commit 62f9f7d1cfc494b0baa0eb9c88f4e3787a4e5c7f Author: Alexandre LE GALL Date: Wed May 13 12:47:32 2020 +0200 first commit diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..b09ed40 --- /dev/null +++ b/LICENSE @@ -0,0 +1,351 @@ +Creative Commons Attribution-ShareAlike 4.0 International Creative Commons +Corporation ("Creative Commons") is not a law firm and does not provide legal +services or legal advice. Distribution of Creative Commons public licenses +does not create a lawyer-client or other relationship. Creative Commons makes +its licenses and related information available on an "as-is" basis. Creative +Commons gives no warranties regarding its licenses, any material licensed +under their terms and conditions, or any related information. Creative Commons +disclaims all liability for damages resulting from their use to the fullest +extent possible. + +Using Creative Commons Public Licenses + +Creative Commons public licenses provide a standard set of terms and conditions +that creators and other rights holders may use to share original works of +authorship and other material subject to copyright and certain other rights +specified in the public license below. The following considerations are for +informational purposes only, are not exhaustive, and do not form part of our +licenses. + +Considerations for licensors: Our public licenses are intended for use by +those authorized to give the public permission to use material in ways otherwise +restricted by copyright and certain other rights. Our licenses are irrevocable. +Licensors should read and understand the terms and conditions of the license +they choose before applying it. Licensors should also secure all rights necessary +before applying our licenses so that the public can reuse the material as +expected. Licensors should clearly mark any material not subject to the license. +This includes other CC-licensed material, or material used under an exception +or limitation to copyright. More considerations for licensors : wiki.creativecommons.org/Considerations_for_licensors + +Considerations for the public: By using one of our public licenses, a licensor +grants the public permission to use the licensed material under specified +terms and conditions. If the licensor's permission is not necessary for any +reason–for example, because of any applicable exception or limitation to copyright–then +that use is not regulated by the license. Our licenses grant only permissions +under copyright and certain other rights that a licensor has authority to +grant. Use of the licensed material may still be restricted for other reasons, +including because others have copyright or other rights in the material. A +licensor may make special requests, such as asking that all changes be marked +or described. + +Although not required by our licenses, you are encouraged to respect those +requests where reasonable. More considerations for the public : wiki.creativecommons.org/Considerations_for_licensees + +Creative Commons Attribution-ShareAlike 4.0 International Public License + +By exercising the Licensed Rights (defined below), You accept and agree to +be bound by the terms and conditions of this Creative Commons Attribution-ShareAlike +4.0 International Public License ("Public License"). To the extent this Public +License may be interpreted as a contract, You are granted the Licensed Rights +in consideration of Your acceptance of these terms and conditions, and the +Licensor grants You such rights in consideration of benefits the Licensor +receives from making the Licensed Material available under these terms and +conditions. + +Section 1 – Definitions. + +a. Adapted Material means material subject to Copyright and Similar Rights +that is derived from or based upon the Licensed Material and in which the +Licensed Material is translated, altered, arranged, transformed, or otherwise +modified in a manner requiring permission under the Copyright and Similar +Rights held by the Licensor. For purposes of this Public License, where the +Licensed Material is a musical work, performance, or sound recording, Adapted +Material is always produced where the Licensed Material is synched in timed +relation with a moving image. + +b. Adapter's License means the license You apply to Your Copyright and Similar +Rights in Your contributions to Adapted Material in accordance with the terms +and conditions of this Public License. + +c. BY-SA Compatible License means a license listed at creativecommons.org/compatiblelicenses, +approved by Creative Commons as essentially the equivalent of this Public +License. + +d. Copyright and Similar Rights means copyright and/or similar rights closely +related to copyright including, without limitation, performance, broadcast, +sound recording, and Sui Generis Database Rights, without regard to how the +rights are labeled or categorized. For purposes of this Public License, the +rights specified in Section 2(b)(1)-(2) are not Copyright and Similar Rights. + +e. Effective Technological Measures means those measures that, in the absence +of proper authority, may not be circumvented under laws fulfilling obligations +under Article 11 of the WIPO Copyright Treaty adopted on December 20, 1996, +and/or similar international agreements. + +f. Exceptions and Limitations means fair use, fair dealing, and/or any other +exception or limitation to Copyright and Similar Rights that applies to Your +use of the Licensed Material. + +g. License Elements means the license attributes listed in the name of a Creative +Commons Public License. The License Elements of this Public License are Attribution +and ShareAlike. + +h. Licensed Material means the artistic or literary work, database, or other +material to which the Licensor applied this Public License. + +i. Licensed Rights means the rights granted to You subject to the terms and +conditions of this Public License, which are limited to all Copyright and +Similar Rights that apply to Your use of the Licensed Material and that the +Licensor has authority to license. + +j. Licensor means the individual(s) or entity(ies) granting rights under this +Public License. + +k. Share means to provide material to the public by any means or process that +requires permission under the Licensed Rights, such as reproduction, public +display, public performance, distribution, dissemination, communication, or +importation, and to make material available to the public including in ways +that members of the public may access the material from a place and at a time +individually chosen by them. + +l. Sui Generis Database Rights means rights other than copyright resulting +from Directive 96/9/EC of the European Parliament and of the Council of 11 +March 1996 on the legal protection of databases, as amended and/or succeeded, +as well as other essentially equivalent rights anywhere in the world. + +m. You means the individual or entity exercising the Licensed Rights under +this Public License. Your has a corresponding meaning. + +Section 2 – Scope. + + a. License grant. + +1. Subject to the terms and conditions of this Public License, the Licensor +hereby grants You a worldwide, royalty-free, non-sublicensable, non-exclusive, +irrevocable license to exercise the Licensed Rights in the Licensed Material +to: + + A. reproduce and Share the Licensed Material, in whole or in part; and + + B. produce, reproduce, and Share Adapted Material. + +2. Exceptions and Limitations. For the avoidance of doubt, where Exceptions +and Limitations apply to Your use, this Public License does not apply, and +You do not need to comply with its terms and conditions. + + 3. Term. The term of this Public License is specified in Section 6(a). + +4. Media and formats; technical modifications allowed. The Licensor authorizes +You to exercise the Licensed Rights in all media and formats whether now known +or hereafter created, and to make technical modifications necessary to do +so. The Licensor waives and/or agrees not to assert any right or authority +to forbid You from making technical modifications necessary to exercise the +Licensed Rights, including technical modifications necessary to circumvent +Effective Technological Measures. For purposes of this Public License, simply +making modifications authorized by this Section 2(a)(4) never produces Adapted +Material. + + 5. Downstream recipients. + +A. Offer from the Licensor – Licensed Material. Every recipient of the Licensed +Material automatically receives an offer from the Licensor to exercise the +Licensed Rights under the terms and conditions of this Public License. + +B. Additional offer from the Licensor – Adapted Material. Every recipient +of Adapted Material from You automatically receives an offer from the Licensor +to exercise the Licensed Rights in the Adapted Material under the conditions +of the Adapter's License You apply. + +C. No downstream restrictions. You may not offer or impose any additional +or different terms or conditions on, or apply any Effective Technological +Measures to, the Licensed Material if doing so restricts exercise of the Licensed +Rights by any recipient of the Licensed Material. + +6. No endorsement. Nothing in this Public License constitutes or may be construed +as permission to assert or imply that You are, or that Your use of the Licensed +Material is, connected with, or sponsored, endorsed, or granted official status +by, the Licensor or others designated to receive attribution as provided in +Section 3(a)(1)(A)(i). + + b. Other rights. + +1. Moral rights, such as the right of integrity, are not licensed under this +Public License, nor are publicity, privacy, and/or other similar personality +rights; however, to the extent possible, the Licensor waives and/or agrees +not to assert any such rights held by the Licensor to the limited extent necessary +to allow You to exercise the Licensed Rights, but not otherwise. + +2. Patent and trademark rights are not licensed under this Public License. + +3. To the extent possible, the Licensor waives any right to collect royalties +from You for the exercise of the Licensed Rights, whether directly or through +a collecting society under any voluntary or waivable statutory or compulsory +licensing scheme. In all other cases the Licensor expressly reserves any right +to collect such royalties. + +Section 3 – License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the following +conditions. + + a. Attribution. + +1. If You Share the Licensed Material (including in modified form), You must: + +A. retain the following if it is supplied by the Licensor with the Licensed +Material: + +i. identification of the creator(s) of the Licensed Material and any others +designated to receive attribution, in any reasonable manner requested by the +Licensor (including by pseudonym if designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of warranties; + +v. a URI or hyperlink to the Licensed Material to the extent reasonably practicable; + +B. indicate if You modified the Licensed Material and retain an indication +of any previous modifications; and + +C. indicate the Licensed Material is licensed under this Public License, and +include the text of, or the URI or hyperlink to, this Public License. + +2. You may satisfy the conditions in Section 3(a)(1) in any reasonable manner +based on the medium, means, and context in which You Share the Licensed Material. +For example, it may be reasonable to satisfy the conditions by providing a +URI or hyperlink to a resource that includes the required information. + +3. If requested by the Licensor, You must remove any of the information required +by Section 3(a)(1)(A) to the extent reasonably practicable. + +b. ShareAlike.In addition to the conditions in Section 3(a), if You Share +Adapted Material You produce, the following conditions also apply. + +1. The Adapter's License You apply must be a Creative Commons license with +the same License Elements, this version or later, or a BY-SA Compatible License. + +2. You must include the text of, or the URI or hyperlink to, the Adapter's +License You apply. You may satisfy this condition in any reasonable manner +based on the medium, means, and context in which You Share Adapted Material. + +3. You may not offer or impose any additional or different terms or conditions +on, or apply any Effective Technological Measures to, Adapted Material that +restrict exercise of the rights granted under the Adapter's License You apply. + +Section 4 – Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that apply to +Your use of the Licensed Material: + +a. for the avoidance of doubt, Section 2(a)(1) grants You the right to extract, +reuse, reproduce, and Share all or a substantial portion of the contents of +the database; + +b. if You include all or a substantial portion of the database contents in +a database in which You have Sui Generis Database Rights, then the database +in which You have Sui Generis Database Rights (but not its individual contents) +is Adapted Material, including for purposes of Section 3(b); and + +c. You must comply with the conditions in Section 3(a) if You Share all or +a substantial portion of the contents of the database. + +For the avoidance of doubt, this Section 4 supplements and does not replace +Your obligations under this Public License where the Licensed Rights include +other Copyright and Similar Rights. + +Section 5 – Disclaimer of Warranties and Limitation of Liability. + +a. Unless otherwise separately undertaken by the Licensor, to the extent possible, +the Licensor offers the Licensed Material as-is and as-available, and makes +no representations or warranties of any kind concerning the Licensed Material, +whether express, implied, statutory, or other. This includes, without limitation, +warranties of title, merchantability, fitness for a particular purpose, non-infringement, +absence of latent or other defects, accuracy, or the presence or absence of +errors, whether or not known or discoverable. Where disclaimers of warranties +are not allowed in full or in part, this disclaimer may not apply to You. + +b. To the extent possible, in no event will the Licensor be liable to You +on any legal theory (including, without limitation, negligence) or otherwise +for any direct, special, indirect, incidental, consequential, punitive, exemplary, +or other losses, costs, expenses, or damages arising out of this Public License +or use of the Licensed Material, even if the Licensor has been advised of +the possibility of such losses, costs, expenses, or damages. Where a limitation +of liability is not allowed in full or in part, this limitation may not apply +to You. + +c. The disclaimer of warranties and limitation of liability provided above +shall be interpreted in a manner that, to the extent possible, most closely +approximates an absolute disclaimer and waiver of all liability. + +Section 6 – Term and Termination. + +a. This Public License applies for the term of the Copyright and Similar Rights +licensed here. However, if You fail to comply with this Public License, then +Your rights under this Public License terminate automatically. + +b. Where Your right to use the Licensed Material has terminated under Section +6(a), it reinstates: + +1. automatically as of the date the violation is cured, provided it is cured +within 30 days of Your discovery of the violation; or + + 2. upon express reinstatement by the Licensor. + +c. For the avoidance of doubt, this Section 6(b) does not affect any right +the Licensor may have to seek remedies for Your violations of this Public +License. + +d. For the avoidance of doubt, the Licensor may also offer the Licensed Material +under separate terms or conditions or stop distributing the Licensed Material +at any time; however, doing so will not terminate this Public License. + + e. Sections 1, 5, 6, 7, and 8 survive termination of this Public License. + +Section 7 – Other Terms and Conditions. + +a. The Licensor shall not be bound by any additional or different terms or +conditions communicated by You unless expressly agreed. + +b. Any arrangements, understandings, or agreements regarding the Licensed +Material not stated herein are separate from and independent of the terms +and conditions of this Public License. + +Section 8 – Interpretation. + +a. For the avoidance of doubt, this Public License does not, and shall not +be interpreted to, reduce, limit, restrict, or impose conditions on any use +of the Licensed Material that could lawfully be made without permission under +this Public License. + +b. To the extent possible, if any provision of this Public License is deemed +unenforceable, it shall be automatically reformed to the minimum extent necessary +to make it enforceable. If the provision cannot be reformed, it shall be severed +from this Public License without affecting the enforceability of the remaining +terms and conditions. + +c. No term or condition of this Public License will be waived and no failure +to comply consented to unless expressly agreed to by the Licensor. + +d. Nothing in this Public License constitutes or may be interpreted as a limitation +upon, or waiver of, any privileges and immunities that apply to the Licensor +or You, including from the legal processes of any jurisdiction or authority. + +Creative Commons is not a party to its public licenses. Notwithstanding, Creative +Commons may elect to apply one of its public licenses to material it publishes +and in those instances will be considered the "Licensor." The text of the +Creative Commons public licenses is dedicated to the public domain under the +CC0 Public Domain Dedication. Except for the limited purpose of indicating +that material is shared under a Creative Commons public license or as otherwise +permitted by the Creative Commons policies published at creativecommons.org/policies, +Creative Commons does not authorize the use of the trademark "Creative Commons" +or any other trademark or logo of Creative Commons without its prior written +consent including, without limitation, in connection with any unauthorized +modifications to any of its public licenses or any other arrangements, understandings, +or agreements concerning use of licensed material. For the avoidance of doubt, +this paragraph does not form part of the public licenses. + +Creative Commons may be contacted at creativecommons.org. + diff --git a/clean_roaming_profiles.ps1 b/clean_roaming_profiles.ps1 new file mode 100644 index 0000000..6dc2a71 --- /dev/null +++ b/clean_roaming_profiles.ps1 @@ -0,0 +1,60 @@ +#################################################################################################################################### +#### Script : clean_roaming_profiles.ps1 +#### Description : Script de suppression des dossiers de profils itinérants +#### Exécution : Doit être lancé en administrateur du domaine +#### Source : - +#### Auteur : alexandre@inios.fr +#################################################################################################################################### +## Définir l'emplacement des dossiers de profils +$profiles_path = "\\nas.inios.local\profils$"; + +## Définir le temps de rétention (en jours) +$rentention = 30; + +#################################################################################################################################### +## Parcourir les dossiers en supprimant ceux dont l'utilisateur n'existe plus après la période de rétention +#################################################################################################################################### +Get-ChildItem -Path $profiles_path | Foreach-Object { + ## Stocker le chemin complet du répertoire enfant + $profile_path = $_.FullName; + + ## Stocker du nom de l'utilsateur (basé sur le nom du dossier) + $user = $_.Name.Split(".")[0]; + + ## Déduire la période d'attente à partir de la date de dernier accès + $last_access = $_.LastAccessTime; + + ## Vérifier si l'utilisateur existe toujours + $deleted_user = !(Get-ADUser -Filter {SamAccountName -eq $user}); + + ## Vérifier que le dossier à dépasser la période de rétention + $expiry = ($last_access.AddDays($rentention) -lt $(Get-Date)); + + ## Vérification que la période d'attente est dépassée + if ($deleted_user -AND $expiry) { + ## Stocker l'administrateur (basé sur l'utilisateur lançant le script) + $admin = [System.Security.Principal.NTAccount](whoami); + + ## Changer le propriétaire du dossier + $acl = Get-Acl $profile_path; + $acl.SetOwner($admin) + Set-Acl $profile_path $acl; + + ## Ajouter tous les droits au groupe Admin du domaine + $acl = Get-Acl $profile_path; + $acl.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($admin, "FullControl", "ContainerInherit, ObjectInherit", "None", "Allow"))); + Set-Acl $profile_path $acl; + + ## Suppression du dossier + Remove-Item -Path $profile_path -Force -Recurse; + + ## INFO + Write-Host "$user : profile deleted" + } + elseif ($deleted_user) { + Write-Host "$user : not found in AD" + } + elseif ($expiry) { + Write-Host "$user : profile expired since $last_access"; + } +} diff --git a/deployTrendSecurityAgent.ps1 b/deployTrendSecurityAgent.ps1 new file mode 100644 index 0000000..9f70245 --- /dev/null +++ b/deployTrendSecurityAgent.ps1 @@ -0,0 +1,29 @@ +# SI l'exécutable d'AVG est toujours présent, alors le désinstaller et redémarrer +if (Test-Path -Path "C:\Program Files (x86)\AVG\Setup\avgsetupx.exe") { + # Désinstaller AVG + Start-Process -Wait -PassThru -NoNewWindow -FilePath "C:\Program Files (x86)\AVG\Setup\avgsetupx.exe" -ArgumentList "/mode=offline","/uninstall=av","/AV.DontRestart=1","/silent=true" + + # Attendre que les processus msiexec s'achèvent + Wait-Process -ErrorAction "SilentlyContinue" -Name "msiexec" + + # Nettoyer AVG + Remove-Item -Force -Recurse -ErrorAction "SilentlyContinue" -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG" + Remove-Item -Force -Recurse -ErrorAction "SilentlyContinue" -Path "C:\Program Files (x86)\AVG" + Remove-Item -Force -Recurse -ErrorAction "SilentlyContinue" -Path "C:\Program Files\AVG" + Remove-Item -Force -Recurse -ErrorAction "SilentlyContinue" -Path "C:\ProgramData\Avg" + Remove-Item -Force -Recurse -ErrorAction "SilentlyContinue" -Path "C:\ProgramData\Avg2012" + Remove-Item -Force -Recurse -ErrorAction "SilentlyContinue" -Path "C:\`$AVG" + +} + +## SI l'exécutable de Trend est présent, alors sortir +if (Test-Path -Path "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe") { + Write-Host "Trend Security Agent est deja installé." +} +else { + # Installer Trend + Start-Process -Wait -PassThru -NoNewWindow -FilePath "C:\Windows\System32\msiexec.exe" -ArgumentList "/i","\\naswin\deploiement$\app\trendWF\WFBS-SVC_Agent_Installer.msi","/qn" + + # Attendre que les processus msiexec s'achèvent + Wait-Process -ErrorAction "SilentlyContinue" -Name "msiexec" +} diff --git a/deployer-firefox-en-entreprise/.gitkeep b/deployer-firefox-en-entreprise/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/deployer-firefox-en-entreprise/customFirefoxInstaller.ps1 b/deployer-firefox-en-entreprise/customFirefoxInstaller.ps1 new file mode 100644 index 0000000..cfb056c --- /dev/null +++ b/deployer-firefox-en-entreprise/customFirefoxInstaller.ps1 @@ -0,0 +1,163 @@ +#################################################################################################################################### +#### Script : customFirefoxInstaller.ps1 +#### Description : Script permettant d'automatiser la création d'un installeur personnalisé de Firefox (40 et +) +#### Source : https://inios.fr/deployer-firefox-en-entreprise +#### Auteur : alexandre@inios.fr +#################################################################################################################################### +## Dossier d'origine +$DIR_root = "C:\firefox_work"; +$DIR_installeur = "$DIR_root\installeur"; +$DIR_custom = "$DIR_root\custom" +$DIR_make = "$DIR_root\make"; + +$TOOL_7zip = "$DIR_root\7zip\App\7-Zip\7z.exe"; + +$FILE_7z = "$DIR_make\app.7z"; +$FILE_tag = "$DIR_make\app.tag"; + +$FILE_exe = "$DIR_make\firefox-custom.exe"; + +## Compteur +$iterator = 1; + +# Récupérer le répertoire de démarrage du script +$scriptPath = split-path -parent $MyInvocation.MyCommand.Definition +#################################################################################################################################### +## Vérification des pré-requis +#################################################################################################################################### +## Vérification de l'existance des répertoires + if (!(Test-Path $DIR_root)) { + Write-Host "Le répertoire $DIR_root n'existe pas !"; + $choice = Read-Host "Appuyer sur une touche pour sortir..."; + exit; + } + if (!(Test-Path $DIR_installeur)) { + Write-Host "Le répertoire $DIR_installeur n'existe pas !"; + $choice = Read-Host "Appuyer sur une touche pour sortir..."; + exit; + } + if (!(Test-Path $DIR_custom)) { + Write-Host "Le répertoire $DIR_custom n'existe pas !"; + $choice = Read-Host "Appuyer sur une touche pour sortir..."; + exit; + } + if (!(Test-Path $DIR_make)) { + Write-Host "Le répertoire $DIR_make n'existe pas !"; + $choice = Read-Host "Appuyer sur une touche pour sortir..."; + exit; + } + +## Vérification de la disponibilité de 7z.exe + if (!(Test-Path $TOOL_7zip)) { + Write-Host "L'utilitaire $TOOL_7zip n'est pas disponible !"; + $choice = Read-Host "Appuyer sur une touche pour sortir..."; + exit; + } + +#################################################################################################################################### +## Traitement +#################################################################################################################################### +## Afficher le contenu du répertoire stockant l'installeur + # Explication + Write-Host "Les dossiers suivant sont situés dans $DIR_installeur, veuillez choisir celui que vous souhaitez utiliser en indiquant le numéro entre crochet."; + + # Récupérer la liste des installeurs + [array] $items = Get-ChildItem "$DIR_installeur\" | Where-Object {$_.extension -eq ".exe"} | Sort-Object "LastWriteTime"; + + # Afficher la liste des dossiers avec le numéro + foreach ($item in $items) { + Write-Host "[$iterator] - $item"; + $iterator++; + } + # Choisir le dossier + $choice = Read-Host "Choisir le numéro du dossier à personnaliser"; + $choice = $items[$choice-1]; + $archive = "$DIR_installeur\$choice"; + $choice = $archive.replace('.exe',''); + +## Supprimer le répertoire si il existe déjà + if (Test-Path $choice) { + Remove-Item -Force -Recurse $choice; + } + +## Extraire l'installeur +Invoke-Expression "$TOOL_7zip x '$archive' -o'$choice'"; + +## Suppression de fonctionnalités embarquées + # Firefox Hello + $file_path = "$choice\core\browser\features\loop@mozilla.org.xpi"; + if (!(Test-Path $file_path)) { + Write-Host "Firefox Hello n'est pas embarqué dans cette version de Firefox"; + } + else { + Remove-Item -Force $file_path; + } + + # Pocket + $file_path = "$choice\core\browser\features\firefox@getpocket.com.xpi"; + if (!(Test-Path $file_path)) { + Write-Host "Firefox Pocket n'est pas embarqué dans cette version de Firefox"; + } + else { + Remove-Item -Force $file_path; + } + +## Copie des fichiers de personnalisation + # autoconfig.js + $file_path = "$DIR_custom\autoconfig.js"; + if (!(Test-Path $file_path)) {Write-Host "Le fichier autoconfig.js n'existe pas dans $DIR_custom"; $choice = Read-Host "Appuyer sur une touche pour sortir..."; exit;} + Copy-Item -Path $file_path -Destination "$choice\core\defaults\pref"; + + # custom.cfg + $file_path = "$DIR_custom\custom.cfg"; + if (!(Test-Path $file_path)) {Write-Host "Le fichier custom.cfg n'existe pas dans $DIR_custom"; $choice = Read-Host "Appuyer sur une touche pour sortir..."; exit;} + Copy-Item -Path $file_path -Destination "$choice\core"; + + # profile (si présent) + $file_path = "$DIR_custom\profile"; + if (Test-Path $file_path) {Copy-Item -Path $file_path -Destination "$choice\core\defaults" -Recurse;} + + # dictionnaires (si présent) + $file_path = "$DIR_custom\dictionaries\*"; + if (Test-Path $file_path) {Copy-Item -Path $file_path -Destination "$choice\core\dictionaries";} + + # extensions (si présent) + $file_path = "$DIR_custom\extensions"; + if (Test-Path $file_path) {Copy-Item -Path $file_path -Destination "$choice\core";} + +## Créer l'archive de base + # Entrer dans le dossier à personnaliser + Set-Location $choice; + + # SI le fichier personnalisé existe, ALORS le supprimer + if (Test-Path $FILE_7z) { + Remove-Item $FILE_7z; + } + + # Créer le fichier personnalisé + cmd /c "$TOOL_7zip a -r -t7z $FILE_7z -mx -m0=BCJ2 -m1=LZMA:d24 -m2=LZMA:d19 -m3=LZMA:d19 -mb0:1 -mb0s1:2 -mb0s2:3"; + +## Créer le fichier "app.tag" + # SI le fichier n'existe pas, ALORS le créer + if (!(Test-Path $FILE_tag)) { + Add-Content -Path $FILE_tag -Value ';!@Install@!UTF-8!'; + Add-Content -Path $FILE_tag -Value 'Title="Mozilla Firefox"'; + Add-Content -Path $FILE_tag -Value 'RunProgram="setup.exe"'; + Add-Content -Path $FILE_tag -Value ';!@InstallEnd@!'; + } + +## Créer l'installeur + # SI le fichier personnalisé existe, ALORS le supprimer + if (Test-Path $FILE_exe) { + Remove-Item $FILE_exe; + } + + # Créer le package d'installation + cmd /c "copy /B $DIR_make\7zSD.sfx+$DIR_make\app.tag+$DIR_make\app.7z $FILE_exe"; + +## Attendre pour sortir +Write-Host "L'installeur personnalisé est disponible dans $DIR_make sous le nom firefox-custom.exe"; +$choice = Read-Host "Appuyer pour terminer..."; + +## Retourner sur l'emplacement d'origine +Set-Location $scriptPath \ No newline at end of file diff --git a/exchange-via-powershell-en-session-distante.ps1 b/exchange-via-powershell-en-session-distante.ps1 new file mode 100644 index 0000000..e58aa7b --- /dev/null +++ b/exchange-via-powershell-en-session-distante.ps1 @@ -0,0 +1,76 @@ +############################################################################################################## +### Initialisation du script +############################################################################################################## +$domain = "@inios.local"; +$exchange_server = "http://exchange2010.inios.local/PowerShell/"; + +############################################################################################################## +### Pré-chauffage +############################################################################################################## +### Changer la couleur de la console +$host.UI.RawUI.BackgroundColor = "Black"; + +### Vérifier que la session n'est pas déjà ouverte +if (Get-Command "Get-Mailbox" -ErrorAction SilentlyContinue) { + Write-Host "[" -NoNewline; Write-Host "OK" -NoNewline -foregroundcolor "DarkGreen"; Write-Host "] " -NoNewline; + Write-Host "Exchange session are already launched."; + exit; +} + +### Se positionner +Set-Location "c:\"; + +############################################################################################################## +### Traiement +############################################################################################################## +### Boucler tant que la connexion echoue +do { + ## Afficher un message + Write-Host "[" -NoNewline; Write-Host "LOADING" -NoNewline -foregroundcolor "DarkGreen"; Write-Host "] " -NoNewline; + Write-Host "Exchange administrator credentials needed."; + + ## Récupérer les identifiant d'administration Exchange + Write-Host "[" -NoNewline; Write-Host "ANSWER" -NoNewline -foregroundcolor "Yellow"; Write-Host "] " -NoNewline; + $exchange_login = Read-Host "Login (without domain)"; + Write-Host "[" -NoNewline; Write-Host "ANSWER" -NoNewline -foregroundcolor "Yellow"; Write-Host "] " -NoNewline; + $exchange_password = Read-Host "Password" -AsSecureString; + + ## Ajouter le domaine au login de l'administrateur + $exchange_login += $domain; + + ## Créer les droits pour lancer la session + $exchange_auth = New-Object -typename System.Management.Automation.PSCredential -ArgumentList $exchange_login, $exchange_password; + + ### Créer la session vers le serveur Exchange + $exchange_session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $exchange_server -Authentication Kerberos -Credential $exchange_auth -Name "Exchange" -ErrorAction SilentlyContinue; + + ## Si la session n'est pas ouverte + if (!$exchange_session) { + # Afficher un message + Write-Host "[" -NoNewline; Write-Host "ERROR" -NoNewline -foregroundcolor "Red"; Write-Host "] " -NoNewline; + Write-Host "Impossible to open a session : check parameters or credentials!"; + + Write-Host "[" -NoNewline; Write-Host "ANSWER" -NoNewline -foregroundcolor "Yellow"; Write-Host "] " -NoNewline; + $retry = Read-Host "Retry ? [Y]es [N]o"; + + # SI la réponse est oui + if ($retry.ToLower() -eq "y") {$loop = $true;} else {$loop = $false;} + } + else {$loop = $false;} +} +while ($loop); + +### Si la session n'est pas ouverte +if (!$exchange_session) { + Write-Host "[" -NoNewline; Write-Host "ERROR" -NoNewline -foregroundcolor "Red"; Write-Host "] " -NoNewline; + Write-Host "Exchange session is not open, if you are a parent, quit!"; + exit 1; +} +else { + ## Ouvrir la session + $null = Import-PSSession $exchange_session -DisableNameChecking; + + ## Afficher un message + Write-Host "[" -NoNewline; Write-Host "OK" -NoNewline -foregroundcolor "DarkGreen"; Write-Host "] " -NoNewline; + Write-Host "Exchange session is ready to get command."; +} diff --git a/hubic-sur-debian/.gitkeep b/hubic-sur-debian/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/hubic-sur-debian/hubic_conf.bash b/hubic-sur-debian/hubic_conf.bash new file mode 100644 index 0000000..6070755 --- /dev/null +++ b/hubic-sur-debian/hubic_conf.bash @@ -0,0 +1,17 @@ +#!/bin/bash + +# Fichier temporaire contenant le mot de passe +echo $2 > /tmp/hubic_passwd + +# Export DBUS +dbus-daemon --session --fork --print-address > /tmp/hubic.dbus +export DBUS_SESSION_BUS_ADDRESS=`cat /tmp/hubic.dbus` + +# Connexion +hubic login --password_path=/tmp/hubic_passwd $1 + +# Suivi de l'activité d'hubic +watch -n1 hubic status + +# Supprimer le mot de passe en sortant +rm /tmp/hubic_passwd diff --git a/hubic-sur-debian/hubic_start.bash b/hubic-sur-debian/hubic_start.bash new file mode 100644 index 0000000..c5306dd --- /dev/null +++ b/hubic-sur-debian/hubic_start.bash @@ -0,0 +1,11 @@ +#!/bin/bash + +# Export DBUS +dbus-daemon --session --fork --print-address > /tmp/hubic.dbus +export DBUS_SESSION_BUS_ADDRESS=`cat /tmp/hubic.dbus` + +# Démarrage de HubiC +hubic start + +# Monitoring continu +watch -n1 hubic status \ No newline at end of file diff --git a/hubicSytemd b/hubicSytemd new file mode 100644 index 0000000..3b93acb --- /dev/null +++ b/hubicSytemd @@ -0,0 +1,47 @@ +#!/bin/bash + +if [[ ! -d ~/.config/hubiC/ ]]; then + echo "~/.config/hubiC/ does not exist, hubic is not configured?" +elif [[ $1 == "start" ]]; then + if [[ ! -e /tmp/hubic.dbus ]]; then + # Stocker une nouvelle session DBUS dans un fichier + dbus-daemon --session --fork --print-address > /tmp/hubic.dbus + + # Charger la session DBUS + export DBUS_SESSION_BUS_ADDRESS=`cat /tmp/hubic.dbus` + + # Démarrer de HubiC + hubic start + else + echo "/tmp/hubic.dbus already exist" + fi +elif [[ $1 == "stop" ]]; then + if [[ -e /tmp/hubic.dbus ]]; then + # Charger la session DBUS + export DBUS_SESSION_BUS_ADDRESS=`cat /tmp/hubic.dbus` + + # Arrêt de hubiC + hubic stop + + # Suppression de le fichier contenant la session DBUS + rm /tmp/hubic.dbus + else + echo "/tmp/hubic.dbus does not exist" + fi +elif [[ $1 == "keepalive" ]]; then + if [[ -e /tmp/hubic.dbus ]]; then + # Charger la session DBUS + export DBUS_SESSION_BUS_ADDRESS=`cat /tmp/hubic.dbus` + + # Forcer la synchronisation + hubic synchronize + else + echo "/tmp/hubic.dbus does not exist" + fi +else + echo "Script to simplify management of hubiC." + echo + echo "This script needs one of the following settings to work:" + echo -e "\t- start\t: start hubiC in background " + echo -e "\t- stop\t: stop hubiC" +fi diff --git a/hubicSytemd.service b/hubicSytemd.service new file mode 100644 index 0000000..f4ebb93 --- /dev/null +++ b/hubicSytemd.service @@ -0,0 +1,13 @@ +[Unit] +Description=Hubic Service +After=network.target + +[Service] +Type=forking +User=root +ExecStart=/opt/hubicSytemd start +ExecStop=/opt/hubicSytemd stop +RestartSec=10 + +[Install] +WantedBy=multi-user.target diff --git a/limiter-les-algorithmes-de-cryptographie-sur-un-serveur-web/.gitkeep b/limiter-les-algorithmes-de-cryptographie-sur-un-serveur-web/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/limiter-les-algorithmes-de-cryptographie-sur-un-serveur-web/algorithm_limitation_IIS.ps1 b/limiter-les-algorithmes-de-cryptographie-sur-un-serveur-web/algorithm_limitation_IIS.ps1 new file mode 100644 index 0000000..b72f998 --- /dev/null +++ b/limiter-les-algorithmes-de-cryptographie-sur-un-serveur-web/algorithm_limitation_IIS.ps1 @@ -0,0 +1,127 @@ +############################################################################################### +# Source : https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12 # +# Description : Script permettant de limiter les algorithmes de crypto IIS # +############################################################################################### +# Disable Multi-Protocol Unified Hello +New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Server' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Server' -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null +Write-Host 'Multi-Protocol Unified Hello has been disabled.' + +# Disable PCT 1.0 +New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server' -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null +Write-Host 'PCT 1.0 has been disabled.' + +# Disable SSL 2.0 (PCI Compliance) +New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null +Write-Host 'SSL 2.0 has been disabled.' + +# Disable SSL 3.0 (PCI Compliance) and enable "Poodle" protection +New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null +Write-Host 'SSL 3.0 has been disabled.' + +# Add and Enable TLS 1.0 for client and server SCHANNEL communications +New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null +Write-Host 'TLS 1.0 has been enabled.' + +# Add and Enable TLS 1.1 for client and server SCHANNEL communications +New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -Force | Out-Null +New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'Enabled' -value 1 -PropertyType 'DWord' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null +Write-Host 'TLS 1.1 has been enabled.' + +# Add and Enable TLS 1.2 for client and server SCHANNEL communications +New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null +New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value 1 -PropertyType 'DWord' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null +Write-Host 'TLS 1.2 has been enabled.' + +# Re-create the ciphers key. +New-Item 'HKLM:SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers' -Force | Out-Null + +# Disable insecure/weak ciphers. +$insecureCiphers = @( + 'DES 56/56', + 'NULL', + 'RC2 128/128', + 'RC2 40/128', + 'RC2 56/128', + 'RC4 40/128', + 'RC4 56/128', + 'RC4 64/128', + 'RC4 128/128' +) +Foreach ($insecureCipher in $insecureCiphers) { + $key = (Get-Item HKLM:\).OpenSubKey('SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers', $true).CreateSubKey($insecureCipher) + $key.SetValue('Enabled', 0, 'DWord') + $key.close() + Write-Host "Weak cipher $insecureCipher has been disabled." +} + +# Set hashes configuration. +New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5' -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null + +New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA' -name Enabled -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null + +# Set KeyExchangeAlgorithms configuration. +New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman' -name Enabled -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null + +New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS' -Force | Out-Null +New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS' -name Enabled -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null + +# Set cipher suites order as secure as possible (Enables Perfect Forward Secrecy). +$cipherSuitesOrder = @( + 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521', + 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384', + 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256', + 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521', + 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384', + 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256', + 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521', + 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521', + 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384', + 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256', + 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384', + 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256', + 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521', + 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384', + 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521', + 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384', + 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256', + 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521', + 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384', + 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521', + 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384', + 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256', + 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521', + 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384', + 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256', + 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521', + 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384', + 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256', + 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256', + 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA', + 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256', + 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA', + 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA', + 'TLS_RSA_WITH_AES_256_CBC_SHA256', + 'TLS_RSA_WITH_AES_256_CBC_SHA', + 'TLS_RSA_WITH_AES_128_CBC_SHA256', + 'TLS_RSA_WITH_AES_128_CBC_SHA', + 'TLS_RSA_WITH_3DES_EDE_CBC_SHA' +) +$cipherSuitesAsString = [string]::join(',', $cipherSuitesOrder) +New-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002' -name 'Functions' -value $cipherSuitesAsString -PropertyType 'String' -Force | Out-Null \ No newline at end of file