Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
| elearning:workbooks:debian:11:sec:l107 [2025/12/01 07:55] – admin | elearning:workbooks:debian:11:sec:l107 [2025/12/04 15:40] (Version actuelle) – admin | ||
|---|---|---|---|
| Ligne 1: | Ligne 1: | ||
| ~~PDF: | ~~PDF: | ||
| - | |||
| - | OPENVPN | ||
| - | DNS et cryptographie : DNSSEC | ||
| Version : **2026.01** | Version : **2026.01** | ||
| Ligne 8: | Ligne 5: | ||
| Dernière mise-à-jour : ~~LASTMOD~~ | Dernière mise-à-jour : ~~LASTMOD~~ | ||
| - | ======LDF407 - Cryptologie====== | + | ======LDF407 - Balayage des Ports====== |
| - | =====Contenu du module===== | + | =====Contenu du Module===== |
| - | * **LDF407 - Cryptologie** | + | * **LDF407 - Balayage des Ports** |
| - | * Contenu du module | + | * Contenu du Module |
| * Le Problématique | * Le Problématique | ||
| - | | + | |
| - | * 1.1 - Utilisation | + | * 1.1 - nmap |
| - | * L' | + | * Installation |
| - | * L' | + | * Utilisation |
| - | * L' | + | * Fichiers de Configuration |
| - | * L' | + | * Scripts |
| - | | + | * 1.2 - netcat |
| - | | + | * Utilisation |
| * Les Contre-Mesures | * Les Contre-Mesures | ||
| - | | + | * LAB #2 - Mise en place du Système |
| - | * Définitions | + | * 2.1 - Installation |
| - | * Algorithmes à clé secrète | + | * 2.2 - Configuration |
| - | * Le Chiffrement Symétrique | + | * 2.3 - Utilisation |
| - | * Algorithmes à clef publique | + | * LAB #3 - Mise en place du Système |
| - | * Le Chiffrement Asymétrique | + | * 3.1 - Installation |
| - | * La Clef de Session | + | * 3.2 - Configuration |
| - | * Fonctions de Hachage | + | * 3.3 - Utilisation |
| - | * Signature Numérique | + | |
| - | * PKI | + | |
| - | * Certificats X509 | + | |
| - | | + | |
| - | * 2.1 - Présentation | + | |
| - | * 2.2 - Installation | + | |
| - | * 2.3 - Utilisation | + | |
| - | * Signer un message | + | |
| - | * Chiffrer un message | + | |
| - | | + | |
| - | * 3.1 - Introduction | + | |
| - | | + | |
| - | * SSH-2 | + | |
| - | * L' | + | |
| - | * L' | + | |
| - | | + | |
| - | * 3.3 - Utilisation | + | |
| - | * 3.4 - Mise en place des clefs | + | |
| - | * 3.5 - Tunnels SSH | + | |
| - | * 3.6 - SCP | + | |
| - | * Introduction | + | |
| - | * Utilisation | + | |
| - | * LAB #4 - Mise en place d'un VPN avec OpenVPN | + | |
| - | * Présentation | + | |
| - | * Configuration commune au client et au serveur | + | |
| - | * Configuration du client | + | |
| - | * Configuration du serveur | + | |
| - | * Tests | + | |
| - | * Du client vers le serveur | + | |
| - | * Du serveur vers le client | + | |
| =====Le Problématique===== | =====Le Problématique===== | ||
| - | Le **sniffing** des paquets de données | + | Un **Cheval de Troie** est un binaire qui se cache dans un autre. Il est exécuté suite à l' |
| - | * Telnet, | + | * Back Orifice 2000 - tcp/8787, tcp/ |
| - | * Rlogin, | + | * Backdoor - tcp/1999, |
| - | * Ftp, | + | * Subseven - tcp/1243, tcp/ 2773, tcp/ |
| - | * Pop3. | + | * Socket de Troie - tcp/5001, tcp/30303, tcp/50505. |
| - | Un // | + | Le **scan** consiste à balayer |
| - | * Tcpdump. | + | * connaître les ports qui sont ouverts, |
| + | * déterminer le système d' | ||
| + | * identifier les services ouverts. | ||
| - | =====LAB #1 - Utilisation de tcpdump===== | + | Plusieurs scanners existent dont : |
| - | Le logiciel | + | |
| + | | ||
| - | ===1.1 - Utilisation=== | + | ====LAB #1 - Utilisation |
| - | Installez **tcpdump** : | + | === 1.1 - nmap === |
| - | < | + | ==Installation== |
| - | root@debian12: | + | |
| - | </ | + | |
| - | + | ||
| - | ==L' | + | |
| - | Pour écouter sur une **interface spécifique**, utilisez l'option **-i** | + | Sous Debian 12, **nmap** n'est pas installé par défaut |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | tcpdump: verbose output suppressed, use -v[v]... for full protocol decode | + | root@debian12:~# |
| - | listening on ens18, link-type EN10MB (Ethernet), snapshot length 262144 bytes | + | |
| - | 17: | + | |
| - | 17: | + | |
| - | 17: | + | |
| - | 17: | + | |
| - | 17: | + | |
| - | 17: | + | |
| - | 17: | + | |
| - | 17: | + | |
| - | 17: | + | |
| - | 17: | + | |
| - | 10 packets captured | + | |
| - | 14 packets received by filter | + | |
| - | 0 packets dropped by kernel | + | |
| </ | </ | ||
| - | Notez qu'à la fin, un résumé vous est présenté, par exemple | + | Installez donc nmap en utilisant APT : |
| < | < | ||
| - | ... | + | root@debian12: |
| - | 10 packets captured | + | |
| - | 14 packets received by filter | + | |
| - | 0 packets dropped by kernel | + | |
| </ | </ | ||
| - | <WRAP center round important> | + | ==Utilisation== |
| - | **Important** : L' | + | |
| - | </ | + | |
| - | ==L' | + | Pour connaître la liste des ports ouverts |
| - | + | ||
| - | Pour écouter | + | |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | tcpdump: verbose output suppressed, use -v[v]... for full protocol decode | + | Starting Nmap 7.93 ( https://nmap.org ) at 2025-11-27 16:48 CET |
| - | listening on ens18, link-type EN10MB (Ethernet), snapshot length 262144 bytes | + | Nmap scan report for localhost (127.0.0.1) |
| - | 17: | + | Host is up (0.0000090s latency). |
| - | | + | Not shown: 996 closed tcp ports (reset) |
| - | 0x0010: | + | PORT STATE SERVICE |
| - | 0x0020: | + | 22/ |
| - | 0x0030: | + | 80/ |
| - | 0x0040: | + | 631/ |
| - | 0x0050: | + | 5900/tcp open vnc |
| - | 0x0060: | + | |
| - | 0x0070: | + | |
| - | 0x0080: | + | |
| - | 0x0090: | + | |
| - | 0x00a0: | + | |
| - | 0x00b0: | + | |
| - | 0x00c0: | + | |
| - | 0x00d0: | + | |
| - | 0x00e0: | + | |
| - | 17:27:24.043485 IP 10.0.2.1.42252 > 10.0.2.46.ssh: Flags [.], ack 188, win 10548, options [nop,nop,TS val 1647743423 ecr 3552922403], | + | |
| - | | + | |
| - | 0x0010: | + | |
| - | 0x0020: | + | |
| - | 0x0030: | + | |
| - | 17: | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | 0x0040: | + | |
| - | 3 packets captured | + | |
| - | 10 packets received by filter | + | |
| - | 0 packets dropped by kernel | + | |
| - | </code> | + | |
| - | ==L' | + | Nmap done: 1 IP address (1 host up) scanned |
| - | + | ||
| - | Pour écouter sur une interface spécifique et voir le contenu en Hexadécimal et en ASCII, utilisez les options -i et **-X** | + | |
| - | + | ||
| - | < | + | |
| - | root@debian12: | + | |
| - | tcpdump: verbose output suppressed, use -v[v]... for full protocol decode | + | |
| - | listening on ens18, link-type EN10MB (Ethernet), snapshot length 262144 bytes | + | |
| - | 13: | + | |
| - | 0x0000: | + | |
| - | 0x0010: | + | |
| - | 0x0020: | + | |
| - | 0x0030: | + | |
| - | 0x0040: | + | |
| - | 0x0050: | + | |
| - | 0x0060: | + | |
| - | 0x0070: | + | |
| - | 0x0080: | + | |
| - | 0x0090: | + | |
| - | 0x00a0: | + | |
| - | 0x00b0: | + | |
| - | 0x00c0: | + | |
| - | 0x00d0: | + | |
| - | 0x00e0: | + | |
| - | 13: | + | |
| - | 0x0000: | + | |
| - | 0x0010: | + | |
| - | 0x0020: | + | |
| - | 0x0030: | + | |
| - | 13: | + | |
| - | 0x0000: | + | |
| - | 0x0010: | + | |
| - | 0x0020: | + | |
| - | 0x0030: | + | |
| - | 0x0040: | + | |
| - | 3 packets captured | + | |
| - | 10 packets received by filter | + | |
| - | 0 packets dropped by kernel | + | |
| - | </ | + | |
| - | + | ||
| - | ==L' | + | |
| - | + | ||
| - | Pour écouter sur une interface spécifique et envoyer la sortie dans un fichier, utilisez les options -i et **-w** et patientez 5 minutes : | + | |
| - | + | ||
| - | < | + | |
| - | root@debian12: | + | |
| - | tcpdump: listening on ens18, link-type EN10MB (Ethernet), snapshot length 262144 bytes | + | |
| - | ^C42 packets captured | + | |
| - | 45 packets received by filter | + | |
| - | 0 packets dropped by kernel | + | |
| - | + | ||
| - | root@debian12: | + | |
| - | -rw-r--r-- 1 tcpdump tcpdump 25555 Nov 28 13:11 log.dump | + | |
| </ | </ | ||
| <WRAP center round important 50%> | <WRAP center round important 50%> | ||
| - | **Important** - Arrêtez | + | **Important** - Pour connaître les ports ouverts sur une machine distante, |
| </ | </ | ||
| - | Notez que le fichier log.dump est au format | + | ==Fichiers de Configuration== |
| + | |||
| + | **nmap** utilise un fichier spécifique pour identifier les ports. Ce fichier | ||
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | log.dump: pcap capture file, microsecond ts (little-endian) - version 2.4 (Ethernet, capture length 262144) | + | # THIS FILE IS GENERATED AUTOMATICALLY FROM A MASTER - DO NOT EDIT. |
| + | # EDIT / | ||
| + | # Well known service port numbers -*- mode: fundamental; | ||
| + | # From the Nmap Security Scanner | ||
| + | # | ||
| + | # $Id: nmap-services 38442 2022-08-31 22:53:46Z dmiller $ | ||
| + | # | ||
| + | # Derived from IANA data and our own research | ||
| + | # | ||
| + | # This collection of service data is (C) 1996-2020 by Insecure.Com | ||
| + | # LLC. It is distributed under the Nmap Public Source license as | ||
| + | # provided in the LICENSE file of the source distribution or at | ||
| + | # https:// | ||
| + | # requires you to license your own work under a compatable open source | ||
| + | # license. | ||
| + | # software, we sell alternative licenses (contact sales@insecure.com). | ||
| + | # Dozens of software vendors already license Nmap technology such as | ||
| + | # host discovery, port scanning, OS detection, and version | ||
| + | # For more details, see https:// | ||
| + | # | ||
| + | # Fields in this file are: Service name, portnum/ | ||
| + | # | ||
| + | tcpmux | ||
| + | tcpmux | ||
| + | compressnet | ||
| + | compressnet | ||
| + | compressnet | ||
| + | compressnet | ||
| + | unknown | ||
| + | rje | ||
| + | rje | ||
| + | unknown 6/tcp | ||
| + | echo 7/ | ||
| + | echo 7/tcp | ||
| + | echo 7/udp | ||
| + | unknown 8/tcp | ||
| + | discard 9/ | ||
| + | discard 9/tcp | ||
| + | discard 9/udp | ||
| + | unknown 10/ | ||
| + | systat | ||
| + | systat | ||
| + | unknown 12/ | ||
| + | daytime 13/ | ||
| + | daytime 13/ | ||
| + | unknown 14/ | ||
| + | netstat 15/ | ||
| + | unknown 16/ | ||
| + | qotd 17/ | ||
| + | qotd 17/ | ||
| + | msp | ||
| + | msp | ||
| + | chargen 19/ | ||
| + | chargen 19/ | ||
| + | ftp-data | ||
| + | --More--(0%) | ||
| </ | </ | ||
| - | ==L'option -v== | + | Le répertoire **/ |
| - | + | ||
| - | Tcpdump peut être utilisé avec un de trois modes verbose. | + | |
| - | + | ||
| - | ^ Mode ^ Option ^ | + | |
| - | | Light verbose | -v | | + | |
| - | | Medium verbose | -vv | | + | |
| - | | Full verbose | -vvv | | + | |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | tcpdump: listening on ens18, link-type EN10MB (Ethernet), snapshot length 262144 bytes | + | total 9368 |
| - | 13: | + | -rw-r--r-- 1 root root 10829 Jan 16 2023 nmap.dtd |
| - | | + | -rw-r--r-- 1 root root 824437 Jan 16 2023 nmap-mac-prefixes |
| - | 13: | + | -rw-r--r-- 1 root root 5032815 Jan 16 2023 nmap-os-db |
| - | | + | -rw-r--r-- 1 root root 21165 Jan 16 2023 nmap-payloads |
| - | 13:13:22.951837 IP (tos 0x10, ttl 64, id 34139, offset 0, flags [DF], proto TCP (6), length 176) | + | -rw-r--r-- 1 root root 6845 Jan 16 2023 nmap-protocols |
| - | | + | -rw-r--r-- |
| - | 3 packets captured | + | -rw-r--r-- 1 root root 2506640 Jan 16 2023 nmap-service-probes |
| - | 10 packets received by filter | + | -rw-r--r-- |
| - | 0 packets dropped by kernel | + | -rw-r--r-- 1 root root 31936 Jan 16 2023 nmap.xsl |
| + | drwxr-xr-x 3 root root 4096 Nov 27 16:46 nselib | ||
| + | -rw-r--r-- | ||
| + | drwxr-xr-x 2 root root 36864 Nov 27 16:46 scripts | ||
| </ | </ | ||
| - | ===1.2 - Filtrage à l' | + | Voici la liste des fichiers les plus importants : |
| - | Tcpdump peut effectuer du filtrage lors de l'écoute. | + | ^ Fichier ^ Description ^ |
| + | | / | ||
| + | | / | ||
| + | | / | ||
| + | | / | ||
| - | Pour uniquement écouter les paquets en provenance de l' | + | ==Scripts== |
| - | # tcpdump src host 192.168.1.11 [Entrée] | + | **nmap** utilise |
| - | + | ||
| - | Pour uniquement écouter les paquets en provenance de l' | + | |
| - | + | ||
| - | # tcpdump src host 192.168.1.11 and dst host 192.168.1.2 [Entrée] | + | |
| - | + | ||
| - | Pour uniquement écouter les paquets d'un port précis, utilisez la condition **port** : | + | |
| - | + | ||
| - | # tcpdump -i eth0 port 80 [Entrée] | + | |
| - | + | ||
| - | Pour uniquement écouter les paquets d'un protocole précis, utilisez une condition telle **ip**, **icmp**, **arp**, **rarp**, **udp** ou **tcp**: | + | |
| - | + | ||
| - | # tcpdump -i eth0 udp [Entrée] | + | |
| - | + | ||
| - | Pour uniquement écouter les paquets d'une taille inférieure à 100 octets, utilisez la condition **less** : | + | |
| - | + | ||
| - | # tcpdump -i eth0 less 100 [Entrée] | + | |
| - | + | ||
| - | Pour uniquement écouter les paquets d'une taille supérieure à 100 octets, utilisez la condition **great** : | + | |
| - | + | ||
| - | # tcpdump -i eth0 greater 100 [Entrée] | + | |
| - | + | ||
| - | L' | + | |
| - | + | ||
| - | # tcpdump -i eth0 -X src host 192.168.1.11 and dst host 192.168.1.2 and port 21 and ftp [Entrée] | + | |
| - | + | ||
| - | ===Options | + | |
| - | + | ||
| - | Les options | + | |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | tcpdump | + | acarsd-info.nse |
| - | libpcap | + | address-info.nse |
| - | OpenSSL 3.0.17 1 Jul 2025 | + | afp-brute.nse |
| - | Usage: tcpdump [-AbdDefhHIJKlLnNOpqStuUvxX# | + | afp-ls.nse |
| - | | + | afp-path-vuln.nse |
| - | | + | afp-serverinfo.nse |
| - | | + | afp-showmount.nse |
| - | | + | ajp-auth.nse |
| - | | + | ajp-brute.nse |
| - | | + | ajp-headers.nse |
| - | | + | ajp-methods.nse |
| + | ajp-request.nse | ||
| + | allseeingeye-info.nse | ||
| + | amqp-info.nse | ||
| + | asn-query.nse | ||
| + | auth-owners.nse | ||
| + | auth-spoof.nse | ||
| + | backorifice-brute.nse | ||
| + | backorifice-info.nse | ||
| + | bacnet-info.nse | ||
| + | banner.nse | ||
| + | bitcoin-getaddr.nse | ||
| + | bitcoin-info.nse | ||
| + | bitcoinrpc-info.nse | ||
| + | bittorrent-discovery.nse | ||
| + | bjnp-discover.nse | ||
| + | broadcast-ataoe-discover.nse | ||
| + | broadcast-avahi-dos.nse | ||
| + | broadcast-bjnp-discover.nse | ||
| + | broadcast-db2-discover.nse | ||
| + | broadcast-dhcp6-discover.nse | ||
| + | broadcast-dhcp-discover.nse | ||
| + | broadcast-dns-service-discovery.nse | ||
| + | broadcast-dropbox-listener.nse | ||
| + | broadcast-eigrp-discovery.nse | ||
| + | broadcast-hid-discoveryd.nse | ||
| + | broadcast-igmp-discovery.nse | ||
| + | broadcast-jenkins-discover.nse | ||
| + | broadcast-listener.nse | ||
| + | broadcast-ms-sql-discover.nse | ||
| + | broadcast-netbios-master-browser.nse | ||
| + | broadcast-networker-discover.nse | ||
| + | broadcast-novell-locate.nse | ||
| + | broadcast-ospf2-discover.nse | ||
| + | broadcast-pc-anywhere.nse | ||
| + | broadcast-pc-duo.nse | ||
| + | broadcast-pim-discovery.nse | ||
| + | broadcast-ping.nse | ||
| + | broadcast-pppoe-discover.nse | ||
| + | broadcast-rip-discover.nse | ||
| + | broadcast-ripng-discover.nse | ||
| + | broadcast-sonicwall-discover.nse | ||
| + | broadcast-sybase-asa-discover.nse | ||
| + | broadcast-tellstick-discover.nse | ||
| + | broadcast-upnp-info.nse | ||
| + | broadcast-versant-locate.nse | ||
| + | broadcast-wake-on-lan.nse | ||
| + | broadcast-wpad-discover.nse | ||
| + | broadcast-wsdd-discover.nse | ||
| + | broadcast-xdmcp-discover.nse | ||
| + | cassandra-brute.nse | ||
| + | cassandra-info.nse | ||
| + | cccam-version.nse | ||
| + | cics-enum.nse | ||
| + | cics-info.nse | ||
| + | cics-user-brute.nse | ||
| + | cics-user-enum.nse | ||
| + | citrix-brute-xml.nse | ||
| + | citrix-enum-apps.nse | ||
| + | citrix-enum-apps-xml.nse | ||
| + | citrix-enum-servers.nse | ||
| + | citrix-enum-servers-xml.nse | ||
| + | clamav-exec.nse | ||
| + | clock-skew.nse | ||
| + | coap-resources.nse | ||
| + | couchdb-databases.nse | ||
| + | couchdb-stats.nse | ||
| + | creds-summary.nse | ||
| + | cups-info.nse | ||
| + | cups-queue-info.nse | ||
| + | cvs-brute.nse | ||
| + | cvs-brute-repository.nse | ||
| + | daap-get-library.nse | ||
| + | daytime.nse | ||
| + | db2-das-info.nse | ||
| + | deluge-rpc-brute.nse | ||
| + | dhcp-discover.nse | ||
| + | dicom-brute.nse | ||
| + | dicom-ping.nse | ||
| + | dict-info.nse | ||
| + | distcc-cve2004-2687.nse | ||
| + | dns-blacklist.nse | ||
| + | dns-brute.nse | ||
| + | dns-cache-snoop.nse | ||
| + | dns-check-zone.nse | ||
| + | dns-client-subnet-scan.nse | ||
| + | dns-fuzz.nse | ||
| + | dns-ip6-arpa-scan.nse | ||
| + | dns-nsec3-enum.nse | ||
| + | dns-nsec-enum.nse | ||
| + | dns-nsid.nse | ||
| + | dns-random-srcport.nse | ||
| + | dns-random-txid.nse | ||
| + | dns-recursion.nse | ||
| + | dns-service-discovery.nse | ||
| + | dns-srv-enum.nse | ||
| + | dns-update.nse | ||
| + | dns-zeustracker.nse | ||
| + | dns-zone-transfer.nse | ||
| + | docker-version.nse | ||
| + | domcon-brute.nse | ||
| + | domcon-cmd.nse | ||
| + | domino-enum-users.nse | ||
| + | dpap-brute.nse | ||
| + | drda-brute.nse | ||
| + | drda-info.nse | ||
| + | duplicates.nse | ||
| + | eap-info.nse | ||
| + | enip-info.nse | ||
| + | epmd-info.nse | ||
| + | eppc-enum-processes.nse | ||
| </ | </ | ||
| - | =====Les Contre-Mesures===== | + | Les scripts sont regroupés dans des catégories : **auth**, **broadcast**, **brute**, **default**, **discovery**, **dos**, **exploit**, **external**, **fuzzer**, **intrusive**, **malware**, **safe**, **version** and **vuln**. |
| - | + | ||
| - | Les contre-mesures incluent l' | + | |
| - | + | ||
| - | ====Introduction à la cryptologie==== | + | |
| - | + | ||
| - | ===Définitions=== | + | |
| - | + | ||
| - | * **La Cryptologie** | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | * Est le fait d' | + | |
| - | + | ||
| - | {{ : | + | |
| - | + | ||
| - | **La Cryptographie** | + | |
| - | + | ||
| - | La cryptographie apporte quatre points clefs: | + | |
| - | + | ||
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | + | ||
| - | La cryptographie est basée sur l' | + | |
| - | + | ||
| - | | + | |
| - | | + | |
| - | | + | |
| - | + | ||
| - | Le chiffrement se fait à l'aide d'une clef de chiffrement. Le déchiffrement nécessite | + | |
| - | + | ||
| - | On distingue deux types de clefs: | + | |
| - | + | ||
| - | | + | |
| - | * des clés utilisées pour le chiffrement ainsi que pour le déchiffrement. On parle alors de chiffrement symétrique ou de chiffrement à clé secrète. | + | |
| - | * Les clés asymétriques: | + | |
| - | * des clés utilisées dans le cas du chiffrement asymétrique (aussi appelé chiffrement à clé publique). Dans ce cas, une clé différente est utilisée pour le chiffrement et pour le déchiffrement. | + | |
| - | + | ||
| - | **Le Chiffrement par Substitution** | + | |
| - | + | ||
| - | Le chiffrement par substitution consiste à remplacer dans un message une ou plusieurs entités (généralement des lettres) par une ou plusieurs autres entités. On distingue généralement plusieurs types de cryptosystèmes par substitution : | + | |
| - | + | ||
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | * permet de faire correspondre à chaque lettre du message en clair un ensemble possible d' | + | |
| - | * La substitution de **polygrammes** | + | |
| - | * consiste à substituer un groupe de caractères (polygramme) dans le message par un autre groupe de caractères | + | |
| - | + | ||
| - | ===Algorithmes à clé secrète=== | + | |
| - | + | ||
| - | ==Le Chiffrement Symétrique== | + | |
| - | + | ||
| - | Ce système est aussi appelé le système à **Clef Secrète** ou à **clef privée**. | + | |
| - | + | ||
| - | Ce système consiste à effectuer une opération de chiffrement par algorithme mais comporte un inconvénient, | + | |
| - | + | ||
| - | {{: | + | |
| <WRAP center round important 50%> | <WRAP center round important 50%> | ||
| - | **Important** - Le système de Méthode du Masque Jetable (One Time Pad) fût mis au point dans les années 1920. Il utilisait une clef générée aléatoirement à usage unique. | + | **Important** - Pour plus d' |
| </ | </ | ||
| - | Les algorithmes de chiffrement symétrique couramment utilisés en informatique sont: | + | La catégorie |
| - | + | ||
| - | * **[[wpfr> | + | |
| - | * **[[wpfr> | + | |
| - | * **[[wpfr> | + | |
| - | * **[[wpfr> | + | |
| - | * **[[wpfr> | + | |
| - | * **[[wpfr> | + | |
| - | + | ||
| - | ===Algorithmes à clef publique=== | + | |
| - | + | ||
| - | ==Le Chiffrement Asymétrique== | + | |
| - | + | ||
| - | Ce système est aussi appelé **Système à Clef Publique**. | + | |
| - | + | ||
| - | Ce système consiste à avoir deux clefs appelées des **bi-clefs**: | + | |
| - | + | ||
| - | * Une clef **publique** pour le chiffrement | + | |
| - | * Une clef **secrète** ou **privée** pour le déchiffrement | + | |
| - | + | ||
| - | {{: | + | |
| - | + | ||
| - | * L' | + | |
| - | * A partir de cette clef il génère plusieurs clefs publiques grâce à un algorithme. | + | |
| - | * L' | + | |
| - | + | ||
| - | Ce système | + | |
| - | + | ||
| - | Il existe toutefois un problème – s' | + | |
| - | + | ||
| - | Les algorithmes de chiffrement asymétrique couramment utilisés en informatique sont: | + | |
| - | + | ||
| - | * **[[wpfr> | + | |
| - | * **[[wpfr> | + | |
| - | + | ||
| - | ==La Clef de Session== | + | |
| - | + | ||
| - | Ce système | + | |
| - | + | ||
| - | {{: | + | |
| - | + | ||
| - | Ce système fonctionne de la façon suivante : | + | |
| - | + | ||
| - | * L' | + | |
| - | | + | |
| - | | + | |
| - | * L' | + | |
| - | + | ||
| - | ===Fonctions de Hachage=== | + | |
| - | + | ||
| - | La fonction de **hachage**, | + | |
| - | + | ||
| - | {{: | + | |
| - | + | ||
| - | Les deux algorithmes de hachage utilisés sont: | + | |
| - | + | ||
| - | * **[[wpfr> | + | |
| - | * **[[wpfr> | + | |
| - | + | ||
| - | Lors de son envoie, le message est accompagné de son haché et il est donc possible de garantir son intégrité: | + | |
| - | + | ||
| - | {{: | + | |
| - | + | ||
| - | * A la réception du message, le destinataire ou l’utilisateur B calcule le haché du message reçu et le compare avec le haché accompagnant le document. | + | |
| - | * Si le message ou le haché a été falsifié durant la communication, | + | |
| - | + | ||
| - | <WRAP center round important 50%> | + | |
| - | **Important** - Ce système permet de vérifier que l' | + | |
| - | </ | + | |
| - | + | ||
| - | ===Signature Numérique=== | + | |
| - | + | ||
| - | Pour garantir l' | + | |
| - | + | ||
| - | {{: | + | |
| - | + | ||
| - | * L’utilisateur A envoie le sceau au destinataire. | + | |
| - | * A la réception du message L’utilisateur B déchiffre le sceau avec la clé publique de l’utilisateur A. | + | |
| - | * Il compare le haché obtenu au haché reçu en pièce jointe. | + | |
| - | + | ||
| - | Ce mécanisme de création de sceau est appelé **scellement**. | + | |
| - | + | ||
| - | Ce mécanisme est identique au procédé utilisé par SSH lors d'une connexion | + | |
| - | + | ||
| - | ===PKI=== | + | |
| - | + | ||
| - | On appelle **[[wpfr> | + | |
| - | + | ||
| - | Les cryptosystèmes à clés publiques permettent de s' | + | |
| - | + | ||
| - | * La clé publique est bien celle de son propriétaire ; | + | |
| - | * Le propriétaire de la clé est digne de confiance ; | + | |
| - | * La clé est toujours valide. | + | |
| - | + | ||
| - | Ainsi, il est nécessaire d' | + | |
| - | + | ||
| - | Le tiers de confiance est une entité appelée communément autorité de certification (ou en anglais Certification authority, abrégé CA) chargée d' | + | |
| - | + | ||
| - | Pour ce faire, l' | + | |
| - | + | ||
| - | Le rôle de l' | + | |
| - | + | ||
| - | * enregistrer des demandes de clés en vérifiant l' | + | |
| - | * générer les paires de clés (clé privée / clé publique) ; | + | |
| - | * garantir la confidentialité des clés privées correspondant aux clés publiques ; | + | |
| - | * certifier l' | + | |
| - | * révoquer des clés (en cas de perte par son propriétaire, | + | |
| - | + | ||
| - | Une infrastructure à clé publique est en règle générale composée de trois entités distinctes : | + | |
| - | + | ||
| - | * L' | + | |
| - | * L' | + | |
| - | * L' | + | |
| - | + | ||
| - | ==Certificats X509== | + | |
| - | + | ||
| - | Pour palier aux problèmes liés à des clefs publiques piratées, un système de certificats a été mis en place. | + | |
| - | + | ||
| - | Le certificat permet d’associer la clef publique à une entité ou une personne. Les certificats sont délivrés par des Organismes de Certification. | + | |
| - | + | ||
| - | Les certificats sont des fichiers divisés en deux parties : | + | |
| - | + | ||
| - | * La partie contenant les informations | + | |
| - | * La partie contenant la signature de l' | + | |
| - | + | ||
| - | La structure des certificats est normalisée par le standard **[[wpfr> | + | |
| - | + | ||
| - | Elle contient : | + | |
| - | + | ||
| - | * Le nom de l' | + | |
| - | * Le nom du propriétaire du certificat | + | |
| - | * La date de validité du certificat | + | |
| - | * L' | + | |
| - | * La clé publique du propriétaire | + | |
| - | + | ||
| - | Le Certificat est signé par l' | + | |
| - | + | ||
| - | {{: | + | |
| - | + | ||
| - | La vérification se passe ainsi: | + | |
| - | + | ||
| - | {{: | + | |
| - | + | ||
| - | =====LAB #2 - Utilisation de GnuPG===== | + | |
| - | + | ||
| - | ====2.1 - Présentation==== | + | |
| - | + | ||
| - | **GNU Privacy Guard** permet aux utilisateurs de transférer des messages chiffrés et/ou signés. | + | |
| - | + | ||
| - | ====2.2 - Utilisation==== | + | |
| - | + | ||
| - | Pour initialiser %%GnuPG%%, saisissez la commande suivante : | + | |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | gpg: directory '/root/.gnupg' created | + | Starting Nmap 7.93 ( https://nmap.org ) at 2025-11-27 16:51 CET |
| - | gpg: keybox '/ | + | NSE: Loaded 125 scripts for scanning. |
| - | gpg: WARNING: no command supplied. | + | NSE: Script Pre-scanning. |
| - | gpg: Go ahead and type your message | + | Initiating NSE at 16:51 |
| - | ^C | + | Completed NSE at 16:51, 0.00s elapsed |
| - | gpg: signal Interrupt caught | + | Initiating NSE at 16:51 |
| - | </code> | + | Completed NSE at 16:51, 0.00s elapsed |
| - | + | Initiating SYN Stealth Scan at 16:51 | |
| - | <WRAP center round important 50%> | + | Scanning localhost (127.0.0.1) [1000 ports] |
| - | **Important** - Notez l' | + | Discovered open port 22/tcp on 127.0.0.1 |
| - | </WRAP> | + | Discovered open port 5900/tcp on 127.0.0.1 |
| - | + | Discovered open port 80/tcp on 127.0.0.1 | |
| - | Pour générer les clefs, saisissez la commande suivante : | + | Discovered open port 631/tcp on 127.0.0.1 |
| - | + | Completed SYN Stealth Scan at 16:51, 0.03s elapsed | |
| - | <WRAP center round important 50%> | + | NSE: Script scanning 127.0.0.1. |
| - | **Important** - Lorsque le système vous demande une Passphrase, saisissez une valeur que n' | + | Initiating NSE at 16:51 |
| - | </WRAP> | + | Completed NSE at 16:51, 2.00s elapsed |
| - | + | Initiating NSE at 16:51 | |
| - | < | + | Completed NSE at 16:51, 0.00s elapsed |
| - | root@debian12:~# gpg --full-generate-key | + | Nmap scan report for localhost |
| - | gpg (GnuPG) 2.2.40; Copyright | + | Host is up (0.0000090s latency). |
| - | This is free software: you are free to change and redistribute it. | + | Other addresses for localhost |
| - | There is NO WARRANTY, to the extent permitted by law. | + | Not shown: 996 closed tcp ports (reset) |
| - | + | PORT STATE SERVICE | |
| - | Please select what kind of key you want: | + | 22/ |
| - | | + | | ssh-hostkey: |
| - | | + | | 256 738a4166831b9c8af2bfb567ed025c4d |
| - | | + | |_ 256 86dcfbca68069284b2ddb0545cbc4e2b |
| - | (4) RSA (sign only) | + | 80/ |
| - | (14) Existing key from card | + | | http-methods: |
| - | Your selection? 1 | + | |_ Supported Methods: GET POST OPTIONS HEAD |
| - | RSA keys may be between 1024 and 4096 bits long. | + | |_http-title: |
| - | What keysize do you want? (3072) | + | 631/ |
| - | Requested keysize is 3072 bits | + | | ssl-cert: Subject: commonName=debian12/ |
| - | Please specify how long the key should be valid. | + | | Subject Alternative Name: DNS: |
| - | 0 = key does not expire | + | | Issuer: commonName=debian12/ |
| - | < | + | | Public |
| - | < | + | | Public |
| - | < | + | | Signature Algorithm: sha256WithRSAEncryption |
| - | < | + | | Not valid before: 2025-11-27T15: |
| - | Key is valid for? (0) | + | | Not valid after: |
| - | Key does not expire at all | + | | MD5: |
| - | Is this correct? (y/N) y | + | |_SHA-1: 0bda6fab805a00a5cdc863da5357a3791a58eca6 |
| - | + | | http-methods: | |
| - | GnuPG needs to construct a user ID to identify your key. | + | |_ Supported Methods: GET HEAD POST OPTIONS |
| - | + | |_http-title: Home - CUPS 2.4.2 | |
| - | Real name: ITTRAINING | + | |_ssl-date: TLS randomness does not represent time |
| - | Email address: infos@ittraining.team | + | | http-robots.txt: 1 disallowed entry |
| - | Comment: Test key | + | |_/ |
| - | You selected this USER-ID: | + | 5900/tcp open vnc |
| - | " | + | | vnc-info: |
| - | + | | | |
| - | Change (N)ame, (C)omment, (E)mail or (O)kay/ | + | | |
| - | We need to generate a lot of random bytes. It is a good idea to perform | + | |_ VNC Authentication (2) |
| - | some other action (type on the keyboard, move the mouse, utilize the | + | |
| - | disks) during the prime generation; this gives the random number | + | |
| - | generator a better chance to gain enough entropy. | + | |
| - | We need to generate a lot of random bytes. It is a good idea to perform | + | |
| - | some other action (type on the keyboard, move the mouse, utilize the | + | |
| - | disks) during the prime generation; this gives the random number | + | |
| - | generator a better chance to gain enough entropy. | + | |
| - | gpg: / | + | |
| - | gpg: directory '/ | + | |
| - | gpg: revocation certificate stored as '/ | + | |
| - | public and secret key created and signed. | + | |
| - | pub | + | NSE: Script Post-scanning. |
| - | | + | Initiating NSE at 16:51 |
| - | uid ITTRAINING | + | Completed NSE at 16:51, 0.00s elapsed |
| - | sub | + | Initiating NSE at 16:51 |
| + | Completed NSE at 16:51, 0.00s elapsed | ||
| + | Read data files from: / | ||
| + | Nmap done: 1 IP address | ||
| + | Raw packets sent: 1000 (44.000KB) | Rcvd: 2004 (84.176KB) | ||
| </ | </ | ||
| - | La liste de clefs peut être visualisée avec la commande suivante : | + | <WRAP center round warning |
| - | + | **Attention** - La catégorie par défaut **default** contient certains scripts de la catégorie | |
| - | < | + | |
| - | root@debian12: | + | |
| - | gpg: checking the trustdb | + | |
| - | gpg: marginals needed: 3 completes needed: 1 trust model: pgp | + | |
| - | gpg: depth: 0 valid: | + | |
| - | / | + | |
| - | ------------------------ | + | |
| - | pub | + | |
| - | B6022CC107539B4036A90FAEABAD13CD27F9E686 | + | |
| - | uid | + | |
| - | sub | + | |
| - | </ | + | |
| - | + | ||
| - | Pour importer la clef d'un correspondant dans sa trousse de clefs il convient d' | + | |
| - | + | ||
| - | <WRAP center round important | + | |
| - | **Important** - La commande suivante est un exemple. Ne la saisissez | + | |
| </ | </ | ||
| - | # gpg --import | + | ==Options de la commande== |
| - | Pour exporter sa clef publique, il convient d' | + | Les options de cette commande |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | + | Nmap 7.93 ( https://nmap.org ) | |
| - | root@debian12:~# cat mykey.asc | + | Usage: nmap [Scan Type(s)] [Options] {target specification} |
| - | -----BEGIN PGP PUBLIC KEY BLOCK----- | + | TARGET SPECIFICATION: |
| - | + | Can pass hostnames, IP addresses, networks, etc. | |
| - | mQGNBGkpk+gBDACq6M7rUNQFu/R6J+1p3RAB1+gwnszs/jZuBAo6y9i1buBsySP9 | + | Ex: scanme.nmap.org, |
| - | oV9JmFfRe4P2QG/mgmSaGgeO0sE5m+r2Jhif2fShjHYLd6VTSVZRyfO+NW3MDbkm | + | |
| - | MtIf4LlXRrTALGE5TclLWFz5a2iqRjtT8IjSPAu1M9TLUaMXtWXN6jQY1YOnjxPN | + | |
| - | 3HL8bwdaY0k8icKr8JRbmEijCWo2F4t2qTtdOXuRFAImxBpX49eJR0oC5bzXZPYx | + | |
| - | LbirNsEwSULIyQ71gdF5OUb0aOSiQLXLuTLAs2BnxAJ82tB/dM8qP0ez0lXLJvvF | + | |
| - | +t0eHdWzUHH4qlXuNtBXK7pEbvjqftO69PJLDp/PwjEfUsELcxDyUFpphhZDJ8zN | + | HOST DISCOVERY: |
| - | qvRgll3fojjr91WWWqr8YTd4EiTvq9KfUyAiTOfKm8k4iRQRTJir267Fq8Mno8/B | + | |
| - | My1tNeHWzCXMs3k/ | + | -sn: Ping Scan - disable port scan |
| - | XTBUX/CS3ZmLC3MAEQEAAbQtSVRUUkFJTklORyAoVGVzdCBrZXkpIDxpbmZvc0Bp | + | -Pn: Treat all hosts as online -- skip host discovery |
| - | dHRyYWluaW5nLnRlYW0+iQHOBBMBCgA4FiEEtgIswQdTm0A2qQ+uq60TzSf55oYF | + | -PS/PA/PU/PY[portlist]: |
| - | Amkpk+gCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQq60TzSf55oZEsAv+ | + | -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes |
| - | Ky14vHWjMzU1ieE+XStqGYfjfAHhaNrpkWCz6miozuh+ESifNWpJd96bzwgNLGob | + | |
| - | E5mA9oja5jyAEQUGT+gEwgvkbYVe4sf4UcXPRrvDqKiEOkN5rra3kYYdhHhpiFes | + | -n/-R: Never do DNS resolution/ |
| - | BmwQvW2dyElNO1ee/zzQOZ0Hd3vM/vdbmZRg8zKoV5eQz/MA2jpxF9IkXEDtUMzZ | + | |
| - | C5kqTMRXdoWR2ZP2HLZjUstRX7d9BP/8oeg+2lMq9UlULWrYyVaD85dEAmCt9mQz | + | |
| - | TqtAMmtp5IXalT+vKwhMu0MwUfyXyvl7ery4kxfmFtEeJQyxrdK2gihDxr0ndxBH | + | |
| - | mowlIoBiGYMhUr/aF0lM00blpRAUoGv1rO2DUWh8TXzRJq6FJ4pzo9XRwR0dP7A6 | + | SCAN TECHNIQUES: |
| - | VBlBdhX2SlE9XJOjLq9ppV5Vr9u6ZauwEI6kBLoagjWOF3t34Gnvel8zO+H5fhhq | + | -sS/sT/sA/sW/sM: TCP SYN/ |
| - | UKMOAbC0SYmLVIPNUauHYoKiJlWb+Dlr96NsPm0sYBbB047hr0evBUmkJNrulI3N | + | -sU: UDP Scan |
| - | uQGNBGkpk+gBDADZu1B0itmBIGzxjGmUjK9UagW3HNLNVX3jn2Jwe7yl3vL/d3Fk | + | -sN/sF/sX: TCP Null, FIN, and Xmas scans |
| - | qBRydky32P4whbUSiJN71Tze9l+WOxeXGa0orKPPha/oQtlnmqyM6WBfOmvjSQkn | + | |
| - | xCrS131SYjFb5dcQXoqTtUk8Wu4qoMHu/Mi9jtx8GrrENWzR7DFG2MDWwcM4TmUk | + | -sI <zombie host[: |
| - | zs6azU/jaQX/YrGmYU3vB/zpKEZSo89pJ/S2FQ/6Fr+nnh7El3thNJxLRH40UlZs | + | -sY/sZ: SCTP INIT/ |
| - | FIpfm95Q+wtC224wckro/Xf/ | + | -sO: IP protocol scan |
| - | IITHq92gQSAKFhwSauaPtJ++oQNRgz5vJhCg78XfyBGpwDS6P0NM5RVEz6LMhQzI | + | -b <FTP relay host>: FTP bounce scan |
| - | 4LziGmYH/iWj0pv45Uze7hOZaWhBPlPWFixJ97nl3soxA7hV1MLt/Ohy5jxGC8U3 | + | PORT SPECIFICATION AND SCAN ORDER: |
| - | CrtEjyAIQxCmEUF0vPa7X1KB+FxCpJ8mYXBZ5w1DwBN7qsOnnHZKFcaPGW8r1am6 | + | -p <port ranges>: Only scan specified ports |
| - | Ab25ee028mua9RkAEQEAAYkBtgQYAQoAIBYhBLYCLMEHU5tANqkPrqutE80n+eaG | + | Ex: -p22; -p1-65535; -p U: |
| - | BQJpKZPoAhsMAAoJEKutE80n+eaGCRgMAJiG7Q8oF6oMkn6Xh7kXVH2yF4CKN9/j | + | --exclude-ports <port ranges>: Exclude the specified ports from scanning |
| - | /qtImK/ikn14+/QNYpUbF4kIGadeCVgpKZZ+R9QLXTW7WQV4hgoOW3yiET3FTEBc | + | -F: Fast mode - Scan fewer ports than the default scan |
| - | YoxDxegwlk9+gPiOMJ0+9R43IUs+jFrra1jcUpSg+1Nv2IijdPwape3HyPhYgDmZ | + | -r: Scan ports sequentially - don't randomize |
| - | VxORrNtqBCkhtLpJO5VTiThAny+rNBHk1t1vQg4tEkCLGcOD8bsdxhACZnM0DVYY | + | --top-ports < |
| - | rA6afeDnm7CTfVtc3QFAi2+ltYcDIrMxMF0b1VASlbU14TE6ep2Ic30ScpDJL8De | + | --port-ratio < |
| - | skhWi2/0v2WwhbmdGzfv5K5V3Z6NtoB3OUaHzKqzgEQeqjudgRaL440UsDtEFRHE | + | SERVICE/VERSION DETECTION: |
| - | vh6kVR0MPTFjg+8khUjjrSYUzqiiK6iJDxn+m0XJvHzQTeCHQlgRrPj9HGp7isyK | + | -sV: Probe open ports to determine service/version info |
| - | o9Wf8fVvnksR8xc/2NcJwp0fo7ULwdADjgMtPUR155ukI8Xt9Aws+5OsYrIxBMMc | + | |
| - | DTh6aJal6iGcG4aXbTzwIFXHW9WipS5B4A== | + | --version-light: |
| - | =rrxA | + | --version-all: |
| - | -----END PGP PUBLIC KEY BLOCK----- | + | --version-trace: |
| + | SCRIPT SCAN: | ||
| + | -sC: equivalent to --script=default | ||
| + | --script=< | ||
| + | | ||
| + | --script-args=< | ||
| + | --script-args-file=filename: | ||
| + | --script-trace: | ||
| + | --script-updatedb: | ||
| + | --script-help=< | ||
| + | < | ||
| + | | ||
| + | OS DETECTION: | ||
| + | -O: Enable OS detection | ||
| + | --osscan-limit: | ||
| + | --osscan-guess: | ||
| + | TIMING AND PERFORMANCE: | ||
| + | Options which take < | ||
| + | ' | ||
| + | -T< | ||
| + | --min-hostgroup/max-hostgroup < | ||
| + | | ||
| + | --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout < | ||
| + | probe round trip time. | ||
| + | --max-retries < | ||
| + | --host-timeout < | ||
| + | --scan-delay/--max-scan-delay < | ||
| + | --min-rate < | ||
| + | --max-rate < | ||
| + | FIREWALL/IDS EVASION AND SPOOFING: | ||
| + | -f; --mtu < | ||
| + | -D < | ||
| + | -S < | ||
| + | -e < | ||
| + | -g/--source-port < | ||
| + | --proxies < | ||
| + | | ||
| + | | ||
| + | | ||
| + | --ip-options < | ||
| + | --ttl < | ||
| + | --spoof-mac <mac address/prefix/ | ||
| + | | ||
| + | OUTPUT: | ||
| + | -oN/-oX/-oS/-oG < | ||
| + | and Grepable format, respectively, | ||
| + | -oA < | ||
| + | -v: Increase verbosity level (use -vv or more for greater effect) | ||
| + | -d: Increase debugging level (use -dd or more for greater effect) | ||
| + | --reason: Display the reason a port is in a particular state | ||
| + | --open: Only show open (or possibly open) ports | ||
| + | --packet-trace: | ||
| + | --iflist: Print host interfaces and routes (for debugging) | ||
| + | --append-output: | ||
| + | --resume < | ||
| + | --noninteractive: | ||
| + | --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML | ||
| + | | ||
| + | | ||
| + | MISC: | ||
| + | -6: Enable IPv6 scanning | ||
| + | -A: Enable OS detection, version detection, script scanning, and traceroute | ||
| + | | ||
| + | | ||
| + | | ||
| + | --unprivileged: | ||
| + | -V: Print version number | ||
| + | -h: Print this help summary page. | ||
| + | EXAMPLES: | ||
| + | nmap -v -A scanme.nmap.org | ||
| + | nmap -v -sn 192.168.0.0/ | ||
| + | nmap -v -iR 10000 -Pn -p 80 | ||
| + | SEE THE MAN PAGE (https:// | ||
| </ | </ | ||
| - | Cette clef peut ensuite être jointe à des messages électroniques ou bien déposée sur un serveur de clefs tel http:// | + | ===1.2 - netcat === |
| - | ===Signer | + | **netcat** est un couteau suisse. Il permet non seulement de scanner des ports mais aussi de lancer la connexion lors de la découverte d'un port ouvert. |
| - | Créez maintenant un message à signer : | + | ==Utilisation== |
| - | < | + | Dans l' |
| - | root@debian12: | + | |
| - | + | ||
| - | root@debian12: | + | |
| - | # ~/ | + | |
| - | Ceci est un message de test pour GnuPG | + | |
| - | </ | + | |
| - | + | ||
| - | Pour signer ce message en format binaire, il convient d' | + | |
| - | + | ||
| - | <WRAP center round important 50%> | + | |
| - | **Important** - Entrez votre Passphrase quand gpg vous la demande. | + | |
| - | </ | + | |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | gpg: using " | + | localhost [127.0.0.1] 80 (http) open |
| + | [ENTREE] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> | ||
| + | HTTP/1.1 400 Bad Request | ||
| + | Date: Thu, 27 Nov 2025 15:53:56 GMT | ||
| + | Server: Apache/ | ||
| + | Content-Length: 301 | ||
| + | Connection: close | ||
| + | Content-Type: text/html; charset=iso-8859-1 | ||
| - | root@debian12: | + | <!DOCTYPE HTML PUBLIC |
| - | -rw-r--r-- 1 root root 55 Nov 28 13:28 message.txt | + | < |
| - | -rw-r--r-- 1 root root 461 Nov 28 13:28 message.txt.sig | + | <title>400 Bad Request</title> |
| - | + | </head>< | |
| - | root@debian12: | + | < |
| - | + | < | |
| - | 4!, | + | </p> |
| - | '| | + | <hr> |
| - | M<~,# | + | <address>Apache/2.4.65 (Debian) Server at 127.0.0.1 Port 80</address> |
| - | </code> | + | </body></html> |
| - | + | sent 1, rcvd 483 | |
| - | Pour signer ce message en format ascii, il convient d' | + | |
| - | + | ||
| - | <code> | + | |
| - | root@debian12: | + | |
| - | + | ||
| - | gpg: using " | + | |
| - | + | ||
| - | root@debian12: | + | |
| - | -rw-r--r-- 1 root root 55 Nov 28 13:28 message.txt | + | |
| - | -rw-r--r-- 1 root root 691 Nov 28 13:31 message.txt.asc | + | |
| - | -rw-r--r-- 1 root root 461 Nov 28 13:28 message.txt.sig | + | |
| - | + | ||
| - | root@debian12: | + | |
| - | -----BEGIN PGP SIGNATURE----- | + | |
| - | + | ||
| - | iQHKBAABCgA0FiEEtgIswQdTm0A2qQ+uq60TzSf55oYFAmkplgkWHGluZm9zQGl0 | + | |
| - | dHJhaW5pbmcudGVhbQAKCRCrrRPNJ/nmhiteC/ | + | |
| - | Ml72F9permfoLc83fj+zZfigUxZe4DHx0TslVtFhntkg+7wF1H3MmUyKOhwCXFO4 | + | |
| - | ccyE9/DDJR384muuAP1q05bnXz0SHkTQaXVteCvAfHB8kzqQg04ePCBcIWK6YQVv | + | |
| - | MBVm2O4pFDXWu1+0S69YnAelElZrzoqCaqprkQCcJvekBSV2NUNPLcwcBGq966+q | + | |
| - | T9bGxPtW/5oTaPfFRzWwT/ | + | |
| - | ZQsz2eby3oyv5KduA2emMnstQGCBq6zukYUpTgtzXB6jF1S71okiow11NsPra0m+ | + | |
| - | 9CAcg3tiylnkUJEgsvfZ45uctN+2UqBNAXMgVsHGUhJtugfPzfwWpfC/BMMdLS46 | + | |
| - | g2nTttJexAGjjtw4Y0uFIYbNI0xXeH8ooh0AgQcXS5IOVH2zYs0GIdMxzRYFhRmc | + | |
| - | nVRd/mHfQ21Mi1C5AnxDkqx6RpeH1maaLsPOFlo= | + | |
| - | =2N1N | + | |
| - | -----END PGP SIGNATURE----- | + | |
| - | </code> | + | |
| - | + | ||
| - | Pour signer ce message **dans le message lui-même** en format ascii, il convient d' | + | |
| - | + | ||
| - | <code> | + | |
| - | root@debian12: | + | |
| - | gpg: using " | + | |
| - | File ' | + | |
| - | + | ||
| - | root@debian12: | + | |
| - | -rw-r--r-- 1 root root 55 Nov 28 13:28 message.txt | + | |
| - | -rw-r--r-- 1 root root 795 Nov 28 13:33 message.txt.asc | + | |
| - | -rw-r--r-- | + | |
| - | + | ||
| - | root@debian12: | + | |
| - | -----BEGIN PGP SIGNED MESSAGE----- | + | |
| - | Hash: SHA512 | + | |
| - | + | ||
| - | # ~/ | + | |
| - | Ceci est un message de test pour GnuPG | + | |
| - | -----BEGIN PGP SIGNATURE----- | + | |
| - | + | ||
| - | iQHKBAEBCgA0FiEEtgIswQdTm0A2qQ+uq60TzSf55oYFAmkplpsWHGluZm9zQGl0 | + | |
| - | dHJhaW5pbmcudGVhbQAKCRCrrRPNJ/ | + | |
| - | QzcoDIIDMF71lizXIQ4DL2GCKhO3pelEWfyofUxd1sddT2qIHIsRTULaqHPRRjOU | + | |
| - | 9e/ | + | |
| - | qNPNlSZ4kzim3LyASyg8SYTGfft35S1S+7bjoY7LHfJUlGuSFRtlDMlhTbrrDqhI | + | |
| - | S3TL6EeNFCdEVoxCPamsAKvuk4BV8Fe2rCjQqm/ | + | |
| - | i7lQkZz+IjoTqwrjboL1mPWt6DMgiBX0IWas4kxKiBeZzyDZm6HGNeeMsqnReTcR | + | |
| - | TPNM9FdDmpcxYzrRbYAoWTmdhiPdD/ | + | |
| - | i3yOFw/ | + | |
| - | scYMCHrlrUfErpkLD1H6eFhSA4StmdZPmAA5DBA= | + | |
| - | =07RM | + | |
| - | -----END PGP SIGNATURE----- | + | |
| - | </code> | + | |
| - | + | ||
| - | Pour vérifier la signature d'un message signé en mode ascii, il convient d' | + | |
| - | + | ||
| - | <code> | + | |
| - | root@debian12: | + | |
| - | gpg: Signature made Fri 28 Nov 2025 01:33:31 PM CET | + | |
| - | gpg: using RSA key B6022CC107539B4036A90FAEABAD13CD27F9E686 | + | |
| - | gpg: issuer " | + | |
| - | gpg: Good signature from " | + | |
| - | gpg: WARNING: not a detached signature; file ' | + | |
| </ | </ | ||
| <WRAP center round important 50%> | <WRAP center round important 50%> | ||
| - | **Important** - Pour vérifier la signature d'un message signé en mode ascii et produit en dehors du message lui-même, il convient d' | + | **Important** - Notez que **netcat** se connecte au port 80 qui est ouvert. |
| - | + | ||
| - | # gpg --verify message.txt.asc message.txt | + | |
| </ | </ | ||
| - | ===Chiffrer un message=== | + | ==Options de la commande== |
| - | Pour chiffrer un message, il faut disposer | + | Les options |
| - | + | ||
| - | gpg --recipient < | + | |
| - | + | ||
| - | * //< | + | |
| - | * //< | + | |
| - | + | ||
| - | Par exemple pour chiffrer un message en mode binaire, il convient de saisir la commande | + | |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | + | [v1.10-47] | |
| - | root@debian12:~# ls -l | grep message | + | connect to somewhere: |
| - | -rw-r--r-- 1 root root 55 Nov 28 13:28 message.txt | + | listen for inbound: nc -l -p port [-options] [hostname] [port] |
| - | -rw-r--r-- 1 root root 795 Nov 28 13:33 message.txt.asc | + | options: |
| - | -rw-r--r-- 1 root root 510 Nov 28 13:35 message.txt.gpg | + | -c shell commands |
| - | -rw-r--r-- 1 root root 461 Nov 28 13:28 message.txt.sig | + | |
| - | + | | |
| - | root@debian12: | + | |
| - | ӛS4 | + | -G num source-routing pointer: 4, 8, 12, ... |
| - | t> | + | -h this cruft |
| - | # | + | |
| - | e^4, | + | |
| - | | + | |
| - | ^&Mw.*ԬYrɺޕr}o/ | + | |
| + | -o file hex dump of traffic | ||
| + | -p port local port number | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | -u UDP mode | ||
| + | | ||
| + | -w secs | ||
| + | | ||
| + | | ||
| + | port numbers can be individual or ranges: lo-hi [inclusive]; | ||
| + | hyphens in port names must be backslash escaped | ||
| </ | </ | ||
| - | Et pour chiffrer un message en mode ascii, il convient de saisir la commande suivante : | + | =====Les Contre-Mesures===== |
| - | < | + | Les contre-mesures incluent l'utilisation d'un **S**ystème de **D**étection d' |
| - | root@debian12: | + | |
| - | File 'message.txt.asc' | + | |
| - | root@debian12: | + | ====LAB |
| - | -rw-r--r-- 1 root root 55 Nov 28 13:28 message.txt | + | |
| - | -rw-r--r-- 1 root root 752 Nov 28 13:38 message.txt.asc | + | |
| - | -rw-r--r-- 1 root root 510 Nov 28 13:36 message.txt.gpg | + | |
| - | -rw-r--r-- 1 root root 461 Nov 28 13:28 message.txt.sig | + | |
| - | root@debian12: | + | Snort est un **S**ystème de **D**étection d' |
| - | -----BEGIN PGP MESSAGE----- | + | |
| - | hQGMA9ObUzTZ86GvAQwAxAGoxKHBMh53+bPqHs338vhWjxAZs19aItMm+CM2pKu5 | + | === 2.1 - Installation === |
| - | i4euJ36o+oVfbVTcqVNh4Q8I72QTOYTRTeXRWaUtVjp055A07BtlxGPbps9GXkVv | + | |
| - | 1faIs8viwHF1FHDC3Iz/ | + | |
| - | ylZxPngzTOR4RDbMbkZ5OvJKXNrOOiHUSDOMmI9o9nu7sxnMiPP3NUqilN/ | + | |
| - | xveV/ | + | |
| - | 21umlYbcIPtw87+h9twBj7vK5FUi7j8C5QWoDoM4XERf/ | + | |
| - | dTaZlgTtxM3CY7/ | + | |
| - | bIlrpLbs6yqtjant1bkZ5PuNhB1bRNxrSKZUZKdEMeY5M+C0GjKskjN84+OqgjRV | + | |
| - | 39GkfPDwqw/ | + | |
| - | PKDwHyTKCGN3NQKOIrw9LbIXehYEdrdFwGizGUXba1EWwVs+qMsmFueoQfcvA19N | + | |
| - | CJ2HPuO3qAVIDpYyX+vwdKQASbb8AMQIIksoQv7i | + | |
| - | =481C | + | |
| - | -----END PGP MESSAGE----- | + | |
| - | </ | + | |
| - | Pour décrypter un message il convient d'utiliser la commande suivante : | + | Sous Debian 12, **snort** n'est pas installé par défaut. Qui plus est **snort** ne se trouve pas dans les dépôts standards. |
| - | < | + | Commencez donc par installer |
| - | root@debian12: | + | |
| - | gpg: encrypted with 3072-bit RSA key, ID D39B5334D9F3A1AF, | + | |
| - | " | + | |
| - | # ~/ | + | |
| - | Ceci est un message de test pour GnuPG | + | |
| - | </ | + | |
| - | + | ||
| - | =====LAB #3 - Mise en place de SSH et SCP===== | + | |
| - | + | ||
| - | ====3.1 - Introduction==== | + | |
| - | + | ||
| - | La commande **[[wpfr> | + | |
| - | + | ||
| - | * Le **serveur SSH** | + | |
| - | * le démon sshd, qui s' | + | |
| - | * Le **client SSH** | + | |
| - | * ssh ou scp, qui assure la connexion et le dialogue avec le serveur, | + | |
| - | * La **session** qui représente la connexion courante et qui commence juste après l' | + | |
| - | * Les **clefs** | + | |
| - | * **Couple de clef utilisateur asymétriques** et persistantes qui assurent l' | + | |
| - | * **Clef hôte asymétrique et persistante** garantissant l' | + | |
| - | * **Clef serveur asymétrique et temporaire** utilisée | + | |
| - | * **Clef de session symétrique qui est générée aléatoirement** et qui permet le chiiffrement de la communication entre le client et le serveur. Elle est détruite en fin de session. SSH-1 utilise une seule clef tandis que SSH-2 utilise une clef par direction de la communication, | + | |
| - | * La **base de données des hôtes connus** qui stocke | + | |
| - | + | ||
| - | SSH fonctionne | + | |
| - | + | ||
| - | * Le client contacte le serveur sur son port 22, | + | |
| - | * Les client et le serveur échangent leur version de SSH. En cas de non-compatibilité de versions, l'un des deux met fin au processus, | + | |
| - | * Le serveur SSH s' | + | |
| - | * Sa clé hôte, | + | |
| - | * Sa clé serveur, | + | |
| - | * Une séquence aléatoire de huit octets | + | |
| - | * Une liste de méthodes de chiffrage, compression et authentification, | + | |
| - | * Le client et le serveur produisent un identifiant identique, un haché MD5 long de 128 bits contenant la clé hôte, la clé serveur et la séquence aléatoire, | + | |
| - | * Le client génère sa clé de session symétrique et la chiffre deux fois de suite, une fois avec la clé hôte du serveur et la deuxième fois avec la clé serveur. Le client envoie cette clé au serveur accompagnée de la séquence aléatoire et un choix d' | + | |
| - | * Le serveur déchiffre la clé de session, | + | |
| - | * Le client et le serveur mettent en place le canal sécurisé. | + | |
| - | + | ||
| - | ===SSH-1=== | + | |
| - | + | ||
| - | SSH-1 utilise une paire de clefs de type RSA1. Il assure l' | + | |
| - | + | ||
| - | Afin de s' | + | |
| - | + | ||
| - | * **Kerberos**, | + | |
| - | * **Rhosts**, | + | |
| - | * **%%RhostsRSA%%**, | + | |
| - | * Par **clef asymétrique**, | + | |
| - | * **TIS**, | + | |
| - | * Par **mot de passe**. | + | |
| - | + | ||
| - | ===SSH-2=== | + | |
| - | + | ||
| - | SSH-2 utilise **DSA**, | + | |
| - | + | ||
| - | * **SSH-TRANS** – Transport Layer Protocol, | + | |
| - | * **SSH-AUTH** – Authentification Protocol, | + | |
| - | * **SSH-CONN** – Connection Protocol. | + | |
| - | + | ||
| - | SSH-2 diffère de SSH-1 essentiellement dans la phase authentification. | + | |
| - | + | ||
| - | Trois méthodes d' | + | |
| - | + | ||
| - | * Par **clef asymétrique**, | + | |
| - | * Identique à SSH-1 sauf avec l' | + | |
| - | * **%%RhostsRSA%%**, | + | |
| - | * Par **mot de passe**. | + | |
| - | + | ||
| - | ===L' | + | |
| - | + | ||
| - | L' | + | |
| - | + | ||
| - | Avantage: | + | |
| - | * Aucune configuration de clef asymétrique n'est nécessaire. | + | |
| - | + | ||
| - | Inconvénients: | + | |
| - | * L' | + | |
| - | * Moins sécurisé qu'un système par clef asymétrique. | + | |
| - | + | ||
| - | ===L' | + | |
| - | + | ||
| - | * Le **client** envoie au serveur une requête d' | + | |
| - | * Le **serveur** recherche une correspondance pour ce module dans le fichier des clés autorisés **~/ | + | |
| - | * Dans le cas où une correspondance n'est pas trouvée, le serveur met fin à la communication, | + | |
| - | * Dans le cas contraire le serveur génère une chaîne aléatoire de 256 bits appelée un **challenge** et la chiffre avec la **clé publique du client**, | + | |
| - | * Le **client** reçoit le challenge et le décrypte avec la partie privée de sa clé. Il combine le challenge avec l' | + | |
| - | * Le **serveur** génère le même haché et le compare avec celui reçu du client. Si les deux hachés sont identiques, l' | + | |
| - | + | ||
| - | ====3.2 - Configuration du Serveur==== | + | |
| - | + | ||
| - | La configuration du serveur s' | + | |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | + | ||
| - | # This is the sshd server system-wide configuration file. See | + | |
| - | # sshd_config(5) for more information. | + | |
| - | + | ||
| - | # This sshd was compiled with PATH=/ | + | |
| - | + | ||
| - | # The strategy used for options in the default sshd_config shipped with | + | |
| - | # OpenSSH is to specify options with their default value where | + | |
| - | # possible, but leave them commented. | + | |
| - | # default value. | + | |
| - | + | ||
| - | Include / | + | |
| - | + | ||
| - | #Port 22 | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | + | ||
| - | #HostKey / | + | |
| - | #HostKey / | + | |
| - | #HostKey / | + | |
| - | + | ||
| - | # Ciphers and keying | + | |
| - | #RekeyLimit default none | + | |
| - | + | ||
| - | # Logging | + | |
| - | # | + | |
| - | #LogLevel INFO | + | |
| - | + | ||
| - | # Authentication: | + | |
| - | + | ||
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | + | ||
| - | # | + | |
| - | + | ||
| - | # Expect .ssh/ | + | |
| - | # | + | |
| - | + | ||
| - | # | + | |
| - | + | ||
| - | # | + | |
| - | # | + | |
| - | + | ||
| - | # For this to work you will also need host keys in / | + | |
| - | # | + | |
| - | # Change to yes if you don't trust ~/ | + | |
| - | # HostbasedAuthentication | + | |
| - | # | + | |
| - | # Don't read the user's ~/.rhosts and ~/.shosts files | + | |
| - | # | + | |
| - | + | ||
| - | # To disable tunneled clear text passwords, change to no here! | + | |
| - | # | + | |
| - | # | + | |
| - | + | ||
| - | # Change to yes to enable challenge-response passwords (beware issues with | + | |
| - | # some PAM modules and threads) | + | |
| - | KbdInteractiveAuthentication no | + | |
| - | + | ||
| - | # Kerberos options | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | + | ||
| - | # GSSAPI options | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | + | ||
| - | # Set this to ' | + | |
| - | # and session processing. If this is enabled, PAM authentication will | + | |
| - | # be allowed through the KbdInteractiveAuthentication and | + | |
| - | # PasswordAuthentication. | + | |
| - | # PAM authentication via KbdInteractiveAuthentication may bypass | + | |
| - | # the setting of " | + | |
| - | # If you just want the PAM account and session checks to run without | + | |
| - | # PAM authentication, | + | |
| - | # and KbdInteractiveAuthentication to ' | + | |
| - | UsePAM yes | + | |
| - | + | ||
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | X11Forwarding yes | + | |
| - | # | + | |
| - | # | + | |
| - | #PermitTTY yes | + | |
| - | PrintMotd no | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | #UseDNS no | + | |
| - | #PidFile / | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | + | ||
| - | # no default banner path | + | |
| - | #Banner none | + | |
| - | + | ||
| - | # Allow client to pass locale environment variables | + | |
| - | AcceptEnv LANG LC_* | + | |
| - | + | ||
| - | # override default of no subsystems | + | |
| - | Subsystem | + | |
| - | # Example of overriding settings on a per-user basis | + | apt install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev libcrep2-dev git -y |
| - | #Match User anoncvs | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| </ | </ | ||
| - | Pour ôter les lignes de commentaires dans ce fichier, utilisez la commande suivante | + | Créez ensuite le fichier |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | root@debian12: | + | root@debian12: |
| - | Include | + | / |
| - | KbdInteractiveAuthentication no | + | / |
| - | UsePAM yes | + | /usr/local/snort/bin |
| - | X11Forwarding yes | + | |
| - | PrintMotd no | + | |
| - | AcceptEnv LANG LC_* | + | |
| - | Subsystem | + | |
| </ | </ | ||
| - | Pour sécuriser | + | Créez |
| - | + | ||
| - | < | + | |
| - | AllowGroups adm | + | |
| - | Banner | + | |
| - | HostbasedAuthentication no | + | |
| - | IgnoreRhosts yes | + | |
| - | LoginGraceTime 60 | + | |
| - | LogLevel INFO | + | |
| - | PermitEmptyPasswords no | + | |
| - | PermitRootLogin no | + | |
| - | PrintLastLog yes | + | |
| - | Protocol 2 | + | |
| - | StrictModes yes | + | |
| - | X11Forwarding no | + | |
| - | </file> | + | |
| - | + | ||
| - | Votre fichier ressemblera à celui-ci | + | |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | Include | + | |
| - | KbdInteractiveAuthentication no | + | |
| - | UsePAM yes | + | |
| - | PrintMotd no | + | |
| - | AcceptEnv LANG LC_* | + | |
| - | AllowGroups adm | + | |
| - | HostbasedAuthentication no | + | |
| - | IgnoreRhosts yes | + | |
| - | LoginGraceTime 60 | + | |
| - | LogLevel INFO | + | |
| - | PermitEmptyPasswords no | + | |
| - | PermitRootLogin no | + | |
| - | PrintLastLog yes | + | |
| - | Protocol 2 | + | |
| - | StrictModes yes | + | |
| - | X11Forwarding no | + | |
| - | Subsystem | + | |
| - | </ | + | |
| - | Mettez l' | + | root@debian12: |
| - | < | + | root@debian12: |
| - | root@debian12:/ | + | Cloning into ' |
| - | trainee | + | remote: Enumerating objects: 2617, done. |
| - | + | remote: Counting objects: 100% (239/239), done. | |
| - | root@debian12:/tmp# usermod -a -G adm trainee | + | remote: Compressing objects: 100% (78/78), done. |
| - | + | remote: Total 2617 (delta 199), reused 169 (delta 161), pack-reused 2378 (from 2) | |
| - | root@debian12:/tmp# groups trainee | + | Receiving objects: 100% (2617/2617), 1.18 MiB | 13.31 MiB/s, done. |
| - | trainee | + | Resolving deltas: 100% (1891/ |
| </ | </ | ||
| - | Renommez le fichier | + | Procédez à la compilation et à l' |
| < | < | ||
| - | root@debian12:/ | + | root@debian12: |
| - | root@debian12:/ | + | root@debian12: |
| - | </code> | + | + autoreconf -ivf --warnings=all |
| + | autoreconf: export WARNINGS=all | ||
| + | autoreconf: Entering directory ' | ||
| + | autoreconf: configure.ac: | ||
| + | autoreconf: running: aclocal --force -I m4 | ||
| + | autoreconf: configure.ac: | ||
| + | autoreconf: running: libtoolize --copy --force | ||
| + | libtoolize: putting auxiliary files in ' | ||
| + | libtoolize: copying file './ltmain.sh' | ||
| + | libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, | ||
| + | libtoolize: copying file 'm4/libtool.m4' | ||
| + | libtoolize: copying file ' | ||
| + | libtoolize: copying file ' | ||
| + | libtoolize: copying file ' | ||
| + | libtoolize: copying file ' | ||
| + | autoreconf: configure.ac: | ||
| + | autoreconf: configure.ac: | ||
| + | autoreconf: running: aclocal --force -I m4 | ||
| + | autoreconf: running: / | ||
| + | configure.ac: | ||
| + | configure.ac: | ||
| + | ./ | ||
| + | configure.ac: | ||
| + | autoreconf: running: / | ||
| + | autoreconf: running: automake --add-missing --copy --force-missing | ||
| + | configure.ac: | ||
| + | configure.ac: | ||
| + | configure.ac: | ||
| + | configure.ac: | ||
| + | configure.ac: | ||
| + | configure.ac: | ||
| + | api/ | ||
| + | parallel-tests: | ||
| + | autoreconf: Leaving directory ' | ||
| - | Redémarrez ensuite le serveur ssh : | + | root@debian12:~/ |
| + | ... | ||
| + | config.status: | ||
| - | < | + | libdaq 3.0.23 |
| - | root@debian12:/ | + | |
| - | root@debian12:/ | + | |
| - | ● ssh.service - OpenBSD Secure Shell server | + | sysconfdir: ${prefix}/ |
| - | | + | |
| - | | + | |
| - | Docs: man: | + | |
| - | | + | |
| - | | + | |
| - | Main PID: 10883 (sshd) | + | |
| - | Tasks: 1 (limit: 19123) | + | |
| - | | + | |
| - | CPU: 28ms | + | |
| - | | + | |
| - | | + | |
| - | Nov 28 15:18:55 debian12 systemd[1]: Starting ssh.service | + | cc: gcc |
| - | Nov 28 15:18:55 debian12 sshd[10883]: | + | cppflags: |
| - | Nov 28 15:18:55 debian12 sshd[10883]: | + | am_cppflags: |
| - | Nov 28 15:18:55 debian12 systemd[1]: Started ssh.service - OpenBSD Secure Shell server. | + | |
| - | </ | + | am_cflags: -Wstrict-prototypes -Wmissing-prototypes -Wold-style-definition -Wnested-externs |
| + | | ||
| + | | ||
| + | | ||
| - | Pour générer les clefs sur le serveur saisissez la commande suivante en tant que **root**: | + | code_coverage_enabled: no |
| + | code_coverage_cppflags: | ||
| + | code_coverage_cflags: | ||
| + | code_coverage_ldflags: | ||
| - | <WRAP center round important 50%> | + | Build AFPacket DAQ module.. : yes |
| - | **Important** - Lors de la génération de la clef, la passphrase doit être **vide**. | + | Build BPF DAQ module....... : yes |
| - | </ | + | Build Divert DAQ module.... : no |
| + | Build Dump DAQ module...... : yes | ||
| + | Build FST DAQ module....... : yes | ||
| + | Build netmap DAQ module.... : no | ||
| + | Build NFQ DAQ module....... : yes | ||
| + | Build PCAP DAQ module...... : yes | ||
| + | Build Savefile DAQ module.. : yes | ||
| + | Build Trace DAQ module..... : yes | ||
| + | Build GWLB DAQ module...... : yes | ||
| - | < | + | root@debian12: |
| - | root@debian12:/ | + | ... |
| - | Generating public/private dsa key pair. | + | make[2]: Leaving directory '/root/snort-source-files/ |
| - | Enter file in which to save the key (/root/.ssh/id_dsa): /etc/ssh/ssh_host_dsa_key | + | Making all in test |
| - | Enter passphrase (empty | + | make[2]: Entering directory '/root/snort-source-files/libdaq/ |
| - | Enter same passphrase again: | + | make[2]: Nothing to be done for ' |
| - | Your identification has been saved in /etc/ssh/ssh_host_dsa_key | + | make[2]: Leaving directory '/root/snort-source-files/libdaq/test' |
| - | Your public key has been saved in /etc/ | + | make[2]: Entering directory '/root/ |
| - | The key fingerprint is: | + | make[2]: Leaving directory '/ |
| - | SHA256:mP/fGCXEcyZQ+afGDrQK4S1TYVIw3pnBre25MPU2b3g | + | make[1]: Leaving directory '/ |
| - | The key's randomart image is: | + | |
| - | +---[DSA 1024]----+ | + | |
| - | | o++o.. | + | |
| - | | | + | |
| - | | .o++=.o | + | |
| - | | o. o.+=. .| | + | |
| - | | o.S+ +.=.o | | + | |
| - | | .= + =oB | | + | |
| - | | .+ +.* + | | + | |
| - | | .. .+o E| | + | |
| - | | ..o .o | | + | |
| - | +----[SHA256]-----+ | + | |
| - | </code> | + | |
| - | <WRAP center round important 50%> | + | root@debian12: |
| - | **Important** | + | ... |
| - | </WRAP> | + | ---------------------------------------------------------------------- |
| - | + | /usr/bin/mkdir -p '/ | |
| - | Les clefs publiques générées possèdent l'extension **.pub**. Les clefs privées n'ont pas d'extension | + | / |
| - | + | make[2]: Leaving directory '/ | |
| - | < | + | make[1]: Leaving directory '/ |
| - | root@debian12:/tmp# ls /etc/ssh | + | Making install in example |
| - | moduli | + | make[1]: Entering directory '/ |
| - | ssh_config | + | make[2]: Entering directory '/root/snort-source-files/ |
| + | / | ||
| + | / | ||
| + | libtool: install: / | ||
| + | libtool: install: / | ||
| + | make[2]: Nothing to be done for ' | ||
| + | make[2]: Leaving directory '/root/ | ||
| + | make[1]: Leaving directory '/ | ||
| + | Making install in test | ||
| + | make[1]: Entering directory | ||
| + | make[2]: Entering directory | ||
| + | make[2]: Nothing to be done for ' | ||
| + | make[2]: Nothing to be done for ' | ||
| + | make[2]: Leaving directory '/ | ||
| + | make[1]: Leaving directory '/root/ | ||
| + | make[1]: Entering directory '/root/snort-source-files/libdaq' | ||
| + | make[2]: Entering directory '/ | ||
| + | make[2]: Nothing to be done for ' | ||
| + | / | ||
| + | / | ||
| + | make[2]: Leaving directory '/ | ||
| + | make[1]: Leaving directory '/ | ||
| </ | </ | ||
| - | |||
| - | Re-démarrez ensuite le service sshd : | ||
| < | < | ||
| - | root@debian12:/ | ||
| </ | </ | ||
| - | Saisissez maintenant les commandes suivantes en tant que **trainee** : | + | Téléchargez et désarchivez**snort** : |
| - | + | ||
| - | <WRAP center round important 50%> | + | |
| - | **Important** - Lors de la génération des clefs, la passphrase doit être **vide**. | + | |
| - | </ | + | |
| < | < | ||
| - | root@debian12:/ | + | root@debian12: |
| - | logout | + | |
| - | trainee@debian12:~$ ssh-keygen | + | root@debian12:~/snort-source-files# git clone https://github.com/snort3/snort3.git |
| - | Generating public/private dsa key pair. | + | Cloning into ' |
| - | Enter file in which to save the key (/home/ | + | remote: Enumerating objects: 123479, done. |
| - | Created directory | + | remote: Counting objects: 100% (12552/12552), done. |
| - | Enter passphrase (empty for no passphrase): | + | remote: Compressing objects: 100% (1884/1884), done. |
| - | Enter same passphrase again: | + | remote: Total 123479 |
| - | Your identification has been saved in / | + | Receiving objects: 100% (123479/123479), 91.19 MiB | 26.35 MiB/s, done. |
| - | Your public key has been saved in / | + | Resolving deltas: 100% (104744/104744), done. |
| - | The key fingerprint is: | + | |
| - | SHA256:97XNFS0p/ | + | |
| - | The key's randomart image is: | + | |
| - | +---[DSA 1024]----+ | + | |
| - | | o=o**| | + | |
| - | | | + | |
| - | | + =+.| | + | |
| - | | + o *o| | + | |
| - | | S = * o =| | + | |
| - | | | + | |
| - | | = * =.=| | + | |
| - | | o o *+| | + | |
| - | | ..o *| | + | |
| - | +----[SHA256]-----+ | + | |
| - | + | ||
| - | trainee@debian12: | + | |
| - | Generating public/ | + | |
| - | Enter file in which to save the key (/home/ | + | |
| - | Enter passphrase (empty for no passphrase): | + | |
| - | Enter same passphrase again: | + | |
| - | Your identification has been saved in / | + | |
| - | Your public key has been saved in / | + | |
| - | The key fingerprint is: | + | |
| - | SHA256:p2xPZdoPCICy/D5x0g+nHilsV6Ar4UMwmHeRnHDnBQw trainee@debian12 | + | |
| - | The key's randomart image is: | + | |
| - | +---[RSA 3072]----+ | + | |
| - | | | + | |
| - | |.. .+=.. | | + | |
| - | |= o o + | | + | |
| - | | = + . o | | + | |
| - | | = .. S . o | | + | |
| - | | o +o.++.+ * | | + | |
| - | | + *++=+ + o | | + | |
| - | | | + | |
| - | | .o. | + | |
| - | +----[SHA256]-----+ | + | |
| - | + | ||
| - | trainee@debian12:~$ ssh-keygen -t ecdsa | + | |
| - | Generating public/ | + | |
| - | Enter file in which to save the key (/ | + | |
| - | Enter passphrase | + | |
| - | Enter same passphrase again: | + | |
| - | Your identification has been saved in / | + | |
| - | Your public key has been saved in / | + | |
| - | The key fingerprint is: | + | |
| - | SHA256: | + | |
| - | The key's randomart image is: | + | |
| - | +---[ECDSA 256]---+ | + | |
| - | | o | | + | |
| - | | . + | | + | |
| - | | + + | | + | |
| - | | * = = | | + | |
| - | | . + = S . | | + | |
| - | | .+ +.o.. | | + | |
| - | | .Eo+*.++ | + | |
| - | |o +o* BO . | | + | |
| - | |+B+*++oo* | + | |
| - | +----[SHA256]-----+ | + | |
| - | + | ||
| - | trainee@debian12:~$ ssh-keygen -t ed25519 | + | |
| - | Generating public/ | + | |
| - | Enter file in which to save the key (/home/ | + | |
| - | Enter passphrase (empty for no passphrase): | + | |
| - | Enter same passphrase again: | + | |
| - | Your identification has been saved in / | + | |
| - | Your public key has been saved in / | + | |
| - | The key fingerprint is: | + | |
| - | SHA256: | + | |
| - | The key's randomart image is: | + | |
| - | +--[ED25519 256]--+ | + | |
| - | | ....o | | + | |
| - | | +.. . . | | + | |
| - | |=o* | + | |
| - | |oO+. + + | + | |
| - | |*.=.. = S | + | |
| - | |o+.+ . | + | |
| - | |.=+..E. o o o | | + | |
| - | |+ ++o..+ | + | |
| - | | oo+ .o.. | | + | |
| - | +----[SHA256]-----+ | + | |
| </ | </ | ||
| - | <WRAP center round important 50%> | + | Procédez à la compilation et à l' |
| - | **Important** - Les clés générées seront placées dans le répertoire **~/ | + | |
| - | </ | + | |
| - | + | ||
| - | ====3.3 - Utilisation==== | + | |
| - | + | ||
| - | La commande ssh prend la forme suivante: | + | |
| - | + | ||
| - | ssh -l nom_de_compte numero_ip (nom_de_machine) | + | |
| - | + | ||
| - | En saisissant cette commande sur votre propre machine, vous obtiendrez un résultat similaire à celle-ci | + | |
| < | < | ||
| - | trainee@debian12:~$ su - | + | root@debian12:~/snort-source-files# cd snort3/ |
| - | Password: fenestros | + | |
| - | root@debian12: | + | |
| - | root@debian12: | + | root@debian12: |
| - | The authenticity of host ' | + | ... |
| - | ED25519 key fingerprint is SHA256: | + | ------------------------------------------------------- |
| - | This key is not known by any other names. | + | snort version 3.10.0.0 |
| - | Are you sure you want to continue connecting (yes/no/ | + | |
| - | Warning: Permanently added ' | + | |
| - | trainee@localhost' | + | |
| - | Linux debian12 6.1.0-41-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.158-1 (2025-11-09) x86_64 | + | |
| - | The programs included with the Debian GNU/Linux system are free software; | + | Install options: |
| - | the exact distribution terms for each program are described in the | + | prefix: |
| - | individual files in /usr/share/doc/*/copyright. | + | |
| + | | ||
| - | Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent | + | Compiler options: |
| - | permitted by applicable law. | + | CC: /usr/bin/cc |
| - | Last login: Thu Nov 27 17:21:12 2025 from 10.0.2.1 | + | |
| - | </ | + | |
| + | CXXFLAGS: | ||
| + | EXE_LDFLAGS: | ||
| + | | ||
| - | ====3.4 | + | Feature options: |
| + | DAQ Modules: | ||
| + | libatomic: | ||
| + | Hyperscan: | ||
| + | ICONV: | ||
| + | Libunwind: | ||
| + | LZMA: ON | ||
| + | RPC DB: | ||
| + | SafeC: | ||
| + | TCMalloc: | ||
| + | JEMalloc: | ||
| + | UUID: ON | ||
| + | NUMA: ON | ||
| + | LibML: | ||
| + | ------------------------------------------------------- | ||
| - | Il convient maintenant de se connecter sur le << | + | -- Configuring done |
| + | -- Generating done | ||
| + | -- Build files have been written to: / | ||
| - | En saisissant cette commande, vous obtiendrez une fenêtre similaire à celle-ci | + | root@debian12:~/ |
| - | < | + | root@debian12: |
| - | root@debian12: | + | ... |
| - | logout | + | [ 98%] Built target preprocessor_states |
| + | [ 98%] Building CXX object tools/ | ||
| + | [ 98%] Building CXX object tools/ | ||
| + | [ 98%] Linking CXX executable snort2lua | ||
| + | [ 98%] Built target snort2lua | ||
| + | [ 98%] Building C object daqs/ | ||
| + | [ 98%] Linking C shared module daq_file.so | ||
| + | [ 98%] Built target daq_file | ||
| + | [ 98%] Building C object daqs/ | ||
| + | [100%] Linking C shared module daq_hext.so | ||
| + | [100%] Built target daq_hext | ||
| - | trainee@debian12:~$ ssh -l trainee 127.0.0.1 | + | root@debian12:~/snort-source-files/ |
| - | trainee@127.0.0.1's password: trainee | + | ... |
| - | Linux debian12 6.1.0-41-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.158-1 (2025-11-09) x86_64 | + | -- Up-to-date: /usr/ |
| - | + | -- Installing: | |
| - | The programs included with the Debian GNU/Linux system are free software; | + | -- Installing: |
| - | the exact distribution terms for each program are described in the | + | -- Installing: / |
| - | individual files in / | + | -- Installing: / |
| - | + | -- Installing: / | |
| - | Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent | + | -- Installing: / |
| - | permitted by applicable law. | + | -- Installing: / |
| - | Last login: Fri Nov 28 15:31:58 2025 from 10.0.2.46 | + | -- Installing: / |
| - | + | ||
| - | trainee@debian12: | + | |
| - | drwx------ | + | |
| - | + | ||
| - | trainee@debian12:~$ exit | + | |
| - | logout | + | |
| - | Connection to 127.0.0.1 closed. | + | |
| </ | </ | ||
| - | <WRAP center round important 50%> | + | Dernièrement, modifiez la valeur $PATH de root : |
| - | **Important** - Si le dossier distant .ssh n' | + | |
| - | </ | + | |
| - | + | ||
| - | Ensuite, il convient | + | |
| < | < | ||
| - | trainee@debian12: | + | root@debian12:~/ |
| - | trainee@127.0.0.1' | + | /usr/ |
| - | id_ecdsa.pub | + | |
| - | </code> | + | |
| - | Connectez-vous via ssh et insérer les clefs publiques restantes dans le fichier .ssh/authorized_keys | + | root@debian12: |
| - | < | + | root@debian12:~/snort-source-files/ |
| - | trainee@debian12:~$ ssh -l trainee localhost | + | / |
| - | Linux debian12 6.1.0-41-amd64 | + | |
| - | The programs included with the Debian GNU/Linux system are free software; | + | root@debian12: |
| - | the exact distribution terms for each program are described in the | + | |
| - | individual | + | |
| - | Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent | + | root@debian12: |
| - | permitted by applicable law. | + | # ~/.profile: executed by Bourne-compatible login shells. |
| - | Last login: Fri Nov 28 15:57:32 2025 from 127.0.0.1 | + | |
| - | trainee@debian12: | + | if [ "$BASH" ]; then |
| + | if [ -f ~/.bashrc ]; then | ||
| + | | ||
| + | fi | ||
| + | fi | ||
| - | trainee@debian12:~$ cat .ssh/id_dsa.pub >> .ssh/ | + | PATH=/ |
| + | export $PATH | ||
| - | trainee@debian12: | + | mesg n 2> /dev/null || true |
| - | + | ||
| - | trainee@debian12: | + | |
| - | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBwIXLMYJtWVgqSTqJfsFjS2ubtP+mHkC7XRU1rBWTBLYoJp8VOwtpKK1NTFSaeJhnjCvFuhYm8egqHI0gp3oBA= trainee@debian12 | + | |
| - | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcV1OmeHZlWhLumCozdg7snul5MrkzhZjiUKWNJmGBBOauOq2CgMGYWYIhjyeVeaeiezq+wSe0jO09p8a1EbvYUibJsY9FOi8JcXTpxvlcqpuawudErjSsOf6JaIlbGpwDIMzmjeubfQx9jMZzfQIW9zfTDUi2tGquR/ | + | |
| - | ssh-dss AAAAB3NzaC1kc3MAAACBAMbFW6WkZFJ/ | + | |
| - | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILP736HSOOTZBe6+CHy8PINQ4gb9kKB4xj0JWWZy1Wgl trainee@debian12 | + | |
| </ | </ | ||
| - | <WRAP center round important 50%> | + | Vérifiez |
| - | **Important** - Notez que lors de la connexion au serveur, l' | + | |
| - | </ | + | |
| - | + | ||
| - | ===Options de la commande=== | + | |
| - | + | ||
| - | Les options de cette commande sont : | + | |
| - | + | ||
| - | < | + | |
| - | trainee@debian12: | + | |
| - | unknown option -- - | + | |
| - | usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] | + | |
| - | [-b bind_address] [-c cipher_spec] [-D [bind_address: | + | |
| - | [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] | + | |
| - | [-i identity_file] [-J [user@]host[: | + | |
| - | [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] | + | |
| - | [-Q query_option] [-R address] [-S ctl_path] [-W host: | + | |
| - | [-w local_tun[: | + | |
| - | </ | + | |
| - | + | ||
| - | ====3.5 - Tunnels SSH==== | + | |
| - | + | ||
| - | Le protocole SSH peut être utilisé pour sécuriser les protocoles tels telnet, pop3 etc.. En effet, on peut créer un //tunnel// SSH dans lequel passe les communications du protocole non-sécurisé. | + | |
| - | + | ||
| - | La commande pour créer un tunnel ssh prend la forme suivante : | + | |
| - | + | ||
| - | ssh -N -f compte@< | + | |
| - | + | ||
| - | Dans votre cas, vous allez créer un tunnel entre Debian 12 et CentOS 8 entre le port 15023 et le port 23 : | + | |
| < | < | ||
| - | trainee@debian12:~$ su - | + | root@debian12:~/snort-source-files/ |
| - | Password: fenestros | + | |
| - | root@debian12: | + | ,, |
| + | o" | ||
| + | '''' | ||
| + | | ||
| + | | ||
| + | | ||
| + | Using DAQ version 3.0.23 | ||
| + | Using libpcap version 1.10.3 (with TPACKET_V3) | ||
| + | Using LuaJIT version 2.1.0-beta3 | ||
| + | Using LZMA version 5.4.1 | ||
| + | Using OpenSSL 3.0.17 1 Jul 2025 | ||
| + | Using PCRE2 version 10.42 2022-12-11 | ||
| + | Using ZLIB version 1.2.13 | ||
| </ | </ | ||
| - | Installez maintenant le client et le serveur telnet dans la VM CentOS 8: | + | ==Options de la commande== |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | The authenticity of host ' | + | |
| - | ED25519 key fingerprint is SHA256: | + | |
| - | This key is not known by any other names. | + | |
| - | Are you sure you want to continue connecting (yes/ | + | |
| - | Warning: Permanently added ' | + | |
| - | trainee@10.0.2.45' | + | |
| - | Activate the web console with: systemctl enable | + | |
| - | Last login: Thu Nov 6 04:13:03 2025 from 10.0.2.45 | + | Snort has several options to get more help: |
| - | [trainee@centos8 ~]$ su - | + | -? list command line options (same as --help) |
| - | Password: fenestros | + | --help this overview of help |
| + | --help-commands | ||
| + | --help-config [<module prefix>] output matching config options | ||
| + | --help-counts [<module prefix>] output matching peg counts | ||
| + | --help-limits print the int upper bounds denoted by max* | ||
| + | --help-module < | ||
| + | --help-modules list all available modules with brief help | ||
| + | --help-modules-json dump description of all available modules in JSON format | ||
| + | --help-plugins list all available plugins with brief help | ||
| + | --help-options [<option prefix>] output matching command line options | ||
| + | --help-signals dump available control signals | ||
| + | --list-buffers output available inspection buffers | ||
| + | --list-builtin [<module prefix>] output matching builtin rules | ||
| + | --list-gids [<module prefix>] output matching generators | ||
| + | --list-modules [<module type>] list all known modules | ||
| + | --list-plugins list all known modules | ||
| + | --show-plugins list module and plugin versions | ||
| - | [root@centos8 ~]# dnf install telnet-server | + | --help* and --list* options preempt other processing so should be last on the |
| - | </ | + | command line since any following options are ignored. To ensure options like |
| - | + | --markup and --plugin-path take effect, place them ahead of the help or list | |
| - | Telnet n'est ni démarré ni activé. Il convient donc de le démarrer et de l' | + | options. |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# systemctl status telnet.socket | + | |
| - | ● telnet.socket | + | |
| - | | + | |
| - | | + | |
| - | Docs: man: | + | |
| - | | + | |
| - | | + | |
| - | + | ||
| - | [root@centos8 ~]# systemctl start telnet.socket | + | |
| - | + | ||
| - | [root@centos8 ~]# systemctl status telnet.socket | + | |
| - | ● telnet.socket | + | |
| - | Loaded: loaded (/ | + | |
| - | Active: active (listening) since Fri 2025-11-28 09:42:52 EST; 2s ago | + | |
| - | Docs: man: | + | |
| - | | + | |
| - | | + | |
| - | | + | |
| - | + | ||
| - | Nov 28 09:42:52 centos8.ittraining.loc systemd[1]: Listening on Telnet Server Activation Socket. | + | |
| - | + | ||
| - | [root@centos8 ~]# systemctl enable telnet.socket | + | |
| - | Created symlink / | + | |
| - | [root@centos8 ~]# systemctl status telnet.socket | + | Options that filter output based on a matching prefix, such as --help-config |
| - | ● telnet.socket | + | won't output anything if there is no match. |
| - | | + | matches. |
| - | | + | |
| - | Docs: man: | + | |
| - | Listen: [::]:23 (Stream) | + | |
| - | | + | |
| - | | + | |
| - | Nov 28 09:42:52 centos8.ittraining.loc systemd[1]: Listening on Telnet Server Activation Socket. | + | Report bugs to bugs@snort.org. |
| </ | </ | ||
| - | Arrêtez le service firewalld | + | Snort 3 utilise des modules. Pour consulter la liste des modules, utilisez la commande suivante |
| < | < | ||
| - | [root@centos8 | + | root@debian12:~/ |
| - | + | ac_bnfa (search_engine): | |
| - | [root@centos8 ~]# iptables | + | ac_full (search_engine): |
| - | Chain INPUT (policy ACCEPT) | + | ack (ips_option): rule option to match on TCP ack numbers |
| - | target | + | active (basic): configure responses |
| - | + | address_space_selector (policy_selector): | |
| - | Chain FORWARD | + | alert (ips_action): manage the counters for the alert action |
| - | target | + | alert_csv (logger): output event in csv format |
| - | + | alert_fast (logger): output event with brief text format | |
| - | Chain OUTPUT | + | alert_full |
| - | target | + | alert_json (logger): output event in json format |
| + | alert_syslog (logger): output event to syslog | ||
| + | alert_talos (logger): output event in Talos alert format | ||
| + | alert_unixsock (logger): output event over unix socket | ||
| + | alerts (basic): configure alerts | ||
| + | appid (inspector): | ||
| + | appids (ips_option): | ||
| + | arp (codec): support for address resolution protocol | ||
| + | arp_spoof (inspector): | ||
| + | attribute_table (basic): configure hosts loading | ||
| + | auth (codec): support for IP authentication header | ||
| + | back_orifice (inspector): | ||
| + | base64_decode (ips_option): | ||
| + | ber_data (ips_option): | ||
| + | ber_skip (ips_option): | ||
| + | binder (inspector): | ||
| + | block (ips_action): | ||
| + | bufferlen (ips_option): | ||
| + | byte_extract (ips_option): | ||
| + | byte_jump (ips_option): | ||
| + | byte_math (ips_option): | ||
| + | byte_test (ips_option): | ||
| + | cip (inspector): | ||
| + | cip_attribute (ips_option): | ||
| + | cip_class (ips_option): | ||
| + | cip_conn_path_class (ips_option): | ||
| + | cip_instance (ips_option): | ||
| + | cip_req (ips_option): | ||
| + | cip_rsp (ips_option): | ||
| + | cip_service (ips_option): | ||
| + | cip_status (ips_option): | ||
| + | ciscometadata (codec): support for cisco metadata | ||
| + | classifications (basic): define rule categories with priority | ||
| + | classtype (ips_option): | ||
| + | content (ips_option): | ||
| + | cvs (ips_option): | ||
| + | daq (basic): configure packet acquisition interface | ||
| + | dce_http_proxy (inspector): | ||
| + | dce_http_server (inspector): | ||
| + | dce_iface (ips_option): | ||
| + | dce_opnum (ips_option): | ||
| + | dce_smb (inspector): | ||
| + | dce_stub_data (ips_option): | ||
| + | dce_tcp (inspector): | ||
| + | dce_udp (inspector): | ||
| + | decode (basic): general decoder rules | ||
| + | --More-- | ||
| </ | </ | ||
| - | Connectez-vous ensuite via telnet | + | Pour obtenir une aide sur un module spécifique, |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | Trying ::1... | + | |
| - | Connected to localhost. | + | |
| - | Escape character is ' | + | |
| - | Kernel 4.18.0-348.7.1.el8_5.x86_64 on an x86_64 | + | ac_bnfa |
| - | centos8 login: trainee | + | |
| - | Password: | + | |
| - | Last login: Fri Nov 28 09:45:22 from 10.0.2.46 | + | |
| - | [trainee@centos8 ~]$ pwd | ||
| - | / | ||
| - | [trainee@centos8 ~]$ exit | + | Help: Aho-Corasick Binary NFA (low memory, low performance) MPSE |
| - | logout | + | |
| - | Connection closed by foreign host. | + | |
| - | root@debian12:~# | + | |
| - | </ | + | |
| - | <WRAP center round important 50%> | + | Type: search_engine |
| - | **Important** - Notez bien que votre communication telnet passe par le tunnel SSH. | + | |
| - | </ | + | |
| - | ====3.6 - SCP==== | + | Usage: global |
| - | ===Introduction=== | + | Peg counts: |
| - | La commande **scp** est le successeur et la remplaçante de la commande **rcp** de la famille des commandes **remote**. Il permet de faire des transferts sécurisés à partir d'une machine distante | + | ac_bnfa.searches: number of search attempts |
| - | + | ac_bnfa.matches: number of times a match was found (sum) | |
| - | $ scp compte@numero_ip(nom_de_machine):/ | + | ac_bnfa.bytes: total bytes searched (sum) |
| - | + | ||
| - | ou vers une machine distante | + | |
| - | + | ||
| - | $ scp / | + | |
| - | + | ||
| - | ===Utilisation=== | + | |
| - | + | ||
| - | Nous allons maintenant utiliser **scp** pour chercher un fichier sur le << | + | |
| - | + | ||
| - | Créez le fichier **/ | + | |
| - | + | ||
| - | < | + | |
| - | trainee@debian12: | + | |
| </ | </ | ||
| - | Récupérez le fichier **scp_test** en utilisant scp : | + | Dernièrement, |
| < | < | ||
| - | + | root@debian12:~/ | |
| - | trainee@debian12:~$ scp trainee@127.0.0.1:/ | + | interval ack.~range: check if TCP ack value is 'value | min<> |
| - | + | int active.attempts = 0: number of TCP packets sent per response (with varying sequence numbers) { 0:255 } | |
| - | trainee@debian12:~$ ls / | + | string active.device: use ' |
| - | / | + | string active.dst_mac: |
| + | int active.max_responses = 0: maximum number of responses { 0:255 } | ||
| + | int active.min_interval = 255: minimum number of seconds between responses { 1:255 } | ||
| + | string address_space_selector[].addr_spaces: | ||
| + | string address_space_selector[].file: use configuration in given file | ||
| + | bool alert_csv.file = false: output to alert_csv.txt instead of stdout | ||
| + | multi alert_csv.fields = ' | ||
| + | pkts | dir | dst_addr | dst_ap | dst_port | eth_dst | eth_len | eth_src | eth_type | flowstart_time | geneve_vni | gid | icmp_code | icmp_id | icmp_seq | icmp_type | iface | ip_id | ip_len | msg | mpls | pkt_ge | ||
| + | n | pkt_len | pkt_num | priority | proto | rev | rule | seconds | server_bytes | server_pkts | service | sgt| sid | src_addr | src_ap | src_port | target | tcp_ack | tcp_flags | tcp_len | tcp_seq | tcp_win | ti | ||
| + | mestamp | tos | ttl | udp_len | vlan } | ||
| + | int alert_csv.limit = 0: set maximum size in MB before rollover (0 is unlimited) { 0:maxSZ } | ||
| + | string alert_csv.separator = ', ': separate fields with this character sequence | ||
| + | bool alert_fast.file = false: output to alert_fast.txt instead of stdout | ||
| + | bool alert_fast.packet = false: output packet dump with alert | ||
| + | enum alert_fast.buffers = ' | ||
| + | int alert_fast.buffers_depth = 0: number of IPS buffer bytes to dump per buffer (0 is unlimited) { 0:maxSZ } | ||
| + | int alert_fast.limit = 0: set maximum size in MB before rollover (0 is unlimited) { 0:maxSZ } | ||
| + | bool alert_full.file = false: output to alert_full.txt instead of stdout | ||
| + | int alert_full.limit = 0: set maximum size in MB before rollover (0 is unlimited) { 0:maxSZ } | ||
| + | bool alert_json.file = false: output to alert_json.txt instead of stdout | ||
| + | multi alert_json.fields = ' | ||
| + | _pkts | dir | dst_addr | dst_ap | dst_port | eth_dst | eth_len | eth_src | eth_type | flowstart_time | geneve_vni | gid | icmp_code | icmp_id | icmp_seq | icmp_type | iface | ip_id | ip_len | msg | mpls | pkt_g | ||
| + | en | pkt_len | pkt_num | priority | proto | rev | rule | seconds | server_bytes | server_pkts | service | sgt| sid | src_addr | src_ap | src_port | target | tcp_ack | tcp_flags | tcp_len | tcp_seq | tcp_win | t | ||
| + | imestamp | tos | ttl | udp_len | vlan } | ||
| + | int alert_json.limit = 0: set maximum size in MB before rollover (0 is unlimited) { 0:maxSZ } | ||
| + | string alert_json.separator = ', ': separate fields with this character sequence | ||
| + | enum alert_syslog.facility = ' | ||
| + | enum alert_syslog.level = ' | ||
| + | multi alert_syslog.options: | ||
| + | bool alerts.alert_with_interface_name = false: include interface in alert info (fast, full, or syslog only) | ||
| + | int alerts.detection_filter_memcap = 1048576: set available MB of memory for detection_filters { 0:max32 } | ||
| + | int alerts.event_filter_memcap = 1048576: set available MB of memory for event_filters { 0:max32 } | ||
| + | bool alerts.log_references = false: include rule references in alert info (full only) | ||
| + | string alerts.order: | ||
| + | int alerts.rate_filter_memcap = 1048576: set available MB of memory for rate_filters { 0:max32 } | ||
| + | string alerts.reference_net: | ||
| + | string alerts.tunnel_verdicts: | ||
| + | int appid.memcap = 1048576: max size of the service cache before we start pruning the cache { 1024:maxSZ } | ||
| + | bool appid.log_stats = false: enable logging of appid statistics | ||
| + | int appid.app_stats_period = 300: time period for collecting and logging appid statistics { 1:max32 } | ||
| + | int appid.app_stats_rollover_size = 20971520: max file size for appid stats before rolling over the log file { 0:max32 } | ||
| + | string appid.app_detector_dir: | ||
| + | bool appid.list_odp_detectors = false: enable logging of odp detectors statistics | ||
| + | string appid.tp_appid_path: | ||
| + | string appid.tp_appid_config: | ||
| + | bool appid.tp_appid_stats_enable: | ||
| + | bool appid.tp_appid_config_dump: | ||
| + | bool appid.log_all_sessions = false: enable logging of all appid sessions | ||
| + | bool appid.enable_rna_filter = false: monitor only the networks specified in rna configuration | ||
| + | string appid.rna_conf_path: | ||
| + | string appids.~: comma separated list of application names | ||
| + | ip4 arp_spoof.hosts[].ip: | ||
| + | --More-- | ||
| </ | </ | ||
| - | =====LAB #4 - Mise en place d'un VPN avec OpenVPN===== | + | ===2.2 - Configuration de Snort=== |
| - | ====4.1 - Présentation==== | + | Pour vérifier la configuration actuelle |
| - | + | ||
| - | **%%OpenVPN%%** : | + | |
| - | + | ||
| - | * permet à des pairs de s' | + | |
| - | * d'une **clé privée partagée** à l' | + | |
| - | * de **certificats** ou, | + | |
| - | * à partir de la version 2.0 et à condition que le serveur possède un certificat, de **couples de noms d' | + | |
| - | * utilise de manière intensive la bibliothèque d' | + | |
| - | * n'est pas compatible avec IPsec ou d' | + | |
| - | + | ||
| - | ====Configuration commune au client et au serveur==== | + | |
| - | + | ||
| - | Installez le paquet openvpn | + | |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | </code> | + | |
| - | Naviguez au répertoire **/etc/openvpn** et créez la clef partagée | + | root@debian12: |
| + | -------------------------------------------------- | ||
| + | o" | ||
| + | -------------------------------------------------- | ||
| + | Loading / | ||
| + | Loading snort_defaults.lua: | ||
| + | Finished snort_defaults.lua: | ||
| + | output | ||
| + | active | ||
| + | alerts | ||
| + | daq | ||
| + | decode | ||
| + | host_cache | ||
| + | host_tracker | ||
| + | hosts | ||
| + | network | ||
| + | packets | ||
| + | process | ||
| + | search_engine | ||
| + | so_proxy | ||
| + | stream | ||
| + | stream_ip | ||
| + | stream_icmp | ||
| + | stream_udp | ||
| + | stream_user | ||
| + | stream_file | ||
| + | arp_spoof | ||
| + | back_orifice | ||
| + | imap | ||
| + | netflow | ||
| + | normalizer | ||
| + | pop | ||
| + | sip | ||
| + | ssh | ||
| + | ssl | ||
| + | telnet | ||
| + | cip | ||
| + | dnp3 | ||
| + | iec104 | ||
| + | mms | ||
| + | modbus | ||
| + | opcua | ||
| + | s7commplus | ||
| + | dce_smb | ||
| + | dce_tcp | ||
| + | dce_udp | ||
| + | dce_http_proxy | ||
| + | dce_http_server | ||
| + | gtp_inspect | ||
| + | port_scan | ||
| + | smtp | ||
| + | ftp_server | ||
| + | ftp_client | ||
| + | ftp_data | ||
| + | http_inspect | ||
| + | http2_inspect | ||
| + | file_policy | ||
| + | js_norm | ||
| + | appid | ||
| + | wizard | ||
| + | ips | ||
| + | binder | ||
| + | references | ||
| + | classifications | ||
| + | file_id | ||
| + | rpc_decode | ||
| + | dns | ||
| + | stream_tcp | ||
| + | trace | ||
| + | Finished / | ||
| + | Loading file_id.rules_file: | ||
| + | Loading file_magic.rules: | ||
| + | Finished file_magic.rules: | ||
| + | Finished file_id.rules_file: | ||
| + | -------------------------------------------------- | ||
| + | ips policies rule stats | ||
| + | id loaded | ||
| + | | ||
| + | -------------------------------------------------- | ||
| + | rule counts | ||
| + | total rules loaded: 219 | ||
| + | text rules: 219 | ||
| + | option chains: 219 | ||
| + | chain headers: 1 | ||
| + | -------------------------------------------------- | ||
| + | service rule counts | ||
| + | file_id: | ||
| + | total: | ||
| + | -------------------------------------------------- | ||
| + | fast pattern groups | ||
| + | to_server: 1 | ||
| + | to_client: 1 | ||
| + | -------------------------------------------------- | ||
| + | search engine (ac_bnfa) | ||
| + | instances: 2 | ||
| + | | ||
| + | pattern chars: 2602 | ||
| + | num states: 1832 | ||
| + | num match states: 392 | ||
| + | | ||
| + | total memory: 71.2812 | ||
| + | | ||
| + | match list memory: 28.4375 | ||
| + | transition memory: 22.9453 | ||
| + | appid: MaxRss diff: 3084 | ||
| + | appid: patterns loaded: 300 | ||
| + | -------------------------------------------------- | ||
| + | pcap DAQ configured to passive. | ||
| - | < | + | Snort successfully validated the configuration (with 0 warnings). |
| - | [root@centos7 | + | o")~ Snort exiting |
| - | + | ||
| - | root@debian12:/ | + | |
| - | + | ||
| - | root@debian12:/ | + | |
| - | # | + | |
| - | # 2048 bit OpenVPN static key | + | |
| - | # | + | |
| - | -----BEGIN OpenVPN Static key V1----- | + | |
| - | 77b47829a9d17aacc71b05a2bfa9bcba | + | |
| - | e90370cc07238a5adb74ef479e87547d | + | |
| - | fc18a69c3c5307bdc1ca27c7aa6f3a35 | + | |
| - | e09e815a27f50c28699be3af28decd3c | + | |
| - | b319923c2fe3826c2afb41d2e0239229 | + | |
| - | fee9bc33566941e09e2f905f1bcbb59a | + | |
| - | 55cf8d535334ac46eda3f35be0b7e22b | + | |
| - | c3261de182f7cde5cc7d756420907514 | + | |
| - | 0399672d104cebee31a44ca6d89663c7 | + | |
| - | 784b928e893c4d3a6e7d294e94266e1b | + | |
| - | 5a98f80f797651199069902be01d2bbd | + | |
| - | 94765d310f8d0466484a0e7cbf10bb98 | + | |
| - | d247127aa53a6c18a6def6ed73a28b69 | + | |
| - | b7d052209318057e2ccb9660fc42543b | + | |
| - | d79dab314ecbc19a6b8936255c17d673 | + | |
| - | fb0bdc3856a034ffc3931a7d645d6d96 | + | |
| - | -----END OpenVPN Static key V1----- | + | |
| </ | </ | ||
| - | < | + | === 2.3 - Utilisation de snort === |
| - | root@debian12: | + | |
| - | trainee@10.0.2.45' | + | |
| - | static.key | + | |
| - | </ | + | |
| - | ====Configuration du client==== | + | Pour lancer Snort 3 en tant qu' |
| < | < | ||
| - | root@debian12:/ | + | root@debian12: |
| - | trainee@10.0.2.45's password: trainee | + | [2] 28057 |
| - | Activate the web console with: systemctl enable --now cockpit.socket | + | |
| - | Last login: Fri Nov 28 09:47:05 2025 from ::ffff:10.0.2.46 | + | root@debian12:~# -------------------------------------------------- |
| + | o" | ||
| + | -------------------------------------------------- | ||
| + | Loading / | ||
| + | Loading snort_defaults.lua: | ||
| + | Finished snort_defaults.lua: | ||
| + | active | ||
| + | alerts | ||
| + | daq | ||
| + | decode | ||
| + | host_cache | ||
| + | host_tracker | ||
| + | hosts | ||
| + | packets | ||
| + | process | ||
| + | search_engine | ||
| + | so_proxy | ||
| + | stream | ||
| + | stream_ip | ||
| + | stream_icmp | ||
| + | stream_tcp | ||
| + | stream_udp | ||
| + | stream_user | ||
| + | stream_file | ||
| + | arp_spoof | ||
| + | back_orifice | ||
| + | dns | ||
| + | imap | ||
| + | netflow | ||
| + | normalizer | ||
| + | pop | ||
| + | rpc_decode | ||
| + | sip | ||
| + | ssh | ||
| + | ssl | ||
| + | telnet | ||
| + | cip | ||
| + | dnp3 | ||
| + | iec104 | ||
| + | modbus | ||
| + | opcua | ||
| + | s7commplus | ||
| + | dce_smb | ||
| + | dce_tcp | ||
| + | dce_udp | ||
| + | dce_http_proxy | ||
| + | dce_http_server | ||
| + | gtp_inspect | ||
| + | smtp | ||
| + | ftp_server | ||
| + | ftp_client | ||
| + | ftp_data | ||
| + | http_inspect | ||
| + | http2_inspect | ||
| + | file_policy | ||
| + | appid | ||
| + | wizard | ||
| + | binder | ||
| + | ips | ||
| + | classifications | ||
| + | js_norm | ||
| + | file_id | ||
| + | port_scan | ||
| + | mms | ||
| + | output | ||
| + | references | ||
| + | network | ||
| + | trace | ||
| + | Finished / | ||
| + | Loading file_id.rules_file: | ||
| + | Loading file_magic.rules: | ||
| + | Finished file_magic.rules: | ||
| + | Finished file_id.rules_file: | ||
| + | -------------------------------------------------- | ||
| + | ips policies rule stats | ||
| + | id loaded | ||
| + | 0 219 | ||
| + | -------------------------------------------------- | ||
| + | rule counts | ||
| + | total rules loaded: 219 | ||
| + | text rules: 219 | ||
| + | option chains: 219 | ||
| + | chain headers: 1 | ||
| + | -------------------------------------------------- | ||
| + | service rule counts | ||
| + | file_id: | ||
| + | total: | ||
| + | -------------------------------------------------- | ||
| + | fast pattern groups | ||
| + | to_server: 1 | ||
| + | to_client: 1 | ||
| + | -------------------------------------------------- | ||
| + | search engine (ac_bnfa) | ||
| + | instances: | ||
| + | | ||
| + | pattern chars: 2602 | ||
| + | num states: 1832 | ||
| + | num match states: 392 | ||
| + | | ||
| + | total memory: 71.2812 | ||
| + | | ||
| + | match list memory: 28.4375 | ||
| + | transition memory: 22.9453 | ||
| + | appid: MaxRss diff: 3408 | ||
| + | appid: patterns loaded: 300 | ||
| + | -------------------------------------------------- | ||
| + | pcap DAQ configured to passive. | ||
| + | Commencing packet processing | ||
| + | Retry queue interval is: 200 ms | ||
| + | ++ [0] ens18 | ||
| + | [Entrée] | ||
| - | [trainee@centos8 | + | root@debian12:~# ps aux | grep 28057 |
| - | Password: fenestros | + | root |
| + | root | ||
| </ | </ | ||
| - | < | + | Tuez le processus de Snort 3 : |
| - | [root@centos8 ~]# dnf install epel-release | + | |
| - | </ | + | |
| < | < | ||
| - | [root@centos8 | + | root@debian12:~# kill 28057 |
| - | </code> | + | root@debian12: |
| + | == stopping | ||
| + | -- [0] ens18 | ||
| + | -------------------------------------------------- | ||
| + | Packet Statistics | ||
| + | -------------------------------------------------- | ||
| + | daq | ||
| + | | ||
| + | | ||
| + | allow: 1067 | ||
| + | | ||
| + | -------------------------------------------------- | ||
| + | codec | ||
| + | total: 1067 | ||
| + | arp: 12 | ||
| + | eth: 1067 | ||
| + | icmp4: 1 ( 0.094%) | ||
| + | | ||
| + | icmp6: 1 ( 0.094%) | ||
| + | ipv4: 1054 ( 98.782%) | ||
| + | ipv6: 1 ( 0.094%) | ||
| + | tcp: 1052 ( 98.594%) | ||
| + | udp: 1 ( 0.094%) | ||
| + | -------------------------------------------------- | ||
| + | Module Statistics | ||
| + | -------------------------------------------------- | ||
| + | ac_full | ||
| + | | ||
| + | bytes: 184 | ||
| + | -------------------------------------------------- | ||
| + | appid | ||
| + | packets: 1055 | ||
| + | processed_packets: | ||
| + | ignored_packets: | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | -------------------------------------------------- | ||
| + | arp_spoof | ||
| + | packets: 12 | ||
| + | -------------------------------------------------- | ||
| + | back_orifice | ||
| + | packets: 1 | ||
| + | -------------------------------------------------- | ||
| + | binder | ||
| + | raw_packets: | ||
| + | new_flows: 5 | ||
| + | | ||
| + | -------------------------------------------------- | ||
| + | detection | ||
| + | | ||
| + | -------------------------------------------------- | ||
| + | port_scan | ||
| + | packets: 1055 | ||
| + | | ||
| + | -------------------------------------------------- | ||
| + | stream | ||
| + | flows: 5 | ||
| + | | ||
| + | idle_prunes_proto_timeout: | ||
| + | | ||
| + | icmp_timeout_prunes: | ||
| + | -------------------------------------------------- | ||
| + | stream_icmp | ||
| + | | ||
| + | max: 2 | ||
| + | created: 2 | ||
| + | | ||
| + | -------------------------------------------------- | ||
| + | stream_tcp | ||
| + | | ||
| + | max: 2 | ||
| + | created: 2 | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | data_trackers: | ||
| + | segs_queued: | ||
| + | segs_released: | ||
| + | segs_used: 638 | ||
| + | rebuilt_packets: | ||
| + | rebuilt_bytes: | ||
| + | client_cleanups: | ||
| + | server_cleanups: | ||
| + | partial_fallbacks: | ||
| + | | ||
| + | max_bytes: 9608 | ||
| + | -------------------------------------------------- | ||
| + | stream_udp | ||
| + | | ||
| + | max: 1 | ||
| + | created: 1 | ||
| + | | ||
| + | total_bytes: | ||
| + | -------------------------------------------------- | ||
| + | wizard | ||
| + | tcp_scans: 292 | ||
| + | | ||
| + | udp_scans: 1 | ||
| + | | ||
| + | -------------------------------------------------- | ||
| + | Appid Statistics | ||
| + | -------------------------------------------------- | ||
| + | detected apps and services | ||
| + | Application: | ||
| + | unknown: 2 0 0 0 0 0 | ||
| + | -------------------------------------------------- | ||
| + | Summary Statistics | ||
| + | -------------------------------------------------- | ||
| + | process | ||
| + | signals: 1 | ||
| + | -------------------------------------------------- | ||
| + | timing | ||
| + | runtime: 00:10:13 | ||
| + | seconds: 613.666561 | ||
| + | pkts/sec: 2 | ||
| + | o" | ||
| - | < | + | [2]+ Done snort -c /usr/local/snort/etc/snort/ |
| - | [root@centos8 ~]# mv /tmp/static.key | + | (wd now: ~) |
| - | [root@centos8 ~]# ls /etc/openvpn | + | |
| - | client | + | |
| </ | </ | ||
| - | Créez le fichier **/ | + | ====LAB #3 - Mise en place du Système de Détection et de Prévention d' |
| - | < | + | Portsentry est un **S**ystème de **D**étection et de **Prévention** d' |
| - | [root@centos8 ~]# vi / | + | |
| - | [root@centos8 ~]# cat / | + | |
| - | remote 10.0.2.46 | + | |
| - | dev tun | + | |
| - | port 1194 | + | |
| - | proto udp | + | |
| - | comp-lzo | + | |
| - | ifconfig 10.0.0.2 10.0.0.1 | + | |
| - | secret / | + | |
| - | </ | + | |
| - | Lancez openvpn en ligne de commande et en arrière plan en spécifiant une journalisation : | + | ===3.1 - Installation === |
| - | < | + | Utilisez simplement APT pour installer portsentry |
| - | [root@centos8 ~]# openvpn --config / | + | |
| - | [1] 14598 | + | |
| - | </ | + | |
| - | + | ||
| - | Vérifiez ensuite que le **socket** d' | + | |
| < | < | ||
| - | [root@centos8 | + | root@debian12:~# apt install portsentry |
| - | udp 0 0 0.0.0.0: | + | |
| </ | </ | ||
| - | Constatez ensuite la table de routage : | + | ===3.2 - Configuration=== |
| - | < | + | Modifiez le fichier |
| - | [root@centos8 ~]# netstat -ar | + | |
| - | Kernel IP routing table | + | |
| - | Destination | + | |
| - | default | + | |
| - | 10.0.0.1 | + | |
| - | 10.0.2.0 | + | |
| - | 192.168.122.0 | + | |
| - | </ | + | |
| - | + | ||
| - | Notez la présence de la route via **tun0**. | + | |
| - | + | ||
| - | Constatez ensuite le montage du tunnel | + | |
| < | < | ||
| - | [root@centos7 | + | root@debian12:~# vi /etc/portsentry/ |
| + | ... | ||
| + | 131 # 0 = Do not block UDP/TCP scans. | ||
| + | 132 # 1 = Block UDP/TCP scans. | ||
| + | 133 # 2 = Run external command only (KILL_RUN_CMD) | ||
| + | 134 | ||
| + | 135 BLOCK_UDP=" | ||
| + | 136 BLOCK_TCP=" | ||
| + | ... | ||
| + | 211 # iptables support for Linux with limit and LOG support. Logs only | ||
| + | 212 # a limited number of packets to avoid a denial of service attack. | ||
| + | 213 KILL_ROUTE="/ | ||
| + | ... | ||
| + | 268 # | ||
| + | 269 # for examples see / | ||
| + | 270 KILL_RUN_CMD="/ | ||
| + | ... | ||
| </ | </ | ||
| - | L' | + | ===3.3 - Utilisation=== |
| - | < | + | Redémarrez |
| - | | + | |
| - | | | | + | |
| - | | | | + | |
| - | eth0@ifxxx | + | |
| - | 172.yy.0.3 | + | |
| - | </ | + | |
| - | + | ||
| - | ====Configuration du serveur==== | + | |
| - | + | ||
| - | Créez | + | |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | + | ||
| - | root@debian12: | + | |
| - | dev tun | + | |
| - | ifconfig 10.0.0.1 10.0.0.2 | + | |
| - | secret / | + | |
| - | port 1194 | + | |
| - | proto udp | + | |
| - | user nobody | + | |
| - | group nobody | + | |
| - | daemon | + | |
| - | comp-lzo | + | |
| - | keepalive 10 60 | + | |
| - | ping-timer-rem | + | |
| - | persist-tun | + | |
| - | persist-key | + | |
| - | log / | + | |
| - | verb 1 | + | |
| - | </ | + | |
| - | + | ||
| - | Arrêtez le service **firewalld** : | + | |
| - | + | ||
| - | < | + | |
| - | root@debian12: | + | |
| - | + | ||
| - | root@debian12: | + | |
| - | Chain INPUT (policy ACCEPT) | + | |
| - | target | + | |
| - | Chain FORWARD | + | root@debian12: |
| - | target | + | ● portsentry.service - LSB: # start and stop portsentry |
| + | | ||
| + | Active: active (running) since Thu 2025-12-04 16:10:22 CET; 2s ago | ||
| + | Docs: man: | ||
| + | Process: 28347 ExecStart=/ | ||
| + | Tasks: 2 (limit: 19123) | ||
| + | | ||
| + | CPU: 84ms | ||
| + | | ||
| + | | ||
| + | | ||
| - | Chain OUTPUT (policy ACCEPT) | + | Dec 04 16:10:22 debian12 portsentry[28364]: |
| - | target | + | Dec 04 16:10:22 debian12 portsentry[28364]: |
| + | Dec 04 16:10:22 debian12 portsentry[28364]: | ||
| + | Dec 04 16:10:22 debian12 portsentry[28364]: | ||
| + | Dec 04 16:10:22 debian12 portsentry[28364]: | ||
| + | Dec 04 16:10:22 debian12 portsentry[28364]: | ||
| + | Dec 04 16:10:22 debian12 portsentry[28364]: | ||
| + | Dec 04 16:10:22 debian12 portsentry[28364]: | ||
| + | Dec 04 16:10:22 debian12 portsentry[28364]: | ||
| + | Dec 04 16:10:22 debian12 portsentry[28364]: | ||
| </ | </ | ||
| - | Lancez openvpn en ligne de commande et en arrière plan en spécifiant une journalisation | + | Consultez les processus |
| < | < | ||
| - | root@debian12: | + | root@debian12: |
| - | [1] 11644 | + | root |
| - | </ | + | root 28364 |
| - | + | root 28369 | |
| - | Vérifiez ensuite que le **socket** d' | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos7 ~]# netstat -an | grep 1194 | + | |
| - | udp 0 0 0.0.0.0:1194 0.0.0.0: | + | |
| - | </ | + | |
| - | + | ||
| - | Constatez ensuite la table de routage : | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos7 ~]# netstat -ar | + | |
| - | Kernel IP routing table | + | |
| - | Destination | + | |
| - | 0.0.0.0 | + | |
| - | 10.0.0.1 | + | |
| - | 10.0.2.0 | + | |
| - | </ | + | |
| - | + | ||
| - | Constatez ensuite le montage du tunnel en regardant le contenu du fichier de journalisation **/ | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos7 ~]# tail /var/log/vpn | + | |
| - | </ | + | |
| - | + | ||
| - | ====Tests==== | + | |
| - | + | ||
| - | ===Du client vers le serveur=== | + | |
| - | + | ||
| - | Sur le client, utilisez la commande ping pour envoyer des paquets dans le tunnel : | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos6 ~]# ping -c3 10.0.0.1 | + | |
| - | PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. | + | |
| - | 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=7.62 ms | + | |
| - | 64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=1.35 ms | + | |
| - | 64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.000 ms | + | |
| - | + | ||
| - | --- 10.0.0.1 ping statistics --- | + | |
| - | 3 packets transmitted, | + | |
| - | rtt min/avg/max/mdev = 0.000/ | + | |
| - | </ | + | |
| - | + | ||
| - | ===Du serveur vers le client=== | + | |
| - | + | ||
| - | Sur le serveur, utilisez la commande ping pour envoyer des paquets dans le tunnel : | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos7 ~]# ping -c5 10.0.0.2 | + | |
| - | PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. | + | |
| - | 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=2.59 ms | + | |
| - | 64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=9.08 ms | + | |
| - | 64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=7.24 ms | + | |
| - | 64 bytes from 10.0.0.2: icmp_seq=4 ttl=64 time=7.03 ms | + | |
| - | 64 bytes from 10.0.0.2: icmp_seq=5 ttl=64 time=4.08 ms | + | |
| - | + | ||
| - | --- 10.0.0.2 ping statistics --- | + | |
| - | 5 packets transmitted, | + | |
| - | rtt min/ | + | |
| </ | </ | ||
| ----- | ----- | ||
| Copyright © 2025 Hugh Norris. | Copyright © 2025 Hugh Norris. | ||
