@ -0,0 +1,23 @@
- name: Last install
hosts: all
become: true
gather_facts: yes
tasks:
- name: Copy file disable IPV6
copy:
src: ipv6dis
dest: /tmp/ipv6dis
owner: root
group: root
mode: 0755
- name: Run script disable IPV6
shell:
"/tmp/ipv6dis"
- name: Regenerate grub
shell:
"update-grub"
- name: Restart machine
command: shutdown -r now
async: 1
poll: 0
ignore_errors: true

2
Ansible/mysql.txt Executable file
View File

@ -0,0 +1,2 @@
CREATE USER 'zbx_monitor'@'%' IDENTIFIED BY 'datel1234';
GRANT REPLICATION CLIENT,PROCESS,SHOW DATABASES,SHOW VIEW ON *.* TO 'zbx_monitor'@'%';

11
Ansible/postgresql.txt Executable file
View File

@ -0,0 +1,11 @@
# Databaze
CREATE USER zbx_monitor WITH PASSWORD 'datel1234' INHERIT;
GRANT pg_monitor TO zbx_monitor;
# Test pripojeni
psql -h 127.0.0.1 --username=zbx_monitor postgres
# konfiguracni sobory
mkdir /var/lib/zabbix/
cp -a postgresql/ /var/lib/zabbix/
cp template_db_postgresql.conf /etc/zabbix/zabbix_agentd.conf.d/

3
Ansible/variables.txt Executable file
View File

@ -0,0 +1,3 @@
{$NGINX.STUB_STATUS.PORT}
{$PHP_FPM.PORT}
{$PHP_FPM.PROCESS_NAME}

23
Aplikace/Authelia/auth.conf Executable file
View File

@ -0,0 +1,23 @@
# Basic Authelia Config
# Send a subsequent request to Authelia to verify if the user is authenticated
# and has the right permissions to access the resource.
auth_request /authelia;
# Set the `target_url` variable based on the request. It will be used to build the portal
# URL with the correct redirection parameter.
auth_request_set $target_url $scheme://$http_host$request_uri;
# Set the X-Forwarded-User and X-Forwarded-Groups with the headers
# returned by Authelia for the backends which can consume them.
# This is not safe, as the backend must make sure that they come from the
# proxy. In the future, it's gonna be safe to just use OAuth.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
# If Authelia returns 401, then nginx redirects the user to the login portal.
# If it returns 200, then the request pass through to the backend.
# For other type of errors, nginx will handle them as usual.
error_page 401 =302 https://authelia.czech-tv.cz/?rd=$target_url;

38
Aplikace/Authelia/authelia.conf Executable file
View File

@ -0,0 +1,38 @@
# Virtual endpoint created by nginx to forward auth requests.
location /authelia {
internal;
set $upstream_authelia https://127.0.0.1:9091/api/verify;
proxy_pass_request_body off;
proxy_pass $upstream_authelia;
proxy_set_header Content-Length "";
# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# [REQUIRED] Needed by Authelia to check authorizations of the resource.
# Provide either X-Original-URL and X-Forwarded-Proto or
# X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both.
# Those headers will be used by Authelia to deduce the target url of the user.
# Basic Proxy Config
client_body_buffer_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 4 32k;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
}

53
Aplikace/Authelia/authelia_nginx.conf Executable file
View File

@ -0,0 +1,53 @@
server {
server_name authelia.czech-tv.cz;
listen 80;
return 301 https://$server_name$request_uri;
}
server {
server_name authelia.czech-tv.cz;
listen 443 ssl http2;
ssl_certificate /etc/nginx/cert/CT.crt;
ssl_certificate_key /etc/nginx/cert/CT.key;
location / {
set $upstream_authelia https://127.0.0.1:9091;
proxy_pass $upstream_authelia;
client_body_buffer_size 128k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 360;
proxy_send_timeout 360;
proxy_connect_timeout 360;
# Basic Proxy Config
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;
# If behind reverse proxy, forwards the correct IP
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.0.0.0/8;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
}
}

130
Aplikace/Authelia/configuration.yaml Executable file
View File

@ -0,0 +1,130 @@
---
theme: dark
jwt_secret: tHJQyNgBaULdQDQEAMFeduKa
default_redirection_url: https://ceskatelevize.cz/
default_2fa_method: "totp"
server:
host: 0.0.0.0
# port: 9091
port: 443
tls:
key: "/home/ct/CT.key"
certificate: "/home/ct/CT.pem"
client_certificates: []
log:
level: info
file_path: /var/log/authelia.log
telemetry:
metrics:
enabled: true
address: tcp://172.30.29.119:9902
totp:
disable: false
issuer: authelia.com
algorithm: sha1
digits: 6
period: 30
skew: 1
secret_size: 32
webauthn:
disable: false
timeout: 60s
display_name: Authelia
attestation_conveyance_preference: indirect
user_verification: preferred
ntp:
address: "time.czech-tv.cz:123"
version: 4
max_desync: 3s
disable_startup_check: false
disable_failure: false
authentication_backend:
password_reset:
disable: true
refresh_interval: 5m
ldap:
implementation: custom
url: ldap://ct.czech-tv.cz
timeout: 5s
start_tls: false
base_dn: DC=ct,DC=czech-tv,DC=cz
username_attribute: sAMAccountName
users_filter: (&({username_attribute}={input})(objectClass=person))
groups_filter: (&(member={dn})(objectClass=groupOfNames))
group_name_attribute: cn
mail_attribute: mail
display_name_attribute: displayName
user: "CN=Ldap ADReader,OU=ServisniUzivatele,OU=Admins,DC=ct,DC=czech-tv,DC=cz"
password: Buchtickyses0do
password_policy:
standard:
enabled: false
min_length: 8
max_length: 0
require_uppercase: true
require_lowercase: true
require_number: true
require_special: true
zxcvbn:
enabled: false
min_score: 3
access_control:
default_policy: deny
rules:
- domain: 'authelia.czech-tv.cz'
policy: bypass
- domain:
- 'ctcloud1.czech-tv.cz'
policy: two_factor
- domain:
- 'secure.czech-tv.cz'
policy: two_factor
- domain:
- 'ctcloud2.czech-tv.cz'
policy: two_factor
- domain:
- 'zabbix.czech-tv.cz'
policy: two_factor
- domain:
- 'public.czech-tv.cz'
policy: one_factor
- domain:
- 'ctclouduit.czech-tv.cz'
policy: two_factor
- domain:
- 'pha-mail1.ct.czech-tv.cz'
policy: two_factor
session:
name: authelia_session
domain: czech-tv.cz
same_site: lax
secret: dCdvLKWytdP66qqHpycVk6TuGK5m
expiration: 1h
inactivity: 1m
remember_me_duration: 1M
regulation:
max_retries: 3
find_time: 2m
ban_time: 10m
storage:
encryption_key: dCdvLKWytdP66qqHpycVk6TuGK5m
mysql:
host: 172.30.29.119
port: 3306
database: authelia
username: authelia
password: sojka123
timeout: 5s
notifier:
disable_startup_check: false
smtp:
host: mail.czech-tv.cz
port: 25
sender: "Authelia <authelia@czech-tv.cz>"
subject: "[Authelia] {title}"
disable_require_tls: true
...

50
Aplikace/Authelia/nginx.conf Executable file
View File

@ -0,0 +1,50 @@
server {
listen 443;
server_name ctclouduit.czech-tv.cz;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
client_max_body_size 10240M;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_certificate /etc/nginx/cert/CT.crt;
ssl_certificate_key /etc/nginx/cert/CT.key;
access_log /var/log/nginx/ctclouduit_access.log;
error_log /var/log/nginx/ctclouduit_error.log;
include snippets/authelia.conf; # Authelia auth endpoint
location / {
proxy_pass https://172.30.26.252;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
include snippets/auth.conf; # Protect this endpoint
proxy_http_version 1.1;
}
}
server {
if ($host = ctclouduit.czech-tv.cz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name ctclouduit.czech-tv.cz;
return 404;
}

2
Aplikace/LibreNMS/mysql.txt Executable file
View File

@ -0,0 +1,2 @@
CREATE USER 'librenms'@'192.168.1.2' IDENTIFIED BY 'Sojka123456';
GRANT ALL PRIVILEGES ON *.* TO 'librenms'@'192.168.1.2';

85
Aplikace/OwnCloud/config.php Executable file
View File

@ -0,0 +1,85 @@
<?php
$CONFIG = array (
'instanceid' => 'oc95n97fgwc9',
'passwordsalt' => 'u8+3d4tygzltPf5KORNIxUA/f7uBZ3',
'secret' => 'bhCsFhQRhx62fasvykG7uOuOtvCy+EeAj9DLnuLOKO7pWlQA',
'trusted_domains' =>
array (
0 => 'ctcloud3.czech-tv.cz',
),
'datadirectory' => '/var/www/html/owncloud/data',
'overwrite.cli.url' => 'https://ctcloud3.czech-tv.cz',
'dbtype' => 'pgsql',
'version' => '10.9.0.3',
'dbname' => 'owncloud',
'dbhost' => 'localhost',
'dbtableprefix' => 'oc_',
'dbuser' => 'oc_admin',
'dbpassword' => 'jj23snerzgkbxamh5dcjeuq10s1xz9',
'logtimezone' => 'UTC',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/owncloud/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/owncloud/apps-external',
'url' => '/apps-external',
'writable' => true,
),
),
'installed' => true,
'theme' => '',
'ldapIgnoreNamingRules' => false,
'mail_domain' => 'czech-tv.cz',
'mail_from_address' => 'ctcloud3',
'mail_smtpmode' => 'smtp',
'mail_smtphost' => 'mail.czech-tv.cz',
'mail_smtpport' => '25',
'default_language' => 'cs_CZ',
'trashbin_retention_obligation' => 0,
'log_type' => 'owncloud',
'logfile' => '/var/log/owncloud.log',
'loglevel' => 4,
'logdateformat' => 'F d, Y H:i:s',
'enable_previews' => true,
'preview_max_x' => 1024,
'preview_max_y' => 1024,
'preview_max_scale_factor' => 1,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
10 => 'OC\\Preview\\BMP',
11 => 'OC\\Preview\\XBitmap',
12 => 'OC\\Preview\\MP3',
15 => 'OC\\Preview\\TXT',
20 => 'OC\\Preview\\MarkDown',
25 => 'OC\\Preview\\OpenDocument',
30 => 'OC\\Preview\\TIFF',
35 => 'OC\\Preview\\Movie',
),
'enable_movie_transcode' => true,
'versions_retention_obligation' => 'enable',
'maintenance' => false,
'updatechecker' => false,
'memcache.local' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => true,
'redis' =>
array (
'host' => 'localhost',
'port' => 6379,
'dbindex' => 0,
'timeout' => 0,
0 => 0,
),
'upgrade.automatic-app-update' => false,
'skeletondirectory' => '/var/www/html/skeleteon_dir_woncloud',
'allow_user_to_change_mail_address' => '',
);

13
Aplikace/OwnCloud/occ.txt Executable file
View File

@ -0,0 +1,13 @@
sudo -u www-data ./occ app:disable activity
sudo -u www-data ./occ app:disable customgroups
sudo -u www-data ./occ app:disable guest
sudo -u www-data ./occ app:disable guests
sudo -u www-data ./occ app:enabled guests
sudo -u www-data ./occ app:enable guests
sudo -u www-data ./occ app:list
sudo -u www-data ./occ app:list
sudo -u www-data ./occ upgrade
sudo -u www-data ./occ user:sync "OCA\User_LDAP\User_Proxy"
sudo -u www-data php occ ldap:show-config

23
Aplikace/OwnCloud/psql Executable file
View File

@ -0,0 +1,23 @@
postgres@ctcloud:/var/www/html$ psql
psql (13.11 (Debian 13.11-0+deb11u1))
Type "help" for help.
postgres=# create database owncloud;
CREATE DATABASE
postgres=# create user owncloud with encrypted password 'Datel123456';
CREATE ROLE
postgres=# grant all privileges on database owncloud to owncloud;
GRANT
postgres=# CREATE USER zbx_monitor WITH PASSWORD 'datel1234' INHERIT;
CREATE ROLE
postgres=# ^[[200~GRANT pg_monitor TO zbx_monitor;~
ERROR: syntax error at or near "
INE 1: GRANT pg_monitor TO zbx_monitor;
^
postgres-# GRANT pg_monitor TO zbx_monitor;
ERROR: syntax error at or near "~"
LINE 1: ~
^
postgres=# GRANT pg_monitor TO zbx_monitor;
GRANT ROLE
postgres=#

46
Aplikace/ValutWarden/config.json Executable file
View File

@ -0,0 +1,46 @@
{
"domain": "https://heslovnik.czech-tv.cz",
"sends_allowed": true,
"hibp_api_key": "jdvpetsk12",
"incomplete_2fa_time_limit": 3,
"disable_icon_download": false,
"signups_allowed": true,
"signups_verify": true,
"signups_verify_resend_time": 3600,
"signups_verify_resend_limit": 6,
"signups_domains_whitelist": "czech-tv.cz,ct.czech-tv.cz,ceskatelevize.cz",
"invitations_allowed": true,
"emergency_access_allowed": true,
"password_iterations": 100000,
"password_hints_allowed": true,
"show_password_hint": false,
"admin_token": " 2DcKWJtshWQejDL6ZPELxXeY",
"invitation_org_name": "ceskatelevize.cz",
"ip_header": "X-Real-IP",
"icon_redirect_code": 302,
"icon_cache_ttl": 2592000,
"icon_cache_negttl": 259200,
"icon_download_timeout": 10,
"icon_blacklist_non_global_ips": true,
"disable_2fa_remember": false,
"authenticator_disable_time_drift": false,
"require_device_email": false,
"reload_templates": false,
"log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
"_enable_yubico": true,
"_enable_duo": false,
"_enable_smtp": true,
"smtp_host": "mail.czech-tv.cz",
"smtp_security": "off",
"smtp_port": 25,
"smtp_from": "vaultwarden@ceskatelevize.cz",
"smtp_from_name": "vaultwarden",
"smtp_timeout": 30,
"smtp_embed_images": true,
"smtp_accept_invalid_certs": false,
"smtp_accept_invalid_hostnames": false,
"_enable_email_2fa": true,
"email_token_size": 6,
"email_expiration_time": 600,
"email_attempts_limit": 3
}

8
Aplikace/ValutWarden/config.toml Executable file
View File

@ -0,0 +1,8 @@
vaultwarden_url = "https://passbolt.czech-tv.cz"
vaultwarden_admin_token = "admin"
ldap_host = "ct.czech-tv.cz"
ldap_bind_dn = "CN=Ldap ADReader,OU=ServisniUzivatele,OU=Admins,DC=ct,DC=czech-tv,DC=cz"
ldap_bind_password = "Buchtickyses0do"
ldap_search_base_dn = "DC=ct,DC=czech-tv,DC=cz"
ldap_search_filter = "(&(objectClass=*)(uid=*))"
ldap_sync_interval_seconds = 10

34
Aplikace/ValutWarden/docer-compose.yaml Executable file
View File

@ -0,0 +1,34 @@
version: '3'
services:
vaultwarden:
restart: always
container_name: vaultwarden
image: vaultwarden/server:latest
volumes:
- /var/lib/valutwarden/:/data/
- /var/lib/valutwarden/:/data/logs
ports:
- 8080:80
environment:
- SMTP_HOST=mail.czech-tv.cz
- SMTP_FROM=vaultwarden@ceskatelevize.cz
- SMTP_FROM_NAME=vaultwarden
- SMTP_PORT=25
- SMTP_TIMEOUT=30
- LOGIN_RATELIMIT_MAX_BURST=10
- LOGIN_RATELIMIT_SECONDS=60
- SMTP_SECURITY=off
- DOMAIN=https://heslovnik.czech-tv.cz
- INVITATION_ORG_NAME=ceskatelevize.cz
- INVITATIONS_ALLOWED=true
- ADMIN_TOKEN= 2DcKWJtshWQejDL6ZPELxXeY
- SIGNUPS_ALLOWED=true
- SIGNUPS_DOMAINS_WHITELIST=czech-tv.cz,ct.czech-tv.cz,ceskatelevize.cz
- SIGNUPS_VERIFY=true
- SIGNUPS_VERIFY_RESEND_TIME=3600
- SIGNUPS_VERIFY_RESEND_LIMIT=6
- EMERGENCY_ACCESS_ALLOWED=true
- SENDS_ALLOWED=true
- WEB_VAULT_ENABLED=true
- TIME_ZONE="Europe/Prague"
- RUST_BACKTRACE=full

47
Aplikace/ValutWarden/docker_compose_ldap.yaml Executable file
View File

@ -0,0 +1,47 @@
---
version: '3'
services:
ldap_sync:
build:
context: .
dockerfile: Dockerfile
volumes:
- ./example.config.toml:/config.toml:ro
# ./root.cert:/usr/src/vaultwarden_ldap/root.cert:ro
environment:
CONFIG_PATH: /config.toml
RUST_BACKTRACE: 1
depends_on:
- vaultwarden
- ldap
restart: always
vaultwarden:
image: vaultwarden/server
ports:
- 8000:80
environment:
ADMIN_TOKEN: admin
SIGNUPS_ALLOWED: 'false'
INVITATIONS_ALLOWED: 'true'
I_REALLY_WANT_VOLATILE_STORAGE: 'true'
ldap:
image: osixia/openldap
volumes:
- /var/lib/ldap
- /etc/ldap/slapd.d
environment:
LDAP_READONLY_USER: 'true'
LDAP_READONLY_USER_USERNAME: readonly
LDAP_READONLY_USER_PASSWORD: readonly
ldap_admin:
image: osixia/phpldapadmin
ports:
- 8001:80
environment:
PHPLDAPADMIN_HTTPS: 'false'
PHPLDAPADMIN_LDAP_HOSTS: ldap
depends_on:
- ldap

49
Aplikace/Zabbix/Huawei/BGP_valuemaps.xml Executable file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>5.0</version>
<date>2020-09-09T18:18:33Z</date>
<value_maps>
<value_map>
<name>bgpPeerAdminStatus</name>
<mappings>
<mapping>
<value>1</value>
<newvalue>Stop</newvalue>
</mapping>
<mapping>
<value>2</value>
<newvalue>Start</newvalue>
</mapping>
</mappings>
</value_map>
<value_map>
<name>BgpPeerState</name>
<mappings>
<mapping>
<value>1</value>
<newvalue>idle</newvalue>
</mapping>
<mapping>
<value>2</value>
<newvalue>connect</newvalue>
</mapping>
<mapping>
<value>3</value>
<newvalue>active</newvalue>
</mapping>
<mapping>
<value>4</value>
<newvalue>opensent</newvalue>
</mapping>
<mapping>
<value>5</value>
<newvalue>openconfirm</newvalue>
</mapping>
<mapping>
<value>6</value>
<newvalue>established</newvalue>
</mapping>
</mappings>
</value_map>
</value_maps>
</zabbix_export>

284
Aplikace/Zabbix/Huawei/Template Net Huawei VRP SNMPv2 - BGP.xml Executable file
View File

@ -0,0 +1,284 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>5.0</version>
<date>2020-09-09T18:10:32Z</date>
<groups>
<group>
<name>Templates</name>
</group>
<group>
<name>Templates/Network devices</name>
</group>
</groups>
<templates>
<template>
<template>Template Net Huawei VRP SNMPv2 - BGP</template>
<name>Template Net Huawei VRP SNMPv2 - BGP</name>
<description>Template for Huawei VRP to monitor BGP sessions</description>
<groups>
<group>
<name>Templates</name>
</group>
<group>
<name>Templates/Network devices</name>
</group>
</groups>
<applications>
<application>
<name>Routing Table Info</name>
</application>
</applications>
<items>
<item>
<name>Total IPv4 FIB Routes</name>
<type>SNMP_AGENT</type>
<snmp_oid>.1.3.6.1.2.1.4.24.3.0</snmp_oid>
<key>hwIPv4FibRoutes</key>
<delay>5m</delay>
<history>7d</history>
<trends>30d</trends>
<units>Prefixes</units>
<applications>
<application>
<name>Routing Table Info</name>
</application>
</applications>
</item>
<item>
<name>Total IPv4 RIB Routes</name>
<type>SNMP_AGENT</type>
<snmp_oid>.1.3.6.1.4.1.2011.5.25.177.9.1.0</snmp_oid>
<key>hwIPv4RibRoutes</key>
<delay>5m</delay>
<history>7d</history>
<trends>30d</trends>
<units>Prefixes</units>
<applications>
<application>
<name>Routing Table Info</name>
</application>
</applications>
</item>
<item>
<name>Total IPv6 FIB Routes</name>
<type>SNMP_AGENT</type>
<snmp_oid>1.3.6.1.2.1.55.1.9.0</snmp_oid>
<key>hwIPv6FibRoutes</key>
<delay>5m</delay>
<history>7d</history>
<trends>30d</trends>
<units>Prefixes</units>
<applications>
<application>
<name>Routing Table Info</name>
</application>
</applications>
</item>
</items>
<discovery_rules>
<discovery_rule>
<name>BGP4 Peer(s)</name>
<type>SNMP_AGENT</type>
<snmp_oid>discovery[{#BGPPEER},.1.3.6.1.4.1.2011.5.25.177.1.1.2.1.4.0,{#ASNUM},.1.3.6.1.4.1.2011.5.25.177.1.1.2.1.2.0,{#ADMSTATUS},.1.3.6.1.4.1.2011.5.25.177.1.1.2.1.11.0]</snmp_oid>
<key>BgpPeerRemoteAddr</key>
<delay>1h</delay>
<filter>
<conditions>
<condition>
<macro>{#ADMSTATUS}</macro>
<value>2</value>
<formulaid>A</formulaid>
</condition>
</conditions>
</filter>
<lifetime>0</lifetime>
<item_prototypes>
<item_prototype>
<name>AS Name for IPv4 peer {#BGPPEER} - AS{#ASNUM}</name>
<type>EXTERNAL</type>
<key>asname[{#BGPPEER},{HOST.IP},{#ASNUM}]</key>
<delay>1d</delay>
<history>30d</history>
<trends>0</trends>
<value_type>TEXT</value_type>
<description>as_name[&quot;-p&quot;,{#ASNUM}]&#13;
asname[{#BGPPEER},{HOST.IP},{#ASNUM}]</description>
<application_prototypes>
<application_prototype>
<name>BGP Peer {#BGPPEER} - AS{#ASNUM}</name>
</application_prototype>
</application_prototypes>
</item_prototype>
<item_prototype>
<name>Established time for peer {#BGPPEER} - AS{#ASNUM}</name>
<type>SNMP_AGENT</type>
<snmp_oid>1.3.6.1.4.1.2011.5.25.177.1.1.2.1.7.0.{#SNMPINDEX}</snmp_oid>
<key>BgpPeerFsmEstablishedTime[{#BGPPEER}]</key>
<delay>2m</delay>
<history>30d</history>
<trends>90d</trends>
<units>uptime</units>
<application_prototypes>
<application_prototype>
<name>BGP Peer {#BGPPEER} - AS{#ASNUM}</name>
</application_prototype>
</application_prototypes>
</item_prototype>
<item_prototype>
<name>Total routes from peer {#BGPPEER} - AS{#ASNUM}</name>
<type>SNMP_AGENT</type>
<snmp_oid>1.3.6.1.4.1.2011.5.25.177.1.1.3.1.1.0.{#SNMPINDEX}</snmp_oid>
<key>BgpPeerRoutes[{#BGPPEER}]</key>
<delay>5m</delay>
<history>30d</history>
<trends>90d</trends>
<units>prefixes</units>
<application_prototypes>
<application_prototype>
<name>BGP Peer {#BGPPEER} - AS{#ASNUM}</name>
</application_prototype>
</application_prototypes>
</item_prototype>
<item_prototype>
<name>Operational status for peer {#BGPPEER} - AS{#ASNUM}</name>
<type>SNMP_AGENT</type>
<snmp_oid>1.3.6.1.4.1.2011.5.25.177.1.1.2.1.5.0.{#SNMPINDEX}</snmp_oid>
<key>BgpPeerState[{#BGPPEER}]</key>
<delay>2m</delay>
<history>30d</history>
<trends>90d</trends>
<application_prototypes>
<application_prototype>
<name>BGP Peer {#BGPPEER} - AS{#ASNUM}</name>
</application_prototype>
</application_prototypes>
<valuemap>
<name>BgpPeerState</name>
</valuemap>
<trigger_prototypes>
<trigger_prototype>
<expression>{last()}&lt;&gt;6</expression>
<name>Peer {#BGPPEER} - AS{#ASNUM} is DOWN !!!</name>
<priority>AVERAGE</priority>
</trigger_prototype>
</trigger_prototypes>
</item_prototype>
</item_prototypes>
<graph_prototypes>
<graph_prototype>
<name>Routes from Peer {#SNMPVALUE}</name>
<show_work_period>NO</show_work_period>
<show_triggers>NO</show_triggers>
<graph_items>
<graph_item>
<color>1A7C11</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - BGP</host>
<key>BgpPeerRoutes[{#BGPPEER}]</key>
</item>
</graph_item>
</graph_items>
</graph_prototype>
</graph_prototypes>
</discovery_rule>
</discovery_rules>
</template>
</templates>
<graphs>
<graph>
<name>FIB - IPv4</name>
<graph_items>
<graph_item>
<sortorder>1</sortorder>
<drawtype>FILLED_REGION</drawtype>
<color>00EE00</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - BGP</host>
<key>hwIPv4FibRoutes</key>
</item>
</graph_item>
</graph_items>
</graph>
<graph>
<name>FIB - IPv6</name>
<graph_items>
<graph_item>
<sortorder>1</sortorder>
<color>F63100</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - BGP</host>
<key>hwIPv6FibRoutes</key>
</item>
</graph_item>
</graph_items>
</graph>
<graph>
<name>RIB - IPv4</name>
<graph_items>
<graph_item>
<sortorder>1</sortorder>
<drawtype>FILLED_REGION</drawtype>
<color>EE0000</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - BGP</host>
<key>hwIPv4RibRoutes</key>
</item>
</graph_item>
</graph_items>
</graph>
<graph>
<name>RIB x FIB - IPv4</name>
<graph_items>
<graph_item>
<sortorder>1</sortorder>
<drawtype>BOLD_LINE</drawtype>
<color>00EE00</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - BGP</host>
<key>hwIPv4FibRoutes</key>
</item>
</graph_item>
<graph_item>
<sortorder>2</sortorder>
<drawtype>BOLD_LINE</drawtype>
<color>EE0000</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - BGP</host>
<key>hwIPv4RibRoutes</key>
</item>
</graph_item>
</graph_items>
</graph>
</graphs>
<value_maps>
<value_map>
<name>BgpPeerState</name>
<mappings>
<mapping>
<value>1</value>
<newvalue>idle</newvalue>
</mapping>
<mapping>
<value>2</value>
<newvalue>connect</newvalue>
</mapping>
<mapping>
<value>3</value>
<newvalue>active</newvalue>
</mapping>
<mapping>
<value>4</value>
<newvalue>opensent</newvalue>
</mapping>
<mapping>
<value>5</value>
<newvalue>openconfirm</newvalue>
</mapping>
<mapping>
<value>6</value>
<newvalue>established</newvalue>
</mapping>
</mappings>
</value_map>
</value_maps>
</zabbix_export>

96
Aplikace/Zabbix/Huawei/Template Net Huawei VRP SNMPv2 - Extra Inventory.xml Executable file
View File

@ -0,0 +1,96 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>5.0</version>
<date>2020-09-09T18:11:55Z</date>
<groups>
<group>
<name>Templates</name>
</group>
<group>
<name>Templates/Network devices</name>
</group>
</groups>
<templates>
<template>
<template>Template Net Huawei VRP SNMPv2 - Extra Inventory</template>
<name>Template Net Huawei VRP SNMPv2 - Extra Inventory</name>
<description>Template for Huawei VRP - Extra items to Inventory &#13;
Works fine on NE routers series and partially on S67xx switch series</description>
<groups>
<group>
<name>Templates</name>
</group>
<group>
<name>Templates/Network devices</name>
</group>
</groups>
<applications>
<application>
<name>Inventory</name>
</application>
</applications>
<items>
<item>
<name>Device ESN</name>
<type>SNMP_AGENT</type>
<snmp_oid>.1.3.6.1.4.1.2011.5.25.188.1.1.0</snmp_oid>
<key>hwDeviceEsn</key>
<delay>1d</delay>
<trends>0</trends>
<value_type>TEXT</value_type>
<inventory_link>SERIALNO_A</inventory_link>
<applications>
<application>
<name>Inventory</name>
</application>
</applications>
</item>
<item>
<name>Patch Version</name>
<type>SNMP_AGENT</type>
<snmp_oid>1.3.6.1.4.1.2011.5.25.19.1.8.5.1.1.4.128.3</snmp_oid>
<key>hwPatchVersion</key>
<delay>1d</delay>
<trends>0</trends>
<value_type>TEXT</value_type>
<inventory_link>SOFTWARE_APP_A</inventory_link>
<applications>
<application>
<name>Inventory</name>
</application>
</applications>
</item>
<item>
<name>Product Name</name>
<type>SNMP_AGENT</type>
<snmp_oid>1.3.6.1.4.1.2011.6.3.11.4.0</snmp_oid>
<key>hwProductName</key>
<delay>1d</delay>
<trends>0</trends>
<value_type>TEXT</value_type>
<inventory_link>TYPE</inventory_link>
<applications>
<application>
<name>Inventory</name>
</application>
</applications>
</item>
<item>
<name>Software Version</name>
<type>SNMP_AGENT</type>
<snmp_oid>1.3.6.1.4.1.2011.5.25.19.1.8.5.1.1.6.128.3</snmp_oid>
<key>hwProductVersion</key>
<delay>1d</delay>
<trends>0</trends>
<value_type>TEXT</value_type>
<inventory_link>SOFTWARE</inventory_link>
<applications>
<application>
<name>Inventory</name>
</application>
</applications>
</item>
</items>
</template>
</templates>
</zabbix_export>

495
Aplikace/Zabbix/Huawei/Template Net Huawei VRP SNMPv2 - Optical Modules Info.xml Executable file
View File

@ -0,0 +1,495 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>5.0</version>
<date>2020-09-09T18:12:23Z</date>
<groups>
<group>
<name>Templates</name>
</group>
<group>
<name>Templates/Network devices</name>
</group>
</groups>
<templates>
<template>
<template>Template Net Huawei VRP SNMPv2 - Optical Modules Info</template>
<name>Template Net Huawei VRP SNMPv2 - Optical Modules Info</name>
<description>Template for Huawei VRP Optical Modules Info</description>
<groups>
<group>
<name>Templates</name>
</group>
<group>
<name>Templates/Network devices</name>
</group>
</groups>
<discovery_rules>
<discovery_rule>
<name>Network Optical Modules Info</name>
<type>SNMP_AGENT</type>
<snmp_oid>discovery[{#IFNAME},1.3.6.1.2.1.47.1.1.1.1.7,{#IFPRESENT},.1.3.6.1.4.1.2011.5.25.31.1.1.3.1.14,{#IFCLASS},.1.3.6.1.2.1.47.1.1.1.1.5]</snmp_oid>
<key>net.if.optical.discovery</key>
<delay>1h</delay>
<filter>
<evaltype>AND</evaltype>
<conditions>
<condition>
<macro>{#IFCLASS}</macro>
<value>10</value>
<formulaid>A</formulaid>
</condition>
<condition>
<macro>{#IFPRESENT}</macro>
<value>-1</value>
<operator>NOT_MATCHES_REGEX</operator>
<formulaid>B</formulaid>
</condition>
</conditions>
</filter>
<description>Discovering interfaces from IF-MIB. Interfaces with down(2) Administrative Status are not discovered.</description>
<item_prototypes>
<item_prototype>
<name>{#IFNAME}: Rx Power</name>
<type>SNMP_AGENT</type>
<snmp_oid>.1.3.6.1.4.1.2011.5.25.31.1.1.3.1.32.{#SNMPINDEX}</snmp_oid>
<key>hwEntityOpticalLaneRxPower[{#SNMPINDEX}]</key>
<delay>5m</delay>
<history>30d</history>
<trends>90d</trends>
<value_type>FLOAT</value_type>
<units>dBm</units>
<application_prototypes>
<application_prototype>
<name>Optical Module {#IFNAME}</name>
</application_prototype>
</application_prototypes>
<preprocessing>
<step>
<type>MULTIPLIER</type>
<params>0.01</params>
</step>
</preprocessing>
</item_prototype>
<item_prototype>
<name>{#IFNAME}: Tx Power</name>
<type>SNMP_AGENT</type>
<snmp_oid>.1.3.6.1.4.1.2011.5.25.31.1.1.3.1.33.{#SNMPINDEX}</snmp_oid>
<key>hwEntityOpticalLaneTxPower[{#SNMPINDEX}]</key>
<delay>5m</delay>
<history>30d</history>
<trends>90d</trends>
<value_type>FLOAT</value_type>
<units>dBm</units>
<application_prototypes>
<application_prototype>
<name>Optical Module {#IFNAME}</name>
</application_prototype>
</application_prototypes>
<preprocessing>
<step>
<type>MULTIPLIER</type>
<params>0.01</params>
</step>
</preprocessing>
</item_prototype>
<item_prototype>
<name>{#IFNAME}: Rx High Threshold</name>
<type>SNMP_AGENT</type>
<snmp_oid>.1.3.6.1.4.1.2011.5.25.31.1.1.3.1.14.{#SNMPINDEX}</snmp_oid>
<key>hwEntityOpticalRxHighThreshold[{#SNMPINDEX}]</key>
<delay>5m</delay>
<history>30d</history>
<trends>90d</trends>
<value_type>FLOAT</value_type>
<units>dBm</units>
<application_prototypes>
<application_prototype>
<name>Optical Module {#IFNAME}</name>
</application_prototype>
</application_prototypes>
<preprocessing>
<step>
<type>MULTIPLIER</type>
<params>0.01</params>
</step>
</preprocessing>
</item_prototype>
<item_prototype>
<name>{#IFNAME}: Rx High Warning</name>
<type>SNMP_AGENT</type>
<snmp_oid>.1.3.6.1.4.1.2011.5.25.31.1.1.3.1.21.{#SNMPINDEX}</snmp_oid>
<key>hwEntityOpticalRxHighWarnThreshold[{#SNMPINDEX}]</key>
<delay>5m</delay>
<history>30d</history>
<trends>90d</trends>
<value_type>FLOAT</value_type>
<units>dBm</units>
<application_prototypes>
<application_prototype>
<name>Optical Module {#IFNAME}</name>
</application_prototype>
</application_prototypes>
<preprocessing>
<step>
<type>MULTIPLIER</type>
<params>0.01</params>
</step>
</preprocessing>
</item_prototype>
<item_prototype>
<name>{#IFNAME}: Rx Low Threshold</name>
<type>SNMP_AGENT</type>
<snmp_oid>.1.3.6.1.4.1.2011.5.25.31.1.1.3.1.13.{#SNMPINDEX}</snmp_oid>
<key>hwEntityOpticalRxLowThreshold[{#SNMPINDEX}]</key>
<delay>5m</delay>
<history>30d</history>
<trends>90d</trends>
<value_type>FLOAT</value_type>
<units>dBm</units>
<application_prototypes>
<application_prototype>
<name>Optical Module {#IFNAME}</name>
</application_prototype>
</application_prototypes>
<preprocessing>
<step>
<type>MULTIPLIER</type>
<params>0.01</params>
</step>
</preprocessing>
</item_prototype>
<item_prototype>
<name>{#IFNAME}: Rx Low Warning</name>
<type>SNMP_AGENT</type>
<snmp_oid>.1.3.6.1.4.1.2011.5.25.31.1.1.3.1.20.{#SNMPINDEX}</snmp_oid>
<key>hwEntityOpticalRxLowWarnThreshold[{#SNMPINDEX}]</key>
<delay>5m</delay>
<history>30d</history>
<trends>90d</trends>
<value_type>FLOAT</value_type>
<units>dBm</units>
<application_prototypes>
<application_prototype>
<name>Optical Module {#IFNAME}</name>
</application_prototype>
</application_prototypes>
<preprocessing>
<step>
<type>MULTIPLIER</type>
<params>0.01</params>
</step>
</preprocessing>
</item_prototype>
<item_prototype>
<name>{#IFNAME}: Temperatura</name>
<type>SNMP_AGENT</type>
<snmp_oid>1.3.6.1.4.1.2011.5.25.31.1.1.3.1.5.{#SNMPINDEX}</snmp_oid>
<key>hwEntityOpticalTemperature[{#SNMPINDEX}]</key>
<delay>5m</delay>
<history>30d</history>
<trends>90d</trends>
<units>C</units>
<application_prototypes>
<application_prototype>
<name>Optical Module {#IFNAME}</name>
</application_prototype>
</application_prototypes>
<trigger_prototypes>
<trigger_prototype>
<expression>{last()}&gt;{$OPT_MOD_TEMP_WARN} and {last()}&lt;{$OPT_MOD_TEMP_CRIT}</expression>
<name>Interface {#IFNAME}: Temperatura do Modulo Otico &gt; 85C</name>
<priority>WARNING</priority>
<description>Temperatura Atual: {ITEM.LASTVALUE1}.</description>
</trigger_prototype>
<trigger_prototype>
<expression>{last()}&gt;={$OPT_MOD_TEMP_CRIT}</expression>
<name>Interface {#IFNAME}: Temperatura do Modulo Otico &gt; 90C</name>
<priority>DISASTER</priority>
<description>Temperatura Atual: {ITEM.LASTVALUE1}.</description>
</trigger_prototype>
</trigger_prototypes>
</item_prototype>
<item_prototype>
<name>{#IFNAME}: Tx High Threshold</name>
<type>SNMP_AGENT</type>
<snmp_oid>.1.3.6.1.4.1.2011.5.25.31.1.1.3.1.16.{#SNMPINDEX}</snmp_oid>
<key>hwEntityOpticalTxHighThreshold[{#SNMPINDEX}]</key>
<delay>5m</delay>
<history>30d</history>
<trends>90d</trends>
<value_type>FLOAT</value_type>
<units>dBm</units>
<application_prototypes>
<application_prototype>
<name>Optical Module {#IFNAME}</name>
</application_prototype>
</application_prototypes>
<preprocessing>
<step>
<type>MULTIPLIER</type>
<params>0.01</params>
</step>
</preprocessing>
</item_prototype>
<item_prototype>
<name>{#IFNAME}: Tx High Warning</name>
<type>SNMP_AGENT</type>
<snmp_oid>.1.3.6.1.4.1.2011.5.25.31.1.1.3.1.23.{#SNMPINDEX}</snmp_oid>
<key>hwEntityOpticalTxHighWarnThreshold[{#SNMPINDEX}]</key>
<delay>5m</delay>
<history>30d</history>
<trends>90d</trends>
<value_type>FLOAT</value_type>
<units>dBm</units>
<application_prototypes>
<application_prototype>
<name>Optical Module {#IFNAME}</name>
</application_prototype>
</application_prototypes>
<preprocessing>
<step>
<type>MULTIPLIER</type>
<params>0.01</params>
</step>
</preprocessing>
</item_prototype>
<item_prototype>
<name>{#IFNAME}: Tx Low Threshold</name>
<type>SNMP_AGENT</type>
<snmp_oid>.1.3.6.1.4.1.2011.5.25.31.1.1.3.1.15.{#SNMPINDEX}</snmp_oid>
<key>hwEntityOpticalTxLowThreshold[{#SNMPINDEX}]</key>
<delay>5m</delay>
<history>30d</history>
<trends>90d</trends>
<value_type>FLOAT</value_type>
<units>dBm</units>
<application_prototypes>
<application_prototype>
<name>Optical Module {#IFNAME}</name>
</application_prototype>
</application_prototypes>
<preprocessing>
<step>
<type>MULTIPLIER</type>
<params>0.01</params>
</step>
</preprocessing>
</item_prototype>
<item_prototype>
<name>{#IFNAME}: Tx Low Warning</name>
<type>SNMP_AGENT</type>
<snmp_oid>.1.3.6.1.4.1.2011.5.25.31.1.1.3.1.22.{#SNMPINDEX}</snmp_oid>
<key>hwEntityOpticalTxLowWarnThreshold[{#SNMPINDEX}]</key>
<delay>5m</delay>
<history>30d</history>
<trends>90d</trends>
<value_type>FLOAT</value_type>
<units>dBm</units>
<application_prototypes>
<application_prototype>
<name>Optical Module {#IFNAME}</name>
</application_prototype>
</application_prototypes>
<preprocessing>
<step>
<type>MULTIPLIER</type>
<params>0.01</params>
</step>
</preprocessing>
</item_prototype>
</item_prototypes>
<trigger_prototypes>
<trigger_prototype>
<expression>({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneRxPower[{#SNMPINDEX}].last()}&gt;{Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalRxHighWarnThreshold[{#SNMPINDEX}].last()}) and ({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneRxPower[{#SNMPINDEX}].last()}&lt;={Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalRxHighThreshold[{#SNMPINDEX}].last()}) and ({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalRxHighWarnThreshold[{#SNMPINDEX}].last()} &lt;&gt; -0.01)</expression>
<name>Interface {#IFNAME}: Rx Power Alto</name>
<priority>WARNING</priority>
<description>Rx Atual: {ITEM.LASTVALUE1}&#13;
Rx Referencia: {ITEM.LASTVALUE2}</description>
</trigger_prototype>
<trigger_prototype>
<expression>({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneRxPower[{#SNMPINDEX}].last()}&lt;{Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalRxLowWarnThreshold[{#SNMPINDEX}].last()}) and ({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneRxPower[{#SNMPINDEX}].last()}&gt;={Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalRxLowThreshold[{#SNMPINDEX}].last()}) and ({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalRxLowWarnThreshold[{#SNMPINDEX}].last()} &lt;&gt; -0.01)and ({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneRxPower[{#SNMPINDEX}].last()}&gt; -40)</expression>
<name>Interface {#IFNAME}: Rx Power Baixo</name>
<priority>WARNING</priority>
<description>Rx Atual: {ITEM.LASTVALUE1}&#13;
Rx Referencia: {ITEM.LASTVALUE2}</description>
</trigger_prototype>
<trigger_prototype>
<expression>({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneRxPower[{#SNMPINDEX}].last()}&gt;{Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalRxHighThreshold[{#SNMPINDEX}].last()}) and ({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalRxHighThreshold[{#SNMPINDEX}].last()} &lt;&gt; -0.01)</expression>
<name>Interface {#IFNAME}: Rx Power Muito Alto</name>
<priority>DISASTER</priority>
<description>Rx Atual: {ITEM.LASTVALUE1}&#13;
Rx Referencia : {ITEM.LASTVALUE2}</description>
</trigger_prototype>
<trigger_prototype>
<expression>({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneRxPower[{#SNMPINDEX}].last()}&lt;{Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalRxLowThreshold[{#SNMPINDEX}].last()}) and {Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalRxLowThreshold[{#SNMPINDEX}].last()} &lt;&gt; -0.01 and ({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneRxPower[{#SNMPINDEX}].last()}&gt; -40)</expression>
<name>Interface {#IFNAME}: Rx Power Muito Baixo</name>
<priority>DISASTER</priority>
<description>Rx Atual: {ITEM.LASTVALUE1}&#13;
Rx Referencia: {ITEM.LASTVALUE2}</description>
</trigger_prototype>
<trigger_prototype>
<expression>({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneTxPower[{#SNMPINDEX}].last()}&gt;{Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalTxHighWarnThreshold[{#SNMPINDEX}].last()}) and ({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneTxPower[{#SNMPINDEX}].last()}&gt;{Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalTxHighThreshold[{#SNMPINDEX}].last()}) and ({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalTxHighWarnThreshold[{#SNMPINDEX}].last()} &lt;&gt; -0.01)</expression>
<name>Interface {#IFNAME}: Tx Power Alto</name>
<priority>WARNING</priority>
<description>Tx Atual: {ITEM.LASTVALUE1}&#13;
Tx Referencia: {ITEM.LASTVALUE2}</description>
</trigger_prototype>
<trigger_prototype>
<expression>({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneTxPower[{#SNMPINDEX}].last()}&lt;{Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalTxLowWarnThreshold[{#SNMPINDEX}].last()}) and ({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneTxPower[{#SNMPINDEX}].last()}&lt;{Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalTxLowThreshold[{#SNMPINDEX}].last()}) and ({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalTxLowWarnThreshold[{#SNMPINDEX}].last()} &lt;&gt; -0.01) and ({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneTxPower[{#SNMPINDEX}].last()}&gt; -40)</expression>
<name>Interface {#IFNAME}: Tx Power Baixo</name>
<priority>WARNING</priority>
<description>Tx Atual: {ITEM.LASTVALUE1}&#13;
Tx Referencia: {ITEM.LASTVALUE2}</description>
</trigger_prototype>
<trigger_prototype>
<expression>({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneTxPower[{#SNMPINDEX}].last()}&gt;{Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalTxHighThreshold[{#SNMPINDEX}].last()}) and {Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalTxHighThreshold[{#SNMPINDEX}].last()} &lt;&gt; -0.01</expression>
<name>Interface {#IFNAME}: Tx Power Muito Alto</name>
<priority>DISASTER</priority>
<description>Tx Atual: {ITEM.LASTVALUE1}&#13;
Tx Referencia: {ITEM.LASTVALUE2}</description>
</trigger_prototype>
<trigger_prototype>
<expression>({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneTxPower[{#SNMPINDEX}].last()}&lt;{Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalTxLowThreshold[{#SNMPINDEX}].last()}) and {Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalTxLowThreshold[{#SNMPINDEX}].last()} &lt;&gt; -0.01 and ({Template Net Huawei VRP SNMPv2 - Optical Modules Info:hwEntityOpticalLaneTxPower[{#SNMPINDEX}].last()}&gt; -40)</expression>
<name>Interface {#IFNAME}: Tx Power Muito Baixo</name>
<priority>DISASTER</priority>
<description>Tx Atual: {ITEM.LASTVALUE1}&#13;
Tx Referencia: {ITEM.LASTVALUE2}</description>
</trigger_prototype>
</trigger_prototypes>
<graph_prototypes>
<graph_prototype>
<name>{#IFNAME}: Rx Power</name>
<graph_items>
<graph_item>
<color>199C0D</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - Optical Modules Info</host>
<key>hwEntityOpticalRxHighThreshold[{#SNMPINDEX}]</key>
</item>
</graph_item>
<graph_item>
<sortorder>1</sortorder>
<color>F63100</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - Optical Modules Info</host>
<key>hwEntityOpticalRxHighWarnThreshold[{#SNMPINDEX}]</key>
</item>
</graph_item>
<graph_item>
<sortorder>2</sortorder>
<color>2774A4</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - Optical Modules Info</host>
<key>hwEntityOpticalRxLowThreshold[{#SNMPINDEX}]</key>
</item>
</graph_item>
<graph_item>
<sortorder>3</sortorder>
<color>F7941D</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - Optical Modules Info</host>
<key>hwEntityOpticalRxLowWarnThreshold[{#SNMPINDEX}]</key>
</item>
</graph_item>
<graph_item>
<sortorder>4</sortorder>
<color>FC6EA3</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - Optical Modules Info</host>
<key>hwEntityOpticalLaneRxPower[{#SNMPINDEX}]</key>
</item>
</graph_item>
</graph_items>
</graph_prototype>
<graph_prototype>
<name>{#IFNAME}: Temperatura do Modulo Otico</name>
<graph_items>
<graph_item>
<color>1A7C11</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - Optical Modules Info</host>
<key>hwEntityOpticalTemperature[{#SNMPINDEX}]</key>
</item>
</graph_item>
</graph_items>
</graph_prototype>
<graph_prototype>
<name>{#IFNAME}: Tx Power</name>
<graph_items>
<graph_item>
<color>199C0D</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - Optical Modules Info</host>
<key>hwEntityOpticalTxHighThreshold[{#SNMPINDEX}]</key>
</item>
</graph_item>
<graph_item>
<sortorder>1</sortorder>
<color>F63100</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - Optical Modules Info</host>
<key>hwEntityOpticalTxHighWarnThreshold[{#SNMPINDEX}]</key>
</item>
</graph_item>
<graph_item>
<sortorder>2</sortorder>
<color>2774A4</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - Optical Modules Info</host>
<key>hwEntityOpticalTxLowThreshold[{#SNMPINDEX}]</key>
</item>
</graph_item>
<graph_item>
<sortorder>3</sortorder>
<color>F7941D</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - Optical Modules Info</host>
<key>hwEntityOpticalTxLowWarnThreshold[{#SNMPINDEX}]</key>
</item>
</graph_item>
<graph_item>
<sortorder>4</sortorder>
<color>FC6EA3</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - Optical Modules Info</host>
<key>hwEntityOpticalLaneTxPower[{#SNMPINDEX}]</key>
</item>
</graph_item>
</graph_items>
</graph_prototype>
<graph_prototype>
<name>{#IFNAME}: Tx Power / Rx Power</name>
<graph_items>
<graph_item>
<color>199C0D</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - Optical Modules Info</host>
<key>hwEntityOpticalLaneRxPower[{#SNMPINDEX}]</key>
</item>
</graph_item>
<graph_item>
<sortorder>1</sortorder>
<color>F63100</color>
<item>
<host>Template Net Huawei VRP SNMPv2 - Optical Modules Info</host>
<key>hwEntityOpticalLaneTxPower[{#SNMPINDEX}]</key>
</item>
</graph_item>
</graph_items>
</graph_prototype>
</graph_prototypes>
</discovery_rule>
</discovery_rules>
<macros>
<macro>
<macro>{$OPT_MOD_TEMP_CRIT}</macro>
<value>90</value>
</macro>
<macro>
<macro>{$OPT_MOD_TEMP_WARN}</macro>
<value>85</value>
</macro>
</macros>
</template>
</templates>
</zabbix_export>

5
Aplikace/Zulip/aktualizace.txt Executable file
View File

@ -0,0 +1,5 @@
# Stazeni dat
curl -fLO https://download.zulip.com/server/zulip-server-6.1.tar.gz
# Instalace
/home/zulip/deployments/current/scripts/upgrade-zulip /home/ct/zulip-server-6.1.tar.gz

31
Aplikace/Zulip/nginx.conf Executable file
View File

@ -0,0 +1,31 @@
server {
listen 80;
listen [::]:80;
location / {
return 301 https://$host$request_uri;
}
include /etc/nginx/zulip-include/certbot;
}
include /etc/nginx/zulip-include/upstreams;
include /etc/zulip/nginx_sharding_map.conf;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/cert/CT.crt;
ssl_certificate_key /etc/nginx/cert/CT.key;
location /local-static {
alias /home/zulip/local-static;
}
include /etc/nginx/zulip-include/certbot;
include /etc/nginx/zulip-include/app;
}

6
Aplikace/snap.txt Executable file
View File

@ -0,0 +1,6 @@
# Informace o balicku
snap info termius-app
# Informace o aktualizacich
snap refresh --list
# Aktualizace SNAP balicku
snap refresh

1
Certifikaty a SSL/PfxFromCertbot Executable file
View File

@ -0,0 +1 @@
openssl pkcs12 -export -out cert.pfx -inkey privkey1.pem -in fullchain1.pem -certfile fullchain1.pem

393
Certifikaty a SSL/openssl.cnf Executable file
View File

@ -0,0 +1,393 @@
#
# OpenSSL example configuration file.
# See doc/man5/config.pod for more info.
#
# This is mostly being used for generation of certificate requests,
# but may be used for auto loading of providers
# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
# Use this in order to automatically load providers.
openssl_conf = openssl_init
# Comment out the next line to ignore configuration errors
config_diagnostics = 1
# Extra OBJECT IDENTIFIER info:
# oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
# For FIPS
# Optionally include a file that is generated by the OpenSSL fipsinstall
# application. This file contains configuration data required by the OpenSSL
# fips provider. It contains a named section e.g. [fips_sect] which is
# referenced from the [provider_sect] below.
# Refer to the OpenSSL security policy for more information.
# .include fipsmodule.cnf
[openssl_init]
providers = provider_sect
# List of providers to load
[provider_sect]
default = default_sect
legacy = legacy_sect
# The fips section name should match the section name inside the
# included fipsmodule.cnf.
# fips = fips_sect
# If no providers are activated explicitly, the default one is activated implicitly.
# See man 7 OSSL_PROVIDER-default for more details.
#
# If you add a section explicitly activating any other provider(s), you most
# probably need to explicitly activate the default provider, otherwise it
# becomes unavailable in openssl. As a consequence applications depending on
# OpenSSL may not work correctly which could lead to significant system
# problems including inability to remotely access the system.
[default_sect]
activate = 1
[legacy_sect]
activate = 1
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several certs with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
# This is required for TSA certificates.
# extendedKeyUsage = critical,timeStamping
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical,CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = ./demoCA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir/cacert.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
signer_digest = sha256 # Signing digest to use. (Optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
ess_cert_id_alg = sha1 # algorithm to compute certificate
# identifier (optional, default: sha1)
[insta] # CMP using Insta Demo CA
# Message transfer
server = pki.certificate.fi:8700
# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080
# tls_use = 0
path = pkix/
# Server authentication
recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer
ignore_keyusage = 1 # potentially needed quirk
unprotected_errors = 1 # potentially needed quirk
extracertsout = insta.extracerts.pem
# Client authentication
ref = 3078 # user identification
secret = pass:insta # can be used for both client and server side
# Generic message options
cmd = ir # default operation, can be overridden on cmd line with, e.g., kur
# Certificate enrollment
subject = "/CN=openssl-cmp-test"
newkey = insta.priv.pem
out_trusted = apps/insta.ca.crt # does not include keyUsage digitalSignature
certout = insta.cert.pem
[pbm] # Password-based protection for Insta CA
# Server and client authentication
ref = $insta::ref # 3078
secret = $insta::secret # pass:insta
[signature] # Signature-based protection for Insta CA
# Server authentication
trusted = $insta::out_trusted # apps/insta.ca.crt
# Client authentication
secret = # disable PBM
key = $insta::newkey # insta.priv.pem
cert = $insta::certout # insta.cert.pem
[ir]
cmd = ir
[cr]
cmd = cr
[kur]
# Certificate update
cmd = kur
oldcert = $insta::certout # insta.cert.pem
[rr]
# Certificate revocation
cmd = rr
oldcert = $insta::certout # insta.cert.pem

2
Docker/DockerRun.txt Executable file
View File

@ -0,0 +1,2 @@
docker run -ti -d poler_librenms "/sbin/init"
docker exec -ti 1f9f38dcf28e /bin/bash

13
Linux/2xEtherne_config.txt Executable file
View File

@ -0,0 +1,13 @@
auto ens192
allow-hotplug ens224
iface ens224 inet static
address 172.30.6.112
netmask 255.255.254.0
auto ens224
allow-hotplug ens256
iface ens256 inet static
address 172.30.6.113
netmask 255.255.254.0
# gateway 172.30.7.254
up route add 172.30.6.0/23 via 172.30.7.254

7
Linux/ActiveDirectory/AD_linux,txt Executable file
View File

@ -0,0 +1,7 @@
sm233387 ALL=(ALL) ALL
%CYBER_ROOT ALL=(ALL:ALL) ALL
apt install sssd-ad sssd-tools realmd adcli
pam-auth-update --enable mkhomedir
realm join -U sm233387adm ct.czech-tv.cz

21
Linux/ActiveDirectory/sssd.conf Executable file
View File

@ -0,0 +1,21 @@
[sssd]
domains = ct.czech-tv.cz
config_file_version = 2
services = nss, pam
[domain/ct.czech-tv.cz]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = CT.CZECH-TV.CZ
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = ct.czech-tv.cz
#use_fully_qualified_names = True
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = simple
simple_allow_users = sm233387
simple_allow_groups = APP_ROOT

15
Linux/Konfigurace/chrony.conf Executable file
View File

@ -0,0 +1,15 @@
server time.czech-tv.cz
server time2.czech-tv.cz
keyfile /etc/chrony/chrony.keys
driftfile /var/lib/chrony/chrony.drift
logdir /var/log/chrony
maxupdateskew 100.0
rtcsync
makestep 1 3

14
Linux/NetPlanIP.yaml Executable file
View File

@ -0,0 +1,14 @@
network:
version: 2
renderer: networkd
ethernets:
ens160:
dhcp4: false
addresses:
- 172.30.29.194/24
nameservers:
addresses: [172.30.5.160, 172.31.26.160]
search: [czech-tv.cz, ct.czech-tv.cz]
routes:
- to: default
via: 172.30.29.254

6
Linux/PevnaIP.txt Executable file
View File

@ -0,0 +1,6 @@
allow-hotplug ens192
iface ens192 inet static
address 172.30.29.193
netmask 255.255.255.0
gateway 172.30.29.254
dns-nameservers 172.30.5.160 172.31.26.160

16
Linux/UserAdd.txt Executable file
View File

@ -0,0 +1,16 @@
useradd -m -d /home/hua -s /bin/bash -c "HuaTech" -U hua
2YQs8kqmcRSV8cJe
echo "hua ALL = (root) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/hua
sudo chmod 0440 /etc/sudoers.d/hua
useradd -m -d /home/compunet -s /bin/bash -c "compunet" -U compunet
passwd compunet
usermod -aG sudo compunet
9eWikV31oftps
useradd -m -d /home/sj232987 -s /bin/bash -c "Sulc Jan" -U sj232987
passwd sj232987
usermod -aG sudo sj232987
9eWikV31oftps

3
Linux/bash_debug.txt Executable file
View File

@ -0,0 +1,3 @@
exec 3>&1 1>"/tmp/log.log" 2>&1
set -x
echo "creating a temporary directory and some files" >&3

1
Linux/disable_ipv6.txt Executable file
View File

@ -0,0 +1 @@
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"

6
Linux/lvm.txt Executable file
View File

@ -0,0 +1,6 @@
pvcreate /dev/sdx
vgextend name_of_extend /dev/sdx
lvextend -l +100%FREE /dev/mapper/owncloud2_data-owncloud2_data_1
echo '/dev/mapper/data-synaman--data /mnt/data ext4 defaults 0 0' | sudo tee -a /etc/fstab

14
Linux/thefirstrun_1.0_all/DEBIAN/control Executable file
View File

@ -0,0 +1,14 @@
Source: thefirstrun
Section: devel
Priority: optional
Maintainer: Stefl Martin <martin.stefl@ceskatelevize.cz>
Build-Depends: curl sudo
Homepage: https://debian.czech-tv.cz
Package: thefirstrun
Version: 1.0
Architecture: all
Essential: no
Priority: optional
Maintainer: flavienbwk
Description: A sample package creating a shortcut that triggers a bash script opening a link to the official Ubuntu website

13
Linux/thefirstrun_1.0_all/DEBIAN/postinst Executable file
View File

@ -0,0 +1,13 @@
#!/bin/bash
apt install sudo -y
useradd -m -d /home/ansict -s /bin/bash -c "Ansible CT" -U ansict
sudo usermod -aG sudo ansict
echo "ansict ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
mkdir /home/ansict/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD7GiVOT4oUwFXsRyAmu5LJx2imW0zMpbVSZg5sa3WDvRLHUk10e7Ch+9SzvusbljlLV31M685cmHzZhSxrGqZR9R7TnhEdZb2QVKTRLBEmL4C2o6wOF+4FKEkOrSr7msDHcwvKN9lDib0MGyvLqZd2MXclAtE+yCvwvvbwOpLztPwyFKvFuBW9PtZ0KFYYxMIxwjOMrzCmb0hlWCnhnmNh08PTR1AT7Sdz8YlMIOYEjTxzRCW8nemjtrpydoBH05q8luqS6LxB4yj2kscSBB10eOviQ6FUQBg3ob0xe3KdCUPq7o2eUah+HDAZOy3MVd+uAuogzCMnpot0VGX+vmWAcV0iwBU0CEHJl12dK6CsMCETX3cjVQqQOueCh9biav9XzbbWDkIfrx871+os15izK03o3LcTZU7sDxkzeYha6/U1Z+5wPGXHTwcwMLsxn98W04rBor2ugVs+j+iKo9P8nTiOXO1Ngq4YrLuBqgJytJScoU72l4DN+CDpl0mP2K0= ansict@ansitest" > /home/ansict/.ssh/authorized_keys2
chown -R ansict:ansict /home/ansict
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup
sed -i 's/#PubkeyAuthentication/PubkeyAuthentication/' /etc/ssh/sshd_config
sed -i 's/#AuthorizedKeysFile/AuthorizedKeysFile/' /etc/ssh/sshd_config
systemctl restart sshd

33
Nginx/GitWeb.txt Executable file
View File

@ -0,0 +1,33 @@
server {
listen 443 ssl http2;
server_name gitsys.czech-tv.cz;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
ssl_certificate /etc/nginx/cert/CT.crt;
ssl_certificate_key /etc/nginx/cert/CT.key;
ssl_session_timeout 5m;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
}
server {
listen 80;
server_name gitsys.czech-tv.cz;
if ($host = gitsys.czech-tv.cz) {
return 301 https://$host$request_uri;
}
}

7
Nginx/Redirect_to_https.txt Executable file
View File

@ -0,0 +1,7 @@
server {
listen 80;
server_name ctcloud9.czech-tv.cz;
if ($host = ctcloud9.czech-tv.cz) {
return 301 https://$host$request_uri;
}
}

2
Readme.txt Executable file
View File

@ -0,0 +1,2 @@
Repository sm233387 , je to dokonale, test z cronu

155
Skripty/PHP/SensorData.php Executable file
View File

@ -0,0 +1,155 @@
<?php
/*
Rui Santos
Complete project details at https://RandomNerdTutorials.com/esp32-esp8266-mysql-database-php/
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files.
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
*/
$servername = "localhost";
// REPLACE with your Database name
$dbname = "sensors";
// REPLACE with Database user
$username = "sensors";
// REPLACE with Database user password
$password = "datel123";
// Keep this API Key value to be compatible with the ESP32 code provided in the project page.
// If you change this value, the ESP32 sketch needs to match
$api_key_value = "tPmAT5Ab3j7F9";
$conn = new mysqli($servername, $username, $password, $dbname);
if (isset($_GET['api_key'])) {
$api_key= $sensor = $location = $value1 = $value2 = $value3 = "";
if ($_SERVER["REQUEST_METHOD"] == "GET") {
$api_key = test_input($_GET["api_key"]);
if($api_key == $api_key_value) {
$sensor = test_input($_GET["sensor"]);
$location = test_input($_GET["location"]);
$value1 = test_input($_GET["value1"]);
$value2 = test_input($_GET["value2"]);
$value3 = test_input($_GET["value3"]);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sqlnew = "select location as light from SensorData where sensor like '$sensor' ORDER BY id DESC LIMIT 1";
if ($result = $conn->query($sqlnew)) {
while ($row = $result->fetch_assoc()) {
$row_light = $row["light"];
}
$result->free();
}
$percent = (1 - $location / $row_light) * 100;
//$percent = 0 - $percent;
$anone = number_format($percent, 0);
$anone = 0 - $anone;
// echo $location."<br>";
// echo $row_light."<br>";
// echo $anone;
if($anone >=80 ){
$location = $row_light;
}
//echo "konec:".$location;
$sql = "INSERT INTO SensorData (sensor, location, value1, value2, value3)
VALUES ('" . $sensor . "', '" . $location . "', '" . $value1 . "', '" . $value2 . "', '" . $value3 . "')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
}
else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
else {
echo "Wrong API Key provided.";
}
}
else {
echo "No data posted with HTTP POST.";
}
}
else {
$sql = "SELECT id, sensor, location, value1, value2, value3, reading_time FROM SensorData order by reading_time desc limit 10";
echo '<table cellspacing="0" cellpadding="5" border="0" align="center">
<tr>
<td>Kde</td>
<td>Svetlo</td>
<td>Vlhkost</td>
<td>Teplota</td>
<td>Tlak</td>
<td>Timestamp</td>
</tr>';
if ($result = $conn->query($sql)) {
while ($row = $result->fetch_assoc()) {
// $row_id = $row["id"];
$row_sensor = $row["sensor"];
$row_location = $row["location"];
$row_value1 = $row["value1"];
$row_value2 = $row["value2"];
$row_value3 = $row["value3"];
$row_reading_time = $row["reading_time"];
//$row_reading_time = date("Y-m-d H:i:s", strtotime("$row_reading_time + 4 hours"));
if($row_sensor == "Byt"){
echo '<tr bgcolor="red">
<td>' . $row_sensor . '</td>
<td>' . $row_location . '</td>
<td>' . $row_value1 . '</td>
<td>' . $row_value2 . '</td>
<td>' . $row_value3 . '</td>
<td>' . date("l dS \o\f F Y h:i:s A",strtotime("$row_reading_time")) . '</td>
</tr>';
} else {
echo '<tr>
<td>' . $row_sensor . '</td>
<td>' . $row_location . '</td>
<td>' . $row_value1 . '</td>
<td>' . $row_value2 . '</td>
<td>' . $row_value3 . '</td>
<td>' . date("l dS \o\f F Y h:i:s A",strtotime("$row_reading_time")) . '</td>
</tr>';
}
}
$result->free();
}
$conn->close();
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}

5
Skripty/PowerShell/CheckServices.ps1 Executable file
View File

@ -0,0 +1,5 @@
$MyVariable="CZC94881W3"
echo $MyVariable
Get-Service -Name klnagent -ComputerName $MyVariable
Get-Service -Name klnagent -ComputerName $MyVariable | Set-Service -Status Running
Get-Service -Name klnagent -ComputerName $MyVariable

50
Skripty/PowerShell/InstallTrendMicro.ps1 Executable file
View File

@ -0,0 +1,50 @@
$FOLDER = 'C:\TMP'
$MICRO = 'C:\Program Files (x86)\Trend Micro\Security Agent\PccNTMon.exe'
$FOLDERS = 'C:\Sony\Sonaps'
if (Test-Path -Path $FOLDER) {
"Adresar TMP existuje"
} else {
mkdir c:\TMP
}
Get-WmiObject -Class Win32_Product | where Name -like ("Kaspersky Endpoint Security*") |select IdentifyingNumber | ft -hide > C:\TMP\uuid_kasp.txt
(gc C:\TMP\uuid_kasp.txt ) | ? {$_.trim() -ne "" } | set-content C:\TMP\uuid_kasp.txt
$KES = Get-Content -Path C:\TMP\uuid_kasp.txt -TotalCount 1
if ($KES) {
start-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList '/x', $KES, 'KLLOGIN=KLAdmin', 'KLPASSWD=I.*nform1976', '/qn' -Wait
} else {
"Nenalezen : Kaspersky Endpoint Security pro systém Windows"
}
Get-WmiObject -Class Win32_Product | where Name -eq "Kaspersky Security Center Network Agent" |select IdentifyingNumber | ft -hide > C:\TMP\uuid_netagent.txt
(gc C:\TMP\uuid_netagent.txt ) | ? {$_.trim() -ne "" } | set-content C:\TMP\uuid_netagent.txt
$AGENT = Get-Content -Path C:\TMP\uuid_netagent.txt -TotalCount 1
if ($AGENT) {
cp \\pn03\Instalace\Kaspersky\Cleaner\cleaner.exe c:\TMP\
start-Process -FilePath "C:\TMP\cleaner.exe" -ArgumentList '/pc', $AGENT
} else {
"Nenalezen : Kaspersky Security Center Network Agent"
}
if (Test-Path -Path $MICRO ) {
"Antivir je jiz naistalovany"
} else {
if (Test-Path -Path $FOLDERS) {
Write-Output "Počítč má adresáč $FOLDERS"
$parms=@("/quiet", "/norestart" , "/lv", "C:\ApexOne.log";"/i";"\\pn03\Instalace\TrendMicro\Agents\AgentsApexCentral\Standalone\sonaps_agent_cloud_x64.msi")
(Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList $parms -Wait -Passthru).ExitCode
}else{
Write-Output "Počítč NEmá adresáč $FOLDERS"
$parms=@("/quiet", "/norestart" , "/lv", "C:\ApexOne.log";"/i";"\\pn03\Instalace\TrendMicro\Agents\AgentsApexCentral\Standalone\agent_cloud_x64.msi")
(Start-Process -FilePath "$env:systemroot\system32\msiexec.exe" -ArgumentList $parms -Wait -Passthru).ExitCode
}
}
Wait-Event -SourceIdentifier "ProcessStarted" -Timeout 30

13
Skripty/PowerShell/KontrolaPCprotiAD.ps1 Executable file
View File

@ -0,0 +1,13 @@
$serverlist = get-content ServerList.txt
#$file = debug.txt
foreach ($server in $serverlist) {
if (@(Get-ADComputer $server -ErrorAction SilentlyContinue).Count) {
$errorActionPreference = "SilentlyContinue"
}
else {
Write-Host $server
#$server | Out-File $file
write-output $server | add-content $home\Desktop\NejsouVAD.txt
}
}

37
Skripty/PowerShell/VypisTypuPC.ps1 Executable file
View File

@ -0,0 +1,37 @@
function check-chassis {
BEGIN {}
PROCESS {
#Write-Output "Processing $_ which is a:-"
$computer = "$_"
$chassis = Get-WmiObject win32_systemenclosure -computer $computer | select chassistypes
if ($chassis.chassistypes -contains '3'){Write-Output "Desktop"}
elseif ($chassis.chassistypes -contains '4'){Write-Output "Low Profile Desktop"}
elseif ($chassis.chassistypes -contains '5'){Write-Output "Pizza Box"}
elseif ($chassis.chassistypes -contains '6'){Write-Output "Mini Tower"}
elseif ($chassis.chassistypes -contains '7'){Write-Output "Tower"}
elseif ($chassis.chassistypes -contains '8'){Write-Output "Portable"}
elseif ($chassis.chassistypes -contains '9'){Write-Output "Laptop"}
elseif ($chassis.chassistypes -contains '10'){Write-Output "Notebook"}
elseif ($chassis.chassistypes -contains '11'){Write-Output "Hand Held"}
elseif ($chassis.chassistypes -contains '12'){Write-Output "Docking Station"}
elseif ($chassis.chassistypes -contains '13'){Write-Output "All in One"}
elseif ($chassis.chassistypes -contains '14'){Write-Output "Sub Notebook"}
elseif ($chassis.chassistypes -contains '15'){Write-Output "Space-Saving"}
elseif ($chassis.chassistypes -contains '16'){Write-Output "Lunch Box"}
elseif ($chassis.chassistypes -contains '17'){Write-Output "Main System Chassis"}
elseif ($chassis.chassistypes -contains '18'){Write-Output "Expansion Chassis"}
elseif ($chassis.chassistypes -contains '19'){Write-Output "Sub Chassis"}
elseif ($chassis.chassistypes -contains '20'){Write-Output "Bus Expansion Chassis"}
elseif ($chassis.chassistypes -contains '21'){Write-Output "Peripheral Chassis"}
elseif ($chassis.chassistypes -contains '22'){Write-Output "Storage Chassis"}
elseif ($chassis.chassistypes -contains '23'){Write-Output "Rack Mount Chassis"}
elseif ($chassis.chassistypes -contains '24'){Write-Output "Sealed-Case PC"}
else {Write-output "Unknown"}
}
END{}
}
$a = "localhost" | check-chassis
Write-output $a

10
Skripty/Python/Broadlink.txt Executable file
View File

@ -0,0 +1,10 @@
# Instalace
# pip install broadlink
# pip install cryptography
import broadlink
devices1 = broadlink.sp2(devtype = 0x7547, host=("192.168.15.109",80), mac=bytearray.fromhex("34 EA 34 BD 75 02"))
devices1.auth()
devices1.set_power(True)
# OFF - devices1.set_power(False)

13
Skripty/Python/DatumCas.py Executable file
View File

@ -0,0 +1,13 @@
#!/usr/bin/python3
from datetime import datetime, time
now = datetime.now()
now_time = now.time()
if now_time >= time(6,00) and now_time <= time(22,00):
print ('0')
else:
print ('1')

8
Skripty/SSH/Bind_replace.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
ls | while read line; do sed -i 's/85.239.69.9/85.239.69.7/g' $line; done
grep -rnw * -e "85.239.69.7" | awk '{ print $1 }' | cut -d ":" -f 1 | sort | uniq | while read line; do sed -i 's/[0-9]\{10\}/2022080301/' $line; done

27
Skripty/SSH/Energetika.sh Executable file
View File

@ -0,0 +1,27 @@
#!/bin/bash
hodina=`date +%H`
datum=`date +%y%m%d`
cd /root/energetika
EXISTUJE=`find /var/www/html/cloud.mstefl.cz/data/jana/files -iname "*$datum*" | wc -l`
if [ "$hodina" = "08" ] || [ "$hodina" = "09" ]; then
# echo "Hodna pro spusteni";
if [ $EXISTUJE -eq 0 ]
then
#echo "Budu stahovat soubor";
wget --user=newton --password=HESLO ftp://ftp.newtonit.cz/"/zce/vstup/Nová energetika/ČEZ - medan interně-"$datum"-0830-Přehled.zip" > /dev/null 2>&1
if [ -f "/root/energetika/ČEZ - medan interně-$datum-0830-Přehled.zip" ];
then
mv "ČEZ - medan interně-$datum-0830-Přehled.zip" /var/www/html/cloud.mstefl.cz/data/jana/files/Energetika/Updates/
chown www-data:www-data /var/www/html/cloud.mstefl.cz/data/jana/files/Energetika/Updates/*.zip
cd /var/www/html/cloud.mstefl.cz
sudo -u www-data php occ files:scan jana
wget https://api.pushover.net/1/messages.json --post-data="token=aserhn7trotowcj2xpqowwgyhvmwfi&user=uty4zaivtntn4wuazi724hy18p961u&message=Jsou nahrana nova data&title=Energetika" -qO- > /dev/null 2>&1 &
fi
fi
fi

16
Skripty/SSH/NewServer.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/sh
apt -y install sudo
useradd -m -d /home/ansict -s /bin/bash -c "Ansible CT" -U ansict
sudo usermod -aG sudo ansict
echo "ansict ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
mkdir /home/ansict/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD7GiVOT4oUwFXsRyAmu5LJx2imW0zMpbVSZg5sa3WDvRLHUk10e7Ch+9SzvusbljlLV31M685cmHzZhSxrGqZR9R7TnhEdZb2QVKTRLBEmL4C2o6wOF+4FKEkOrSr7msDHcwvKN9lDib0MGyvLqZd2MXclAtE+yCvwvvbwOpLztPwyFKvFuBW9PtZ0KFYYxMIxwjOMrzCmb0hlWCnhnmNh08PTR1AT7Sdz8YlMIOYEjTxzRCW8nemjtrpydoBH05q8luqS6LxB4yj2kscSBB10eOviQ6FUQBg3ob0xe3KdCUPq7o2eUah+HDAZOy3MVd+uAuogzCMnpot0VGX+vmWAcV0iwBU0CEHJl12dK6CsMCETX3cjVQqQOueCh9biav9XzbbWDkIfrx871+os15izK03o3LcTZU7sDxkzeYha6/U1Z+5wPGXHTwcwMLsxn98W04rBor2ugVs+j+iKo9P8nTiOXO1Ngq4YrLuBqgJytJScoU72l4DN+CDpl0mP2K0= ansict@ansitest" > /home/ansict/.ssh/authorized_keys2
chown -R ansict:ansict /home/ansict
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup
echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
echo "AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2" >> /etc/ssh/sshd_config
systemctl restart sshd

36
Skripty/SSH/ZalohaCloud.sh Executable file
View File

@ -0,0 +1,36 @@
#!/bin/bash
JANA=`find /var/www/html/cloud.mstefl.cz/data/jana/files/ -mtime -1 | wc -l`
JEIBICHOVA=`find /var/www/html/cloud.mstefl.cz/data/jeibichova/files/ -mtime -1 | wc -l`
find /var/www/html/cloud.mstefl.cz/data/jana/files/ -mtime -1 | wc -l > /mnt/backup/pocty_jana.txt
find /var/www/html/cloud.mstefl.cz/data/jeibichova/files/ -mtime -1 | wc -l > /mnt/backup/pocty_jeibichova.txt
DATUM=`date +%d%m%Y`;
DEN=`date +%d`
if [ "$DEN" = "01" ]; then
tar -cf /mnt/backup/jana_$DATUM.tar --absolute-names /var/www/html/cloud.mstefl.cz/data/jana/files/ > /dev/null 2>&1 &
tar -cf /mnt/backup/jeibichova_$DATUM.tar --absolute-names /var/www/html/cloud.mstefl.cz/data/jeibichova/files/ > /dev/null 2>&1 &
echo "1" > /mnt/backup/pocty_jana.txt
echo "1" > /mnt/backup/pocty_jeibichova.txt
wget https://api.pushover.net/1/messages.json --post-data="token=aserhn7trotowcj2xpqowwgyhvmwfi&user=uty4zaivtntn4wuazi724hy18p961u&message=Probehla pla mesicni zaloha&title=Zaloha na cloudU" -qO- > /dev/null 2>&1 &
else
if [[ $JANA != 0 ]]; then
find /var/www/html/cloud.mstefl.cz/data/jana/files/ -mtime -1 -type f -print0 | xargs -0 tar -cvzf /mnt/backup/jana_$DATUM.tar --absolute-names > /dev/null 2>&1 &
wget https://api.pushover.net/1/messages.json --post-data="token=aserhn7trotowcj2xpqowwgyhvmwfi&user=uty4zaivtntn4wuazi724hy18p961u&message=Probehla inkrementalni zaloha Jana&title=Zaloha na cloudU" -qO- > /dev/null 2>&1 &
else
wget https://api.pushover.net/1/messages.json --post-data="token=aserhn7trotowcj2xpqowwgyhvmwfi&user=uty4zaivtntn4wuazi724hy18p961u&message=U uzivatele Jana nedoslo ke zmene&title=Zaloha na cloudU" -qO- > /dev/null 2>&1 &
fi
if [[ $JEIBICHOVA != 0 ]]; then
find /var/www/html/cloud.mstefl.cz/data/jeibichova/files/ -mtime -1 -type f -print0 | xargs -0 tar -cvzf /mnt/backup/jeibichova_$DATUM.tar --absolute-names > /dev/null 2>&1 &
wget https://api.pushover.net/1/messages.json --post-data="token=aserhn7trotowcj2xpqowwgyhvmwfi&user=uty4zaivtntn4wuazi724hy18p961u&message=Probehla inkrementalni zaloha Jeibichova&title=Zaloha na cloudU" -qO- > /dev/null 2>&1 &
else
wget https://api.pushover.net/1/messages.json --post-data="token=aserhn7trotowcj2xpqowwgyhvmwfi&user=uty4zaivtntn4wuazi724hy18p961u&message=U uzivatele Jeibichova nedoslo ke zmene&title=Zaloha na cloudU" -qO- > /dev/null 2>&1 &
fi
fi
find /mnt/backup/ -type f -mtime +15 -exec rm -f {} +

24
Skripty/SSH/ZalohaCloudPrace.sh Executable file
View File

@ -0,0 +1,24 @@
#!/bin/bash
DATUM=`date +%d%m%Y`
scp -P 2282 mstefl@cloud.eibichova.cz:/mnt/backup/pocty_jana.txt /var/samba/backup/cloud/jana
scp -P 2282 mstefl@cloud.eibichova.cz:/mnt/backup/pocty_jeibichova.txt /var/samba/backup/cloud/jana
JANA=`cat /var/samba/backup/cloud/jana/pocty_jana.txt`
JEIBICHOVA=`cat /var/samba/backup/cloud/jana/pocty_jeibichova.txt`
if [[ $JANA != 0 ]]; then
scp -P 2282 mstefl@cloud.eibichova.cz:/mnt/backup/jana_$DATUM.tar /var/samba/backup/cloud/jana
wget https://api.pushover.net/1/messages.json --post-data="token=aserhn7trotowcj2xpqowwgyhvmwfi&user=uty4zaivtntn4wuazi724hy18p961u&message=Byla stazena data Jana&title=Stazeni zalohy" -qO- > /dev/null 2>&1 &
fi
if [[ $JEIBICHOVA != 0 ]]; then
scp -P 2282 mstefl@cloud.eibichova.cz:/mnt/backup/jeibichova_$DATUM.tar /var/samba/backup/cloud/jeibichova
wget https://api.pushover.net/1/messages.json --post-data="token=aserhn7trotowcj2xpqowwgyhvmwfi&user=uty4zaivtntn4wuazi724hy18p961u&message=Byla stazena data Jeibichova&title=Stazeni zalohy" -qO- > /dev/null 2>&1 &
fi
find /var/samba/backup/cloud/ -type f -mtime +30 -exec rm -f {} +

28
Skripty/SSH/ZalohaCloudStupice.sh Executable file
View File

@ -0,0 +1,28 @@
#!/bin/bash
python /usr/local/bin/disk_on.py
sleep 10
sudo mount UUID=570d6099-accd-41e6-8870-0c1fbee5198f /mnt/usbdisk/
DATUM=`date +%d%m%Y`
scp -P 2282 mstefl@cloud.eibichova.cz:/mnt/backup/pocty_jana.txt /mnt/usbdisk/backup/
scp -P 2282 mstefl@cloud.eibichova.cz:/mnt/backup/pocty_jeibichova.txt /mnt/usbdisk/backup/
JANA=`cat /mnt/usbdisk/backup/pocty_jana.txt`
JEIBICHOVA=`cat /mnt/usbdisk/backup/pocty_jeibichova.txt`
if [[ $JANA != 0 ]]; then
scp -P 2282 mstefl@cloud.eibichova.cz:/mnt/backup/jana_$DATUM.tar /mnt/usbdisk/backup/cloud/jana/
wget https://api.pushover.net/1/messages.json --post-data="token=aserhn7trotowcj2xpqowwgyhvmwfi&user=uty4zaivtntn4wuazi724hy18p961u&message=Byla stazena data Jana&title=Stazeni zalohy" -qO- > /dev/null 2>&1 &
fi
if [[ $JEIBICHOVA != 0 ]]; then
scp -P 2282 mstefl@cloud.eibichova.cz:/mnt/backup/jeibichova_$DATUM.tar /mnt/usbdisk/backup/cloud/jeibichova/
wget https://api.pushover.net/1/messages.json --post-data="token=aserhn7trotowcj2xpqowwgyhvmwfi&user=uty4zaivtntn4wuazi724hy18p961u&message=Byla stazena data Jeibichova&title=Stazeni zalohy" -qO- > /dev/null 2>&1 &
fi
sudo umount /mnt/usbdisk/
sleep 10
python /usr/local/bin/disk_off.py

5
Skripty/SSH/ldap_search.sh Executable file
View File

@ -0,0 +1,5 @@
# Pro jednoho
ldapsearch -LLL -b "DC=ct,DC=czech-tv,DC=cz" -D "CN=Ldap ADReader,OU=ServisniUzivatele,OU=Admins,DC=ct,DC=czech-tv,DC=cz" -H "ldap://ct.czech-tv.cz" -w Buchtickyses0do "(&(objectClass=Person)(sAMAccountName=sm233387))"
# Smycka
cat users.txt | while read line; do ldapsearch -LLL -b "DC=ct,DC=czech-tv,DC=cz" -D "CN=Ldap ADReader,OU=ServisniUzivatele,OU=Admins,DC=ct,DC=czech-tv,DC=cz" -H "ldap://ct.czech-tv.cz" -w Buchtickyses0do "(&(objectClass=Person)(sAMAccountName=$line))" | grep "mail:"; done

42
Trac/TracStart.sh Executable file
View File

@ -0,0 +1,42 @@
sudo -u www-data etctracd -p 5544 --pidfile=/var/etctrac.5544 --protocol=http -s /var/www/html/etctrac --basic-auth="*,/etc/nginx/htaccess/etctrac,Restricted"
Install
mysql://etctrac:sojka123@localhost:3306/etctrac
CREATE DATABASE etctrac COLLATE = 'utf8mb4_bin';
grant all privileges on etctrac.* to etctrac@'localhost' identified by 'sojka123';
FLUSH PRIVILEGES;
nginx
server {
listen 443 ssl;
server_name etctrac.czech-tv.cz;
error_log /var/log/nginx/etctrac.log;
access_log /var/log/nginx/etctrac.log;
ssl_certificate /etc/nginx/cert/CT.crt;
ssl_certificate_key /etc/nginx/cert/CT.key;
location / {
proxy_pass http://127.0.0.1:5544;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
}
server {
if ($host = etctrac.czech-tv.cz) {
return 301 https://$host$request_uri;
}
listen 80;
server_name etctrac.czech-tv.cz;
return 404;
}

374
Trac/trac.conf Executable file
View File

@ -0,0 +1,374 @@
# -*- coding: utf-8 -*-
[account-manager]
allow_delete_account = enabled
authentication_url =
db_htdigest_realm =
db_htpasswd_hash_type = crypt
force_passwd_change = enabled
hash_method = HtDigestHashMethod
htdigest_file =
htdigest_realm =
htpasswd_file =
htpasswd_hash_type = crypt
login_attempt_max_count = 0
password_file =
password_store =
persistent_sessions = disabled
refresh_passwd = disabled
register_check = BasicCheck,EmailCheck,BotTrapCheck,RegExpCheck,UsernamePermCheck
user_lock_max_time = 86400
user_lock_time = 0
user_lock_time_progression = 1
username_char_blacklist = :[]
[attachment]
max_size = 262144
max_zip_size = 2097152
render_unsafe_content = disabled
[authz_policy]
authz_file =
[browser]
color_scale = enabled
downloadable_paths = /trunk,/branches/*,/tags/*
hide_properties = svk:merge
intermediate_color =
intermediate_point =
newest_color = (255, 136, 136)
oldest_color = (136, 136, 255)
oneliner_properties = trac:summary
render_unsafe_content = disabled
wiki_properties = trac:description
[changeset]
max_diff_bytes = 10000000
max_diff_files = 0
wiki_format_messages = enabled
[components]
trac.db.sqlite_backend.sqliteconnector = disabled
trac.prefs.web_ui.advancedpreferencepanel = disabled
trac.prefs.web_ui.generalpreferencepanel = disabled
trac.prefs.web_ui.keybindingspreferencepanel = disabled
trac.prefs.web_ui.localizationpreferencepanel = disabled
trac.prefs.web_ui.preferencesmodule = disabled
trac.prefs.web_ui.userinterfacepreferencepanel = disabled
trac.search.web_ui.searchmodule = disabled
trac.ticket.admin.componentadminpanel = disabled
trac.ticket.admin.milestoneadminpanel = disabled
trac.ticket.admin.priorityadminpanel = disabled
trac.ticket.admin.resolutionadminpanel = disabled
trac.ticket.admin.severityadminpanel = disabled
trac.ticket.admin.ticketadmin = disabled
trac.ticket.admin.tickettypeadminpanel = disabled
trac.ticket.api.ticketsystem = disabled
trac.ticket.query.querymodule = disabled
trac.ticket.query.ticketquerymacro = disabled
trac.ticket.report.reportmodule = disabled
trac.ticket.roadmap.defaultticketgroupstatsprovider = disabled
trac.ticket.roadmap.milestonemodule = disabled
trac.ticket.roadmap.roadmapmodule = disabled
trac.ticket.web_ui.ticketmodule = disabled
trac.timeline.web_ui.timelinemodule = disabled
trac.wiki.api.wikisystem = disabled
trac.wiki.web_ui.wikimodule = enabled
tracmenus.web_ui.menumanagermodule = enabled
tracopt.perm.authz_policy.authzpolicy = enabled
tracopt.perm.config_perm_provider.extrapermissionsprovider = enabled
tracopt.ticket.clone.ticketclonebutton = enabled
tracopt.ticket.commit_updater.committicketreferencemacro = enabled
tracopt.ticket.commit_updater.committicketupdater = enabled
tracopt.ticket.deleter.ticketdeleter = enabled
tracopt.versioncontrol.git.* = enabled
tracopt.versioncontrol.git.git_fs.csetpropertyrenderer = enabled
tracopt.versioncontrol.git.git_fs.gitconnector = enabled
tracopt.versioncontrol.git.git_fs.gitwebprojectsrepositoryprovider = enabled
tracopt.versioncontrol.svn.svn_fs.subversionconnector = enabled
tracopt.versioncontrol.svn.svn_prop.subversionmergepropertydiffrenderer = enabled
tracopt.versioncontrol.svn.svn_prop.subversionmergepropertyrenderer = enabled
tracopt.versioncontrol.svn.svn_prop.subversionpropertyrenderer = enabled
trac.db.api.DatabaseManager = enabled
[git]
cached_repository = enabled
git_bin = git
git_fs_encoding = utf-8
persistent_cache = disabled
shortrev_len = 7
trac_user_rlookup = disabled
use_committer_id = enabled
use_committer_time = enabled
wikishortrev_len = 40
[gitweb-repositories]
projects_base = http://etectrac.czech-tv.cz:4321
projects_list =
projects_url =
sync_per_request =
[header_logo]
alt = (please configure the [header_logo] section in trac.ini)
height = -1
link = https://etctrac.czech-tv.cz/browser
src = site/Logo_login.png
width = -1
[inherit]
htdocs_dir =
plugins_dir =
templates_dir =
[ldap]
basedn = DC=ct,DC=czech-tv,DC=cz
bind_passwd = Buchtickyses0do
bind_user = Ldap ADReader,OU=ServisniUzivatele,OU=Admins,DC=ct,DC=czech-tv,DC=cz
enable = true
global_perms = true
store_bind = true
[logging]
log_file = /var/log/trac.log
log_format =
log_level = DEBUG
log_type = file
[mainnav]
admin.order = 8.0
browser.order = 4.0
newticket.order = 6.0
roadmap.order = 3.0
search.order = 7.0
tickets.order = 5.0
timeline.order = 2.0
wiki.order = 1.0
[menu-custom]
managed_menus = mainnav,metanav
[metanav]
about.order = 5.0
help.order = 4.0
login.order = 1.0
logout.order = 2.0
logout.redirect = about
prefs.order = 3.0
[milestone]
default_group_by = component
default_retarget_to =
stats_provider = DefaultTicketGroupStatsProvider
[mimeviewer]
max_preview_size = 262144
mime_map = text/x-dylan:dylan,text/x-idl:ice,text/x-ada:ads:adb
mime_map_patterns = text/plain:README(?!\.rst)|INSTALL(?!\.rst)|COPYING.*
pygments_default_style = trac
pygments_modes =
tab_width = 8
treat_as_binary = application/octet-stream,application/pdf,application/postscript,application/msword,application/rtf
[notification]
admit_domains =
ambiguous_char_width = single
batch_subject_template = ${prefix} Batch modify: ${tickets_descr}
default_format.email = text/plain
email_address_resolvers = SessionEmailResolver
email_sender = SmtpEmailSender
ignore_domains =
message_id_hash = md5
mime_encoding = none
sendmail_path = mailx
smtp_always_bcc =
smtp_always_cc =
smtp_default_domain =
smtp_enabled = disabled
smtp_from = trac@localhost
smtp_from_author = disabled
smtp_from_name =
smtp_password =
smtp_port = 25
smtp_replyto = Martin.Stefl@ceskatelevize.cz
smtp_server = mail.czech-tv.cz
smtp_subject_prefix = __default__
smtp_user =
ticket_subject_template = ${prefix} #${ticket.id}: ${summary}
use_public_cc = disabled
use_short_addr = disabled
use_tls = disabled
[notification-subscriber]
always_notify_cc = CarbonCopySubscriber
always_notify_previous_updater = TicketPreviousUpdatersSubscriber
always_notify_updater = TicketUpdaterSubscriber
[project]
admin =
admin_trac_url = .
descr = SVN pro name servery
footer = Visit the Trac open source project at<br /><a href="http://trac.edgewall.org/">http://trac.edgewall.org/</a>
icon = common/trac.ico
name = CT Trac
url = http://etctrac.czech-tv.cz/browser
[query]
default_anonymous_query = status!=closed&cc~=$USER
default_query = status!=closed&owner=$USER
items_per_page = 100
ticketlink_query = ?status=!closed
[report]
items_per_page = 100
items_per_page_rss = 0
[repositories]
.dir = /var/lib/git/oxidized.git
.type = git
ns_servery.dir = /var/www/svn/
project.description = This is the ''main'' project repository.
project.type = svn
[revisionlog]
default_log_limit = 100
graph_colors = #cc0,#0c0,#0cc,#00c,#c0c,#c00
[roadmap]
stats_provider = DefaultTicketGroupStatsProvider
[search]
default_disabled_filters =
min_query_length = 3
[sqlite]
extensions =
[svn]
authz_file =
authz_module_name =
branches = trunk,branches/*
eol_style = native
tags = tags/*
[theme]
enable_css = disabled
theme = default
[ticket]
allowed_empty_fields = milestone,version
commit_ticket_update_check_perms = enabled
commit_ticket_update_commands.close = close closed closes fix fixed fixes
commit_ticket_update_commands.refs = addresses re references refs see
commit_ticket_update_envelope =
commit_ticket_update_notify = enabled
default_cc =
default_component =
default_description =
default_keywords =
default_milestone =
default_owner = < default >
default_priority = major
default_resolution = fixed
default_severity =
default_summary =
default_type = defect
default_version =
max_comment_size = 262144
max_description_size = 262144
max_summary_size = 262144
preserve_newlines = default
restrict_owner = disabled
workflow = ConfigurableTicketWorkflow
[ticket-workflow]
accept = new,assigned,accepted,reopened -> accepted
accept.operations = set_owner_to_self
accept.permissions = TICKET_MODIFY
create = <none> -> new
create.default = 1
create_and_assign = <none> -> assigned
create_and_assign.label = assign
create_and_assign.operations = may_set_owner
create_and_assign.permissions = TICKET_MODIFY
leave = * -> *
leave.default = 1
leave.operations = leave_status
reassign = new,assigned,accepted,reopened -> assigned
reassign.operations = set_owner
reassign.permissions = TICKET_MODIFY
reopen = closed -> reopened
reopen.operations = del_resolution
reopen.permissions = TICKET_CREATE
resolve = new,assigned,accepted,reopened -> closed
resolve.operations = set_resolution
resolve.permissions = TICKET_MODIFY
[timeline]
abbreviated_messages = enabled
changeset_collapse_events = disabled
changeset_long_messages = disabled
changeset_show_files = 0
default_daysback = 30
max_daysback = 90
newticket_formatter = oneliner
ticket_show_component = disabled
ticket_show_details = disabled
[trac]
anonymous_session_lifetime = 90
auth_cookie_domain =
auth_cookie_lifetime = 0
auth_cookie_path =
auto_preview_timeout = 2.0
auto_reload = disabled
backup_dir = db
base_url =
check_auth_ip = disabled
database = mysql://trac:sojka123@localhost:3306/trac
debug_sql = disabled
default_charset = utf-8
default_date_format =
default_dateinfo_format = relative
default_handler = BrowserModule
default_language = cs
default_timezone = Europe/Prague
genshi_cache_size = 128
htdocs_location =
ignore_auth_case = disabled
jquery_location =
jquery_ui_location =
jquery_ui_theme_location =
mysqldump_path = mysqldump
never_obfuscate_mailto = disabled
permission_policies = DefaultWikiPolicy,DefaultTicketPolicy,DefaultPermissionPolicy,LegacyAttachmentPolicy
permission_store = DefaultPermissionStore
request_filters =
resizable_textareas = enabled
secure_cookies = disabled
show_email_addresses = disabled
show_full_names = enabled
show_ip_addresses = disabled
timeout = 20
use_base_url_for_redirect = disabled
use_chunked_encoding = disabled
use_xsendfile = disabled
wiki_toolbars = enabled
xsendfile_header = X-Sendfile
[tracnav]
provide_jpnav = disabled
[versioncontrol]
allowed_repository_dir_prefixes =
default_repository_type = svn
[wiki]
default_edit_area_height = 20
ignore_missing_pages = disabled
max_size = 262144
render_unsafe_content = disabled
safe_origins = data:
safe_schemes = cvs,file,ftp,git,irc,http,https,news,sftp,smb,ssh,svn,svn+ssh
split_page_names = disabled
ct@wikisystemaci:~$

62
TrendMicro/PHA_WIN_DETECT.ps1 Executable file
View File

@ -0,0 +1,62 @@
<powershell>
#requires -version 4.0
# PowerShell 4 or up is required to run this script
# This script detects platform and architecture. It then downloads and installs the relevant Deep Security Agent package
if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Warning "You are not running as an Administrator. Please try again with admin privileges."
exit 1
}
$managerUrl="https://workload.de-1.cloudone.trendmicro.com:443/"
$env:LogPath = "$env:appdata\Trend Micro\Deep Security Agent\installer"
New-Item -path $env:LogPath -type directory
Start-Transcript -path "$env:LogPath\dsa_deploy.log" -append
echo "$(Get-Date -format T) - DSA download started"
if ( [intptr]::Size -eq 8 ) {
$sourceUrl=-join($managerUrl, "software/agent/Windows/x86_64/agent.msi") }
else {
$sourceUrl=-join($managerUrl, "software/agent/Windows/i386/agent.msi") }
echo "$(Get-Date -format T) - Download Deep Security Agent Package" $sourceUrl
$ACTIVATIONURL="dsm://agents.workload.de-1.cloudone.trendmicro.com:443/"
$WebClient = New-Object System.Net.WebClient
# Add agent version control info
$WebClient.Headers.Add("Agent-Version-Control", "on")
$WebClient.QueryString.Add("tenantID", "16055")
$WebClient.QueryString.Add("windowsVersion", (Get-CimInstance Win32_OperatingSystem).Version)
$WebClient.QueryString.Add("windowsProductType", (Get-CimInstance Win32_OperatingSystem).ProductType)
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
Try
{
$WebClient.DownloadFile($sourceUrl, "$env:temp\agent.msi")
} Catch [System.Net.WebException]
{
echo " Please check that your Workload Security Manager TLS certificate is signed by a trusted root certificate authority."
exit 2;
}
if ( (Get-Item "$env:temp\agent.msi").length -eq 0 ) {
echo "Failed to download the Deep Security Agent. Please check if the package is imported into the Workload Security Manager. "
exit 1
}
echo "$(Get-Date -format T) - Downloaded File Size:" (Get-Item "$env:temp\agent.msi").length
echo "$(Get-Date -format T) - DSA install started"
echo "$(Get-Date -format T) - Installer Exit Code:" (Start-Process -FilePath msiexec -ArgumentList "/i $env:temp\agent.msi /qn ADDLOCAL=ALL /l*v `"$env:LogPath\dsa_install.log`"" -Wait -PassThru).ExitCode
echo "$(Get-Date -format T) - DSA activation started"
Start-Sleep -s 50
& $Env:ProgramFiles"\Trend Micro\Deep Security Agent\dsa_control" -r
& $Env:ProgramFiles"\Trend Micro\Deep Security Agent\dsa_control" -a $ACTIVATIONURL "tenantID:A81DBFF5-5CDE-EB5F-8F5D-EF3F75B718A1" "token:30F394D6-2CAB-DA5A-911D-62AD64593936" "policyid:35" "groupid:34"
#& $Env:ProgramFiles"\Trend Micro\Deep Security Agent\dsa_control" -a dsm://agents.workload.de-1.cloudone.trendmicro.com:443/ "tenantID:A81DBFF5-5CDE-EB5F-8F5D-EF3F75B718A1" "token:30F394D6-2CAB-DA5A-911D-62AD64593936" "policyid:35" "groupid:34"
Stop-Transcript
echo "$(Get-Date -format T) - DSA Deployment Finished"
</powershell>

62
TrendMicro/PHA_WIN_PROTECT.ps1 Executable file
View File

@ -0,0 +1,62 @@
<powershell>
#requires -version 4.0
# PowerShell 4 or up is required to run this script
# This script detects platform and architecture. It then downloads and installs the relevant Deep Security Agent package
if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Warning "You are not running as an Administrator. Please try again with admin privileges."
exit 1
}
$managerUrl="https://workload.de-1.cloudone.trendmicro.com:443/"
$env:LogPath = "$env:appdata\Trend Micro\Deep Security Agent\installer"
New-Item -path $env:LogPath -type directory
Start-Transcript -path "$env:LogPath\dsa_deploy.log" -append
echo "$(Get-Date -format T) - DSA download started"
if ( [intptr]::Size -eq 8 ) {
$sourceUrl=-join($managerUrl, "software/agent/Windows/x86_64/agent.msi") }
else {
$sourceUrl=-join($managerUrl, "software/agent/Windows/i386/agent.msi") }
echo "$(Get-Date -format T) - Download Deep Security Agent Package" $sourceUrl
$ACTIVATIONURL="dsm://agents.workload.de-1.cloudone.trendmicro.com:443/"
$WebClient = New-Object System.Net.WebClient
# Add agent version control info
$WebClient.Headers.Add("Agent-Version-Control", "on")
$WebClient.QueryString.Add("tenantID", "16055")
$WebClient.QueryString.Add("windowsVersion", (Get-CimInstance Win32_OperatingSystem).Version)
$WebClient.QueryString.Add("windowsProductType", (Get-CimInstance Win32_OperatingSystem).ProductType)
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
Try
{
$WebClient.DownloadFile($sourceUrl, "$env:temp\agent.msi")
} Catch [System.Net.WebException]
{
echo " Please check that your Workload Security Manager TLS certificate is signed by a trusted root certificate authority."
exit 2;
}
if ( (Get-Item "$env:temp\agent.msi").length -eq 0 ) {
echo "Failed to download the Deep Security Agent. Please check if the package is imported into the Workload Security Manager. "
exit 1
}
echo "$(Get-Date -format T) - Downloaded File Size:" (Get-Item "$env:temp\agent.msi").length
echo "$(Get-Date -format T) - DSA install started"
echo "$(Get-Date -format T) - Installer Exit Code:" (Start-Process -FilePath msiexec -ArgumentList "/i $env:temp\agent.msi /qn ADDLOCAL=ALL /l*v `"$env:LogPath\dsa_install.log`"" -Wait -PassThru).ExitCode
echo "$(Get-Date -format T) - DSA activation started"
Start-Sleep -s 50
& $Env:ProgramFiles"\Trend Micro\Deep Security Agent\dsa_control" -r
& $Env:ProgramFiles"\Trend Micro\Deep Security Agent\dsa_control" -a $ACTIVATIONURL "tenantID:A81DBFF5-5CDE-EB5F-8F5D-EF3F75B718A1" "token:30F394D6-2CAB-DA5A-911D-62AD64593936" "policyid:35" "groupid:35"
#& $Env:ProgramFiles"\Trend Micro\Deep Security Agent\dsa_control" -a dsm://agents.workload.de-1.cloudone.trendmicro.com:443/ "tenantID:A81DBFF5-5CDE-EB5F-8F5D-EF3F75B718A1" "token:30F394D6-2CAB-DA5A-911D-62AD64593936" "policyid:35" "groupid:35"
Stop-Transcript
echo "$(Get-Date -format T) - DSA Deployment Finished"
</powershell>

2
mqtt/mqtt_pub.txt Executable file
View File

@ -0,0 +1,2 @@
mosquitto_pub -h 192.168.1.20 -t "node/dvere/relay/set" -m "2"