CESI: Sécurité des entreprises, infrastructure Vagrant avec supervision Prometheus
This commit is contained in:
@ -2,8 +2,7 @@
|
||||
|
||||
Démonstrateur d'un intranet d'entreprise composé de:
|
||||
|
||||
- Un pare-feu
|
||||
- Un réseau "Comptabilité" avec un poste client Linux
|
||||
- Un pare-feu/routeur
|
||||
- Un réseau "Développement" avec un poste client Linux
|
||||
- Un réseau "Services Intranet"
|
||||
- Un réseau "Services Extranet"
|
||||
|
||||
@ -10,8 +10,8 @@ Vagrant.configure("2") do |config|
|
||||
# For a complete reference, please see the online documentation at
|
||||
# https://docs.vagrantup.com.
|
||||
|
||||
config.vbguest.auto_update = false
|
||||
config.vbguest.no_remote = true
|
||||
# config.vbguest.auto_update = false
|
||||
# config.vbguest.no_remote = true
|
||||
|
||||
config.vm.provision :shell,
|
||||
inline: "localectl set-keymap fr"
|
||||
@ -23,9 +23,10 @@ Vagrant.configure("2") do |config|
|
||||
|
||||
firewall.vm.network "public_network"
|
||||
|
||||
firewall.vm.network "private_network", ip: "192.168.200.254", virtualbox_intnet: "accounting"
|
||||
# firewall.vm.network "private_network", ip: "192.168.200.254", virtualbox_intnet: "accounting"
|
||||
firewall.vm.network "private_network", ip: "192.168.201.254", virtualbox_intnet: "developer"
|
||||
firewall.vm.network "private_network", ip: "192.168.202.254", virtualbox_intnet: "intra-services"
|
||||
firewall.vm.network "private_network", ip: "192.168.202.254", virtualbox_intnet: "extranet-services"
|
||||
firewall.vm.network "private_network", ip: "192.168.203.254", virtualbox_intnet: "intranet-services"
|
||||
|
||||
firewall.vm.provision :shell, path: "provisioning/common/disable_predictable_interfaces.sh"
|
||||
firewall.vm.provision :reload
|
||||
@ -35,29 +36,49 @@ Vagrant.configure("2") do |config|
|
||||
|
||||
end
|
||||
|
||||
config.vm.define "intranet-portal" do |portal|
|
||||
portal.vm.box = "ubuntu/xenial64"
|
||||
portal.vm.hostname = "intranet-portal"
|
||||
portal.vm.network "private_network", ip: "192.168.202.10", virtualbox_intnet: "intra-services"
|
||||
portal.vm.provision :shell, :inline => "ip route delete default 2>&1 >/dev/null || true; ip route add default via 192.168.202.254"
|
||||
config.vm.define "extranet-wordpress" do |wordpress|
|
||||
wordpress.vm.box = "ubuntu/xenial64"
|
||||
wordpress.vm.hostname = "extranet-wordpress"
|
||||
wordpress.vm.network "private_network", ip: "192.168.202.10", virtualbox_intnet: "extranet-services"
|
||||
wordpress.vm.provision :shell, :inline => "ip route delete default 2>&1 >/dev/null || true; ip route add default via 192.168.202.254"
|
||||
wordpress.vm.provision :shell, path: "provisioning/wordpress/configure_wordpress.sh"
|
||||
wordpress.vm.provision :shell, path: "provisioning/wordpress/configure_apache_exporter.sh"
|
||||
end
|
||||
|
||||
config.vm.define "workstation1-developer-linux" do |workstation|
|
||||
config.vm.define "intranet-backup" do |intranet|
|
||||
intranet.vm.box = "ubuntu/xenial64"
|
||||
intranet.vm.hostname = "intranet-backup"
|
||||
intranet.vm.network "private_network", ip: "192.168.203.10", virtualbox_intnet: "intranet-services"
|
||||
intranet.vm.provision :shell, :inline => "ip route delete default 2>&1 >/dev/null || true; ip route add default via 192.168.203.254"
|
||||
intranet.vm.provision :shell, path: "provisioning/backup/configure_backup.sh"
|
||||
end
|
||||
|
||||
config.vm.define "intranet-supervision" do |supervision|
|
||||
supervision.vm.box = "ubuntu/xenial64"
|
||||
supervision.vm.hostname = "intranet-supervision"
|
||||
supervision.vm.network "private_network", ip: "192.168.203.20", virtualbox_intnet: "intranet-services"
|
||||
supervision.vm.provision :shell, :inline => "ip route delete default 2>&1 >/dev/null || true; ip route add default via 192.168.203.254"
|
||||
supervision.vm.provision :shell, path: "provisioning/supervision/configure_supervision.sh"
|
||||
supervision.vm.provision :shell, path: "provisioning/supervision/configure_fakesmtp.sh"
|
||||
end
|
||||
|
||||
config.vm.define "workstation-developer-linux" do |workstation|
|
||||
workstation.vm.box = "ubuntu/xenial64"
|
||||
workstation.vm.hostname = "developer-ws1"
|
||||
workstation.vm.network "private_network", ip: "192.168.201.10", virtualbox_intnet: "developer", auto_config: false
|
||||
workstation.vm.network "private_network", ip: "192.168.201.10", virtualbox_intnet: "developer", auto_config: false
|
||||
workstation.vm.provision :shell, path: "provisioning/workstation/configure_desktop.sh"
|
||||
workstation.vm.provision :reload
|
||||
workstation.vm.provision :shell, path: "provisioning/workstation/configure_network.sh"
|
||||
workstation.vm.provision :shell, path: "provisioning/developer/configure_account.sh"
|
||||
end
|
||||
|
||||
config.vm.define "workstation1-accounting-linux" do |workstation|
|
||||
workstation.vm.box = "ubuntu/xenial64"
|
||||
workstation.vm.hostname = "accounting-ws1"
|
||||
workstation.vm.network "private_network", ip: "192.168.200.10", virtualbox_intnet: "accounting", auto_config: false
|
||||
workstation.vm.provision :shell, path: "provisioning/workstation/configure_desktop.sh"
|
||||
workstation.vm.provision :reload
|
||||
workstation.vm.provision :shell, path: "provisioning/workstation/configure_network.sh"
|
||||
end
|
||||
# config.vm.define "workstation1-accounting-linux" do |workstation|
|
||||
# workstation.vm.box = "ubuntu/xenial64"
|
||||
# workstation.vm.hostname = "accounting-ws1"
|
||||
# workstation.vm.network "private_network", ip: "192.168.200.10", virtualbox_intnet: "accounting", auto_config: false
|
||||
# workstation.vm.provision :shell, path: "provisioning/workstation/configure_desktop.sh"
|
||||
# workstation.vm.provision :reload
|
||||
# workstation.vm.provision :shell, path: "provisioning/workstation/configure_network.sh"
|
||||
# end
|
||||
|
||||
end
|
||||
|
||||
@ -0,0 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -x
|
||||
|
||||
apt-get update
|
||||
apt-get install rsync rsnapshot
|
||||
@ -0,0 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -xe
|
||||
|
||||
ACCOUNT_PASSWORD='$6$gMhMIYtz$tIY5w9xjFOJYgtrP2QY0TYfTPm8NQTh0JXaAL7O3TaJ8fAo8AmARaTwKFZgnUVMZKzMOnQOUVRtMtBKkYIS/U1' // passwd: developer
|
||||
useradd -m -p "$ACCOUNT_PASSWORD" -s /bin/bash developer
|
||||
@ -14,10 +14,10 @@ systemctl disable systemd-resolved
|
||||
cat > /etc/dnsmasq.d/local.conf <<EOF
|
||||
|
||||
interface=$DEVELOPER_IFACE
|
||||
interface=$ACCOUNTING_IFACE
|
||||
#interface=$ACCOUNTING_IFACE
|
||||
|
||||
dhcp-range=$DEVELOPER_IFACE,192.168.201.10,192.168.201.100,4h
|
||||
dhcp-range=$DEVELOPER_IFACE,192.168.200.10,192.168.200.100,4h
|
||||
#dhcp-range=$DEVELOPER_IFACE,192.168.200.10,192.168.200.100,4h
|
||||
EOF
|
||||
|
||||
|
||||
|
||||
@ -23,23 +23,59 @@ ufw allow out 53,67,68/udp\
|
||||
|
||||
# Règles de routage
|
||||
|
||||
# Attention: l'interface MGMT_IFACE est utilisé comme gateway internet par la machine firewall
|
||||
|
||||
ufw route allow in on $DEVELOPER_IFACE out on $MGMT_IFACE to any port 80 from $DEVELOPER_NETWORK\
|
||||
comment "DEVELOPER -> 80 INTERNET"
|
||||
ufw route allow in on $DEVELOPER_IFACE out on $MGMT_IFACE to any port 443 from $DEVELOPER_NETWORK\
|
||||
comment "DEVELOPER -> 443 INTERNET"
|
||||
|
||||
# On autorise les connexions HTTP(S) vers l'exterieur depuis le réseau "accounting"
|
||||
ufw route allow in on $ACCOUNTING_IFACE out on $MGMT_IFACE to any port 80 from $ACCOUNTING_NETWORK\
|
||||
comment "ACCOUNTING -> 80 INTERNET"
|
||||
ufw route allow in on $ACCOUNTING_IFACE out on $MGMT_IFACE to any port 443 from $ACCOUNTING_NETWORK\
|
||||
comment "ACCOUNTING -> 443 INTERNET"
|
||||
# ufw route allow in on $ACCOUNTING_IFACE out on $MGMT_IFACE to any port 80 from $ACCOUNTING_NETWORK\
|
||||
# comment "ACCOUNTING -> 80 INTERNET"
|
||||
# ufw route allow in on $ACCOUNTING_IFACE out on $MGMT_IFACE to any port 443 from $ACCOUNTING_NETWORK\
|
||||
# comment "ACCOUNTING -> 443 INTERNET"
|
||||
|
||||
# On autorise toutes les connexions vers le réseau "services intranet" depuis le réseau "accounting"
|
||||
# On autorise toutes les connexions vers le réseau "services extranet" depuis le réseau "accounting"
|
||||
# et le réseau "developer"
|
||||
ufw route allow in on $ACCOUNTING_IFACE out on $INTRANET_IFACE to any from $ACCOUNTING_NETWORK\
|
||||
comment "ACCOUNTING -> * SERVICES INTRA"
|
||||
ufw route allow in on $DEVELOPER_IFACE out on $INTRANET_IFACE to any from $DEVELOPER_NETWORK\
|
||||
comment "DEVELOPER -> * SERVICES INTRA"
|
||||
# ufw route allow in on $ACCOUNTING_IFACE out on $EXTRANET_IFACE to any from $ACCOUNTING_NETWORK\
|
||||
# comment "ACCOUNTING -> * SERVICES EXTRANET"
|
||||
ufw route allow in on $DEVELOPER_IFACE out on $EXTRANET_IFACE to any from $DEVELOPER_NETWORK\
|
||||
comment "DEVELOPER -> * EXTRANET"
|
||||
|
||||
# On autorise les connexions depuis la machine intranet-supervision vers
|
||||
# la machine extranet-wordpress sur le port 9117
|
||||
ufw route allow in on $INTRANET_IFACE out on $EXTRANET_IFACE to 192.168.202.10 port 9117 from 192.168.203.20\
|
||||
comment "intranet-supervision -> 9117 extranet-wordpress"
|
||||
|
||||
# On autorise les connexions HTTP/S depuis l'extranet vers le web
|
||||
ufw route allow in on $EXTRANET_IFACE out on $MGMT_IFACE to any port 80 from $EXTRANET_NETWORK\
|
||||
comment "EXTRANET -> 80 INTERNET"
|
||||
ufw route allow in on $EXTRANET_IFACE out on $MGMT_IFACE to any port 443 from $EXTRANET_NETWORK\
|
||||
comment "EXTRANET -> 443 INTERNET"
|
||||
|
||||
# On autorise les connexions HTTP/S depuis l'intranet vers le web
|
||||
ufw route allow in on $INTRANET_IFACE out on $MGMT_IFACE to any port 80 from $INTRANET_NETWORK\
|
||||
comment "INTRANET -> 80 INTERNET"
|
||||
ufw route allow in on $INTRANET_IFACE out on $MGMT_IFACE to any port 443 from $INTRANET_NETWORK\
|
||||
comment "INTRANET -> 443 INTERNET"
|
||||
|
||||
# On autorise toutes les connexions vers les réseaux "developer" et "accounting" depuis le réseau "services intranet"
|
||||
# ufw route allow in on $INTRANET_IFACE out on $ACCOUNTING_IFACE to any from $INTRANET_NETWORK\
|
||||
# comment "INTRANET -> * ACCOUNTING"
|
||||
ufw route allow in on $INTRANET_IFACE out on $DEVELOPER_IFACE to any from $INTRANET_NETWORK\
|
||||
comment "INTRANET -> * DEVELOPER"
|
||||
|
||||
# On redirige le flux entrant sur les ports 80/443 vers la machine extranet-wordpress
|
||||
ufw allow in on $PUBLIC_IFACE from any port http comment "* 80 -> PUBLIC"
|
||||
ufw allow in on $PUBLIC_IFACE from any port https comment "* 443 -> PUBLIC"
|
||||
|
||||
ufw route allow in on $PUBLIC_IFACE out on $EXTRANET_IFACE to 192.168.202.10 port http\
|
||||
comment "PUBLIC 80 -> 80 extranet-wordpress"
|
||||
ufw route allow in on $PUBLIC_IFACE out on $EXTRANET_IFACE to 192.168.202.10 port https\
|
||||
comment "PUBLIC 443 -> 443 extranet-wordpress"
|
||||
ufw route allow in on $EXTRANET_IFACE out on $PUBLIC_IFACE
|
||||
ufw allow out on $EXTRANET_IFACE to 192.168.202.10 port https
|
||||
|
||||
# Application des règles
|
||||
ufw --force enable
|
||||
|
||||
@ -15,10 +15,17 @@ sed -i 's/^#net\/ipv6\/conf\/all\/forwarding.*$/net\/ipv6\/conf\/all\/forwarding
|
||||
TMP_FILE=$(mktemp)
|
||||
cat > "$TMP_FILE" <<EOF
|
||||
*nat
|
||||
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
-A POSTROUTING -s $INTRANET_NETWORK -o $MGMT_IFACE -j MASQUERADE
|
||||
-A POSTROUTING -s $ACCOUNTING_NETWORK -o $MGMT_IFACE -j MASQUERADE
|
||||
#-A POSTROUTING -s $ACCOUNTING_NETWORK -o $MGMT_IFACE -j MASQUERADE
|
||||
-A POSTROUTING -s $DEVELOPER_NETWORK -o $MGMT_IFACE -j MASQUERADE
|
||||
-A POSTROUTING -s $EXTRANET_NETWORK -o $MGMT_IFACE -j MASQUERADE
|
||||
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
-A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 192.168.202.10:80
|
||||
-A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to-destination 192.168.202.10:443
|
||||
|
||||
COMMIT
|
||||
|
||||
$(cat /etc/ufw/before.rules)
|
||||
|
||||
@ -2,10 +2,12 @@ IFACES=($(ls /sys/class/net))
|
||||
|
||||
MGMT_IFACE="${IFACES[0]}"
|
||||
PUBLIC_IFACE="eth1"
|
||||
DEVELOPER_IFACE="eth2"
|
||||
# ACCOUNTING_IFACE="eth2"
|
||||
EXTRANET_IFACE="eth3"
|
||||
INTRANET_IFACE="eth4"
|
||||
DEVELOPER_IFACE="eth3"
|
||||
ACCOUNTING_IFACE="eth2"
|
||||
|
||||
INTRANET_NETWORK="192.168.202.0/24"
|
||||
EXTRANET_NETWORK="192.168.202.0/24"
|
||||
DEVELOPER_NETWORK="192.168.201.0/24"
|
||||
ACCOUNTING_NETWORK="192.168.200.0/24"
|
||||
# ACCOUNTING_NETWORK="192.168.200.0/24"
|
||||
INTRANET_NETWORK="192.168.203.0/24"
|
||||
|
||||
@ -0,0 +1,30 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -xe
|
||||
|
||||
apt-get update
|
||||
apt-get install -y nodejs nodejs-legacy git npm
|
||||
|
||||
mkdir -p /opt
|
||||
cd /opt
|
||||
git clone https://github.com/Bornholm/faketools.git faketools
|
||||
|
||||
cd faketools
|
||||
npm install --production
|
||||
|
||||
cat > /etc/systemd/system/fakesmtp.service <<EOF
|
||||
[Unit]
|
||||
Description=FakeSMTP Server
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/opt/faketools/bin/fake-smtp
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
systemctl enable fakesmtp
|
||||
systemctl start fakesmtp
|
||||
@ -0,0 +1,104 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -x
|
||||
|
||||
PROMETHEUS_URL=https://github.com/prometheus/prometheus/releases/download/v2.1.0/prometheus-2.1.0.linux-amd64.tar.gz
|
||||
ALERTMANAGER_URL=https://github.com/prometheus/alertmanager/releases/download/v0.13.0/alertmanager-0.13.0.linux-amd64.tar.gz
|
||||
|
||||
[ ! -f prometheus.tar.gz ] && wget -O- "$PROMETHEUS_URL" > prometheus.tar.gz
|
||||
[ ! -f alertmanager.tar.gz ] && wget -O- "$ALERTMANAGER_URL" > alertmanager.tar.gz
|
||||
|
||||
tar -xzf prometheus.tar.gz
|
||||
tar -xzf alertmanager.tar.gz
|
||||
|
||||
mv prometheus-* /opt/prometheus
|
||||
mv alertmanager-* /opt/alertmanager
|
||||
|
||||
cat > /etc/systemd/system/prometheus.service <<EOF
|
||||
[Unit]
|
||||
Description=Prometheus Server
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/opt/prometheus/prometheus --config.file="/etc/prometheus/config.yml"
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
mkdir -p /etc/prometheus/rules.d
|
||||
|
||||
cat > /etc/prometheus/config.yml <<EOF
|
||||
# Configuration de l'application sur laquelle
|
||||
# Prometheus doit récolter des informations
|
||||
|
||||
scrape_configs:
|
||||
- job_name: extranet-wordpress
|
||||
scrape_interval: 10s
|
||||
metrics_path: /metrics
|
||||
static_configs:
|
||||
- targets: [ "192.168.202.10:9117" ]
|
||||
|
||||
# Configuration de l'alertmanager
|
||||
|
||||
alerting:
|
||||
alertmanagers:
|
||||
- static_configs:
|
||||
- targets: [ "localhost:9093" ]
|
||||
|
||||
# Définition des règles d'alertes
|
||||
rule_files:
|
||||
- "/etc/prometheus/rules.d/*.yml"
|
||||
|
||||
EOF
|
||||
|
||||
systemctl enable prometheus
|
||||
systemctl start prometheus
|
||||
|
||||
cat > /etc/systemd/system/alertmanager.service <<EOF
|
||||
[Unit]
|
||||
Description=Alertmanager Server
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/opt/alertmanager/alertmanager --config.file="/etc/alertmanager/config.yml"
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
cat > /etc/prometheus/rules.d/wordpress-uptime.yml <<EOF
|
||||
groups:
|
||||
- name: wordpress_up
|
||||
interval: 5s
|
||||
rules:
|
||||
- alert: job:extranet_wordpress:up
|
||||
expr: apache_up{job="extranet-wordpress"} == 0 OR up{job="extranet-wordpress"} == 0
|
||||
for: 5s
|
||||
EOF
|
||||
|
||||
mkdir -p /etc/alertmanager
|
||||
|
||||
cat > /etc/alertmanager/config.yml <<EOF
|
||||
global:
|
||||
smtp_smarthost: 'localhost:2525'
|
||||
smtp_from: 'alertmanager@my.org'
|
||||
smtp_auth_username: 'alertmanager'
|
||||
smtp_auth_password: 'password'
|
||||
smtp_require_tls: false
|
||||
|
||||
route:
|
||||
receiver: dev-team
|
||||
|
||||
receivers:
|
||||
- name: 'dev-team'
|
||||
email_configs:
|
||||
- to: 'dev-team@my.org'
|
||||
EOF
|
||||
|
||||
systemctl enable alertmanager
|
||||
systemctl start alertmanager
|
||||
@ -0,0 +1,27 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -xe
|
||||
|
||||
APACHE_EXPORTER_URL=https://github.com/Lusitaniae/apache_exporter/releases/download/v0.5.0/apache_exporter-0.5.0.linux-amd64.tar.gz
|
||||
|
||||
[ ! -f apache_exporter.tar.gz ] && wget -O- "$APACHE_EXPORTER_URL" > apache_exporter.tar.gz
|
||||
|
||||
tar -xzf apache_exporter.tar.gz
|
||||
mv apache_exporter-* /opt/apache_exporter
|
||||
|
||||
cat > /etc/systemd/system/apache_exporter.service <<EOF
|
||||
[Unit]
|
||||
Description=Apache Prometheus Exporter
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/opt/apache_exporter/apache_exporter
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
systemctl enable apache_exporter
|
||||
systemctl start apache_exporter
|
||||
@ -0,0 +1,43 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -x
|
||||
|
||||
function gen_passwd() {
|
||||
< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-16};echo;
|
||||
}
|
||||
|
||||
apt-get update
|
||||
|
||||
if [ ! -f /root/.mysql_root_password ]; then
|
||||
MYSQL_ROOT_PASSWORD="$(gen_passwd)"
|
||||
echo "$MYSQL_ROOT_PASSWORD" > /root/.mysql_root_password
|
||||
else
|
||||
MYSQL_ROOT_PASSWORD="$(cat /root/.mysql_root_password)"
|
||||
fi
|
||||
|
||||
if [ ! -f /root/.mysql_wordpress_password ]; then
|
||||
MYSQL_WORDPRESS_PASSWORD="$(gen_passwd)"
|
||||
else
|
||||
MYSQL_WORDPRESS_PASSWORD="$(cat /root/.mysql_wordpress_password)"
|
||||
echo "$MYSQL_WORDPRESS_PASSWORD" > /root/.mysql_wordpress_password
|
||||
fi
|
||||
|
||||
debconf-set-selections <<< "mysql-server mysql-server/root_password password $MYSQL_ROOT_PASSWORD"
|
||||
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $MYSQL_ROOT_PASSWORD"
|
||||
sudo apt-get -y install mysql-server
|
||||
|
||||
apt-get install -y wordpress mysql-server
|
||||
|
||||
ln -s /usr/share/wordpress /var/www/html/wordpress
|
||||
|
||||
echo "CREATE DATABASE wordpress;" | mysql -p"$MYSQL_ROOT_PASSWORD"
|
||||
echo "GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost' IDENTIFIED BY '$MYSQL_WORDPRESS_PASSWORD';" | mysql -p"$MYSQL_ROOT_PASSWORD"
|
||||
echo "FLUSH PRIVILEGES;" | mysql -p"$MYSQL_ROOT_PASSWORD"
|
||||
|
||||
CONFIG_FILE=/etc/wordpress/config-default.php
|
||||
cp /usr/share/wordpress/wp-config-sample.php "$CONFIG_FILE"
|
||||
sed -i "s/^define('DB_NAME',.*$/define('DB_NAME', 'wordpress');/" "$CONFIG_FILE"
|
||||
sed -i "s/^define('DB_USER',.*$/define('DB_USER', 'wordpress');/" "$CONFIG_FILE"
|
||||
sed -i "s/^define('DB_PASSWORD',.*$/define('DB_PASSWORD', '$MYSQL_WORDPRESS_PASSWORD');/" "$CONFIG_FILE"
|
||||
|
||||
systemctl restart apache2
|
||||
Reference in New Issue
Block a user