Sécurité SSH

2025-10-18 11:21:30 +02:00
parent e9b85bcf40
commit 367c6a10b8
3 changed files with 24 additions and 20 deletions
--- a/.env
+++ b/.env
@@ -54,10 +54,9 @@ ALERT_SMS_TO_MEUDON=Michel:+33759600180
 ALERT_SMS_CLIENT_TO_MEUDON=Sekou:+33625903364,Damien:+33680388259
 ALERT_SMS_CLIENT_TO_SACLAY=Nicolas:+33682069405,Sabrina:+33650270939,Mirceta:+33601162960
 # Activer/désactiver globalement l’envoi client
-ALERT_SMS_CLIENT_ENABLED=0
+ALERT_SMS_CLIENT_ENABLED=1
 # 1) couper les SMS internes
 ALERT_INTERNAL_SMS_ENABLED=0# 0 = coupe tous les SMS “internes” (déclenchement)
 # 2) limiter le flux par cooldown (par sonde)
-ALERT_SMS_COOLDOWN_SEC=3600# 3600s = 1 SMS max / sonde / heure
+ALERT_SMS_COOLDOWN_SEC=3600
 # (compatibilité: si non défini, on retombe sur GYRO_SMS_MIN_SEC ou 120s)
--- a/Outils/visualiseur_logs.py
+++ b/Outils/visualiseur_logs.py
@@ -148,7 +148,7 @@ with col1:
        help="Filtre sur ERROR, ❌, Traceback, failed, exception, critical, fatal"
    )
 with col2:
-    nb_lignes = st.slider("📏 Lignes à afficher", 10, 5000, 300)
+    nb_lignes = st.slider("📏 Lignes à afficher", 10, 5000, 30)
 with col3:
    highlight = st.checkbox(
        "🖍️ Surligner erreurs/avertissements",
--- a/scripts/backup_mysql.sh
+++ b/scripts/backup_mysql.sh
@@ -16,9 +16,14 @@ flock -n 9 || { echo "🔒 Un autre backup est en cours. Abandon."; exit 1; }
 BACKUP_FILE="$BACKUP_DIR/mysql_backup_$DATE.sql"
 # Cible NAS (alias dans ~/.ssh/config)
-NAS_HOST="DSM920"
+NAS_HOST="10.8.0.1"
 NAS_USER="Michel"
 NAS_DIR="/volume1/VPS/Gravelines"
-SSH_OPTS="-F /home/debian/.ssh/config -o BatchMode=yes -o StrictHostKeyChecking=accept-new"
+SSH_OPTS="-i /home/debian/.ssh/id_ed25519 -p 4422 \
  -o BatchMode=yes -o PreferredAuthentications=publickey \
  -o PasswordAuthentication=no -o PubkeyAuthentication=yes \
  -o StrictHostKeyChecking=accept-new -o ConnectTimeout=10 \
  -o ServerAliveInterval=30 -o ServerAliveCountMax=2"
 # Chemin credentials MySQL (recommandé)
 MYSQL_DEFAULTS="/home/debian/.my.cnf"
@@ -32,8 +37,8 @@ echo "🔷 Dossier NAS    : $NAS_DIR (hôte $NAS_HOST)"
 # 1) Pré-check SSH & droits écriture NAS
 echo "🔷 Test SSH NAS…"
-if ! ssh $SSH_OPTS "$NAS_HOST" "mkdir -p '$NAS_DIR' && test -w '$NAS_DIR' && echo __SSH_OK__"; then
+if ! ssh $SSH_OPTS "$NAS_USER@$NAS_HOST" "mkdir -p '$NAS_DIR' && test -w '$NAS_DIR' && echo __SSH_OK__"; then
-  echo "❌ Impossible d écrire sur $NAS_HOST:$NAS_DIR (clé SSH ? user ? droits ? SSH NAS activé ?)"
+  echo "❌ Impossible d'écrire sur $NAS_HOST:$NAS_DIR (clé SSH ? user ? droits ? SSH NAS activé ?)"
  exit 20
 fi
@@ -59,22 +64,22 @@ fi
 LOCAL_SIZE=$(stat -c%s "$BACKUP_FILE" 2>/dev/null || wc -c < "$BACKUP_FILE")
 echo "✅ Dump OK : $BACKUP_FILE ($LOCAL_SIZE octets)"
-# 3) Transfert → NAS
+# 3) Transfert → NAS (SCP à la place de rsync)
-echo "🔷 Transfert vers le NAS…"
+scp -O -P 4422 -i /home/debian/.ssh/id_ed25519 \
-rsync -av --partial -e "ssh $SSH_OPTS" "$BACKUP_FILE" "$NAS_HOST:$NAS_DIR/"
+  -o BatchMode=yes -o PreferredAuthentications=publickey -o PasswordAuthentication=no \
  -o StrictHostKeyChecking=accept-new \
  "$BACKUP_FILE" "Michel@10.8.0.1:$NAS_DIR/"
-# 4) Vérification taille distante = locale (robuste BusyBox)
+# 4) Vérification taille distante = locale
 BASENAME="$(basename "$BACKUP_FILE")"
-REMOTE_SIZE=$(ssh $SSH_OPTS "$NAS_HOST" "wc -c < '$NAS_DIR/$BASENAME'" || echo 0)
+REMOTE_SIZE=$(ssh -p 4422 -i /home/debian/.ssh/id_ed25519 \
  -o BatchMode=yes -o PreferredAuthentications=publickey -o PasswordAuthentication=no \
  -o StrictHostKeyChecking=accept-new \
  "Michel@10.8.0.1" "wc -c < '$NAS_DIR/$BASENAME'" || echo 0)
 if [[ "$REMOTE_SIZE" != "$LOCAL_SIZE" ]]; then
  echo "❌ Taille différente après transfert (local=$LOCAL_SIZE, distant=$REMOTE_SIZE)"
  exit 22
 fi
-echo "✅ Transfert OK → $NAS_HOST:$NAS_DIR/$BASENAME"
+echo "✅ Transfert OK → 10.8.0.1:$NAS_DIR/$BASENAME"
 # 5) Rotation locale (garder 14 fichiers)
 echo "🔷 Rotation locale (garder 14 fichiers)…"
 ls -1t "$BACKUP_DIR"/mysql_backup_*.sql 2>/dev/null | tail -n +15 | xargs -r rm -f
 echo "🏁 Terminé $(date '+%F %T')"