Tutorial Server Ubuntu 9.10-10.04
Tutorial Server Ubuntu 9.10-10.04
Agardisinikitatidaksalahmengasumsikanantarapenulisdenganpembaca,makasebelumnyakitasamakandahuluterutamauntuk diagramjaringannya,diagramnyasebagaiberikut: 192.168.1.1 INTERNET====MODEMADSL=======UBUNTUSERVER======SWITCHHUB======CLIENT bridgemodeeth0eth1|(192.168.0.101192.168.0.xxx) 192.168.1.2192.168.0.1Comp.Administrator/Billing 192.168.0.100 UntukMODEMADSLdijadikanbridgeyangnantinyaakandidialupolehubuntu. DisinispeksifikasiminimumyangdipakaiadalahProcessoryangsupport64bitseperti: minimumPentium4630/631/632series(3GHz,FSB800MHz,L22MB) atauPentiumD(2.43GHz,FSB533800MHz,L24MB) danatauDualCore,Core2Duo,Core2Quad,etc Hardwarelainnya:RAMDDR1/21GB,2EthernetCard,danHarddisk120GBSATA(UsahakanSATAagarresponsif). TutorialinidiperuntukkanuntukWarnetdanRT/RWNet.
TAHAPI INSTALLUBUNTUSERVER
MasukkanCDInstallUbuntu10.04ServerLTS64bitdanbootingcomputerkecdrom Tampilawaldanpilih...
PilihBahasa
PilihzonalokasipilihOtherkemudianAsiadanCariIndoneisa
Pilihlayout/jeniskeyboard,pilihajaNo
UbuntuInstallerakanmelakukanpengecekkanterhadapCDygdigunakan
UbuntuInstallermenjalankankomponensebagaipendukung
InstalasiNetwork,untuksementaradiabaikanajakarenanantinyaakandisettingsecaramanualaja.
Masukannamahostname/computersesuaikeinginan,misal:router
PengaturanHarddisk,pilihManualkarenaakandipersiapkansecaramaksimal.
Dariharddisk160Gbdibagisebagaiberikut:
/ swap /home/proxy1 /home/proxy2 /home/proxy3 /home/share 25GB 1GB 20GB 20GB 20GB (sisanya) XFS swap XFS XFS XFS NTFS Boot Flag / Swap Chache proxy #1 Chache proxy #2 Chache proxy #3 Share Documents
Ubuntuinstallerselanjutnyaakanmenginstallsystemdasaryangdibutuhkan,tentunyasetelahmemformatharddisk.
Membuataccountuserdanmemberpassword,misalaccountOpikdesigndanuseropikdesign
UbuntuInstallerakanmempertanyakanapakahconnectionkeinternetpakeproxy,tapiklotanpaproxybisapilihcontinue
KonfigurasiAPT
Memilihpaketpilihaja:DNSServer,LAMPServer,OpenSSHServerdanSambaFileServer
Memulaiinstalasiditengah2instalasi,akanditanyakanpassworduntukMySQL,bisadikosongkanatobolehdiisi
InstalasiGRUBBootloader
Instalasiberakhir,keluarkanCDnya.PilihContinueuntukrestartdanbootdariharddisk.
TAHAPII LOGIN
Lakukanlogin. Kemudianmasukkeroot,kemudianmasukanpassword: [user]@[host]:~$ sudo su cirinyaklosudahmasukrootmakapromptberubahmenjadi root@[host]:/home/[user]# sepertiini:
TAHAPIII SETINGETHERNETCARD
Editfile/etc/network/interfaces,bisamenggunakanbantuanviataupicodanlainnya,tetapidisinipenulismengunakanpico karenasudahfamiliar. # pico /etc/network/interfaces SebelumnyatentukandahuluIPv4untukkartujaringaneth1,misalIP192.168.0.1dannetmask255.255.255.0. Danperludiingat,kartujaringaneth0terhubungdenganmodemADSLdanIPv4mengikutiDHCPdarimodemjadikitatidakperluseting langikarenasudahdisetingsaatpenginstallantersebutdiatas. Isifile/etc/network/interfacesrubahmenjadiberikut:
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 auto eth1 iface eth1 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255
seharusnyahasilnya:
TAHAPIII MEMBUATSETTINGDIALUPUNTUKMODEMADSL
Installdahulurepositorypppoe: # apt-get install pppoe Jalankanpppoeconf
# pppoeconf
tampilannyaakansepertiini:
PilihYeskemudiandiaakanmendeteksisendiriberadadimanamodemADSLtersebut.
Pilihyes,dimintausernamedanpasswordADSL
PilihjanganmenggunakanDNSPeerskarenanantikitaakanmembuatDNSServerlocal,jadipilih"No"...
UntukMTUpilih"Yes"untukdefault1452byte
Donedanlangsungmelakukankoneksi...
Klosudah,checkdifile/etc/network/interfacesakanadatambahannyasepertiini:
auto dsl-provider iface dsl-provider inet ppp pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf provider dsl-provider
makaisikeseluruhanfile(tulisanwarnamerah):
auto lo iface lo inet loopback auto eth0 iface eth1 inet static address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 auto eth1 iface eth1 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255
auto dsl-provider iface dsl-provider inet ppp pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf provider dsl-provider
Checkinterfacesdialupdengan
# ifconfig ppp0 ifconfig,dialupakanmunculinterfacesppp0
hasilnya:
Ataucarangechecklain,lakukanpingkeinet.
Installbeberaparepositorypentingyangakanseringterpakai
# apt-get install iptraf iftop whois sysstat snmp snmpd rrdtool dbconfig-common libphp-adodb php5-cli php5-gd php-pear php5-snmp php5-adodb phpmyadmin make rpm alien subversion nmap libnet-netmask-perl curl chkconfig
Lakukanrestart. # reboot
Rubahmenjadi:
ddns-update-style none; subnet 192.168.0.0 netmask 255.255.255.0 { option broadcast-address 192.168.0.255; option subnet-mask 255.255.255.0; option domain-name-servers 192.168.0.1; option domain-name "local.domain"; #sesuaikan keinginan option routers 192.168.0.1; option netbios-name-servers 192.168.0.1; default-lease-time 600; max-lease-time 604800; log-facility local7; range 192.168.0.100 192.168.0.200; }
Catatan, untukoption domain-name-serversnantibisadigantidgnDNSISPygbersangkutanklotidakmenginstallDNSServerdan seandainyaDNSlebihdarisatutinggaldiberitandakoma,. begitujugaoption netbios-name-serversbisadihilangkanklonantitidakmembuatWINSServer,. Setelahitueditfile/etc/default/dhcp3-server dandisinilahsettinganDHCPdefaultinterfaces. # pico /etc/default/dhcp3-server RubahatauisiINTERFACESnyasepertidibawahini
INTERFACES="eth1"
LakukanrestartDHCP3serverdengan: # /etc/init.d/dhcpd3-server restart Akanmunculdilayar: * Starting DHCP server dhcpd3 [ OK ] DHCPbisadibuatsepertihalnyaMACFilter,dalampengertiansebagaiberikut: KitasebelumnyasudahmencatatMACADDRESSdariseluruhhardwareEthernetmaupunwificlientyangkemudiandiberikanIP sesuaiketentuanMACADDRESS;contohcomputerAdenganMAC00:AA:BB:CC:DD:11akanselalumendapatIP192.168.0.123. Rubah/etc/dhcp3/dhcpd.conf,contohkonfigurasidenganMACFiltering:
ddns-update-style none; subnet 192.168.0.0 netmask 255.255.255.0 { option broadcast-address 192.168.0.255; option subnet-mask 255.255.255.0; option domain-name-servers 192.168.0.1; option domain-name "local.domain"; #sesuaikan keinginan option routers 192.168.0.1; option netbios-name-servers 192.168.0.1; default-lease-time 600; max-lease-time 604800; log-facility local7; host opikdesign { hardware ethernet 00:22:15:3C:14:A1; fixed-address 192.168.0.100; } host dhani { hardware ethernet 00:11:5B:78:D3:E8; fixed-address 192.168.0.101; } host farah { hardware ethernet 00:16:EC:1E:2F:9E; fixed-address 192.168.0.102; } host siti { hardware ethernet 00:13:D4:CB:69:0F; fixed-address 192.168.0.103; } }
Jadidisinibisadipahamiseharusnya,cobalihatketeranganbertulistebal
host [disini letak nama computer] { hardware ethernet [disini diisi MAC-ADDRESS dari client yang bersangkutan]; fixed-address [IP yang akan diberikan]; }
SelanjutnyaMACADDRESSbisadisesuaikandenganclient,tersebutdiatashanyacontoh
Port 221
hasiltampilannya:
masukanpasswordyangdikehendakidanketikulang.
ClickOpenklosudahmengisiHostName/IPservermaupunportnya. Makatampilanakanmenjadi
Tampilannyaakansepertiini
TAHAPVII MEMBUATNAT/ROUTER
Agarclientbisaterkoneksidenganinternetmakakitaharusmengaktifkanipforward. MembuatroutermakaaktifkanIPForwarding,darippp0keeth1,editfile/etc/sysctl.conf : cariteks
# net.ipv4.ip_forward=1
Aktifkandenganmenghilangkantanda#,menjadi:
# net.ipv4.ip_forward=1
untukmeningkatanpengamansebaiknyaantispoofingattackdankernelmapprotectdiaktifkan,cariteks2dibawahini
# net.ipv4.conf.default.rp_filter=1 # net.ipv4.conf.all.rp_filter=1
Aktifkandenganmenghilangkantanda#,menjadi:
net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.all.rp_filter=1
kemudiansave.Danlakukanperintahuntukmengaktifkankonfigurasitersebut # sysctl -p
TAHAPVIII INSTALLDANSETINGPADADNSSERVERMENGGUNAKANBIND9
PadasaatinstalasiUbuntutadisudahmemilihuntukdiinstallkanDNSServer,sebenernyarepositoryyangberfungsisebagaiDNSServer bernamaBind9.AkhirnyakitatinggalmembuatsettinganBind9ini. FungsiDNSServeriniadalahmemresolvednamadomainyangdimintaclientuntukdimemberitahukanserverdaridomainyang ditanyakanclientberadadiIPmana. Sebelumnya,adabaiknyakitamengenalmacamtypeDNSRecord; AddressRecords;MerekamsebuahpemetaanIPAddresskedalamsebuahnamahost.Carasepertiiniyangpalingumum digunakan.
www IN A 111.222.333.444
AliasRecords;MembuatsebuahaliasterhadapCNAMEkarenatidakdapatmembuatCNAMEpointingdidalamCNAMERecord.
mail www IN IN CNAME A www 111.222.333.444
MailExchangeRecords;Menunjukkanemailharusdikirimkemana,harusmenujukkankeARecord(AddressRecord)bukan CNAME(AliasRecord)Record.
@ mail IN IN MX A mail.domain.com 111.222.333.444
NameServerRecord;Menentukanserveryangakandigunakanuntukmelayanilayananhosting,harusmenujukkankeARecord (AddressRecord)bukanCNAME(AliasRecord)Record.
@ ns IN IN NS A ns.domain.com 111.222.333.444
Bukafile/etc/bind/named.conf.local;fileyangberisidimanaletakfilezonayangberisiDNSRecordlocal. tambahataueditisinyamenjadi:
include "/etc/bind/zones.rfc1918"; zone "local.domain" { type master; file "/etc/bind/db.local.domain"; }; zone "0.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192"; }; include "/etc/bind/rndc.key";
Kemudianduplicatefiledblocalsesuainamafileyangdisebutkan/etc/bind/named.conf.local.
# # cp /etc/bind/db.local /etc/bind/db.local.domain cp /etc/bind/db.local /etc/bind/db.192
Editfile/etc/bind/db.local.domain editisinyamenjadi:
; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA ns.local.domain. mail.local.domain. ( 2010072605 ;Serial 604800 ;Refresh 86400 ;Retry 2419200 ;Expire 604800 ) ;Negative Cache TTL ; localhost IN A 127.0.0.1 @ IN NS ns.local.domain. ns IN A 192.168.0.1 www IN CNAME ns proxy IN CNAME ns
www proxy
IN IN
CNAME CNAME
ns ns
Editfile/etc/resolv.conf editisinyamenjadi:
search local.domain nameserver 127.0.0.1
Restartjaringandanbind9
# service bind9 restart
Untukmengujibind9,kitaperlumenginstallrepositorydnsutils,installrepositorytersebut
# apt-get install dnsutils
checkzonauntukmengetestsettingankitadidalamfile/etc/bind/db.dns.persegi.net dan/etc/bind/db.192
# named-checkzone local.domain /etc/bind/db.local.domain
kalausettingantidakadamasalahhasilnyakuranglebihakanmunculserialyangbuat.
hasilnya
kemudianbarumengujidengancommanddigkitamencobauntuklocalnyadulu
# dig localhost
hasilnya
kemudiancobamengujiuntukmencaridomaindiinetmisalnyagoogle.comatauyahoo.com
# dig google.com
hasilnya
ataubisajugamengujidenganperintahnslookup
# > > nslookup set type=any local.domain
TAHAPIX INSTALLNTPSERVER
ApafungsidariNTPServer?!,fungsinyaagarsemuaPCClientmempunyaiwaktuyangsamadenganServer.Namunpengaktifan fungsiinitidakterlalupenting.Carainstalldanmenjalankan:
# # apt-get install ntp service ntp restart
Untukmerubahwaktupadasystemlinux:
# date DDMMhhmmYYYY
Keterangan: DD: MM: YYYY: date month year hh: mm: hour(24hour) minute
contohnya:dirubahmenjadi14June200911:51PM
# date 061423512009 Sun Jun 14 23:51:00 WIT 2009
AktifkanmodulSSL
# a2enmod ssl
Menempelkanfilecertificatedivirtualhost
# cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
editfile/etc/apache2/sites-available/ssl,tambahkanscriptpadabaristerakhirsebelum</VirtualHost>:
SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem
danportdefault80jadikan443,caribaris
<VirtualHost *:80>
dangantidgn
<VirtualHost *:443>
editfile/etc/apache2/sites-available/default,tambahkanscriptpadabaristerakhirsebelum</VirtualHost>:
SSLCertificateFile /etc/apache2/ssl/apache.pem
Editfile/etc/samba/smb.confdanrubahmenjadi
[global] log file = /var/log/samba/log.%m passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully*. obey pam restrictions = yes map to guest = bad user encrypt passwords = true public = yes passdb backend = tdbsam passwd program = /usr/bin/passwd %u wins support = yes max wins ttl = 18748800 min wins ttl = 60 netbios name = persegi server string = %h server (Samba, Ubuntu) path = /var/tmp preferred master = yes domain master = yes local master = yes workgroup = WORKGROUP syslog = 0 panic action = /usr/share/samba/panic-action %d usershare allow guests = yes max log size = 1000 pam password change = yes name resolve order = wins bcast hosts lmhosts socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 65 announce as = WfW guest ok = Yes usershare allow guests = Yes name cache timeout = 0 nt status support = yes nt pipe support = yes winbind cache time = 60 idmap uid = 50-9999999999 idmap gid = 50-9999999999 idmap cache time = 120
Editfile/etc/hostskemudianmasukkannamahostcomputerclientdanipnyauntukpencariandenganmetodehostsfile,contoh sebagaiberikut:
127.0.0.1 localhost 192.168.0.1 router router.local.domain www.local.domain proxy.local.domain 192.168.0.100 billing billing.local.domain 192.168.0.101 client01 client01.local.domain 192.168.0.102 client02 client02.local.domain 192.168.0.103 client03 client03.local.domain 192.168.0.104 client04 client04.local.domain 192.168.0.105 client05 client05.local.domain 192.168.0.106 client06 client06.local.domain 192.168.0.107 client07 client07.local.domain 192.168.0.108 client08 client08.local.domain 192.168.0.109 client09 client09.local.domain 192.168.0.110 client10 client10.local.domain
Buatfile/etc/samba/lmhostsdanmasukkannamahostcomputerclientdanipsepertidiatasuntukpencariandenganmetode lmhostsfile,contohsebagaiberikut:
192.168.0.1 router 192.168.0.100 billing 192.168.0.101 client01 192.168.0.102 client02 192.168.0.103 client03 192.168.0.104 client04 192.168.0.105 client05 192.168.0.106 client06 192.168.0.107 client07 192.168.0.108 client08 192.168.0.109 client09 192.168.0.110 client10
Bukadaneditfile/etc/nsswitch.conf caribaris
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
rubahmenjadi
hosts: files dns wins winbind mdns4_minimal [NOTFOUND=return] mdns4
Lakukanrestartjaringandanwinbindsajakarenasambasudahotomatisberubah
# # /etc/init.d/networking restart service winbind restart
router billing client01 client02 client03 client04 client05 client06 client07 client08 client09 client10
IN IN IN IN IN IN IN IN IN IN IN IN
A A A A A A A A A A A A
192.168.0.1 192.168.0.100 192.168.0.101 192.168.0.102 192.168.0.103 192.168.0.104 192.168.0.105 192.168.0.106 192.168.0.107 192.168.0.108 192.168.0.109 192.168.0.110
Makafile/etc/bind/db.local.domain tersebutmenjadi(tulisanwarnamerah)
; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA ns.local.domain. mail.local.domain. ( 2010072610 ;Serial 604800 ;Refresh 86400 ;Retry 2419200 ;Expire 604800 ) ;Negative Cache TTL ; localhost IN A 127.0.0.1 @ IN NS ns.local.domain. ns IN A 192.168.0.1 www IN CNAME ns proxy IN CNAME ns router IN A 192.168.0.1 billing IN A 192.168.0.100 client01 IN A 192.168.0.101 client02 IN A 192.168.0.102 client03 IN A 192.168.0.103 client04 IN A 192.168.0.104 client05 IN A 192.168.0.105 client06 IN A 192.168.0.106 client07 IN A 192.168.0.107 client08 IN A 192.168.0.108 client09 IN A 192.168.0.109 client10 IN A 192.168.0.110
Editfile/etc/bind/db.192,dantambahkanbaristerakhirdenganmemasukkannamakomputerclientdiikutinnamadomain sebagaiDNSSuffixnyabersertaipnya,contohnya
IN
PTR
router.local.domain.
100 101 102 103 104 105 106 107 108 109 110
IN IN IN IN IN IN IN IN IN IN IN
PTR PTR PTR PTR PTR PTR PTR PTR PTR PTR PTR
billing.local.domain. client01.local.domain. client02.local.domain. client03.local.domain. client04.local.domain. client05.local.domain. client06.local.domain. client07.local.domain. client08.local.domain. client09.local.domain. client10.local.domain.
Makafile/etc/bind/db.192 tersebutmenjadi(tulisanwarnamerah)
; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA ns.local.domain. mail.local.domain. ( 2010072615 ;Serial 604800 ;Refresh 86400 ;Retry 2419200 ;Expire 604800 ) ;Negative Cache TTL ; @ IN NS ns. 1 IN PTR ns.local.domain. www IN CNAME ns proxy IN CNAME ns 1 IN PTR router.local.domain. 100 IN PTR billing.local.domain. 101 IN PTR client01.local.domain. 102 IN PTR client02.local.domain. 103 IN PTR client03.local.domain. 104 IN PTR client04.local.domain. 105 IN PTR client05.local.domain. 106 IN PTR client06.local.domain. 107 IN PTR client07.local.domain. 108 IN PTR client08.local.domain. 109 IN PTR client09.local.domain. 110 IN PTR client10.local.domain.
KemudianBind9direstart
# service bind9 restart
TestingSamba
# smbclient -L localhost -U%
hasilnya
Domain=[PERSEGI] OS=[Unix] Server=[Samba 3.3.2] Sharename --------IPC$ Type ---IPC Comment ------IPC Service (persegi server (Samba, Ubuntu))
Domain=[DNS.PERSEGI.NET] OS=[Unix] Server=[Samba 3.3.2] Server --------BILLING CLIENT01 CLIENT02 CLIENT03 CLIENT04 CLIENT05 CLIENT06 CLIENT07 CLIENT08 CLIENT09 CLIENT10 ROUTER Comment -------
Workgroup --------WORKGROUP
Master ------ROUTER
BuatBashScriptagartiapinterval15menitakanmemrestartdaemonwinbindd,snmbdannmbd. buatfile/sbin/winsdenganscriptsebagaiberikut
#!/bin/sh # Script ini untuk memrestart Winbindd dan Samba (snmb & nmbd) # agar semua NetBIOS komputer client dapat di refresh. PATH=/sbin:/bin:/usr/sbin:/usr/bin [ -r /etc/default/winbind ] && . /etc/default/winbind [ -r /etc/default/samba ] && . /etc/default/samba RUN_MODE="daemons" DAEMON_WINBINDD=/usr/sbin/winbindd PIDDIR_WINBINDD=/var/run/samba WINBINDPID=$PIDDIR_WINBINDD/winbindd.pid PIDDIR_SAMBA=/var/run/samba NMBDPID=$PIDDIR_SAMBA/nmbd.pid SMBDPID=$PIDDIR_SAMBA/smbd.pid INTERVAL=900 unset TMPDIR test -x $DAEMON_WINBINDD || exit 0 test -x /usr/sbin/nmbd -a -x /usr/sbin/smbd || exit 0 . /lib/lsb/init-functions
while : ; do # # winbind stop # log_daemon_msg "Stopping the Winbind daemon" "winbind" start-stop-daemon --stop --quiet --oknodo --exec $DAEMON_WINBINDD log_end_msg $? sleep 2 # # samba stop # log_daemon_msg "Stopping Samba daemons" log_progress_msg "nmbd" start-stop-daemon --stop --quiet --pidfile $NMBDPID sleep 1 if [ -f $NMBDPID ] && ! ps h `cat $NMBDPID` > /dev/null then rm -f $NMBDPID fi if [ "$RUN_MODE" != "inetd" ]; then log_progress_msg "smbd" start-stop-daemon --stop --quiet --pidfile $SMBDPID sleep 1 if [ -f $SMBDPID ] && ! ps h `cat $SMBDPID` > /dev/null then rm -f $SMBDPID fi fi log_end_msg 0
sleep 2 # # samba start # log_daemon_msg "Starting Samba daemons" install -o root -g root -m 755 -d $PIDDIR_SAMBA NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null` if [ "$NMBD_DISABLED" != 'Yes' ]; then log_progress_msg "nmbd" if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/nmbd -- -D then log_end_msg 1 exit 1 fi fi if [ "$RUN_MODE" != "inetd" ]; then log_progress_msg "smbd" if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/smbd -- -D; then log_end_msg 1 exit 1 fi fi log_end_msg 0 sleep 2 # # winbind start # log_daemon_msg "Starting the Winbind daemon" "winbind" mkdir -p /var/run/samba/winbindd_privileged || return 1 chgrp winbindd_priv $PIDDIR_WINBINDD/winbindd_privileged/ || return 1 chmod 0750 $PIDDIR_WINBINDD/winbindd_privileged/ || return 1 start-stop-daemon --start --quiet --oknodo --exec $DAEMON_WINBINDD -$WINBINDD_OPTS log_end_msg $? # # Repeat # sleep $INTERVAL done
kemudianberiattributeagarbisadijalankan, kemudianjalankandenganmengirimSignalHUPagarberjalanterusmenurussetiapnilaiintervalyangditentukan.
# # chmod +x /sbin/wins nohup /sbin/wins &
Terakhiragarscriptiniberjalansaatserverpertamakalirestart/booting,masukkankedalam/etc/rc.local,editfile
/etc/rc.localkemudiantambahkan
SettingDNSSuffixditiapclientklotadisudahmembuatDNSServeruntukclient,caranya: ControlPanel>>System
Pilih/clickComputerName,bolehisiComputerDescipptionsemisalclient01
ClickChangedanisiComputernamesesuaiyangdidaftarkansemisalclient01
ClickMoreisiPrimaryDNSSuffixcomputertersebutsemisalnyalocal.domaindanberitandacentangpadaChangeprimary DNSsuffixwhendomainmembershipchanges
ClickOKdanOKlagi
ClickOKdanOKlagi.Kemudiancomputerdirestart
Terakhir,settingtiapclientagarNetBIOSselaludilewatkanTCP/IP,caranya: ControlPanel>>NetworkConnection>>ClickKananLocalAreaConnection>>PilihProperties
CariInternetProtocol(TCP/IP)danpilihkemudianclickProperties.
PilihAdvanced.
PilihTabWINSdanNetBIOSsettingpilihkeEnableNetBIOSoverTCP/IP.ClickOK3x..
Bukadaneditkebalifileconfigurationsamba,/etc/samba/smb.confdantambahkanpadabaristerakhirsebagaiberikut:
[Share] comment = File Server Share path = /home/share/doc read only = No create mask = 0777 directory mask = 0777
KemudianClickTanda+,MyNetworkPlaces>>MicrosoftWindowsNetwork>>Workgroup>>(NamaServer)
ClickkananSharedanpilihMapNetworkDrive
AkanmunculWindowsDialog,danpastikanmemberitandacentangpadaReconnectatlogonagartiapkalicomputerclient selalumenghubungkandiridenganShareDocumentdiserver
AgarmenjadiMyDocument,ClickKananMyDocumentsisikiridanpilih
RubahtargetnyamenujuZ:\dimanaNetworkDriveberada.
Terakhirakanmunculsepertidibawahini,danpilihNoagardatadatayangberadadiMyDocumentsebelumtidakberpindah.
Agardatabasevirusnyaupdateterbaru
# freshclam
keluardansave.
sebagaiberikut Port 80 <===> HAVP (8080) <===> Squid (3128) <===> Client || CLAMAV+LIBCLAMAV Proxy,bisaberfungsisebagaifirewall/siteblock,webcachebahkanbisasedikitmengaturbandwidth.Fungsiiniadayang memandangtidakperlu,tetapibagipenulisSquidmemegangperananpentingkarenabisadiunggulkansemisalmemblockpacket yangtidakdiinginkandanmembantumengaturbandwidthkarenaadanyawebcacheyangbisadiandalkanpadasaatkoneksidari ISPbermasalahmaupunbisamembatasifileyangdidownloadolehclient. InstallHAVPdanSQUID
# apt-get install havp squid squid-common squid-cgi squidclient
Kuranglebihhasilnyasepertiini
Kemudianeditfileconfigurasisquidproxydi/etc/squid/squid.conf
#==================================$ # Proxy Server Versi 2.7.Stable3 #==================================$ ################################################################# # Port ################################################################# http_port 3128 transparent icp_port 3130 prefer_direct off ################################################################# # Cache & Object ################################################################# cache_mem 8 MB cache_swap_low 98 cache_swap_high 99 max_filedesc 8192 maximum_object_size 1024 MB minimum_object_size 0 KB maximum_object_size_in_memory 4 bytes ipcache_size 4096 ipcache_low 98 ipcache_high 99 fqdncache_size 4096 cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF ################################################################# # cache_dir <type> <Directory-Name> <Space in Mbytes> <Level1> <Level2> <options> # Maksimum Level1=((Space in byte/13)/Level2/Level2)*2 cache_dir aufs /home/proxy1 15000 32 256 cache_dir aufs /home/proxy2 15000 32 256 cache_dir aufs /home/proxy3 15000 32 256 ################################################################# cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none pid_filename /var/run/squid.pid cache_swap_log /var/log/squid/swap.state dns_nameservers 127.0.0.1 emulate_httpd_log off hosts_file /etc/hosts half_closed_clients off negative_ttl 1 minutes
################################################################# # Rules: Safe Port ################################################################# acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl acl all src 0.0.0.0/0.0.0.0 manager proto cache_object localhost src 127.0.0.1/255.255.255.255 to_localhost dst 127.0.0.0/8 SSL_ports port 443 563 873 Safe_ports port 80 Safe_ports port 20 21 Safe_ports port 70 Safe_ports port 210 Safe_ports port 1025-65535 Safe_ports port 631 Safe_ports port 10000 Safe_ports port 901 Safe_ports port 280 Safe_ports port 488 Safe_ports port 591 Safe_ports port 777 Safe_ports port 873 Safe_ports port 110 Safe_ports port 25 Safe_ports port 2095 2096 Safe_ports port 2082 2083 # https snews rsync # http # # gopher # # # # # # # # # # # # SMTP # webmail # cpanel ftp wais unregistered ports cups webmin SWAT http-mgmt gss-http filemaker multiling http rsync POP3 from cpanel
acl purge method PURGE acl CONNECT method CONNECT http_access http_access http_access http_access http_access http_access allow manager localhost deny manager allow purge localhost deny purge deny !Safe_ports !SSL_ports deny CONNECT !SSL_ports !Safe_ports
################################################################# # Refresh Pattern ################################################################# refresh_pattern ^ftp: refresh_pattern ^gopher: 1440 1440 20% 0% 10080 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-nocache ignore-private refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(html|htm|css|js|php|asp|aspx|cgi) 1440 40% 40320 refresh_pattern . 0 20% 4320
################################################################# # HAVP + Clamav ################################################################# cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
################################################################# # HIERARCHY (BYPASS CGI) ################################################################# #hierarchy_stoplist cgi-bin ? .js .jsp #acl QUERY urlpath_regex cgi-bin \? .js .jsp #no_cache deny QUERY
################################################################# # Pembatasan B/W Download dgn mendeteksi extention file. # dan pembatasan access domain # ################################################################# acl client src 192.168.0.101 192.168.0.102 192.168.0.103 192.168.0.104 192.168.0.105 192.168.0.106 192.168.0.107 192.168.0.108 192.168.0.109 192.168.0.110 acl billing src 192.168.0.200 acl server src 192.168.0.1 acl download url_regex -i ftp \.exe$ \.mp3$ \.mp4$ \.tar.gz$ \.gz$ \.tar.bz2$ \.rpm$ \.zip$ \.rar$ \.7z$ \.avi$ \.mpg$ \.mpeg$ \.rm$ \.iso$ \.wav$ \.mov$ \.dat$ \.mpe$ \.mid$ acl download url_regex -i \.midi$ \.rmi$ \.wma$ \.wmv$ \.ogg$ \.ogm$ \.m1v$ \.mp2$ \.mpa$ \.wax$ \.m3u$ \.asx$ \.wpl$ \.wmx$ \.dvr-ms$ \.snd$ \.au$ \.aif$ \.asf$ \.m2v$ acl download url_regex -i \.m2p$ \.ts$ \.tp$ \.trp$ \.div$ \.divx$ \.mod$ \.vob$ \.aob$ \.dts$ \.ac3$ \.cda$ \.vro$ \.deb$ \.pdf$ \.com$ \.nrg$ \.vcd$ \.flv$ \.swf$ \.3gp$ delay_pools 2 delay_class 1 1 delay_parameters 1 40000/10000000 15000/40000000 10000/70000000 delay_access 1 allow download client delay_access 1 deny all delay_class 2 1 delay_parameters 2 -1/-1 delay_access 2 allow download billing
################################################################# # SNMP ################################################################# snmp_port 3401 acl snmpsquid snmp_community public snmp_access allow snmpsquid localhost snmp_access deny all
################################################################# # ALLOWED ACCESS ################################################################# acl modem url_regex 192.168.1. 192.168.2. http_access http_access http_access http_access allow !modem client allow billing allow localhost deny all
http_reply_access allow all icp_access allow dl icp_access allow localhost icp_access deny all always_direct deny all
################################################################# # Cache CGI & Administrative ################################################################# cache_mgr th@opikdesign.com cachemgr_passwd 123 all visible_hostname local.domain cache_effective_user proxy cache_effective_group proxy coredump_dir /var/spool/squid shutdown_lifetime 10 seconds logfile_rotate 14
Matikansquid
# service squid stop
Memberikanpermissionpadafoldercache
# chown -R proxy.proxy /home/proxy1 # chown -R proxy.proxy /home/proxy2 # chown -R proxy.proxy /home/proxy3
BuatruleiptablesagarportHTTP(80)dariclientdibelokkankeportProxy(3128).
# iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 # iptables -t nat -I PREROUTING -i eth0 -p udp -m udp --dport 80 -j REDIRECT --to-ports 3128
hasil
SettingCALAMARIS
# squid -k rotate # mkdir /var/www/calamaris # calamaris -a -F html /var/log/squid/access.log > /var/www/calamaris/index.html
SettingSARG editfile/etc/sarg/sarg-reports.conf;rubahsepertidibawahini(tekswarnamerah)...
SARG=/usr/bin/sarg CONFIG=/etc/sarg/sarg.conf HTMLOUT=/var/www/squid-reports PAGETITLE="Access Reports on $(hostname)" LOGOIMG=/sarg/images/sarg.png LOGOLINK="http://$(hostname)/" DAILY=Daily WEEKLY=Weekly MONTHLY=Monthly EXCLUDELOG1="SARG: No records found" EXCLUDELOG2="SARG: End"
daneditfile/etc/sarg/sarg.conf;caribaris...
output_dir /var/lib/sarg
dirubahmenjadi...
output_dir /var/www/squid-reports
agarIPdirubahmenjadinamahostmakacaribaris
/etc/sarg/usertab
dirubahmenjadi...
usertab /etc/hosts
Kemudianbuatfolderdanbuatreport
# mkdir /var/www/squid-reports # # # # sarg-reports sarg-reports sarg-reports sarg-reports today daily weekly monthly
MemasukkanpadaCrontab,padadasarnyaSARGsudahadapenjadwalannamunsayamasukkanlagiagarlebihseringrefresh. Jalankancrontab
# crontab -e
Kemudiantambahandibaristerakhir
* */6 * * * /usr/sbin/sarg-reports today * */12 * * * calamaris -a -F html /var/log/squid/access.log > /var/www/calamaris/index.html
CaramelihatreportdariCALAMARISbrowsingkeURLhttp://[ipserver]/calamaris.
CaramelihatreportdariSARG browsingkeURLhttp://[ipserver]/squidreports.
http_SSL=443 smtp=25 smtp_SSL=465 pop3=110 pop3_SSL=995 DNS=53 ftp=20,21 ftp_SSL=115,989,990 proxy=3128 havp=8080 icp=3130 time=13,123 games=29000,27000,1873,11031,9110 dota=6112:6118 PB_TCP=39100,39110,39220,49100,39190 PB_UDP=40000:40009 range_port=1025:65535 ####### SCRIPT echo FIREWALL /sbin/iptables /sbin/iptables /sbin/iptables /sbin/iptables /sbin/iptables STATUS: All Firewall Drop & Reset -t mangle -F -t nat -F -t filter -F -X -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
echo FIREWALL STATUS: MTU Setting /sbin/iptables -t mangle -A FORWARD -o $device -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu /sbin/iptables -t mangle -A FORWARD -o $device_inet -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu echo "FIREWALL /sbin/iptables /sbin/iptables /sbin/iptables /sbin/iptables STATUS: Mangle created for Proxy Port at number 4" -t mangle -A OUTPUT -m tos --tos Maximize-Reliability -j MARK --set-mark 0x04 -t mangle -A OUTPUT -m tos --tos 0x04 -j MARK --set-mark 0x4 -t mangle -A FORWARD -m tos --tos 0x04 -j MARK --set-mark 0x04 -t mangle -A POSTROUTING -m tos --tos 0x04 -j MARK --set-mark 0x04
echo FIREWALL STATUS: Drop all FORWARD on $device /sbin/iptables -t filter -I FORWARD -i $device -j DROP echo FIREWALL STATUS: IP & MAC Filtering on device $device echo FIREWALL STATUS: Allow access for IP-ADDRESS and MAC-ADDRESS: cat $files1 | while read ip_address mac_address client; do /sbin/iptables -t filter -I FORWARD -i $device -s $ip_address -d $ip_modem -p tcp -m multiport --dport $http,$http_SSL -j DROP /sbin/iptables -t filter -I FORWARD -i $device -s $ip_address -d $ip_modem -p udp -m multiport --dport $http,$http_SSL -j DROP /sbin/iptables -t nat -I PREROUTING -i $device -s $ip_address -p tcp -m tcp --dport $http -j REDIRECT -to-ports $proxy /sbin/iptables -t nat -I PREROUTING -i $device -s $ip_address -p udp -m udp --dport $http -j REDIRECT -to-ports $proxy /sbin/iptables -t filter -I FORWARD -i $device -s $ip_address -m mac --mac-source $mac_address m multiport --dports $samba_cups -j ACCEPT /sbin/iptables -t filter -I FORWARD -i $device -s $ip_address -m mac --mac-source $mac_address m multiport --dports $samba_cups -j ACCEPT /sbin/iptables -t filter -I FORWARD -i $device -s $ip_address -m mac --mac-source $mac_address m multiport --dports $http,$http_SSL,$smtp,$smtp_SSL,$pop3,$pop3_SSL,$DNS,$ftp,$ftp_SSL -j ACCEPT /sbin/iptables -t filter -I FORWARD -i $device -s $ip_address -m mac --mac-source $mac_address m multiport --dports $http,$http_SSL,$pop3,$pop3_SSL,$DNS,$ftp,$ftp_SSL -j ACCEPT /sbin/iptables -t filter -I FORWARD -i $device -s $ip_address -m mac --mac-source $mac_address m multiport --dports $proxy,$havp,$icp,$time -j ACCEPT /sbin/iptables -t filter -I FORWARD -i $device -s $ip_address -m mac --mac-source $mac_address m multiport --dports $proxy,$havp,$icp,$time -j ACCEPT /sbin/iptables -t filter -A INPUT -i $device -s $ip_address -m mac --mac-source $mac_address multiport --dports $samba_cups -j ACCEPT /sbin/iptables -t filter -A INPUT -i $device -s $ip_address -m mac --mac-source $mac_address multiport --dports $samba_cups -j ACCEPT /sbin/iptables -t filter -A INPUT -i $device -s $ip_address -m mac --mac-source $mac_address multiport --dports $http,$http_SSL,$smtp,$smtp_SSL,$pop3,$pop3_SSL,$DNS,$ftp,$ftp_SSL -j ACCEPT /sbin/iptables -t filter -A INPUT -i $device -s $ip_address -m mac --mac-source $mac_address multiport --dports $http,$http_SSL,$pop3,$pop3_SSL,$DNS,$ftp,$ftp_SSL -j ACCEPT /sbin/iptables -t filter -A INPUT -i $device -s $ip_address -m mac --mac-source $mac_address multiport --dports $proxy,$havp,$icp,$time -j ACCEPT /sbin/iptables -t filter -A INPUT -i $device -s $ip_address -m mac --mac-source $mac_address multiport --dports $proxy,$havp,$icp,$time -j ACCEPT /sbin/iptables -t filter m multiport --dports $range_port /sbin/iptables -t filter m multiport --dports $range_port -I -j -I -j -p tcp -p udp -p tcp -p udp -p tcp -p udp -
FORWARD -i $device -s $ip_address -m mac --mac-source $mac_address -p tcp ACCEPT FORWARD -i $device -s $ip_address -m mac --mac-source $mac_address -p udp ACCEPT
/sbin/iptables -t filter -A INPUT -i $device -s $ip_address -m mac --mac-source $mac_address -p tcp -m multiport --dports $range_port -j ACCEPT /sbin/iptables -t filter -A INPUT -i $device -s $ip_address -m mac --mac-source $mac_address -p udp -m multiport --dports $range_port -j ACCEPT /sbin/iptables -t nat -A POSTROUTING -s $ip_address -o $device_inet -j MASQUERADE
done
cat $files2 | while read ip_address mac_address client; do /sbin/iptables -t nat -I PREROUTING -i $device -s $ip_address -p tcp -m tcp --dport $http -j REDIRECT -to-ports $proxy /sbin/iptables -t nat -I PREROUTING -i $device -s $ip_address -p udp -m udp --dport $http -j REDIRECT -to-ports $proxy /sbin/iptables -t filter -I FORWARD -i $device -s $ip_address -m mac --mac-source $mac_address -j ACCEPT /sbin/iptables -t filter -A INPUT -i $device -s $ip_address -m mac --mac-source $mac_address -j ACCEPT /sbin/iptables -t nat -A POSTROUTING -s $ip_address -o $device_inet -j MASQUERADE /sbin/iptables -t nat -A POSTROUTING -s $ip_address -o $device_modem -j MASQUERADE
arp -s$ip_address$mac_address echo $ip_address [$mac_address] => $client this Administrator Host done echo FIREWALL STATUS: ICMP Allowed on $device /sbin/iptables -t filter -I FORWARD -i $device -p icmp --icmp-type echo-request -j ACCEPT /sbin/iptables -t filter -A INPUT -i $device -p icmp --icmp-type echo-request -j ACCEPT echo FIREWALL STATUS: Drop all INPUT on $device /sbin/iptables -t filter -A INPUT -i $device -j DROP echo FIREWALL /sbin/iptables /sbin/iptables /sbin/iptables /sbin/iptables /sbin/iptables /sbin/iptables /sbin/iptables ACCEPT /sbin/iptables ACCEPT /sbin/iptables -j DROP /sbin/iptables /sbin/iptables /sbin/iptables /sbin/iptables /sbin/iptables STATUS: Port -t filter -A -t filter -A -t filter -A -t filter -A -t filter -A -t filter -A Filtering on $device_inet INPUT -i $device_inet -p tcp INPUT -i $device_inet -p udp INPUT -i $device_inet -p tcp INPUT -i $device_inet -p udp INPUT -i $device_inet -p tcp INPUT -i $device_inet -p udp -m -m -m -m -m -m multiport --dports $games -j ACCEPT multiport --dports $games -j ACCEPT tcp --dport $dota -j ACCEPT udp --dport $dota -j ACCEPT multiport --dports $PB_TCP -j ACCEPT udp --dport $PB_UDP -j ACCEPT
-t filter -A INPUT -i $device_inet -p tcp -m multiport --dports $http,$http_SSL,$ssh,$webmin -j -t filter -A INPUT -i $device_inet -p udp -m multiport --dports $http,$http_SSL,$ssh,$webmin -j -t filter -A INPUT ! -s $ip_subnet -i $device_inet -p tcp -m multiport --dports $smtp,$smtp_SSL -t -t -t -t -t filter filter filter filter filter -A -A -A -A -A INPUT -i $device_inet -p tcp -j REJECT --reject-with tcp-reset INPUT -i $device_inet -p udp -j REJECT --reject-with icmp-port-unreachable INPUT -i $device_inet -p icmp -m icmp --icmp-type 8 -j DROP FORWARD -i $device_inet -p icmp -m length --length 92 -j DROP INPUT -i $device_inet -p icmp --icmp-type echo-request -j DROP
echo FIREWALL STATUS: Drop all INPUT on $device_inet /sbin/iptables -t filter -A INPUT -i $device_inet -j DROP echo FIREWALL STATUS: Log created /sbin/iptables -t filter -A INPUT -p " --log-level 7 /sbin/iptables -t filter -A INPUT -p " --log-level 7 /sbin/iptables -t filter -A INPUT -p Port: " --log-level 7 /sbin/iptables -t filter -A INPUT -p log-prefix "HTTP_CONN: TCP Port: " /sbin/iptables -t filter -A INPUT -p prefix "PROXY_CONN: TCP Port: " /sbin/iptables -t filter -A INPUT -p log-prefix "HTTPS_CONN: UDP Port: " /sbin/iptables -t filter -A INPUT -p prefix "PROXY_CONN: UDP Port: " /sbin/iptables -t filter -A INPUT -p "SSH_CONN: TCP Port: " /sbin/iptables -t filter -A INPUT -p "SSH_CONN: UDP Port: " tcp -m limit --limit 5/min -j LOG --log-prefix "Iptables: Denied TCP Port: udp -m limit --limit 5/min -j LOG --log-prefix "Iptables: Denied UDP Port: icmp -m limit --limit 5/min -j LOG --log-prefix " Iptables: Denied IMCP tcp -m state --state NEW -m multiport --dport $http,$http_SSL -j LOG -tcp -m state --state NEW -m multiport --dport $proxy,$havp -j LOG --logudp -m state --state NEW -m multiport --dport $http,$http_SSL -j LOG -udp -m state --state NEW -m multiport --dport $proxy,$havp -j LOG --logtcp -m state --state NEW -m tcp --dport $ssh -j LOG --log-prefix udp -m state --state NEW -m udp --dport $ssh -j LOG --log-prefix
Danbuatjugafile/etc/network/lists.filterygberisilistIPdanMACdaricomputerparaclient, contoh
192.168.0.101 192.168.0.102 192.168.0.103 192.168.0.104 192.168.0.105 192.168.0.106 192.168.0.107 192.168.0.108 192.168.0.109 192.168.0.110 00:11:5B:78:D3:E8 00:16:EC:1E:2F:9E 00:13:D4:CB:69:0F 00:0E:2E:33:DF:BE 00:11:5B:78:D3:E8 00:16:EC:1E:2F:9E 00:13:D4:CB:69:0F 00:0E:2E:33:DF:BE 00:11:5B:78:D3:E8 00:16:EC:1E:2F:9E client01.local.domain client02.local.domain client03.local.domain client04.local.domain client05.local.domain client06.local.domain client07.local.domain client08.local.domain client09.local.domain client10.local.domain
Tiapkalicomputerserverbooting/startpertamakaliatausaatjaringandirestartagarmenjalankanbashscripttersebutmakaedit kembalifile/etc/network/interfaceskemudianpadagroupeth1tambahkan
pre-up /etc/network/filter
jadiisifilekeseluruhannyamenjadisebagaiberikut(tulisanwarnamerah)
auto lo iface lo inet loopback auto eth0 iface eth1 inet static address 192.168.1.2 netmask 255.255.255.0
network 192.168.1.0 broadcast 192.168.1.255 auto eth1 iface eth1 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 pre-up /etc/network/filter
auto dsl-provider iface dsl-provider inet ppp pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf provider dsl-provider
RestartApache
Angka22dirubahdenganportdefaultpadaportSSHyangkitapakai,misalnyaportSSHsudahdirubahdefaultnyamenjadi221 makarubahmenjadi
function Net_SSH1($host, $port = 221, $timeout = 10, $cipher = NET_SSH1_CIPHER_3DES)
Begitujugapadafile/var/webhtb/Net/SSH2.php, Cariteks
function Net_SSH2($host, $port = 22, $timeout = 10)
Angka22dirubahdenganportdefaultpadaportSSHyangkitapakai,misalnyaportSSHsudahdirubahdefaultnyamenjadi221 makarubahmenjadi
function Net_SSH2($host, $port = 221, $timeout = 10)
Buatpasswordroot:
# passwd root
masukanpasswordyangdikehendakidanketikulang.
Bukahttps://[ip-server]/webhtb/setupwebbrowsingdaricomputeradministrator
Setelahituakanmuncultampilanuntukloginsepertidibawahini,danmasukanpasswordrootygsudahdibuat.
# sh /var/webhtb/iix/update/generate.update
MembuatWebHTBmenjadidaemonagartiapkaliserverbootingakanmenjalankanWebHTB,ikuticommanddibawahini
# cp /var/webhtb/docs/webhtb /etc/init.d/webhtb
# chmod +X /etc/init.d/webhtb
daneditfile/etc/rc.local dantambahkanbarissebagaiberikut
Service webhtb start
Setelahlogintampilanakansepertiini
PilihClassSYSTEM_LOCAL Namaclient:SSH(nantinyasecaraotomatisnamanyaakanberubahsesuaiclassesdaninterfaces) Bandwidth:10240 Limit:102400 Priority:0(Semakinkecilsemakindiutamakan) SRCIPS:192.168.0.1(IPServer,Sesuaikan) SRCPORTS:221(ContohPortSSHygsudahdirubah,Sesuaikan) KemudianclickSAVEdanClose. JikatidakmenginstallSAMBAmakalangkahtersebutbisadiabaikan. AgartidakmembatasiSAMBAdanCUPS MousearahkanAddClientdanclick
ClickClickherefornewsrc,dstsebanyak5kali. PilihClassSYSTEM_LOCAL Namaclient:SAMBA_CUPS Bandwidth:10240 Limit:102400 Priority:1 SRCIPS:192.168.0.1(SesuaikandenganIPServer) SRCPORTS:135,137,138,139,445(PortSAMBA),631(PortCUPS) JikatidakmenginstallSQUIDPROXYmakalangkahtersebutbisadiabaikan. Agarhalamanwebyangsudahdicacheolehsquidproxytidakterlimit. Editkembalifile/etc/squid/squid.confdanpadabaristerakhirtambahkan
################################################################# # Marking ZPH for b/w management ################################################################# zph_mode tos zph_local 0x04 #zph_parent 0 #zph_option 136
kemudiansquiddirestart
# squid -k reconfigure
Kemudianjalankanrulestersebutdiatas
# # # # iptables iptables iptables iptables -t -t -t -t mangle mangle mangle mangle -A -A -A -A OUTPUT -m tos --tos Maximize-Reliability -j MARK --set-mark 0x4 OUTPUT -m tos --tos 0x4 -j MARK --set-mark 0x4 FORWARD -m tos --tos 0x4 -j MARK --set-mark 0x4 POSTROUTING -m tos --tos 0x4 -j MARK --set-mark 0x4
TerakhirtambahclientPROXY_HITdiclassesSYSTEMpadaWebHTB. MousearahkanAddClientdanclick
UntukmelihatspeedINTLarahkankeserverdiluarnegeri,usahakandibenuayangterjauhsemisalAmerika,contohhasilnya
ArahkanmousekeClasses+kemudianpilihEditclassesdanclick
Pilihclassyangakandieditkemudianclicktandacentanghijau. EditClassesGAMES_DOWNLOAD,
EditClassesINTL_DOWNLOAD,
MasukkanBandwidthdanLimityangdidapatdariISPuntukkoneksiINTL,dilihathasiltestdiatas. Sebelumnyamenentukanbandwidthtiapclientsebaiknyamenghitungsesuaipenjelasandiatas. BuattiapclientditiapclassesIIXdanIX,contohnya Setelahdihitung,inicontohmenggunakanSpeedyPaketGamedanbandwidthrataratayangdidapatdariISP, IIX:900/210kbps(download/upload)danIX:560/170kbpskemudianmissaldibagi10unitclientditambah1unit administrator/billingmakasetinganWebHTBsebagaiberikut BagiwarnetyangmengkhususkanclientuntukGamesOnline,besaranbandwidthdanlimitsamasajadenganbesaranIIX hanyasajadisinisecaraotomatisuntukclassGAMES_DOWNLOADdiprioritaskandaripadaclassesuntukbrowsingbiasa, dengantujuanagarsaatmaingamestidakngelag. BuatClientuntukkhususGamesOnline,masukanpadaclassesGAMES_DOWNLOAD
PilihClassGAMES_DOWNLOAD Client:games01(SesuaikanmisalbisadigantiClient01,nantinyasecaraotomatisnamanyaakanberubahsesuaiclassesdan interfacesagarpengaturandidatabasetidaksalingbertindih,DILARANGMERUBAHMELALUIEDITCLIENTDENGAN MEMBUANGIMBUHANCLASSESDANINTERFACES) Bandwidth:80(darirumusdan/ataukondisidanharuskelipatan8) Limit:160(darirumusdan/ataukondisidanharuskelipatan8) MAC:0011D8CFA521(MACADDRESSClient,sesuaikan) DSTIPS:192.168.0.100(IPADDRESSClient,sesuaikan) PERHATIAN: UNTUKIDENTITASCLIENTBISAMENGGUNAKANMACADDRESSAJAATAUIPADDRESSAJAATAUDIISIKEDUANYA, DIANJURKANTERUTAMAUNTUKWIFIAGARMEMAKAIKEDUANYA.UNTUKCLASSGAMES_DOWNLOAD,JANGANSAMPAI MENGISIPORTSDANSRC.DILARANGMENGISIMARK,JIKAAKANMENGGUNAKANMARKLEBIHBAIKMEMBUATCLASSES TERSENDIRI. BuatclientuntukkoneksiIIX,masukkanpadaclassesIIX_DOWNLOAD
MEMBUANGIMBUHANCLASSESDANINTERFACES) Bandwidth:80(darirumusdan/ataukondisidanharuskelipatan8) Limit:160(darirumusdan/ataukondisidanharuskelipatan8) MAC:000C46A7229A(MACADDRESSClient,sesuaikan) DSTIPS:192.168.0.110(IPADDRESSClient,sesuaikan) PERHATIAN: UNTUKIDENTITASCLIENTBISAMENGGUNAKANMACADDRESSAJAATAUIPADDRESSAJAATAUDIISIKEDUANYA, DIANJURKANTERUTAMAUNTUKWIFIAGARMEMAKAIKEDUANYA.UNTUKCLASSIIX_DOWNLOAD,JANGANSAMPAIMENGISI PORTSDANSRC.DILARANGMENGISIMARK,JIKAAKANMENGGUNAKANMARKLEBIHBAIKMEMBUATCLASSESTERSENDIRI. SetelahmembuatclientdiclassINTL_DOWNLOAD
Client:browsing01(SesuaikanmisalbisadigantiClient01,nantinyasecaraotomatisnamanyaakanberubahsesuaiclassesdan interfacesagarpengaturandidatabasetidaksalingbertindih,DILARANGMERUBAHMELALUIEDITCLIENTDENGAN MEMBUANGIMBUHANCLASSESDANINTERFACES) Bandwidth:48(darirumusdan/ataukondisidanharuskelipatan8) Limit:104(darirumusdan/ataukondisidanharuskelipatan8) MAC:000C46A7229A(MACADDRESSClient,sesuaikan) DSTIPS:192.168.0.110(IPADDRESSClient,sesuaikan) PERHATIAN: UNTUKIDENTITASCLIENTBISAMENGGUNAKANMACADDRESSAJAATAUIPADDRESSAJAATAUDIISIKEDUANYA, DIANJURKANTERUTAMAUNTUKWIFIAGARMEMAKAIKEDUANYA.UNTUKCLASSINTL_DOWNLOAD,JANGANSAMPAI MENGISIPORTSDANSRC.DILARANGMENGISIMARK,JIKAAKANMENGGUNAKANMARKLEBIHBAIKMEMBUATCLASSES TERSENDIRI. Janganlupabuatkanuntuksemuaclient. TerakhirjalankanWebHTB
ArahkanmousekeChangeQOSStatuskemudianpilihStart/RestartQOSdanclick
KarenaadatambahanfasilitaspemisahIIXdanINTLmakaprosesinilebihlamadaripadaWebHTByangtanpaIIXdanINTL. Kalausudahsuccessakansepertiini
UntukmelihatTrafficnya, ArahkanmousemenujukeShowkemudianpilihShowtrafficdanclick
Contohtraffic
Adabaiknyasetelahmengentrysemuaclient,lebihbaiklakukanrestartpadaserver,terkadangjalannyaQOSpadaTCtidaknormal.
TAHAPXVIII INSTALL&SETTINGCACTI
CACTI,sebuahprogramyangberbasiswebberfungsiuntukmemantauaktifitasserver,CACTImelaporkandalambentukgrafik.Jadi semuaaktifitasserverakanterpantaumulaitransferratedatasampaikinerjaprocessormaupunRAM. CACTIjugamembutuhkanrepositorylainnya,antaranyaSNMPdanRRDTOOLS,berhubungkitasudahmenginstallreprosistory tersebut.SettingSNMPnyabukafile/etc/snmp/snmpd.confdanrubahmenjadisepertiini
# com2sec com2sec com2sec # group group group group group group sec.name readonly readonly readonly source 192.168.0.1 localhost local.domain sec.name readonly readonly readonly readwrite readwrite readwrite mask 80 read all all write none all notif none none community root # ini ip-nya server cacti, sesuaikan root root # sesuaikan
# view all
# context sec.model sec.level match access MyROGroup "" any noauth exact access MyRWGroup "" any noauth exact syslocation local.domain syscontact th@opikdesign.com
KemudianrestartSNMPnya # service snmpd restart TestSNMPapakahsudahberjalandenganSNMPWALK # snmpwalk -v 1 -c root localhost system SNMPWALKakanmenunjukankalauSNMPberjalanhasilnyakuranglebihsepertidibawahini
masukkanpasswordMySQLpadauserroot@localhost
JikadiingindatabaseMySQLuntukCACTIdiberipasswordmakaisiini,disarankantidakperlumemberipassword
Memilihmesinwebserver,pilihApache2ataukalauinginmenggunakanSSLpilihApacheSSL
instalasitahappertamasukses
Installtahap2melaluicomputerclient/administratordenganmenggunakanwebbrowsing,bukahttp://[ipserver]/cacti/install...
ClickNext>>
ClickNext>>
PilihSNMPdanRRDToolyangdipakaikemudianclickFinish Login,pertamaakanmuncultampilanloginsepertiini
masukanusernamedanpasswordadmin
masukkanpasswordbaruuntukadmindanulangilagi,kemudianclickSave tampilannyaakanmenjadisepertiini
Setup/SettingDevicepadaCACTI buatdevicebaru,clickmenusisikiridibawahmanagementclickpadadevice
UntukDescriptionbisadirubah FormSNMPOptionsdanAvailability/ReachabilityOptionsnya
kemudianclickcreate KalauberhasildanSNMPberjalannormaldiCACTI,makaakanmuncultulisandisisikiriatassepertiini
Scrollkebawahsampaimuncul
Kemudianclicksave Tampilanakankembalisepertiini
Padadeviceyangtadikitabuat,sisikananberitandacentangdanpadaChooseanActionpilihPleaceonaTree(DefaultTree) clickgo
Pilihyes KemudiandevicebawaanCACTIyaitulocalhostdidelete
PilihLocalhostclicksisikanankemudianChooseanActionpilihDeleteclickgo
ClickyesTampilannyaakanmenjadisepertiini
Buatgrafik,ClickNewGraphspadaCreateMenusisikiri
sesuaikankebutuhan,misalnyapenggunaanRAMdanProcessor,b/wtraffictransferrate,sisapartisihdduntukproxy,dll. beritandacentangyangdimaksuduntukdibuatgrafiknyaclickcreate.
Clickcreate kalauberhasilakanmuncultulisancreatedgraph:blablabla
Terakhir,jadikangrafikyangsudahdibuatagarmenjadiDefaultTree,clickGraphManagement
PadatabGeneralScrollkebawahformSNMPDefaultsisisepertiinisetelahituclicksave
KemudianpergiketabPollerdanscrollkebawahformHostAvailabilitySettingsisisepertiiniclicksave
Terakhir,tambahkanpollerpadacrontabjalankanperintahdibawahini # echo "*/5 * * * * /usr/share/cacti/site/poller.php > /dev/null 2>&1" >> /var/spool/cron/crontabs/root KemudianaktifkanguestaccountagarakanmemlihatgrafiknyatidakharusmasukkeaccountadminbertujuansettinganCACTI dirubahrubahlagi. PilihmenukiridiUtilitiesdanclickUserManagementtapilannyaakanmenjadiberikut..
. PadaguestsisikananberitandacentangkemudianpadaChooseanactionpilihEnableclickgo
clickyes
Installsampaisettingsudahselesaimakalogout,tunggu5menitagarCACTImencatatsemuagrafiknyakemudianloginkembali denganuserguest.
hasilnyagrafiknyakuranglebihakansepertiini.
DEMIKIANTUTORIALMEMBUATSERVERALLINONE: ROUTER,SSH,DHCPSERVER,DNSSERVER,SAMBA&WINSSERVER, WEBCACHEDENGANPROXY&ANTIVIRUSHAVP YANGDILENGKAPI: SARG&CALAMARISUNTUKMEMONITORPROXY, FILTERFIREWALLDENGANIP&MACADDRESS, BANDWIDTHMANAGEMENTDENGANMEMISAHKANIIXDANINTL, DANCACTISEBAGAIPEMANTAUKINERJASERVER. By: Taufiq Hidayat e-mail: th@opikdesign.com mobile: 08123003336 YM: opik1979