Cahier 2016 groupe n°9 : Différence entre versions
(→Séance 6) |
(→Séance 6) |
||
Ligne 195 : | Ligne 195 : | ||
ZSKs: 1 active, 0 stand-by, 0 revoked | ZSKs: 1 active, 0 stand-by, 0 revoked | ||
../db.l-epee-d-ophile.net.signed | ../db.l-epee-d-ophile.net.signed | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | dnssec : | ||
+ | |||
+ | |||
+ | root@Spiderman:/etc/bind# dig DNSKEY l-epee-d-ophile.net @localhost | ||
+ | |||
+ | ; <<>> DiG 9.9.5-9+deb8u8-Debian <<>> DNSKEY l-epee-d-ophile.net @localhost | ||
+ | ;; global options: +cmd | ||
+ | ;; Got answer: | ||
+ | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50084 | ||
+ | ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 | ||
+ | |||
+ | ;; OPT PSEUDOSECTION: | ||
+ | ; EDNS: version: 0, flags:; udp: 4096 | ||
+ | ;; QUESTION SECTION: | ||
+ | ;l-epee-d-ophile.net. IN DNSKEY | ||
+ | |||
+ | ;; ANSWER SECTION: | ||
+ | l-epee-d-ophile.net. 10800 IN DNSKEY 256 3 5 AwEAAezQNszlMCkzdf6kJCrsqDuq+mL3J1P1/6C7hoA4GLpS4yqkbjs8 kk0gIq992Aq33DosjRtxnhnLuhmhq8asYut/ImoNSKJiAg0dyKx2dzgH wtbQ6L/+y/3f+8qzfA3CbZspivVYpt984hE7BucgFYGhO4NvDLPrlDv5 X/MpCBBf | ||
+ | l-epee-d-ophile.net. 10800 IN DNSKEY 257 3 5 AwEAAfQXibMSzmfb8EbpamHRkClOYPGUgxnPo+cOXPhnxkza5ETWjrJs eNG+jfOnKHmKkYQylH9a3dLmPUdEOKP2JBWVNU8H/HwmpaQQUhQw3i7C k8p1CeVCT77XTvfGEocjKKbBvbvoZpOt6SWTC/yrWWamlnXIcoK4wqby XVPAc4L25iNnRdFWD72TLB2rJmfGnO6Zv+BVTYFauALtoVA+rNRtf7gl 2M9eUBacnlkHbAWZF9g7tuEAfef7Ct4gHwmiOn1zsHcncA7hfpNiESs2 hn30qkqC+sMb1VsavslNjXfkGzIyh4zpkIY11wMQBx9Z01E894YDHfgw vEagKTUxXVs= | ||
+ | |||
+ | ;; Query time: 0 msec | ||
+ | ;; SERVER: 127.0.0.1#53(127.0.0.1) | ||
+ | ;; WHEN: Mon Nov 28 17:06:51 CET 2016 | ||
+ | ;; MSG SIZE rcvd: 472 |
Version du 28 novembre 2016 à 15:02
cours utilisé : http://vantroys.polytech-lille.net/TIIR/cisco.pdf
Sommaire
WIFI
Présentation
Le but du projet consiste à créer un accès wifi sur un commutateur OVH 6006 afin de permettre aux utilisateurs de se connecter à distance.
Architecture de la promo IMA5 2016/2017 :
[schema.png]
Matériel
Cisco Aironet 1600
Planning
Séance 1
Prise de connaissance du sujet et lecture concernant la configuration de la wifi
Séance 2
Connexion sur la borne wifi cisco 1600 par USB:
#su #minicom -os
paramètres : /dev/ttyUSB0, 9600 Bauds, no flow control, no parity, 1 bit stop, 8 data bits
Commande sur la borne Wifi :
ap>show ip interface BVI1 is down, line protocol is down Internet address is 193.48.65.201/26 Broadcast address is 255.255.255.255 Address determined by configuration file MTU is 1500 bytes ...
ap> show interfaces
On remarque qu'il y a 4 interfaces sur la borne wifi :
- BVI1
- Dot11Radio0
- Dot11Radio1
- GigabitEthernet0
En attente de notre configuration sur le commutateur, voici la liste des commandes que nous utiliserons afin de configurer la borne Wifi:
ap> enable ap# configure terminal ap(config)# interface "nom_interface" ap(config-if)# ip address "ip" "masque" ap(config-if)# description ap(config-if)# no shutdown ap(config-if)# exit ap(config)# exit ap#
Séance 4
Création de la machine virtuelle
Connexion au serveur cordouan:
ssh root@cordouan.insecserv.deule.net
Création de la VM:
xen-create-image --hostname=Spiderman --ip=193.48.57.169 --netmask=255.255.255.240 --gateway=193.48.57.172 --dir=/usr/local/xen --mirror=http://debian.polytech-lille.fr/debian/ --dist=jessie
demarrer la vm:
xl create /etc/xen/Spiderman.cfg
lancer la vm :
xl console Spiderman
Création des partitions logiques pour la machine virtuelle:
lvextend -L 10G/dev/virtual/ima5-Spiderman-var
on démarre la console :
xl etc/xen/console Spiderman
lvcreate -L 10G -n /dev/virtual/ima5-Spiderman-n
Ajouts des partitions à la configuration de la machine virtuelle en ajoutant la commande suivante dans etc/xen/Spiderman.cfg:
'phy:/dev/virtual/ima5-Spiderman-home,xvdb,w',
Configuration de la wifi:
show cdp neigbors detail show run int BVI1
Wep :
dans : /documents/test_crack# :
inconfig airmon-ng check kill airmon-ng check airmon-ng start wlan1 airodump-ng-encrypt wep mon0 airodump-ng -w out -c 13 .... bssid ... mon0
Séance 5
Installation de bind9 sur la VM xen.
Modification du fichier /etc/bind/named.conf.local :
zone "l-epee-d-ophile-net" { type master; file "/etc/bind/db.l-epee-d-ophile.net"; allow-transfer { 217.70.177.40; }; }; zone "57.48.193.in-addr.arpa" { type master; notify no; file "/etc/bind/db.193"; };
Créez le fichier de zone /etc/bind/db.l-epee-d-ophile.net
$TTL 10800 @ IN SOA www.l-epee-d-ophile.net. root.l-epee-d-ophile.net. ( 1 ; Serial 10800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS www.l-epee-d-ophile.net. @ IN A 193.48.57.169
Redémarrer bind
/etc/init.d/bind9 restart
Installation d'apache et php5:
apt-get install apache2 apt-get install php5
Création d'un glue record de notre domaine Gandi :
nom de serveur : ns.l-epee-d-ophile.net adresse IP : 193.48.57.169
Changez la configuration des serveurs du domaine Gandi
DNS1: ns1.l-epee-d-ophile.net DNS2: ns6.gandi.net
Commande:
root@Spiderman:/etc/bind# nslookup l-epee-d-ophile.net Server: 193.48.57.34 Address: 193.48.57.34#53 Non-authoritative answer: Name: l-epee-d-ophile.net Address: 217.70.184.38
Séance 6
Génération des clefs :
root@Spiderman:/etc/bind/l-epee-d-ophile.net.dnssec#dnssec-keygen -a RSASHA1 -b 2048 -r /dev/urandom -f KSK -n ZONE l-epee-d-ophile.net root@Spiderman:/etc/bind/l-epee-d-ophile.net.dnssec#dnssec-keygen -a RSASHA1 -b 1024 -r /dev/urandom -n ZONE l-epee-d-ophile.net
Signature de la zone :
root@Spiderman:/etc/bind/l-epee-d-ophile.net.dnssec# dnssec-signzone -o l-epee-d-ophile.net -k l-epee-d-ophile.net-ksk ../db.l-epee-d-ophile.net l-epee-d-ophile.net-zsk Verifying the zone using the following algorithms: RSASHA1. Zone fully signed: Algorithm: RSASHA1: KSKs: 1 active, 0 stand-by, 0 revoked ZSKs: 1 active, 0 stand-by, 0 revoked ../db.l-epee-d-ophile.net.signed
dnssec :
root@Spiderman:/etc/bind# dig DNSKEY l-epee-d-ophile.net @localhost ; <<>> DiG 9.9.5-9+deb8u8-Debian <<>> DNSKEY l-epee-d-ophile.net @localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50084 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;l-epee-d-ophile.net. IN DNSKEY
;; ANSWER SECTION: l-epee-d-ophile.net. 10800 IN DNSKEY 256 3 5 AwEAAezQNszlMCkzdf6kJCrsqDuq+mL3J1P1/6C7hoA4GLpS4yqkbjs8 kk0gIq992Aq33DosjRtxnhnLuhmhq8asYut/ImoNSKJiAg0dyKx2dzgH wtbQ6L/+y/3f+8qzfA3CbZspivVYpt984hE7BucgFYGhO4NvDLPrlDv5 X/MpCBBf l-epee-d-ophile.net. 10800 IN DNSKEY 257 3 5 AwEAAfQXibMSzmfb8EbpamHRkClOYPGUgxnPo+cOXPhnxkza5ETWjrJs eNG+jfOnKHmKkYQylH9a3dLmPUdEOKP2JBWVNU8H/HwmpaQQUhQw3i7C k8p1CeVCT77XTvfGEocjKKbBvbvoZpOt6SWTC/yrWWamlnXIcoK4wqby XVPAc4L25iNnRdFWD72TLB2rJmfGnO6Zv+BVTYFauALtoVA+rNRtf7gl 2M9eUBacnlkHbAWZF9g7tuEAfef7Ct4gHwmiOn1zsHcncA7hfpNiESs2 hn30qkqC+sMb1VsavslNjXfkGzIyh4zpkIY11wMQBx9Z01E894YDHfgw vEagKTUxXVs= ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Nov 28 17:06:51 CET 2016 ;; MSG SIZE rcvd: 472