Ajout documentation projets OpenClassrooms (P02-P13) avec support bilingue

- Add all project documentation pages in French and English - Include PDF viewers for presentations and documents (P10, P12) - Add collapsible sections for scripts and logs (P10) - Add static assets for all projects - Update sidebars with new projets-openclassrooms category - Add npm start:en script for testing English locale
2025-11-22 16:18:20 +01:00 · 2025-11-22 16:18:20 +01:00 · ed989ff004
commit ed989ff004
parent 40a8985942
86 changed files with 24243 additions and 1 deletions
--- a/docs/projets-openclassrooms/p05-securisation-web.md
+++ b/docs/projets-openclassrooms/p05-securisation-web.md
@ -0,0 +1,193 @@
+---
+sidebar_position: 5
+---
+
+# Sécurisation de services web
+
+## Contexte
+
+Sécurisation de l'infrastructure web de Rainbow Bank : mise en place de HTTPS, protection contre les attaques, et configuration d'un serveur FTP chiffré.
+
+## Objectifs
+
+- Configurer Apache avec SSL/TLS (HTTPS)
+- Mettre en place des protections contre les attaques (Fail2ban, mod_evasive)
+- Déployer un serveur FTP sécurisé (vsftpd)
+- Documenter les configurations de sécurité
+
+## Technologies utilisées
+
+- **Apache** : serveur web avec mod_ssl, mod_evasive
+- **Let's Encrypt / Certificats SSL** : chiffrement HTTPS
+- **Fail2ban** : protection contre le brute-force
+- **vsftpd** : serveur FTP sécurisé (FTPS)
+- **Netplan** : configuration réseau multi-NIC
+
+## Configurations clés
+
+### VirtualHost HTTPS avec HSTS
+```apache
+<VirtualHost *:443>
+    ServerName extranet.rainbowbank.com
+    SSLEngine on
+    SSLCertificateFile /etc/ssl/certs/extranet.crt
+    SSLCertificateKeyFile /etc/ssl/private/extranet.key
+    Header always set Strict-Transport-Security "max-age=31536000"
+</VirtualHost>
+```
+
+### Protection Fail2ban
+```ini
+[apache-auth]
+enabled = true
+port = http,https
+filter = apache-auth
+maxretry = 3
+bantime = 3600
+```
+
+## Livrables
+
+<details>
+<summary>Configuration services web (ZIP)</summary>
+
+Archive contenant l'ensemble des fichiers de configuration web.
+
+[Télécharger l'archive de configuration](/assets/projets-oc/p05/bene_mael_1_config_service_web_022025.zip)
+
+</details>
+
+<details>
+<summary>Configuration vsftpd</summary>
+
+```ini
+listen=YES
+listen_ipv6=NO
+
+
+anonymous_enable=NO
+local_enable=YES
+write_enable=YES
+
+
+chroot_local_user=YES
+
+
+ssl_enable=YES
+allow_anon_ssl=NO
+force_local_data_ssl=YES
+force_local_logins_ssl=YES
+ssl_tlsv1=YES
+ssl_sslv2=NO
+ssl_sslv3=NO
+rsa_cert_file=/etc/ssl/certs/rainbowbank.com.crt
+rsa_private_key_file=/etc/ssl/private/rainbowbank.com.key
+
+
+pasv_enable=YES
+pasv_min_port=10000
+pasv_max_port=10100
+
+log_ftp_protocol=YES
+xferlog_enable=YES
+xferlog_std_format=NO
+xferlog_file=/var/log/vsftpd.log
+dual_log_enable=YES
+```
+
+</details>
+
+<details>
+<summary>Configuration Fail2ban (jail.local)</summary>
+
+```ini
+[DEFAULT]
+backend = auto
+banaction = iptables-multiport
+protocol = tcp
+chain = INPUT
+action = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
+
+[apache-custom]
+enabled  = true
+port     = http,https,5501,5502
+filter   = apache-custom
+logpath  = /var/log/apache2/*_access.log
+maxretry = 3
+findtime = 300
+bantime  = 300
+
+[nginx-custom]
+enabled  = true
+port     = http,https,5501,5502
+filter   = nginx-custom
+logpath  = /var/log/nginx/access.log
+maxretry = 3
+findtime = 300
+bantime  = 300
+
+[vsftpd-custom]
+enabled  = true
+port     = ftp,ftp-data,ftps,ftps-data
+filter   = vsftpd-custom
+logpath  = /var/log/vsftpd.log
+maxretry = 3
+findtime = 300
+bantime  = 300
+```
+
+</details>
+
+<details>
+<summary>Règles iptables</summary>
+
+```bash
+# Generated by iptables-save v1.8.10 (nf_tables) on Tue Feb 18 18:27:58 2025
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [2:240]
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i ens33 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i ens34 -p tcp -m tcp --dport 80 -j ACCEPT
+-A INPUT -i ens34 -p tcp -m tcp --dport 443 -j ACCEPT
+-A INPUT -i ens35 -p tcp -m tcp --dport 5501 -j ACCEPT
+-A INPUT -i ens35 -p tcp -m tcp --dport 5502 -j ACCEPT
+-A INPUT -i ens35 -p tcp -m tcp --dport 22 -j ACCEPT
+-A INPUT -i ens35 -p tcp -m tcp --dport 21 -j ACCEPT
+-A INPUT -i ens35 -p tcp -m tcp --dport 10000:10100 -j ACCEPT
+-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
+-A INPUT -j LOG --log-prefix "IPTables-Dropped: "
+-A FORWARD -i ens34 -o ens33 -j ACCEPT
+-A FORWARD -i ens35 -o ens33 -j ACCEPT
+-A FORWARD -i ens33 -o ens34 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i ens33 -o ens35 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A OUTPUT -o lo -j ACCEPT
+-A OUTPUT -o ens33 -j ACCEPT
+-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
+-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
+-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
+-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
+COMMIT
+# Completed on Tue Feb 18 18:27:58 2025
+# Generated by iptables-save v1.8.10 (nf_tables) on Tue Feb 18 18:27:58 2025
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+-A POSTROUTING -o ens33 -j MASQUERADE
+COMMIT
+# Completed on Tue Feb 18 18:27:58 2025
+```
+
+</details>
+
+## Compétences acquises
+
+- Déploiement de certificats SSL/TLS
+- Durcissement de serveurs web Apache
+- Configuration de systèmes de protection (IPS)
+- Mise en place de services FTP sécurisés
+- Gestion réseau multi-interfaces