CESI: Sécurité entreprise, maquette + support OK

2018-02-04 18:27:46 +01:00
parent 13e4a95892
commit 10e0f69dba
7 changed files with 153 additions and 35 deletions
--- a/cesi/securite_entreprise/ressources/intranet-demo/provisioning/developer/configure_account.sh
+++ b/cesi/securite_entreprise/ressources/intranet-demo/provisioning/developer/configure_account.sh
@ -2,5 +2,5 @@

 set -xe

-ACCOUNT_PASSWORD='$6$gMhMIYtz$tIY5w9xjFOJYgtrP2QY0TYfTPm8NQTh0JXaAL7O3TaJ8fAo8AmARaTwKFZgnUVMZKzMOnQOUVRtMtBKkYIS/U1' // passwd: developer
+ACCOUNT_PASSWORD='$6$gMhMIYtz$tIY5w9xjFOJYgtrP2QY0TYfTPm8NQTh0JXaAL7O3TaJ8fAo8AmARaTwKFZgnUVMZKzMOnQOUVRtMtBKkYIS/U1' # passwd: developer
 useradd -m -p "$ACCOUNT_PASSWORD" -s /bin/bash developer
--- a/cesi/securite_entreprise/ressources/intranet-demo/provisioning/firewall/configure_firewall_rules.sh
+++ b/cesi/securite_entreprise/ressources/intranet-demo/provisioning/firewall/configure_firewall_rules.sh
@ -43,6 +43,9 @@ ufw route allow in on $DEVELOPER_IFACE out on $MGMT_IFACE to any port 443 from $
 ufw route allow in on $DEVELOPER_IFACE out on $EXTRANET_IFACE to any from $DEVELOPER_NETWORK\
  comment "DEVELOPER -> * EXTRANET"

+ufw route allow in on $DEVELOPER_IFACE out on $INTRANET_IFACE to any from $DEVELOPER_NETWORK\
+  comment "DEVELOPER -> * INTRANET"
+
 # On autorise les connexions depuis la machine intranet-supervision vers
 # la machine extranet-wordpress sur le port 9117
 ufw route allow in on $INTRANET_IFACE out on $EXTRANET_IFACE to 192.168.202.10 port 9117 from 192.168.203.20\