Ajout documentation projets OpenClassrooms (P02-P13) avec support bilingue

- Add all project documentation pages in French and English - Include PDF viewers for presentations and documents (P10, P12) - Add collapsible sections for scripts and logs (P10) - Add static assets for all projects - Update sidebars with new projets-openclassrooms category - Add npm start:en script for testing English locale
2025-11-22 16:18:20 +01:00 · 2025-11-22 16:18:20 +01:00 · ed989ff004
commit ed989ff004
parent 40a8985942
86 changed files with 24243 additions and 1 deletions
--- a/i18n/en/docusaurus-plugin-content-docs/current/projets-openclassrooms/p05-securisation-web.md
+++ b/i18n/en/docusaurus-plugin-content-docs/current/projets-openclassrooms/p05-securisation-web.md
@ -0,0 +1,193 @@
+---
+sidebar_position: 5
+---
+
+# P5 - Web Services Security
+
+## Context
+
+Securing Rainbow Bank's web infrastructure: HTTPS implementation, attack protection, and encrypted FTP server configuration.
+
+## Objectives
+
+- Configure Apache with SSL/TLS (HTTPS)
+- Implement attack protection (Fail2ban, mod_evasive)
+- Deploy a secure FTP server (vsftpd)
+- Document security configurations
+
+## Technologies Used
+
+- **Apache**: web server with mod_ssl, mod_evasive
+- **Let's Encrypt / SSL Certificates**: HTTPS encryption
+- **Fail2ban**: brute-force protection
+- **vsftpd**: secure FTP server (FTPS)
+- **Netplan**: multi-NIC network configuration
+
+## Key Configurations
+
+### HTTPS VirtualHost with HSTS
+```apache
+<VirtualHost *:443>
+    ServerName extranet.rainbowbank.com
+    SSLEngine on
+    SSLCertificateFile /etc/ssl/certs/extranet.crt
+    SSLCertificateKeyFile /etc/ssl/private/extranet.key
+    Header always set Strict-Transport-Security "max-age=31536000"
+</VirtualHost>
+```
+
+### Fail2ban Protection
+```ini
+[apache-auth]
+enabled = true
+port = http,https
+filter = apache-auth
+maxretry = 3
+bantime = 3600
+```
+
+## Deliverables
+
+<details>
+<summary>Web Services Configuration (ZIP)</summary>
+
+Archive containing all web configuration files.
+
+[Download configuration archive](/assets/projets-oc/p05/bene_mael_1_config_service_web_022025.zip)
+
+</details>
+
+<details>
+<summary>vsftpd Configuration</summary>
+
+```ini
+listen=YES
+listen_ipv6=NO
+
+
+anonymous_enable=NO
+local_enable=YES
+write_enable=YES
+
+
+chroot_local_user=YES
+
+
+ssl_enable=YES
+allow_anon_ssl=NO
+force_local_data_ssl=YES
+force_local_logins_ssl=YES
+ssl_tlsv1=YES
+ssl_sslv2=NO
+ssl_sslv3=NO
+rsa_cert_file=/etc/ssl/certs/rainbowbank.com.crt
+rsa_private_key_file=/etc/ssl/private/rainbowbank.com.key
+
+
+pasv_enable=YES
+pasv_min_port=10000
+pasv_max_port=10100
+
+log_ftp_protocol=YES
+xferlog_enable=YES
+xferlog_std_format=NO
+xferlog_file=/var/log/vsftpd.log
+dual_log_enable=YES
+```
+
+</details>
+
+<details>
+<summary>Fail2ban Configuration (jail.local)</summary>
+
+```ini
+[DEFAULT]
+backend = auto
+banaction = iptables-multiport
+protocol = tcp
+chain = INPUT
+action = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
+
+[apache-custom]
+enabled  = true
+port     = http,https,5501,5502
+filter   = apache-custom
+logpath  = /var/log/apache2/*_access.log
+maxretry = 3
+findtime = 300
+bantime  = 300
+
+[nginx-custom]
+enabled  = true
+port     = http,https,5501,5502
+filter   = nginx-custom
+logpath  = /var/log/nginx/access.log
+maxretry = 3
+findtime = 300
+bantime  = 300
+
+[vsftpd-custom]
+enabled  = true
+port     = ftp,ftp-data,ftps,ftps-data
+filter   = vsftpd-custom
+logpath  = /var/log/vsftpd.log
+maxretry = 3
+findtime = 300
+bantime  = 300
+```
+
+</details>
+
+<details>
+<summary>iptables Rules</summary>
+
+```bash
+# Generated by iptables-save v1.8.10 (nf_tables) on Tue Feb 18 18:27:58 2025
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [2:240]
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i ens33 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i ens34 -p tcp -m tcp --dport 80 -j ACCEPT
+-A INPUT -i ens34 -p tcp -m tcp --dport 443 -j ACCEPT
+-A INPUT -i ens35 -p tcp -m tcp --dport 5501 -j ACCEPT
+-A INPUT -i ens35 -p tcp -m tcp --dport 5502 -j ACCEPT
+-A INPUT -i ens35 -p tcp -m tcp --dport 22 -j ACCEPT
+-A INPUT -i ens35 -p tcp -m tcp --dport 21 -j ACCEPT
+-A INPUT -i ens35 -p tcp -m tcp --dport 10000:10100 -j ACCEPT
+-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
+-A INPUT -j LOG --log-prefix "IPTables-Dropped: "
+-A FORWARD -i ens34 -o ens33 -j ACCEPT
+-A FORWARD -i ens35 -o ens33 -j ACCEPT
+-A FORWARD -i ens33 -o ens34 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i ens33 -o ens35 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A OUTPUT -o lo -j ACCEPT
+-A OUTPUT -o ens33 -j ACCEPT
+-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
+-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
+-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
+-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
+COMMIT
+# Completed on Tue Feb 18 18:27:58 2025
+# Generated by iptables-save v1.8.10 (nf_tables) on Tue Feb 18 18:27:58 2025
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+-A POSTROUTING -o ens33 -j MASQUERADE
+COMMIT
+# Completed on Tue Feb 18 18:27:58 2025
+```
+
+</details>
+
+## Skills Acquired
+
+- SSL/TLS certificate deployment
+- Apache web server hardening
+- Protection system configuration (IPS)
+- Secure FTP service implementation
+- Multi-interface network management