DevSecOps-Simplon-Training · WhiteMuush · May 28, 2026 · May 28, 2026 · May 28, 2026 · May 28, 2026
diff --git a/.gitignore b/.gitignore
@@ -44,4 +44,6 @@ terraform.rc
 
 # Optional: ignore plan files saved before destroying Terraform configuration
 # Uncomment the line below if you want to ignore planout files.
-# planout
+# planout
+
+.env
diff --git a/mon-projet/README.txt b/mon-projet/README.txt
@@ -0,0 +1 @@
+# Mon Projet Bash
diff --git a/mon-projet/config/settings.txt b/mon-projet/config/settings.txt
diff --git a/mon-projet/logs/app.log b/mon-projet/logs/app.log
@@ -0,0 +1,22 @@
+2024-01-15 08:00:01 INFO  Application started on port 8080
+2024-01-15 08:00:05 INFO  Connected to Azure SQL Database successfully
+2024-01-15 08:01:22 WARNING High memory usage detected: 78%
+2024-01-15 08:02:45 ERROR Failed to connect to Azure Storage: connection timeout
+2024-01-15 08:03:10 INFO  Request processed: GET /api/health [200]
+2024-01-15 08:05:33 ERROR Authentication failed for service account: deploy_svc
+2024-01-15 08:06:15 WARNING CPU usage spike detected: 92%
+2024-01-15 08:07:42 ERROR Database query timeout after 30s on table: audit_logs
+2024-01-15 08:08:00 INFO  Retry attempt 1/3 for Azure Storage connection
+2024-01-15 08:08:30 INFO  Retry attempt 2/3 for Azure Storage connection
+2024-01-15 08:09:00 ERROR Max retries exceeded - Azure Storage service unavailable
+2024-01-15 08:10:15 WARNING Disk space below threshold: 15% remaining on /dev/sda1
+2024-01-15 08:11:22 INFO  Backup job started: daily-backup-2024-01-15
+2024-01-15 08:12:45 ERROR Backup failed: insufficient permissions on /var/backup/azure
+2024-01-15 08:14:03 INFO  Alert sent to monitoring team via Azure Monitor
+2024-01-15 08:15:00 INFO  Scheduled maintenance check completed
+2024-01-15 08:16:30 WARNING SSL certificate expires in 14 days for api.azuretech.fr
+2024-01-15 08:18:00 CRITICAL Database connection pool exhausted — all 20 connections in use
+2024-01-15 08:18:55 INFO  Kubernetes pod restarted: api-deployment-7d9f8b-xkp2m
+2024-01-15 08:19:30 CRITICAL Azure Key Vault unreachable — secrets cannot be retrieved
+2024-01-15 08:20:00 INFO  Health check passed: all 3 replicas running
+2024-01-15 08:21:00 CRITICAL Disk full on /var/log — logging suspended
diff --git a/mon-projet/logs/app.log.bak b/mon-projet/logs/app.log.bak
@@ -0,0 +1,22 @@
+2024-01-15 08:00:01 INFO  Application started on port 8080
+2024-01-15 08:00:05 INFO  Connected to Azure SQL Database successfully
+2024-01-15 08:01:22 WARNING High memory usage detected: 78%
+2024-01-15 08:02:45 ERROR Failed to connect to Azure Storage: connection timeout
+2024-01-15 08:03:10 INFO  Request processed: GET /api/health [200]
+2024-01-15 08:05:33 ERROR Authentication failed for service account: deploy_svc
+2024-01-15 08:06:15 WARNING CPU usage spike detected: 92%
+2024-01-15 08:07:42 ERROR Database query timeout after 30s on table: audit_logs
+2024-01-15 08:08:00 INFO  Retry attempt 1/3 for Azure Storage connection
+2024-01-15 08:08:30 INFO  Retry attempt 2/3 for Azure Storage connection
+2024-01-15 08:09:00 ERROR Max retries exceeded - Azure Storage service unavailable
+2024-01-15 08:10:15 WARNING Disk space below threshold: 15% remaining on /dev/sda1
+2024-01-15 08:11:22 INFO  Backup job started: daily-backup-2024-01-15
+2024-01-15 08:12:45 ERROR Backup failed: insufficient permissions on /var/backup/azure
+2024-01-15 08:14:03 INFO  Alert sent to monitoring team via Azure Monitor
+2024-01-15 08:15:00 INFO  Scheduled maintenance check completed
+2024-01-15 08:16:30 WARNING SSL certificate expires in 14 days for api.azuretech.fr
+2024-01-15 08:18:00 CRITICAL Database connection pool exhausted — all 20 connections in use
+2024-01-15 08:18:55 INFO  Kubernetes pod restarted: api-deployment-7d9f8b-xkp2m
+2024-01-15 08:19:30 CRITICAL Azure Key Vault unreachable — secrets cannot be retrieved
+2024-01-15 08:20:00 INFO  Health check passed: all 3 replicas running
+2024-01-15 08:21:00 CRITICAL Disk full on /var/log — logging suspended
diff --git a/mon-projet/logs/rapport-20260528-150040.txt b/mon-projet/logs/rapport-20260528-150040.txt
@@ -0,0 +1,16 @@
+RAPPORT D'ANALYSE — 28/05/2026 15:00
+
+--- Compteurs ---
+INFO=10  WARNING=4  ERROR=5  CRITICAL=3
+
+--- Incidents critiques ---
+2024-01-15 08:18:00 CRITICAL Database connection pool exhausted — all 20 connections in use
+2024-01-15 08:19:30 CRITICAL Azure Key Vault unreachable — secrets cannot be retrieved
+2024-01-15 08:21:00 CRITICAL Disk full on /var/log — logging suspended
+
+--- Erreurs ---
+2024-01-15 08:02:45 ERROR Failed to connect to Azure Storage: connection timeout
+2024-01-15 08:05:33 ERROR Authentication failed for service account: deploy_svc
+2024-01-15 08:07:42 ERROR Database query timeout after 30s on table: audit_logs
+2024-01-15 08:09:00 ERROR Max retries exceeded - Azure Storage service unavailable
+2024-01-15 08:12:45 ERROR Backup failed: insufficient permissions on /var/backup/azure
diff --git a/mon-projet/rapports/error.txt b/mon-projet/rapports/error.txt
@@ -0,0 +1,7 @@
+=== ERROR LINES ===
+
+2024-01-15 08:02:45 ERROR Failed to connect to Azure Storage: connection timeout
+2024-01-15 08:05:33 ERROR Authentication failed for service account: deploy_svc
+2024-01-15 08:07:42 ERROR Database query timeout after 30s on table: audit_logs
+2024-01-15 08:09:00 ERROR Max retries exceeded - Azure Storage service unavailable
+2024-01-15 08:12:45 ERROR Backup failed: insufficient permissions on /var/backup/azure
diff --git a/mon-projet/rapports/rapport.txt b/mon-projet/rapports/rapport.txt
@@ -0,0 +1,9 @@
+=== LOGS REPORTS ===
+
+Number of lines : 22
+
+Errors : 5
+
+Warnings : 4
+
+Critical : 3
diff --git a/mon-projet/src/analyse-niveaux.sh b/mon-projet/src/analyse-niveaux.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+# analyse-niveaux.sh — Compte chaque niveau de log
+
+LOG_FILE="ressources/server.log"
+
+echo "=== Analyse par niveau ==="
+
+for NIVEAU in INFO WARNING ERROR CRITICAL; do
+    NB=$(grep -c "$NIVEAU" "$LOG_FILE")
+    echo "  $NIVEAU : $NB occurrence(s)"
+done
+
+echo "=========================="
+echo "  TOTAL : $(wc -l < "$LOG_FILE") lignes"
diff --git a/mon-projet/src/app.sh b/mon-projet/src/app.sh
@@ -0,0 +1 @@
+#!/bin/bash
diff --git a/mon-projet/src/azure-keyvault.sh b/mon-projet/src/azure-keyvault.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# Source le fichier environnement
+source "$(dirname "$0")/.env"
+
+function createKeyVault(){
+set -e
+# Créer le Key Vault
+az keyvault create \
+    --name "$KEYVAULT_NAME" \
+    --resource-group "$RESOURCE_GROUP" \
+    --location "$LOCATION"
+}
+
+function AddSecretKey(){
+# Ajouter un secret
+az keyvault secret set \
+    --vault-name "$KEYVAULT_NAME" \
+    --name "db-password" \
+    --value "$DBPassword"
+}
+
+function CatchSecret(){
+# Récupérer un secret dans un script
+SECRET=$(az keyvault secret show \
+    --vault-name "$KEYVAULT_NAME" \
+    --name "db-password" \
+    --query "value" \
+    --output tsv)
+    echo "Secret récupéré (longueur : ${#SECRET} caractères)"
+}
+
+function ListSecret(){
+# Lister tous les secrets
+az keyvault secret list \
+    --vault-name "$KEYVAULT_NAME" \
+    --output table
+}
+
+function main(){
+    createKeyVault
+    AddSecretKey
+    CatchSecret
+    ListSecret
+}
+
+main
diff --git a/mon-projet/src/azure-storage.sh b/mon-projet/src/azure-storage.sh
@@ -0,0 +1,74 @@
+#!/bin/bash
+# Ce script permet de créer un compte de stockage et uploade server.log
+
+set -e
+
+RESOURCE_GROUP="mpetitRG"
+LOCATION="francecentral"
+STORAGE_ACCOUNT="mpstorageaccount$RANDOM"
+CONTAINER="logs"
+FICHIER_LOCAL="ressources/server.log"
+FICHIER_BLOB="server.log"
+
+create_storage_account() {
+    echo "=== Creation du compte de stockage Azure ==="
+    az storage account create \
+        --name "$STORAGE_ACCOUNT" \
+        --resource-group "$RESOURCE_GROUP" \
+        --location "$LOCATION" \
+        --sku Standard_LRS \
+        --kind StorageV2 \
+        --output none
+    echo "Compte cree : $STORAGE_ACCOUNT"
+}
+
+get_storage_key() {
+    az storage account keys list \
+        --resource-group "$RESOURCE_GROUP" \
+        --account-name "$STORAGE_ACCOUNT" \
+        --query "[0].value" \
+        --output tsv
+}
+
+create_container() {
+    local cle="$1"
+    az storage container create \
+        --name "$CONTAINER" \
+        --account-name "$STORAGE_ACCOUNT" \
+        --account-key "$cle" \
+        --output none
+    echo "Conteneur créé : $CONTAINER"
+}
+
+upload_blob() {
+    local cle="$1"
+    az storage blob upload \
+        --container-name "$CONTAINER" \
+        --file "$FICHIER_LOCAL" \
+        --name "$FICHIER_BLOB" \
+        --account-name "$STORAGE_ACCOUNT" \
+        --account-key "$cle" \
+        --output none
+    echo "Fichier uploadé : $FICHIER_BLOB"
+}
+
+list_blobs() {
+    local cle="$1"
+    echo ""
+    echo "=== Contenu du conteneur ==="
+    az storage blob list \
+        --container-name "$CONTAINER" \
+        --account-name "$STORAGE_ACCOUNT" \
+        --account-key "$cle" \
+        --output table
+}
+
+main() {
+    create_storage_account
+    CLE=$(get_storage_key)
+    create_container "$CLE"
+    upload_blob "$CLE"
+    list_blobs "$CLE"
+}
+
+main
diff --git a/mon-projet/src/azure-vm.sh b/mon-projet/src/azure-vm.sh
@@ -0,0 +1,91 @@
+#!/bin/bash
+
+# Génère un nom de VM unique en ajoutant un nombre aléatoire
+VM_NAME="mpetitvm$RANDOM"
+VM_IMAGE="Ubuntu2204"
+ADMIN_USER="mpetit"
+SSH_DIR="$(dirname "$0")/SSH-Keys/${VM_NAME}"
+# Chemin vers la clé SSH : sans extension = clé privée, avec .pub = clé publique
+SSH_KEY_PATH="${SSH_DIR}/${VM_NAME}"
+
+# Source le fichier environnement
+source "$(dirname "$0")/.env"
+
+function selectSmallestVMSize(){
+    # Filtre les tailles sans restrictions, extrait nom et vCPUs, trie numériquement, prend la plus petite
+    SMALLESTVM=$(az vm list-skus \
+        --location "$LOCATION" \
+        --resource-type "virtualMachines" \
+        --query "[?length(restrictions)==\`0\`].{name:name, cpus:capabilities[?name=='vCPUs'].value|[0]}" \
+        --output tsv \
+        | sort -t$'\t' -k2 -n \
+        | head -1 \
+        | cut -f1)
+
+    # Si SMALLESTVM est vide, utilise Standard_B1s comme valeur par défaut
+    echo "Taille sélectionnée : ${SMALLESTVM:-Standard_B1s}"
+}
+
+function generateSSHKey(){
+    # Crée le dossier SSH-Keys/<vm_name>/ si inexistant (-p évite l'erreur s'il existe déjà)
+    mkdir -p "$SSH_DIR"
+    chmod 600 "$SSH_DIR"
+    # Génère une paire de clés RSA 4096 bits, sans passphrase (-N ""), en mode silencieux (-q)
+    ssh-keygen -t rsa -b 4096 -f "$SSH_KEY_PATH" -N "" -q
+    # SSH refuse les clés avec des permissions trop ouvertes : 600 = lecture/écriture propriétaire uniquement
+    chmod 600 "$SSH_KEY_PATH"
+    echo "Clé SSH générée : $SSH_KEY_PATH"
+}
+
+function saveVMEnv(){
+    # Heredoc : écrit le bloc jusqu'à EOF dans le fichier .env, les variables sont évaluées immédiatement
+    cat > "${SSH_DIR}/.env" << EOF
+VM_NAME="$VM_NAME"
+RESOURCE_GROUP="$RESOURCE_GROUP"
+IP="$IP"
+ADMIN_USER="$ADMIN_USER"
+SSH_KEY_PATH="$SSH_KEY_PATH"
+EOF
+    echo "Infos VM sauvegardées dans ${SSH_DIR}/.env"
+}
+
+function vmCreate(){
+    # Fournit la clé publique (.pub) à Azure pour qu'elle soit installée sur la VM à la création
+    az vm create \
+        --resource-group "$RESOURCE_GROUP" \
+        --name "$VM_NAME" \
+        --image "$VM_IMAGE" \
+        --size "$SMALLESTVM" \
+        --admin-username "$ADMIN_USER" \
+        --ssh-key-value "${SSH_KEY_PATH}.pub" \
+        --output json
+}
+
+function catchVMPublicIP(){
+    # --show-details charge les infos réseau, --query extrait uniquement l'IP publique du JSON
+    # tr -d '\r' supprime les retours chariot (\r) que l'Azure CLI ajoute sous WSL
+    IP=$(az vm show \
+        --resource-group "$RESOURCE_GROUP" \
+        --name "$VM_NAME" \
+        --show-details \
+        --query "publicIps" \
+        --output tsv | tr -d '\r')
+
+    echo "IP de la VM : $IP"
+}
+
+function connectVM(){
+    # -i indique à SSH quelle clé privée utiliser pour s'authentifier
+    ssh -i "$SSH_KEY_PATH" "$ADMIN_USER@$IP"
+}
+
+function main(){
+    selectSmallestVMSize
+    generateSSHKey
+    vmCreate
+    catchVMPublicIP
+    saveVMEnv
+    connectVM
+}
+
+main
diff --git a/mon-projet/src/check-env.sh b/mon-projet/src/check-env.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+# check-env.sh — Vérifie que l'environnement est prêt pour NexaCloud
+
+set -e
+
+VERT="\033[0;32m"
+ROUGE="\033[0;31m"
+JAUNE="\033[0;33m"
+RESET="\033[0m"
+
+ok()   { echo -e "${VERT}  [OK]${RESET}   $1"; }
+warn() { echo -e "${JAUNE}  [WARN]${RESET} $1"; }
+err()  { echo -e "${ROUGE}  [ERR]${RESET}  $1"; }
+
+verifier_commande() {
+    local cmd="$1"
+    local nom="${2:-$1}"
+    if command -v "$cmd" &>/dev/null; then
+        ok "$nom installé"
+    else
+        err "$nom non trouvé"
+    fi
+}
+
+echo ""
+echo "=== Vérification de l'environnement NexaCloud ==="
+echo ""
+
+# Appele verifier_commande pour tester python3, node, npm et git
+for cmd in python3 node npm git; do
+    verifier_commande "$cmd"
+done
+
+
+echo ""
+
+# Vérifie que ces deux fichiers existent avec [ -f ]
+
+for fichier in "config.json" "ressources/server.log"; do
+    if [ -f "$fichier" ]; then
+        ok "Fichier $fichier trouvé"
+    else
+        warn "Fichier $fichier introuvable"
+    fi
+done
+
+
+echo ""
+echo "=== Vérification terminée ==="
+echo ""