From 367c6a10b886534742eadc8f9116f5a8487d0e30 Mon Sep 17 00:00:00 2001 From: Michel Date: Sat, 18 Oct 2025 11:21:30 +0200 Subject: [PATCH] =?UTF-8?q?S=C3=A9curit=C3=A9=20SSH?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env | 5 ++--- Outils/visualiseur_logs.py | 2 +- scripts/backup_mysql.sh | 37 +++++++++++++++++++++---------------- 3 files changed, 24 insertions(+), 20 deletions(-) diff --git a/.env b/.env index 4f99d8f..cc35abb 100644 --- a/.env +++ b/.env @@ -54,10 +54,9 @@ ALERT_SMS_TO_MEUDON=Michel:+33759600180 ALERT_SMS_CLIENT_TO_MEUDON=Sekou:+33625903364,Damien:+33680388259 ALERT_SMS_CLIENT_TO_SACLAY=Nicolas:+33682069405,Sabrina:+33650270939,Mirceta:+33601162960 # Activer/désactiver globalement l’envoi client -ALERT_SMS_CLIENT_ENABLED=0 +ALERT_SMS_CLIENT_ENABLED=1 # 1) couper les SMS internes ALERT_INTERNAL_SMS_ENABLED=0# 0 = coupe tous les SMS “internes” (déclenchement) # 2) limiter le flux par cooldown (par sonde) -ALERT_SMS_COOLDOWN_SEC=3600# 3600s = 1 SMS max / sonde / heure -# (compatibilité: si non défini, on retombe sur GYRO_SMS_MIN_SEC ou 120s) \ No newline at end of file +ALERT_SMS_COOLDOWN_SEC=3600 diff --git a/Outils/visualiseur_logs.py b/Outils/visualiseur_logs.py index 29f0b46..9e9e3d3 100644 --- a/Outils/visualiseur_logs.py +++ b/Outils/visualiseur_logs.py @@ -148,7 +148,7 @@ with col1: help="Filtre sur ERROR, ❌, Traceback, failed, exception, critical, fatal" ) with col2: - nb_lignes = st.slider("📏 Lignes à afficher", 10, 5000, 300) + nb_lignes = st.slider("📏 Lignes à afficher", 10, 5000, 30) with col3: highlight = st.checkbox( "🖍️ Surligner erreurs/avertissements", diff --git a/scripts/backup_mysql.sh b/scripts/backup_mysql.sh index 4367003..770a585 100644 --- a/scripts/backup_mysql.sh +++ b/scripts/backup_mysql.sh @@ -16,9 +16,14 @@ flock -n 9 || { echo "🔒 Un autre backup est en cours. Abandon."; exit 1; } BACKUP_FILE="$BACKUP_DIR/mysql_backup_$DATE.sql" # Cible NAS (alias dans ~/.ssh/config) -NAS_HOST="DSM920" +NAS_HOST="10.8.0.1" +NAS_USER="Michel" NAS_DIR="/volume1/VPS/Gravelines" -SSH_OPTS="-F /home/debian/.ssh/config -o BatchMode=yes -o StrictHostKeyChecking=accept-new" +SSH_OPTS="-i /home/debian/.ssh/id_ed25519 -p 4422 \ + -o BatchMode=yes -o PreferredAuthentications=publickey \ + -o PasswordAuthentication=no -o PubkeyAuthentication=yes \ + -o StrictHostKeyChecking=accept-new -o ConnectTimeout=10 \ + -o ServerAliveInterval=30 -o ServerAliveCountMax=2" # Chemin credentials MySQL (recommandé) MYSQL_DEFAULTS="/home/debian/.my.cnf" @@ -32,8 +37,8 @@ echo "🔷 Dossier NAS : $NAS_DIR (hôte $NAS_HOST)" # 1) Pré-check SSH & droits écriture NAS echo "🔷 Test SSH NAS…" -if ! ssh $SSH_OPTS "$NAS_HOST" "mkdir -p '$NAS_DIR' && test -w '$NAS_DIR' && echo __SSH_OK__"; then - echo "❌ Impossible d écrire sur $NAS_HOST:$NAS_DIR (clé SSH ? user ? droits ? SSH NAS activé ?)" +if ! ssh $SSH_OPTS "$NAS_USER@$NAS_HOST" "mkdir -p '$NAS_DIR' && test -w '$NAS_DIR' && echo __SSH_OK__"; then + echo "❌ Impossible d'écrire sur $NAS_HOST:$NAS_DIR (clé SSH ? user ? droits ? SSH NAS activé ?)" exit 20 fi @@ -59,22 +64,22 @@ fi LOCAL_SIZE=$(stat -c%s "$BACKUP_FILE" 2>/dev/null || wc -c < "$BACKUP_FILE") echo "✅ Dump OK : $BACKUP_FILE ($LOCAL_SIZE octets)" -# 3) Transfert → NAS -echo "🔷 Transfert vers le NAS…" -rsync -av --partial -e "ssh $SSH_OPTS" "$BACKUP_FILE" "$NAS_HOST:$NAS_DIR/" +# 3) Transfert → NAS (SCP à la place de rsync) +scp -O -P 4422 -i /home/debian/.ssh/id_ed25519 \ + -o BatchMode=yes -o PreferredAuthentications=publickey -o PasswordAuthentication=no \ + -o StrictHostKeyChecking=accept-new \ + "$BACKUP_FILE" "Michel@10.8.0.1:$NAS_DIR/" -# 4) Vérification taille distante = locale (robuste BusyBox) +# 4) Vérification taille distante = locale BASENAME="$(basename "$BACKUP_FILE")" -REMOTE_SIZE=$(ssh $SSH_OPTS "$NAS_HOST" "wc -c < '$NAS_DIR/$BASENAME'" || echo 0) +REMOTE_SIZE=$(ssh -p 4422 -i /home/debian/.ssh/id_ed25519 \ + -o BatchMode=yes -o PreferredAuthentications=publickey -o PasswordAuthentication=no \ + -o StrictHostKeyChecking=accept-new \ + "Michel@10.8.0.1" "wc -c < '$NAS_DIR/$BASENAME'" || echo 0) + if [[ "$REMOTE_SIZE" != "$LOCAL_SIZE" ]]; then echo "❌ Taille différente après transfert (local=$LOCAL_SIZE, distant=$REMOTE_SIZE)" exit 22 fi -echo "✅ Transfert OK → $NAS_HOST:$NAS_DIR/$BASENAME" +echo "✅ Transfert OK → 10.8.0.1:$NAS_DIR/$BASENAME" -# 5) Rotation locale (garder 14 fichiers) -echo "🔷 Rotation locale (garder 14 fichiers)…" -ls -1t "$BACKUP_DIR"/mysql_backup_*.sql 2>/dev/null | tail -n +15 | xargs -r rm -f - - -echo "🏁 Terminé $(date '+%F %T')"