Puji syukur penulis panjatkan kehadirat Allah SWT, yang telah memberikan kekuatan dan
kemudahan sehingga dapat menyelesaikan E-Book yang membahas mengenai Debian 11 Linux
System Administrator.
1. Orang tuaku, yang mana telah memberikan banyak sekali pelajaran tentang kehidupan.
2. Guru-guruku, Pak Syaid Affan Akbar, S.Kom, Pak Yanuar Kristian, S.Kom, Pak Achmad Nafi,
S.Pd, Bu Siti Zumaroh, S.Pd, Bu Safitri Nurfaida, S.Pd, Bu Nurin Hidayati, S.Pd dan lainnya
yang tidak bisa saya sebuatkan satu persatu.
3. Teman-teman sekolah, teman-teman komunitas IPv1 dan senior-seniorku Mas Arya, Mas
Suhendra, Mas syahdan dan yang lainnya yang tidak bisa saya sebutkan satu persatu.
E-Book ini merupakan sebuah rangkuman dari apa yang telah penulis pelajari mengenai dasar
sistem operasi server berbasis linux menggunakan Debian 11.
Penulis berharap semoga E-Book ini bisa menambah pengetahuan bagi pembacanya. Tidak hanya
itu, penulis berharap agar E-Book ini dipraktekkan oleh pembaca.
Kemudian apabila terdapat banyak kesalahan pada E-Book ini penulis memohon maaf yang
sebesar besarnya.
Penulis sadar masih banyak kekurangan didalam penyusunan E-Book ini, karena keterbatasan
pengetahuan serta pengalaman penulis. Untuk itu kami begitu mengharapkan kritik dan saran yang
membangun dari pembaca demi kesempurnaan E-Book ini.
I
DAFTAR ISI
KATA PENGANTAR..................................................................................................................................I
DAFTAR ISI.............................................................................................................................................II
1. PENDAHULUAN.................................................................................................................................1
1.1 PENGENALAN LINUX..................................................................................................................1
1.2 STRUKTUR FILE SYSTEM LINUX..................................................................................................2
1.3 PERINTAH DASAR LINUX.............................................................................................................2
1.4 FILE PERMISSION LINUX.............................................................................................................3
2. SET UP LAB........................................................................................................................................4
2.1 TOPOLOGI..................................................................................................................................4
2.2 INSTALASI DEBIAN 11 MINIMAL SERVER...................................................................................4
2.3 PASCA INSTALASI DEBIAN 11......................................................................................................9
3. DEBIAN SEBAGAI ROUTER DAN DHCP SERVER...............................................................................14
3.1 INSTALASI DAN KONFIGURASI DEBIAN SEBAGAI ROUTER (INTERNET GATEWAY)...................14
3.2 MENGENAL DHCP SERVER.......................................................................................................15
3.3 INSTALASI DAN KONFIGURASI DHCP SERVER..........................................................................15
4. SSH SERVER.....................................................................................................................................17
4.1 MENGENAL SSH.......................................................................................................................17
4.2 INSTALASI DAN KONFIGURASI SSH SERVER.............................................................................17
4.3 SSH KEY....................................................................................................................................19
5. DNS SERVER....................................................................................................................................21
5.1 MENGENAL DNS.......................................................................................................................21
5.2 INSTALASI DAN KONFIGURASI DNS SERVER.............................................................................22
5.3 KONFIGURASI DNS SERVER MASTER DAN SLAVE.....................................................................27
6. CA DAN CSR....................................................................................................................................32
6.1 MENGENAL CA.........................................................................................................................32
6.2 MEMBUAT CA DENGAN OPENSSL............................................................................................32
6.3 MEMBUAT CSR DENGAN OPENSSL..........................................................................................32
6.4 MENGINSTALL CA DI CLIENT....................................................................................................34
7. WEB SERVER...................................................................................................................................35
7.1 MENGENAL WEB SERVER.........................................................................................................35
7.2 INSTALASI DAN KONFIGURAS WEB SERVER.............................................................................35
8. FTP SERVER.....................................................................................................................................39
8.1 MENGENAL FTP........................................................................................................................39
8.2 INSTALASI DAN KONFIGURASI FTP SERVER..............................................................................39
9. SAMBA SERVER...............................................................................................................................43
9.1 MENGENAL SAMBA SERVER....................................................................................................43
9.2 INSTALASI DAN KONFIGURASI SAMBA SERVER........................................................................43
10. NFS SERVER...................................................................................................................................46
10.1 MENGENAL NFS.....................................................................................................................46
10.2 INSTALASI DAN KONFIGURASI NFS SERVER...........................................................................46
11. DATABASE......................................................................................................................................49
11.1 MENGENAL DATABASE SERVER..............................................................................................49
11.2 INSTALASI DAN KONFIGURASI DATABASE SERVER.................................................................49
11.4 KONFIGURASI DATABASE SERVER MASTER DAN SLAVE.........................................................52
II
12. MAIL SERVER DAN WEB MAIL......................................................................................................57
12.1 MENGENAL MAIL SERVER......................................................................................................57
12.2 INSTALASI DAN KONFIGURASI MAIL SERVER.........................................................................57
12.3 INSTALASI DAN KONFIGURASI WEB MAIL..............................................................................62
13. VOIP SERVER.................................................................................................................................66
13.1 MENGENAL VOIP....................................................................................................................66
13.2 INSTALASI DAN KONFIGURASI VOIP.......................................................................................66
14. MONITORING SERVER...................................................................................................................71
14.1 SETTING SNMP PADA ROUTER/ACCESS POINT......................................................................71
14.2 INSTALASI DAN KONFIGURASI MONITORING SERVER...........................................................72
16. PROFIL PENULIS............................................................................................................................76
III
1. PENDAHULUAN
Linux adalah keluarga sistem operasi bebas dan sumber terbuka (foss) yang pada dasarnya
dibangun diatas kernel linux. Yaitu sebuah sistem operasi yang pertama kali dikembangkan oleh
linus torvalds pada tahun 1991 di Universitas Helsinki, Finlandia.
Linux disebarkan secara luas dengan bebas dibawah lisensi GNU (Genuine Not Unix = Bukan Mesin
Unix) GPL (General Public License) yang dibuat oleh Richard Stallman yang diterbitkan oleh Free
Software Foundation.
Menurut wikipedia distro linux adalah sebutan untuk sistem operasi yang dibangun dari kernel
Linux dan koleksi perangkat lunak dari sistem manajemen paket, ciri khususnya adalah Utilitas
GNU.
1
Ada banyak distro linux yang telah muncul. Beberapa bertahan dan menjadi distro besar, bahkan
sampai menghasilkan distro turunan. Contoh Debian, Debian telah menghasilkan berbagai distro
turunan seperti Ubuntu, Knoppix, Linspire dan masih banyak lainnya.
Secara umum bahwa perintah perintah distro atau sebuah sistem operasi turunan itu tidak jauh
berbeda dengan distro induknya.
Direktori Keterangan
/ Merupakan direktori utama atau direktori induk.
/bin Memuat aplikasi dan perintah biner standar linux seperti cd, ls, cp mv dan lain-
lain.
/boot Memuat file file bootloader yang dibutuhkan oleh GRUB (Grand Unified
Bootloader) atau LiLo (Linux Loader).
/dev Berisi file file yang mengontrol interaksi antara software dengan hardware.
/etc Berisi file file konfigurasi sistem.
/home Berisi home direktori user user lainnya.
/lib Berisi file file library.
/sbin Berisi file file biner yang hanya bisa diakses oleh super user, seperti mount,
umount, dll.
/root Merupakan home direktori untuk user root.
/opt Berisi data data untuk software opsional.
/proc Berisi file sistem virtual.
/mnt Direktori yang digunakan untuk mounting file sistem.
/tmp Direktori yang digunakan untuk menyimpan file file sementara.
/usr Memuat sub direktori untuk berbagai program.
/var Memuat berbagai file sistem seperti log, mail, dll.
/srv Bisa berisi file yang disajikan ke sistem lain.
2
Perintah Keterangan
whoami Digunakan untuk mengetahui siapa yang sedang login kedalam sistem operasi
yang sedang dipakai.
uname -a Digunakan untuk mengetahui versi sistem operasi linux yang sedang digunakan.
cd Digunakan untuk berpindah antar direktori. (cd) singkatan dari change directory.
pwd Digunakan untuk mengetahui letak direktori dimana kita berada.
mkdir Digunakan untuk membuat sebuah direktori.
ls Digunakan untuk menampilkan daftar direktori dan file dalam sebuah direktori.
rmdir Digunakan untuk menghapus direktori yang kosong.
rm Digunakan untuk menghapus file.
cp Digunakan untuk menyalin sebuah file.
mv Digunakan untuk memindahkan sebuah file atau direktori.
touch Digunakan untuk membuat sebuah file.
nano Digunakan untuk mengedit sebuah file.
3
2. SET UP LAB
2.1 TOPOLOGI
Penjelasan:
• SRV1:
• NIC enp0s3 terhubung ke internet (nat) dengan:
• IP address: 10.0.2.15/24
• Gateway: 10.0.2.3
• NIC enp0s8 terhubung ke lan (switch) dengan:
• IP address: 192.168.144.1/24
• Sebagai router (internet gateway) dan DHCP Server
• SRV2:
• NIC enp0s3 terhubung ke lan (switch) dengan:
• IP address: 192.168.144.2/24
• Gateway: 192.168.144.1
• DNS: 192.168.144.1, 1.1.1.1
• PC CLIENT:
• Mendapatkan ip dynamic dari DHCP Serve SRV1r:
• IP address range: 192.168.144.100-192.168.144.200
• Gateway: 192.168.144.1
• DNS: 192.168.144.1, 1.1.1.1
4
• Select a language, bahasa untuk proses instalasi pilih English (default).
5
• Select your location, pilih other > Asia > Indonesia.
• Configure locales, pilih United States (default).
• Configure the keyboard, pilih American English.
• Configure the network, sebagai Primary network interface pilih enp0s3.
6
7
• Configure the package manager, Scan extra installation media pilih no.
• Configure the package manager, Use a network mirror pilih no.
• Configuring popularity-contest, pilih no.
• Software selection, pilih standard system utilities.
8
• Finish the installation, pilih Continue. Maka akan reboot dengan sendirinya.
Setelah melakukan instalasi, selanjutnya kita akan melakukan setting static ip, hostname, dan juga
repository pada srv1 dan srv2. Berikut langkah langkahnya.
◦ Setting ip srv1.
Jalankan perintah dibawah ini.
SRV1
root@srv1:~# nano /etc/network/interfaces
/etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
auto enp0s8
iface enp0s8 inet static
address 192.168.144.1/24
Jika sudah save dan exit dengan cara, Ctrl+x, Y, dan tekan enter. Lalu jalankan perintah
dibawah ini untuk restart service jaringan dan cek ip.
SRV1
root@srv1:~# systemctl restart networking.service
root@srv1:~# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
9
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
link/ether 08:00:27:9d:51:e2 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3
valid_lft 86394sec preferred_lft 86394sec
inet6 fe80::a00:27ff:fe9d:51e2/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
link/ether 08:00:27:ff:eb:bf brd ff:ff:ff:ff:ff:ff
inet 192.168.144.1/24 brd 192.168.144.255 scope global enp0s8
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:feff:ebbf/64 scope link
valid_lft forever preferred_lft forever
◦ Setting ip srv2.
Jalankan perintah dibawah ini.
SRV2
root@srv2:~# nano /etc/network/interfaces
/etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
Jika sudah save dan exit dengan cara, Ctrl+x, Y, dan tekan enter. Lalu jalankan perintah
dibawah ini untuk restart service jaringan dan cek ip.
SRV2
root@srv2:~# systemctl restart networking.service
root@srv2:~# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
10
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
link/ether 08:00:27:3d:36:e2 brd ff:ff:ff:ff:ff:ff
inet 192.168.144.2/24 brd 192.168.144.255 scope global dynamic enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe3d:36ec/64 scope link
valid_lft forever preferred_lft forever
• Setting hostname.
Hostname merupakan tanda pengenal untuk sebuah komputer dalam jaringan supaya bisa
diketahui.
SRV1
root@srv1:~# hostnamectl set-hostname srv1
root@srv1:~# nano /etc/hosts
/etc/hosts
127.0.0.1 localhost
127.0.1.1 srv1
192.168.144.1 srv1.smkwau.cloud srv1
192.168.144.2 srv2.smkwau.cloud srv2
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Jika sudah save dan exit dengan cara, Ctrl+x, Y, dan tekan enter. Lalu reboot.
SRV2
root@srv2:~# hostnamectl set-hostname srv2
root@srv2:~# nano /etc/hosts
/etc/hosts
127.0.0.1 localhost
127.0.1.1 srv2
11
192.168.144.1 srv1.smkwau.cloud srv1
192.168.144.2 srv2.smkwau.cloud srv2
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Jika sudah save dan exit dengan cara, Ctrl+x, Y, dan tekan enter. Lalu reboot.
SRV1
root@srv1:~# nano /etc/apt/sources.list
/etc/apt/sources.list
deb http://deb.debian.org/debian bullseye main contrib non-free
deb-src http://deb.debian.org/debian bullseye main contrib non-free
Jika sudah save dan exit dengan cara, Ctrl+x, Y, dan tekan enter. Lalu jalankan perintah
berikut untuk mengupdate dan mengupgrade paket.
SRV1
root@srv1:~# apt update && apt upgrade -y
SRV2
root@srv2:~# nano /etc/apt/sources.list
/etc/apt/sources.list
deb http://deb.debian.org/debian bullseye main contrib non-free
deb-src http://deb.debian.org/debian bullseye main contrib non-free
12
deb http://deb.debian.org/debian-security bullseye-security main contrib non-
free
deb-src http://deb.debian.org/debian-security bullseye-security main contrib
non-free
Jika sudah save dan exit dengan cara, Ctrl+x, Y, dan tekan enter. Lalu jalankan perintah
berikut untuk mengupdate dan mengupgrade paket.
SRV2
root@srv2:~# apt update && apt upgrade -y
13
3. DEBIAN SEBAGAI ROUTER DAN DHCP SERVER
• Aktifkan ip forwarding.
SRV1
root@srv1:~# nano /etc/sysctl.conf
Pergi kebaris 28, dan hapus tanda # seperti gambar dibawah ini. Lalu save.
SRV1
root@srv1:~# sysctl -p
net.ipv4.ip_forward = 1
• Membuat nat.
Buat nat dengan menggunakan iptables. Jalankan perintah berikut untuk menginstall paket
iptables dan membuat nat.
SRV1
root@srv1:~# apt install iptables iptables-persistent -y
root@srv1:~# iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
root@srv1:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
14
root@srv1:~# netfilter-persistent reload
run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables
start
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables
start
DHCP server adalah sistem yang bertugas untuk mengatur, mengisi, memberikan serta
mendistribusikan alamat IP ke setiap komputer client yang berada dalam satu jaringan sama secara
otomatis.
• Instalasi isc-dhcp-server.
SRV1
root@srv1:~# apt install isc-dhcp-server -y
• Konfigurasi isc-dhcp-server.
Jalankan perintah dibawah ini untuk edit file /etc/default/isc-dhcp-server. Dan masukkan
interface enp0s8 sebagai dhcp server. Lalu save.
SRV1
root@srv1:~# nano /etc/default/isc-dhcp-server
/etc/default/isc-dhcp-server
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="enp0s8"
INTERFACESv6=""
15
Lalu edit file /etc/dhcp/dhcpd.conf.
SRV1
root@srv1:~# nano /etc/dhcp/dhcpd.conf
Lalu save dan Jalankan perintah dibawah ini untuk restart service isc-dhcp-server dan cek
statusnya.
SRV1
root@srv1:~# systemctl restart isc-dhcp-server.service
root@srv1:~# systemctl status isc-dhcp-server.service
● isc-dhcp-server.service - LSB: DHCP server
Loaded: loaded (/etc/init.d/isc-dhcp-server; generated)
Active: active (running) since Fri 2022-08-12 00:17:27 WIB; 5s ago
Docs: man:systemd-sysv-generator(8)
Process: 3088 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited,
status=0/SUCCESS)
Tasks: 4 (limit: 1133)
Memory: 4.7M
CPU: 139ms
CGroup: /system.slice/isc-dhcp-server.service
└─3103 /usr/sbin/dhcpd -4 -q -cf /etc/dhcp/dhcpd.conf enp0s8
16
4. SSH SERVER
Secure Shell (SSH) adalah sebuah protokol jaringan kriptografi untuk komunikasi data yang aman,
login antarmuka baris perintah, perintah eksekusi jarak jauh, dan layanan jaringan lainnya antara
dua jaringan komputer. Protokol ini berjalan menggunakan tcp dengan menggunakan port secara
default 22.
SRV1
root@srv1:~# apt install openssh-server -y
SRV2
root@srv2:~# apt install openssh-server -y
• Konfigurasi openssh-server.
SRV1
root@srv1:~# cd /etc/ssh
root@srv1:/etc/ssh# nano sshd_config
Silahkan ubah PermitRootLogin pada baris ke 34, seperti gambar dibawah ini.
SRV1
root@srv1:/etc/ssh# systemctl restart sshd
17
Untuk mengakses ssh gunakan perintah dibawah ini.
SRV1
root@srv1:/etc/ssh# ssh user@ipaddress
SRV1
root@srv1:/etc/ssh# systemctl restart sshd
Untuk mengakses ssh yang sudah diganti port defaultnya gunakan perintah dibawah ini.
SRV1
root@srv1:/etc/ssh# ssh user@ipaddress -p nomorport
SRV1
root@srv1:/etc/ssh# systemctl restart sshd
Lalu jalankan perintah dibawah ini untuk membuat user1-10 dengan password user.
SRV1
root@srv1:~# for i in {1..10}
18
> do
> useradd user$i -s /bin/bash -m
> passwd user$i <<< "user"$'\n'"user"
> done
Jika sudah silahkan uji coba sendiri meremote dengan user yang diizinkan atau ditolak
melalui srv2.
SRV2
root@srv2:~# ssh user1@192.168.144.1 -p 2244
user1@192.168.144.1's password:
Linux srv1 5.10.0-16-amd64 #1 SMP Debian 5.10.127-2 (2022-07-23) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Supaya ketika kita tidak perlu menginputkan password saat melakukan ssh ke sebuah server maka
dibutuhkan ssh key. Berikut cara membuat ssh key di srv2 dan mengcopy ssh key ke srv1.
SRV2
root@srv2:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
19
SHA256:knCWuFO6WOVYIeFsZ0PDdwzKTcTnWmofgBT8uR9KpEU root@srv2
The key's randomart image is:
+---[RSA 3072]----+
| o+=++o |
| o =+BE + |
| *.&=.= |
| . #.o* o |
| * ++S* |
| o o..* o |
| . . o + o |
| . o |
| |
+----[SHA256]-----+
SRV2
root@srv2:~# ssh-copy-id -i ~/.ssh/id_rsa.pub -p 2244 root@192.168.144.1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed:
"/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to
filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are
prompted now it is to install the new keys
root@192.168.144.1's password:
Now try logging into the machine, with: "ssh -p '2244' 'root@192.168.144.1'"
and check to make sure that only the key(s) you wanted were added.
Jika sudah silahkan uji remote srv1 dari srv2 dengan perintah dibawah ini maka anda
tidak perlu memasukkan password lagi.
SRV2
root@srv2:~# ssh root@192.168.144.1 -p 2244
20
5. DNS SERVER
Domain Name System (DNS) adalah sebuah sistem yang berfungsi menangani translasi penamaan
host-host kedalam IP Address, begitu juga sebaliknya dalam menangani translasi dari IP Address ke
Hostname/Domain. DNS berjalan pada port udp 53.
Record Keterangan
A Untuk menambahkan host, TTL, dan points baru.
21
CNAME Untuk membuat alias bagi domain lain.
MX Untuk mengidentifikasi server yang menangani mail.
TXT Untuk menyimpan informasi teks.
AAAA A record untuk IPv6.
NS Untuk record dns server domain.
SRV1
root@srv1:~# apt install bind9 bind9utils dnsutils
SRV2
root@srv2:~# apt install bind9 bind9utils dnsutils
SRV1
root@srv1:# cd /etc/bind
root@srv1:/etc/bind# nano named.conf.options
/etc/bind/named.conf.options
acl client {
192.168.144.0/24;
localhost;
localnets;
};
options {
directory "/var/cache/bind";
recursion yes;
allow-query { client; };
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
22
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-
keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { any; };
};
SRV1
root@srv1:/etc/bind# systemctl restart bind9
Setelah itu uji coba di srv2 dengan edit file /etc/resolv.conf. Dan save.
SRV2
root@srv2:~# nano /etc/resolv.conf
/etc/resolv.conf
nameserver 192.168.144.1
#nameserver 1.1.1.1
Jalankan perintah dibawah ini untuk uji coba apakah konfigurasi dns caching sudah berhasil
atau tidak.
SRV2
root@srv2:~# dig google.com
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: eac770126b2b8ffa0100000062f5bf6a6ef000ced5a51821 (good)
;; QUESTION SECTION:
;google.com. IN A
23
;; ANSWER SECTION:
google.com. 158 IN A 74.125.200.100
google.com. 158 IN A 74.125.200.139
google.com. 158 IN A 74.125.200.138
google.com. 158 IN A 74.125.200.113
google.com. 158 IN A 74.125.200.102
google.com. 158 IN A 74.125.200.101
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: a863c3dd055223580100000062f5bf8aa1f00f649dbf834c (good)
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 126 IN A 74.125.200.138
google.com. 126 IN A 74.125.200.102
google.com. 126 IN A 74.125.200.100
google.com. 126 IN A 74.125.200.101
google.com. 126 IN A 74.125.200.113
google.com. 126 IN A 74.125.200.139
Bisa terlihat untuk request pertama membutuhkan waktu 867 msec, lalu untuk request
kedua membutuhkan waktu 0 msec. Berarti konfigurasi dns caching sudah berhasil.
SRV1
root@srv1:# cd /etc/bind
root@srv1:/etc/bind# nano named.conf.options
24
Edit seperti dibawah ini.
/etc/bind/named.conf.options
acl client {
192.168.144.0/24;
localhost;
localnets;
};
options {
directory "/var/cache/bind";
recursion yes;
allow-query { client; };
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
forwarders {
1.1.1.1;
1.0.0.1;
};
forward only;
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-
keys
//========================================================================
dnssec-enable yes;
dnssec-validation yes;
listen-on-v6 { any; };
};
SRV1
root@srv1:/etc/bind# systemctl restart bind9
25
/etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "smkwau.cloud" {
type master;
file "/etc/bind/db.smkwau.cloud";
};
zone "144.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.144.168.192";
};
SRV1
root@srv1:/etc/bind# cp db.local db.smkwau.cloud
root@srv1:/etc/bind# cp db.127 db.144.168.192
SRV1
root@srv1:/etc/bind# nano db.smkwau.cloud
/etc/bind/db.smkwau.cloud
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA smkwau.cloud. root.smkwau.cloud. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.smkwau.cloud.
ns1 IN A 192.168.144.1
@ IN A 192.168.144.1
26
SRV1
root@srv1:/etc/bind# nano db.144.168.192
/etc/bind/db.144.168.192
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA smkwau.cloud. root.smkwau.cloud. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.smkwau.cloud.
1 IN PTR ns1.smkwau.cloud.
1 IN PTR smkwau.cloud.
SRV1
root@srv1:/etc/bind# systemctl restart bind9
SRV1
root@srv1:/etc/bind# nano named.conf.local
/etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "smkwau.cloud" {
type master;
file "/etc/bind/db.smkwau.cloud";
27
allow-transfer { 192.168.144.2; };
also-notify { 192.168.144.2; };
};
zone "144.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.144.168.192";
allow-transfer { 192.168.144.2; };
also-notify { 192.168.144.2; };
};
SRV1
root@srv1:/etc/bind# nano db.smkwau.cloud
/etc/bind/db.smkwau.cloud
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA smkwau.cloud. root.smkwau.cloud. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.smkwau.cloud.
@ IN NS ns2.smkwau.cloud.
ns1 IN A 192.168.144.1
ns2 IN A 192.168.144.2
@ IN A 192.168.144.1
SRV1
root@srv1:/etc/bind# nano db.144.168.192
/etc/bind/db.144.168.192
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA smkwau.cloud. root.smkwau.cloud. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
28
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.smkwau.cloud.
@ IN NS ns2.smkwau.cloud.
1 IN PTR ns1.smkwau.cloud.
2 IN PTR ns2.smkwau.cloud.
1 IN PTR smkwau.cloud.
SRV1
root@srv1:/etc/bind# systemctl restart bind9
SRV2
root@srv2:~# cd /etc/bind
root@srv2:/etc/bind# nano named.conf.local
/etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "smkwau.cloud" {
type slave;
file "db.smkwau.cloud";
masters { 192.168.144.1; };
};
zone "144.168.192.in-addr.arpa" {
type slave;
file "db.144.168.192";
masters { 192.168.144.1; };
};
SRV2
root@srv2:/etc/bind# systemctl restart bind9
29
SRV2
root@srv2:/etc/bind# tail -f /var/log/syslog
Aug 14 22:58:15 srv2 named[577]: zone 144.168.192.in-addr.arpa/IN: Transfer
started.
Aug 14 22:58:15 srv2 named[577]: transfer of '144.168.192.in-addr.arpa/IN'
from 192.168.144.1#53: connected using 192.168.144.2#56669
Aug 14 22:58:15 srv2 named[577]: zone 144.168.192.in-addr.arpa/IN: transferred
serial 1
Aug 14 22:58:15 srv2 named[577]: transfer of '144.168.192.in-addr.arpa/IN'
from 192.168.144.1#53: Transfer status: success
Aug 14 22:58:15 srv2 named[577]: transfer of '144.168.192.in-addr.arpa/IN'
from 192.168.144.1#53: Transfer completed: 1 messages, 7 records, 213 bytes,
0.004 secs (53250 bytes/sec) (serial 1)
Aug 14 22:58:15 srv2 named[577]: zone 144.168.192.in-addr.arpa/IN: sending
notifies (serial 1)
Aug 14 22:58:15 srv2 named[577]: zone smkwau.cloud/IN: Transfer started.
Aug 14 22:58:15 srv2 named[577]: transfer of 'smkwau.cloud/IN' from
192.168.144.1#53: connected using 192.168.144.2#60081
Aug 14 22:58:15 srv2 named[577]: zone smkwau.cloud/IN: transferred serial 2
Aug 14 22:58:15 srv2 named[577]: transfer of 'smkwau.cloud/IN' from
192.168.144.1#53: Transfer status: success
Aug 14 22:58:15 srv2 named[577]: transfer of 'smkwau.cloud/IN' from
192.168.144.1#53: Transfer completed: 1 messages, 7 records, 191 bytes, 0.004
secs (47750 bytes/sec) (serial 2)
Selanjutnya cek file db.smkwau.cloud dan db.144.168.192 apakah sudah ada didirektori
cache bind9.
SRV2
root@srv2:/etc/bind# ls /var/cache/bind/
db.144.168.192 db.smkwau.cloud managed-keys.bind managed-keys.bind.jnl
Untuk uji coba, masuk ke PC Client dan edit dns servernya mengarah ke 192.168.144.1 dan
192.168.144.2.
30
Setelah itu jalankan perintah nslookup.
31
6. CA DAN CSR
6.1 MENGENAL CA
Certificate Authority (CA) adalah otoritas yang dipercaya untuk mengelola sertifikat SSL/TLS untuk
web dan alamat email perusahaan.
SRV1
root@srv1:~# apt install openssl
root@srv1:~# mkdir -p /certs/smkwau.cloud
root@srv1:~# cd /certs/
root@srv1:/certs# openssl genrsa -des3 -out ca.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.........+++++
..............................................................................
..............................................+++++
e is 65537 (0x010001)
Enter pass phrase for ca.key:alif
Verifying - Enter pass phrase for ca.key:alif
root@srv1:/certs# openssl req -x509 -new -nodes -sha256 -key ca.key -out
ca.pem -days 365
Enter pass phrase for ca.key:alif
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:East Java
Locality Name (eg, city) []:Pasuruan
Organization Name (eg, company) [Internet Widgits Pty Ltd]:YLPM WALISONGO
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:CA YLPM WALISONGO
Email Address []:ylpmw9mail@gmail.com
SRV1
root@srv1:/certs# cd smkwau.cloud/
32
root@srv1:/certs/smkwau.cloud# nano config.txt
/certs/smkwau.cloud/config.txt
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = smkwau.cloud
DNS.2 = *.smkwau.cloud
Lalu buat CSR (Certificate Signing Request) untuk domain smkwau.cloud dan menandatanganinya
dengan CA yang dibuat tadi.
SRV1
root@srv1:/certs/smkwau.cloud# openssl req -new -nodes -sha256 -out
smkwau.cloud.csr -newkey rsa:2048 -keyout smkwau.cloud.key
Generating a RSA private key
...................................................................+++++
......+++++
writing new private key to 'smkwau.cloud.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:East Java
Locality Name (eg, city) []:Pasuruan
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SMK WALISONGO 2
GEMPOL
Organizational Unit Name (eg, section) []:TKJ
Common Name (e.g. server FQDN or YOUR name) []:smkwau.cloud
Email Address []:admin@smkwau.cloud
33
Enter pass phrase for /certs/ca.key:alif
Sekarang salin file ca.pem yang berada didirektori /certs/ ke client dan install browser client.
• Browser Firefox.
Masuk ke Settings > Privacy & Security > Certificates > View Certificates > Authorities >
Import > file ca.pem > Centang Trust this CA to identify websites and email users > OK.
• Browser Chrome.
Masuk ke Settings > Privacy and security > More > Manage certificates > Trusted Root
Certification Authorities > Import > file ca.pem > Next > Finish.
34
7. WEB SERVER
Web Server adalah suatu sistem yang memiliki fungsi untuk menerima halaman web sebagai
permintaan melalui protoko http atau https. Lalu harus memberikan hasil permintaan atau
jawaban berupa tersebut menjadi halaman html secara umum.
Ada banyak software web server seperti Apache2, Nginx, OpenLiteSpeed, IIS, Lighttpd. Dalam buku
ini kita hanya menggunakan Apache2.
SRV1
root@srv1:~# apt install apache2 php
SRV1
root@srv1:~# cd /var/www/
root@srv1:/var/www# mkdir smkwau.cloud
root@srv1:/var/www# cd smkwau.cloud/
root@srv1:/var/www/smkwau.cloud# nano index.html
Untuk isi file index.html bisa seperti dibawah ini atau kreasikan sendiri.
/var/www/smkwau.cloud/index.html
<html>
<head>
<title>SMKWAU.CLOUD</title>
</head>
35
<body>
<h2>Welcome to the smkwau.cloud!</h2>
<img src="https://i.imgur.com/8KHaYHT.png" alt="SMK WALISONGO 2
GEMPOL logo" width="400" height="400">
</body>
</html>
• Konfigurasi http.
Masuk kedirektori /etc/apache2/sites-available dan edit file 000-default.conf.
SRV1
root@srv1:/var/www/smkwau.cloud# cd /etc/apache2/sites-available/
root@srv1:/etc/apache2/sites-available# nano 000-default.conf
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName smkwau.cloud
ServerAdmin admin@smkwau.cloud
DocumentRoot /var/www/smkwau.cloud
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
SRV1
root@srv1:/etc/apache2/sites-available# a2ensite 000-default.conf
root@srv1:/etc/apache2/sites-available# systemctl restart apache2
• Konfigurasi https.
Masih didirektori /etc/apache2/sites-available dan edit file default-ssl.conf.
SRV1
root@srv1:/etc/apache2/sites-available# nano default-ssl.conf
Untuk isi file default-ssl.conf pastikan seperti dibawah ini. Pastikan juga direktori sslnya
sesuai dengan yang kita buat tadi.
/etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName smkwau.cloud
36
ServerAdmin admin@smkwau.cloud
DocumentRoot /var/www/smkwau.cloud
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /certs/smkwau.cloud/smkwau.cloud.crt
SSLCertificateKeyFile /certs/smkwau.cloud/smkwau.cloud.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
SRV1
root@srv1:/etc/apache2/sites-available# a2enmod ssl
root@srv1:/etc/apache2/sites-available# a2ensite default-ssl.conf
root@srv1:/etc/apache2/sites-available# systemctl restart apache2
Untuk uji coba silahkan buka melalui browser client seperti gambar dibawah ini.
37
Dan ini hasil ketika mengakses melalui protokol https, jika ada warning saat ingin
mengaksesnya berarti masih ada kesalahan dalam membuat CA/CSR.
38
8. FTP SERVER
File Transfer Protocol (FTP) adalah sebuah suatu sistem yang dirancang untuk melakukan transfer
atau pengiriman file dan direktori antar perangkat dalam suatu jaringan. FTP berjalan pada port tcp
21.
• FTP Server.
Berfungsi sebagai server yang memberikan akses file atau direktori kepada ftp client.
• FTP Client.
Berfungsi untuk mengakses ftp server baik menggunakan user anonymous atau user yang
telah dibuat.
Ada banyak software ftp server sepert ProFTPD, VSFTPD dan lain 2. Dalam buku ini kita hanya
menggunakan VSFTPD.
• Instalasi vsftpd.
SRV1
root@srv1:~# apt install vsftpd
SRV1
root@srv1:~# mkdir -p /var/ftp/public
root@srv1:~# chown nobody:nogroup /var/ftp/public
SRV1
root@srv1:~# nano /etc/vsftpd.conf
/etc/vsftpd.conf
anonymous_enable=YES
39
anon_root=/var/ftp/public
no_anon_password=YES
hide_ids=YES
SRV1
root@srv1:~# systemctl restart vsftpd.service
root@srv1:~# echo "VSFTPD test" | tee /var/ftp/public/test.txt
Lalu uji coba konfigurasi menggunakan ftp client seperti FileZilla atau WinSCP di PC Client.
SRV1
root@srv1:~# for i in {1..10};
> do
> mkdir -p /var/ftp/private/user$i
> touch /var/ftp/private/user$i/user$i.txt
> chown -R user$i:user$i /var/ftp/private/user$i
> chmod -R 755 /var/ftp/private/user$i
> done
40
SRV1
root@srv1:~# nano /etc/vsftpd.conf
/etc/vsftpd.conf
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
chroot_local_user=YES
allow_writeable_chroot=YES
user_sub_token=$USER
local_root=/var/ftp/private/$USER
SRV1
root@srv1:~# systemctl restart vsftpd.service
Silahkan uji coba menggunakan ftp client dengan akun user1-10 dan password ‘user’ sama
semua.
41
• Konfigurasi ssl explicit.
Edit file /etc/vsftpd.conf.
SRV1
root@srv1:~# nano /etc/vsftpd.conf
Tambahkan konfigurasi dibawah ini. Pastikan letak file .crt dan .key sudah benar sesuai yang
kita buat saat membuat CA dan CSR.
/etc/vsftpd.conf
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/certs/smkwau.cloud/smkwau.cloud.crt
rsa_private_key_file=/certs/smkwau.cloud/smkwau.cloud.key
ssl_enable=YES
ssl_ciphers=HIGH
force_local_data_ssl=YES
force_local_logins_ssl=YES
SRV1
root@srv1:~# systemctl restart vsftpd.service
Silahkan coba login menggunakan ftp client dengan tipe encryption TLS/SSL Explicit
encryption.
42
9. SAMBA SERVER
SAMBA Server adalah sebuah protokol yang menyediakan layanan berbagi berkas dan alat
pencetak.
• Instalasi samba.
SRV1
root@srv1:~# apt install samba
SRV1
root@srv1:~# mkdir -p /var/samba/public
root@srv1:~# chmod 777 /var/samba/public
root@srv1:~# nano /etc/samba/smb.conf
/etc/samba/smb.conf
[Public]
comment = File sharing public
path = /var/samba/public
browseable = yes
writable = yes
guest ok = yes
guest only = yes
force create mode = 777
force directory mode = 777
SRV1
root@srv1:~# systemctl restart smbd.service
43
SRV1
root@srv1:~# groupadd smbgroup
root@srv1:~# mkdir /var/samba/private
root@srv1:~# chgrp smbgroup /var/samba/private
root@srv1:~# chmod 770 /var/samba/private
SRV1
root@srv1:~# nano /etc/samba/smb.conf
/etc/samba/smb.conf
[Private]
comment = File sharing private
path = /var/samba/private
browseable = yes
writable = yes
guest ok = no
valid users = @smbgroup
force group = smbgroup
force create mode = 770
force directory mode = 770
inherit permissions = yes
Jalankan perintah dibawah ini untuk membuat user samba mulai dari user1-10 dengan
password ‘user’ sama semua. Dan masukkan user2 tersebut kedalam group smbgroup.
SRV1
root@srv1:~# for i in {1..10};
> do
> smbpasswd -a user$i <<< "user"$'\n'"user"
> usermod -aG smbgroup user$i
> done
SRV1
root@srv1:~# systemctl restart smbd.service
Untuk uji coba silahkan akses menggunakan PC Client. Buka File Explorer > Masukkan ip
192.168.144.1.
44
45
10. NFS SERVER
Network File System (NFS) adalah sebuah protokol berbagi pakai berkas melalui jaringan. NFS ini
meng-share file ataupun resource melalui network atau jaringan tanpa peduli sistem operasi yang
digunakan apa. Sederhananya NFS (Network File System) Merupakan komputer/host yang
menyediakan sistem file(via direktori) yang dapat diakses oleh komputer lain.
SRV1
root@srv1:~# apt install nfs-kernel-server
Buat direktori /var/nfs yang akan kita share ke srv2 dan edit file /etc/idmapd.conf.
SRV1
root@srv1:~# mkdir /var/nfs
root@srv1:~# nano /etc/idmapd.conf
/etc/idmapd.conf
[General]
Verbosity = 0
Pipefs-Directory = /run/rpc_pipefs
# set your own domain here, if it differs from FQDN minus hostname
Domain = smkwau.cloud
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
SRV1
root@srv1:~# nano /etc/exports
/etc/exports
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
46
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check)
hostname2(ro,sync,no_sub>
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
/var/nfs 192.168.144.0/24(rw,no_root_squash)
SRV1
root@srv1:~# systemctl restart nfs-server.service
Untuk uji coba, kita akan mount direktori nfs server ke srv2.
SRV2
root@srv2:~# apt install nfs-common
SRV2
root@srv2:~# nano /etc/idmapd.conf
/etc/idmapd.conf
[General]
Verbosity = 0
Pipefs-Directory = /run/rpc_pipefs
# set your own domain here, if it differs from FQDN minus hostname
Domain = smkwau.cloud
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
SRV2
root@srv2:~# mount -t nfs smkwau.cloud:/var/nfs /mnt
root@srv2:~# df -hT
47
Filesystem Type Size Used Avail Use% Mounted on
udev devtmpfs 473M 0 473M 0% /dev
tmpfs tmpfs 98M 528K 98M 1% /run
/dev/sda1 ext4 11G 1.1G 9.2G 11% /
tmpfs tmpfs 489M 0 489M 0% /dev/shm
tmpfs tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs tmpfs 98M 0 98M 0% /run/user/0
smkwau.cloud:/var/nfs nfs4 11G 1.3G 9.0G 13% /mnt
SRV2
root@srv2:~# nano /etc/fstab
/etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# systemd generates mount units based on this file, see systemd.mount(5).
# Please run 'systemctl daemon-reload' after making changes here.
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/sda1 during installation
UUID=c920e578-9084-478b-813c-56e2e2f31729 / ext4
errors=remount-ro 0 1
# swap was on /dev/sda5 during installation
UUID=a2b1552f-b155-47b0-b1e6-23666bcf94b3 none swap sw
0 0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
# Mount NFS Server
smkwau.cloud:/var/nfs /mnt nfs defaults 0 0
Coba reboot dan cek menggunakan perintah dibawah ini apakah masih termount.
SRV2
root@srv2:~# df -hT
Filesystem Type Size Used Avail Use% Mounted on
udev devtmpfs 473M 0 473M 0% /dev
tmpfs tmpfs 98M 536K 98M 1% /run
/dev/sda1 ext4 11G 1.1G 9.2G 11% /
tmpfs tmpfs 489M 0 489M 0% /dev/shm
tmpfs tmpfs 5.0M 0 5.0M 0% /run/lock
smkwau.cloud:/var/nfs nfs4 11G 1.3G 9.0G 13% /mnt
tmpfs tmpfs 98M 0 98M 0% /run/user/0
48
11. DATABASE
Database Server adalah sebuah sistem yang menyediakan layanan pengolahan berbasis data dan
melayani komputer atau program aplikasi basis data yang menggunakan model client – server.
Ada banyak jenis jenis database yang sering digunakan seperti MariaDB, MySQL, PostgreSQL,
Oracle Database, MongoDB. Dalam buku ini kita hanya akan menggunakan MariaDB.
SRV1
root@srv1:~# apt install mariadb-server mariadb-client
SRV2
root@srv2:~# apt install mariadb-server mariadb-client
• Konfigurasi mariadb.
Jalankan perintah dibawah ini.
SRV1
root@srv1:~# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none): \\ enter saja
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
You already have your root account protected, so you can safely answer 'n'.
49
New password: \\ buat password mariadb
Re-enter new password: \\ verifikasi password mariadb
Password updated successfully!
Reloading privilege tables..
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
SRV1
root@srv1:~# mysql -u root -p \\ untuk masuk ke mariadb
Enter password: \\ masukkan password mariadb
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 47
50
Server version: 10.5.15-MariaDB-0+deb11u1 Debian 11
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [alif]> create table mytable (nip int, nama varchar(22)); \\ untuk
membuat table
Query OK, 0 rows affected (0.026 sec)
MariaDB [alif]> select user, host from mysql.user; \\ untuk menampilkan daftar
user
51
+-------------+-----------+
| User | Host |
+-------------+-----------+
| alif | localhost |
| mariadb.sys | localhost |
| mysql | localhost |
| root | localhost |
+-------------+-----------+
4 rows in set (0.003 sec)
SRV1
root@srv1:~# nano /etc/mysql/mariadb.conf.d/50-server.cnf
/etc/mysql/mariadb.conf.d/50-server.cnf
# Di baris 31
bind-address = 192.168.144.1
# Di baris 71
server-id = 1
# Di baris 72
log_bin = /var/log/mysql/mysql-bin.log
Lalu save dan restart service mysql. Selanjutnya masuk ke database mariadb.
SRV1
root@srv1:~# systemctl restart mysql
root@srv1:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Server version: 10.5.15-MariaDB-0+deb11u1-log Debian 11
52
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
SRV1
MariaDB [(none)]> grant replication slave on *.* to 'replica'@'192.168.144.2'
identified by 'p@ssword';
Query OK, 0 rows affected (0.028 sec)
Lalu lock database, bertujuan supaya tidak ada perubahan saat konfigurasi replikasi.
SRV1
MariaDB [(none)]> flush tables with read lock;
Query OK, 0 rows affected (0.083 sec)
Jalankan perintah dibawah ini untuk mengecek status master. Isi dari tabel File dan Position
akan kita butuh kan saat mengkonfigurasi slave di srv2.
SRV1
MariaDB [(none)]> show master status;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000002 | 859 | | |
+------------------+----------+--------------+------------------+
1 row in set (0.000 sec)
SRV2
root@srv2:~# nano /etc/mysql/mariadb.conf.d/50-server.cnf
/etc/mysql/mariadb.conf.d/50-server.cnf
# Di baris 31
bind-address = 192.168.144.2
# Di baris 71
server-id = 2
53
# Di baris 72
log_bin = /var/log/mysql/mysql-bin.log
Lalu save dan restart service mysql. Selanjutnya masuk ke database mariadb.
SRV2
root@srv2:~# systemctl restart mysql
root@srv2:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Server version: 10.5.15-MariaDB-0+deb11u1-log Debian 11
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
Untuk menghubungkan database server ke database master, jalankan perintah dibawah ini.
SRV2
MariaDB [(none)]> change master to
-> master_host='192.168.144.1',
-> master_user='replica',
-> master_password='p@ssword',
-> master_log_file='mysql-bin.000002',
-> master_log_pos=859;
Query OK, 0 rows affected (0.123 sec)
Selanjutnya unlcok database server master di srv1. Jalankan perintah dibawah ini.
SRV1
MariaDB [(none)]> unlock tables;
Query OK, 0 rows affected (0.000 sec)
Sekarang kita cek status database server slave di srv2. Jalankan perintah dibawah ini.
SRV2
MariaDB [(none)]> show slave status \G
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 192.168.144.1
Master_User: replica
Master_Port: 3306
Connect_Retry: 60
54
Master_Log_File: mysql-bin.000002
Read_Master_Log_Pos: 859
Relay_Log_File: mysqld-relay-bin.000002
Relay_Log_Pos: 555
Relay_Master_Log_File: mysql-bin.000002
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 859
Relay_Log_Space: 865
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
Replicate_Ignore_Server_Ids:
Master_Server_Id: 1
Master_SSL_Crl:
Master_SSL_Crlpath:
Using_Gtid: No
Gtid_IO_Pos:
Replicate_Do_Domain_Ids:
Replicate_Ignore_Domain_Ids:
Parallel_Mode: optimistic
SQL_Delay: 0
SQL_Remaining_Delay: NULL
Slave_SQL_Running_State: Slave has read all relay log; waiting for more
updates
Slave_DDL_Groups: 0
Slave_Non_Transactional_Groups: 0
Slave_Transactional_Groups: 0
1 row in set (0.001 sec)
Untuk uji coba, silahkan buat database test1 dan user1 di database server master.
55
SRV1
MariaDB [(none)]> create database test1;
Query OK, 1 row affected (0.001 sec)
Lalu cek di database server slave apakah ada database test1 dan user1 atau tidak. Jika tidak
ada, berarti ada step yang salah atau terlewat.
SRV2
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test1 |
+--------------------+
4 rows in set (0.001 sec)
56
12. MAIL SERVER DAN WEB MAIL
Mail Server adalah sebuah server/sistem yang digunakan untuk menangani pengiriman ataupun
penerimaan email di internet.
• Outgoing Server.
1. SMTP adalah protokol standar untuk pengiriman email. Protokol ini berkomunikasi
dengan server untuk mengirimkan email dari lokal ke server email. SMTP dikontrol oleh
MTA.
• Incoming Server.
1. POP3/IMAP digunakan untuk mengambil email dari kotak surat server penerima ke
MUA penerima.
SRV1
root@srv1:~# nano /etc/bind/db.smkwau.cloud
/etc/bind/db.smkwau.cloud
;
; BIND data file for local loopback interface
;
$TTL 604800
57
@ IN SOA smkwau.cloud. root.smkwau.cloud. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.smkwau.cloud.
@ IN NS ns2.smkwau.cloud.
ns1 IN A 192.168.144.1
ns2 IN A 192.168.144.2
@ IN A 192.168.144.1
@ IN MX 5 smkwau.cloud.
SRV1
root@srv1:~# systemctl restart bind9
SRV1
root@srv1:~# apt install postfix
58
Masuk kedirektori /etc/postfix dan edit file main.cf. Edit filenya seperti dibawah ini.
SRV1
root@srv1:~# cd /etc/postfix
root@srv1:/etc/postfix# nano main.cf
59
/etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
60
Setelah itu restart service postfixnya.
SRV1
root@srv1:/etc/postfix# systemctl restart postfix
SRV1
root@srv1:~# apt install dovecot-pop3d dovecot-imapd
Masuk kedirektori /etc/dovecot dan edit file dovecot.conf. Edit baris ke 30 seperti dibawah
ini.
SRV1
root@srv1:~# cd /etc/dovecot
root@srv1:/etc/dovecot# nano dovecot.conf
/etc/dovecot/dovecot.conf
# A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
listen = *
Selanjutnya masuk kedirektori /etc/dovecot/conf.d dan edit file 10-auth.conf. Edit baris ke
10 dan ke 100 seperti dibawah ini.
SRV1
root@srv1:/etc/dovecot# cd conf.d/
root@srv1:/etc/dovecot/conf.d# nano 10-auth.conf
/etc/dovecot/conf.d/10-auth.conf
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
# See also ssl=required setting.
disable_plaintext_auth = no
# Space separated list of wanted authentication mechanisms:
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp
# gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain login
61
Lalu edit file 10-mail.conf, hapus # di baris ke 24 dan beri # di baris ke 30.
SRV1
root@srv1:/etc/dovecot/conf.d# nano 10-mail.conf
/etc/dovecot/conf.d/10-mail.conf
# See doc/wiki/Variables.txt for full list. Some examples:
mail_location = maildir:~/Maildir
# mail_location = mbox:~/mail:INBOX=/var/mail/%u
# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
#
# <doc/wiki/MailLocation.txt>
# mail_location = mbox:~/mail:INBOX=/var/mail/%u
Setelah itu jalan kan perintah dibawah ini untuk membuat maildir dan restart service
dovecotnya.
SRV1
root@srv1:/etc/dovecot/conf.d# maildirmake.dovecot /etc/skel/Maildir
root@srv1:/etc/dovecot/conf.d# systemctl restart dovecot
• Instalasi roundcube.
SRV1
root@srv1:~# apt install roundcube
62
• Konfigurasi roundcube.
Masuk ke direktori /etc/roundcube dan edit file config.inc.php. Edit baris ke 36, 48, 51, 55,
59 seperti dibawah ini.
SRV1
root@srv1:~# cd /etc/roundcube
root@srv1:/etc/roundcube# nano config.inc.php
/etc/roundcube/config.inc.php
// The IMAP host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
63
// Enter hostname with prefix ssl:// to use Implicit TLS, or use
// prefix tls:// to use STARTTLS.
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
$config['default_host'] = 'smkwau.cloud';
// SMTP port. Use 25 for cleartext, 465 for Implicit TLS, or 587 for STARTTLS
(default)
$config['smtp_port'] = 25;
SRV1
root@srv1:/etc/roundcube# nano /etc/apache2/conf-available/roundcube.conf
/etc/apache2/conf-available/roundcube.conf
# Those aliases do not work properly with several hosts on your apache server
# Uncomment them to use it or adapt them to your configuration
Alias /roundcube /var/lib/roundcube/public_html
SRV1
root@srv1:/etc/roundcube# systemctl reload apache2
64
Untuk uji coba, silahkan akses https://smkwau.cloud/roundcube melalui browser client.
Lalu login dan uji coba kirim email antar user mulai dari user1-10.
65
13. VOIP SERVER
Voice Over Internet Protocol (VoIP) adalah sebuah teknologi yang memungkinkan komunikasi jarak
jauh dengan memanfaatkan jaringan internet. Ada banyak protokol yang digunakan dalan
implementasi voip, yaitu sebagai berikut:
• H.323.
• Media Gateway Control Protocol (MGCP).
• Session Initiation Protocol (SIP).
• Real-time Transport Protocol (RTP).
• Session Description Protocol (SDP).
• Inter-Asterisk eXchange (IAX).
Untuk topologi voip kali ini, silahkan kalian buat access point dari mikrotik atau tplink yang
terhubung ke jaringan 192.168.144.0/24. Gunakan ip 192.168.144.4 untuk access pointnya.
Topologi kurang lebih seperti gambar dibawah ini.
• Instalasi asterisk.
SRV1
root@srv1:~# apt install asterisk
66
• Konfigurasi asterisk.
Edit file /etc/default/asterisk pada baris ke 6 seperti dibawah ini.
SRV1
root@srv1:~# nano /etc/default/asterisk
/etc/default/asterisk
# This file allows you to alter the configuration of the Asterisk
# init.d script. Normally you should leave the file as-is.
#
# RUNASTERISK: If set to anything other that 'yes', the asterisk init.d script
# will not run. The default is 'yes'.
RUNASTERISK=yes
Masuk ke direktori /etc/asterisk dan edit file sip.conf. Tambahkan konfigurasi seperti
dibawah ini pada baris terbawah.
SRV1
root@srv1:~# cd /etc/asterisk
root@srv1:/etc/asterisk# nano sip.conf
/etc/asterisk/sip.conf
[general]
context=smkwau
port=5060
bindaddr=0.0.0.0
srvlookup=yes
tos=0x18
videosupport=yes
[222]
type=friend
username=222
secret=222
host=dynamic
context=smkwau
Setelah itu save. Lanjut edit file extensions.conf dan tambahkan konfigurasi seperti dibawah
ini.
67
SRV1
root@srv1:/etc/asterisk# nano extensions.conf
/etc/asterisk/extensions.conf
[smkwau]
exten => 111,1,DIAL(SIP/111)
exten => 111,2,Hangup
exten => 222,1,DIAL(SIP/222)
exten => 222,2,Hangup
SRV1
root@srv1:/etc/asterisk# systemctl restart asterisk
Untuk uji coba di smartphone1 dan smartphone2 kalian bisa menggunakan aplikasi zoiper
yang bisa di download melalui playstore atau appstore secara gratis
68
• Setting zoiper di smartphone.
◦ Smartphone1.
69
◦ Smartphone2.
70
14. MONITORING SERVER
Karena disini penulis menggunakan router mikrotik menjadi access point, jadi sekarang penulis
akan melakukan konfigurasi snmp pada router mikrotik. Untuk merek perangkat lain bisa
disesuaikan.
Masuk ke router mikrotik dengan winbox. Lalu pergi ke menu IP > SNMP > Communities. Lalu buat
community baru dengan nama smkwau, address 0.0.0.0/0 dan berikan read access. Lalu apply dan
ok.
Setelah itu sesuaikan snmp setting seperti ini. Jika sudah kik apply dan ok. Dan konfigurasi snmp
dimikrotik sudah selesai.
71
14.2 INSTALASI DAN KONFIGURASI MONITORING SERVER
SRV1
root@srv1:~# apt install cacti cacti-spine
Setelah itu buat password untuk database cacti dan verifikasi lagi passwordnya.
72
• Tambahkan device dan graphics pada cacti.
Akses cacti melalui browser https://smkwau.cloud/cacti, untuk username defaultnya yaitu
admin dengan password cacti.
Klik Create devices > Add > Tambahkan ip mikrotik/access point sesuaikan seperti
digambar.
73
Jika sudah save, selanjutnya kita klik Create graphs, lalu yang akan kita monitoring adalah
ram, disk, procesor, dan interface ether1.
74
Untuk melihat hasil monitoring, klik tab Graphs > mode Preview. Grafiknya tidak akan
langsung muncul, biasanya akan muncul setelah beberapa menit.
75
16. PROFIL PENULIS
76