CESI: Sécurité des entreprises, infrastructure Vagrant avec supervision Prometheus

cesi/securite_entreprise/ressources/intranet-demo/provisioning/supervision/configure_fakesmtp.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+set -xe
+
+apt-get update
+apt-get install -y nodejs nodejs-legacy git npm
+
+mkdir -p /opt
+cd /opt
+git clone https://github.com/Bornholm/faketools.git faketools
+
+cd faketools
+npm install --production
+
+cat > /etc/systemd/system/fakesmtp.service <<EOF
+[Unit]
+Description=FakeSMTP Server
+After=network-online.target
+
+[Service]
+Type=simple
+ExecStart=/opt/faketools/bin/fake-smtp
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl enable fakesmtp
+systemctl start fakesmtp

cesi/securite_entreprise/ressources/intranet-demo/provisioning/supervision/configure_supervision.sh

@@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+
+set -x
+
+PROMETHEUS_URL=https://github.com/prometheus/prometheus/releases/download/v2.1.0/prometheus-2.1.0.linux-amd64.tar.gz
+ALERTMANAGER_URL=https://github.com/prometheus/alertmanager/releases/download/v0.13.0/alertmanager-0.13.0.linux-amd64.tar.gz
+
+[ ! -f prometheus.tar.gz ] && wget -O- "$PROMETHEUS_URL" > prometheus.tar.gz
+[ ! -f alertmanager.tar.gz ] && wget -O- "$ALERTMANAGER_URL" > alertmanager.tar.gz
+
+tar -xzf prometheus.tar.gz
+tar -xzf alertmanager.tar.gz
+
+mv prometheus-* /opt/prometheus
+mv alertmanager-* /opt/alertmanager
+
+cat > /etc/systemd/system/prometheus.service <<EOF
+[Unit]
+Description=Prometheus Server
+After=network-online.target
+
+[Service]
+Type=simple
+ExecStart=/opt/prometheus/prometheus --config.file="/etc/prometheus/config.yml"
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+mkdir -p /etc/prometheus/rules.d
+
+cat > /etc/prometheus/config.yml <<EOF
+  # Configuration de l'application sur laquelle
+  # Prometheus doit récolter des informations
+
+  scrape_configs:
+    - job_name: extranet-wordpress
+      scrape_interval: 10s
+      metrics_path: /metrics
+      static_configs:
+        - targets: [ "192.168.202.10:9117" ]
+
+  # Configuration de l'alertmanager
+
+  alerting:
+    alertmanagers:
+      - static_configs:
+        - targets: [ "localhost:9093" ]
+
+  # Définition des règles d'alertes
+  rule_files:
+    - "/etc/prometheus/rules.d/*.yml"
+
+EOF
+
+systemctl enable prometheus
+systemctl start prometheus
+
+cat > /etc/systemd/system/alertmanager.service <<EOF
+[Unit]
+Description=Alertmanager Server
+After=network-online.target
+
+[Service]
+Type=simple
+ExecStart=/opt/alertmanager/alertmanager --config.file="/etc/alertmanager/config.yml"
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat > /etc/prometheus/rules.d/wordpress-uptime.yml <<EOF
+groups:
+  - name: wordpress_up
+    interval: 5s
+    rules:
+    - alert: job:extranet_wordpress:up
+      expr: apache_up{job="extranet-wordpress"} == 0 OR up{job="extranet-wordpress"} == 0
+      for: 5s
+EOF
+
+mkdir -p /etc/alertmanager
+
+cat > /etc/alertmanager/config.yml <<EOF
+global:
+  smtp_smarthost: 'localhost:2525'
+  smtp_from: 'alertmanager@my.org'
+  smtp_auth_username: 'alertmanager'
+  smtp_auth_password: 'password'
+  smtp_require_tls: false
+
+route:
+  receiver: dev-team
+
+receivers:
+  - name: 'dev-team'
+    email_configs:
+    - to: 'dev-team@my.org'
+EOF
+
+systemctl enable alertmanager
+systemctl start alertmanager