TUTORIAL INSTALASI DEBIAN LENNY
Di susun oleh Mahasiswa KKN-PPL Muhammad Tonykha Jaya Ali Ikhsan
Pendidikan Teknik Informatika Fakultas Teknik Universitas Negeri Yogyakarta 2010
A. Instalasi Debian Lenny Alat-alat: 1.
CD/DVD Debian 5.00 Lenny
2.
1 buah PC ,2 Lan Card.
3.
Monitor
4.
Kabel UTP Cross dan Straight secukupnya
Berikut ini langkah-langkah yang dalam penginstalisasi Debian 5.00 Lenny: Langkah 1 : Masukan CD/DVD Debian 5.00 Lenny
Langkah 2 : Pilih Bahasa yang di pakai
Langkah 3 : Pilih Layout Keyboard
Langkah 4 : Tulis Host Name yang anda kehendaki
Langkah 5 : Tulis Domain Name yang anda kehendaki
Langkah 6: Pilih Partitioning method. Untuk mempermudah pilih Guided – use entire disk
Langkah 7: Pilih hadrdisk yang akan di partisi
Langkah 8: Pilih semua file dalam 1 partisi
Langkah 9 : Selesaikan proses partisi dan terapkan di hardisk
Langkah 10 : Terapkan pada hardisk
Langkah 11 Pengaturan Time Zone
Langkah 12 Pengaturan password root
Langkah 13 Ketik ulang password root
Langkah 14 Masukan nama lengkap user dari debian
Langkah 15 Masukan user name dari debian
Langkah 16 masukan password user
Langkah 17 Pengaturan Configure the package manager
Langkah 18 Pilih wilayah mirror yang terdekat
Langkah 19 Pilih ftp.debian.org
Langkah 20 Pengaturan proxy jika koneksi anda menggunakan proxy jika tidak kosongkan saja
Langkah 21 Pilih Standard system Tekan spasi untuk menghapus system terpilih dan memilih system. Tanda yang di pakai dalam system terpilih adalah (*) Langkah 22 Pilih instalisasi GRUB boot loader Langkah 23 Finishinh instalisasi. Sytem akan secara otomatis restart
B. Instalasi Software Server dan konfigurasi 1. DNS server apt-get install bind9
Berikut konfigurasi yang diperlukan : a. Setelah terinstal mengetikkan perintah pada terminal cd etc/bind b. Lalu Konfigurasi dengan cara masuklah pada file named dengan mengetikkan nano /etc/named.conf
c.
Kemudian carilah tulisan :
zone “127.in-addr.arpa”{ type master; file “/etc/bind/db.127”; };
Dan tambahkan dibawahnya : Enter zone "pti-uny.com"{ type master; file "/etc/bind/db.debian"; }; zone "3.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192"; };
Kemudian save dengan menekan ctrl+x dan y d. nano /etc/bind/db.debian lalu edit sesuai dibawah ini $TTL 86400 @ IN SOA NS.pti-uny.com. root.pti-uny.com. ( 200905 ; serial 28800 ; refresh 144000 ; retry 3600000 ; expiry 86400 ) ; minimum @ IN NS NS.pti-uny.com. IN A 192.168.15.1 www IN A 192.168.15.1 NS IN A 192.168.15.1
e. nano /etc/bind/db.192 lalu edit sesuai dibawah ini $TTL 86400 @ IN SOA NS.pti-uny.com. root.pti-uny.com. ( 200905 ; serial 28800 ; refresh 144000 ; retry 3600000 ; expiry 86400 ) ; minimum
@ IN NS NS.pti-uny.com. 58 IN PTR www.pti-uny.com. 58 IN PTR NS.pti-uny.com.
Ubahlah tulisan tulisan yang berhuruf tebal dan miring sesuai dengan alamat dan ip pc kita f. Kemudian restart dengan menggunakan perintah /etc/init.d/bind9 restart, apabila tidak ada kata failed maka kita telah berhasil g. Langkah selanjutnya adalah mengecek apakah DNS Server telah berhasil caranya : - Sambungkan pada client misalnya client kita windows Xp - Kemudian bukalah internet explore - Klik Control Panel, pilih dan klik Network Connection - Double klik pada Local area connection - Pilih Properties, klik internet protokol (TCP/IP) - Pada kotak dialog ip pilih use the following ip address dan isikan ipnya - Pada kotak dialog DNS Server pilih use the following DNS Server addresses dan isikan ip DNS Kita h. Untuk mengecek apakah server kita telah berhasil atau belum maka ping ke server dan ping lah alamat server kita misalnya pti-uny.com, apabila berhasil maka DNS Server yang kita buat telah berhasil 2. DHCP Server apt-get install dhcp3-server
Berikut konfigurasi yang diperlukan : Kita perlu memodifikasi file /etc/dhcp3/dhcpd.conf. a. Berikut ini adalah isi file konfigurasinya: subnet 192.168.20.0 netmask 255.255.255.0 { range 192.168.20.1 192.168.20.50; option domain-name "jaringan.lab"; deny unknown-clients; }
subnet 192.168.21.0 netmask 255.255.255.0 { range 192.168.21.1 192.168.21.50; option domain-name "multimedia.lab"; deny unknown-clients; }
b. restart service dhcp /etc/init.d/dhcp3-server restart
c. sekarang service DHCP server dapat dimanfaatkan 3. Firewall apt-get install shorewall
Berikut konfigurasi yang diperlukan : a. edit file konfigurasi /etc/shorewall/shorewall.conf STARTUPENABLED STARTUP_ENABLED=Yes modifikasi file zones /etc/shorewall/zones #ZONETYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 loc ipv4 loc1 ipv4
b. modifikasi file interfaces /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS net
eth0
detect tcpflags,dhcp,routefilter,nosmurfs,logmartians
loc
eth1
detect
loc1
eth2
detect
c. modifikasi file policy /etc/shorewall/policy #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST # # Note about policies and logging: # This file contains an explicit policy for every combination of # zones defined in this sample. This is solely for the purpose of
# providing more specific messages in the logs. This is not # necessary for correct operation of the firewall, but greatly # assists in diagnosing problems. The policies below are logically # equivalent to: # # loc net ACEPT # net all DROP info # all all REJECT info # # The Shorewall-perl compiler will generate the individual policies # below from the above general policies if you set # EXPAND_POLICIES=Yes in shorewall.conf. # Policies for trafic originating from the local LAN (loc) # # If you want to force clients to access the Internet via a proxy server # in your DMZ, change the following policy to REJECT info. loc
net
ACCEPT
loc1
net
ACCEPT
# If you want open access to DMZ from loc, change the following policy # to ACCEPT. (If you chose not to do this, you will need to add a rule for each service in the rules file.) loc loc1 REJECT info loc $FW REJECT info loc all REJECT info ## Policies for trafic originating from the firewall ($FW) # # If you want open access to the Internet from your firewall, change the # $FW to net policy to ACCEPT and remove the 'info' LOG LEVEL. $FW net REJECT info $FW loc1 REJECT info $FW loc REJECT info $FW all REJECT info # # Policies for trafic originating from the De-Militarized Zone (dmz) # # If you want open access from DMZ to the Internet change the following # policy to ACCEPT. This may be useful if you run a proxy server in your DMZ. loc1 net REJECT info loc1 $FW REJECT info loc1 loc REJECT info loc1 all REJECT info # # Policies for trafic originating from the Internet zone (net) # net loc1 DROP info net $FW DROP info net loc DROP info net all DROP info # THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
d. modifikasi file routestopped /etc/shorewall/routestopped #INTERFACE HOST(S) eth1 192.168.15.0/24 eth2 192.168.16.0/24
e. modifikasi file rules /etc/shorewall/rules #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE # PORT PORT(S) DEST LIMIT # # # # Accept DNS connections from the firewall to the Internet #DNS/ACCEPT $FW net Web/ACCEPT $FW net Web/ACCEPT loc $FW Web/ACCEPT loc1 $FW ## Accept SSH connections from the local network to the firewall and DMZ #SSH/ACCEPT loc $FW Web/ACCEPT loc net Web/ACCEPT loc1 net SSH/ACCEPT loc loc1 SSH/ACCEPT loc1 $FW SSH/ACCEPT loc1 loc SSH/ACCEPT net loc SSH/ACCEPT net loc1 ## DMZ DNS access to the Internet ##DNS/ACCEPT net loc DNS/ACCEPT loc1 $FW DNS/ACCEPT loc $FW # Reject Ping from the "bad" net zone. Ping/REJECT net $FW ## Make ping work bi-directionally between the dmz, net, Firewall and local zone # (assumes that the loc-> net policy is ACCEPT). #Ping/ACCEPT loc $FW Ping/ACCEPT loc1 $FW Ping/ACCEPT loc loc1 Ping/ACCEPT loc1 loc
Ping/ACCEPT $FW net Ping/ACCEPT $FW net Ping/ACCEPT loc1 net Ping/ACCEPT loc net ACCEPT $FW net icmp 80 ACCEPT $FW loc icmp 80 ACCEPT $FW loc1 icmp 80 # Uncomment this if using Proxy ARP and static NAT and you want to allow ping from # the net zone to the dmz and loc #Ping/ACCEPT net dmz #Ping/ACCEPT net loc ACCEPT loc1 net tcp 22,80,8080,901,20,25,110 ACCEPT loc net tcp 22,80,8080,21,901,20,25,110 ACCEPT fw net tcp 22,80,8080,21,901,20,25,110 ACCEPT fw loc tcp 22,80,8080,21,901,20,25,110 ACCEPT fw loc udp 53,161,25,110 #ACCEPT loc loc1 tcp 901 #ACCEPT loc ACCEPT fw loc1 udp 53,161,25,110 ACCEPT fw loc1 tcp 22,80,8080,21,901,20,25,110 #ACCEPT loc net udp 53,161,25,110 #ACCEPT loc1 net udp 53,161,25,110 ACCEPT fw net udp 53,161,25,110 ACCEPT loc fw tcp 22,80,8080,21,901,20,25,110 ACCEPT loc fw udp 53,161,25,110 ACCEPT all all icmp 80
f. service shorewall kini dapat kita gunakan Stop service shorewall /etc/init.d/shorewall stop Lalu start service shorewall /etc/init.d/shorewall start 4. Proxy apt-get install squid Berikut konfigurasi yang diperlukan :
Edit konfigurasi squid.conf seperlunya a. debian:/home/ptiuny# nano /etc/squid/squid.conf cari acl apache rep header Server ^Apache lalu tambah situs di bawah tulisan tersebut yang akan di blokir dengan perintah acl facebook browser http://www.facebook.com
kemudian simpan hasilnya. /etc/init.d/squid restart b. Aktifkan IP_FORWARDING echo "1" >/proc/sys/net/ipv4/ip_forward
c. Langkah berikutnya iptables -t nat -A POSTROUTING -s 192.168.15.1/24 -d 0.0.0.0/0 -j MASQUERADE
d.
Test browsing di komputer client......
e.
Kemudian kembali ke server dan ketikkan perintah spt dibawah ini tail -f /var/log/squid/access.log
5.
Web server Install PHP5 as Apache module: apt-get install php5 libapache2-mod-php5
Install MySQL and related packages: apt-get install mysql-server mysql-client php5-mysql
Berikut konfigurasi yang diperlukan : Langkah pertama buat copy semua file yang di butukan untuk web ke /var/www/ masuk ke direktori file yang akan di copy. cd [tujuan direktori] misalnya cd /var/www/ Setelah masuk ke dalam direktori tersebut masukkan perintah di bawah ini cp * /var/www/ Lalu setting database di phpmyadmin Localhost/phpmyadmin Konfigurasi selanjutnya tinggal sesuaikan dengan web yang akan di buat.
6. Voip wget http://opensips.org/pub/opensips/latest/src/opensips-1.4.4-tls_src.tar.gz apt-get install build-essential flex bison openssl apt-get install mysql-server libmysqlclient15off libmysqlclient-dev
• Ingatlah untuk membuat password root sql Sekarang download versi terakhir opensips di situs berikut http://opensips.org/ setelah mendapatkan opensips , kemudian kita extrak tar xvzf opensips-1.4.4-tls_src.tar.gz cd opensips-1.4.4-tls • Mengkompilasi Opensips kita akan mengkompilasi Opensips dengan semua modul yang tersedia: make all include_modules = "db_mysql" modul make install include_modules = "db_mysql" modul
•
Sekarang salin file dari direktori diekstrak sebagai berikut: cp / usr/src/opensips-1.4.4-tls/packaging/debian-etch/opensips.default / etc / default / opensips cp / usr/src/opensips-1.4.4-tls/packaging/debian-etch/opensips.init / etc / init.d / opensips
•
Membuat perubahan berikut pada file / etc / default / opensips: nano / etc / default / opensips RUN_OPENSIPS = yes Pengguna untuk menjalankan sebagai USER = opensips Kelompok berjalan seperti GROUP = opensips Jumlah memori untuk mengalokasikan untuk OpenSIPS menjalankan server (dalam Mb) MEMORY = 128
Ubah juga file / etc / init.d / opensips: nano / etc / init.d / opensips
Ganti baris DAEMON = / usr / sbin / opensips ke: DAEMON = / usr / local / sbin / opensips • Memberikan izin eksekusi ke file: chmod + x / etc / init.d / opensips
•
opensips menciptakan user: adduser opensips
• Sekarang membuat dir: mkdir / var / run / opensips • Konfigurasi Opensips: Kita harus mengubah file di / usr / local / etc / opensips / opensipsctlrc nano / usr / local / etc / opensips / opensipsctlrc • Dan membuat perubahan berikut: SIP_DOMAIN = localhost DBENGINE = MYSQL
DBHOST = localhost Dbname = opensips DBRWUSER = opensips DBRWPW = "opensipsrw" DBROUSER = opensipsro DBROPW = opensipsro DBROOTUSER = "root" USERCOL = "username" INSTALL_EXTRA_TABLES = bertanya INSTALL_PRESENCE_TABLES = bertanya INSTALL_SERWEB_TABLES = bertanya CTLENGINE = "FIFO" OSIPS_FIFO = "/ tmp / opensips_fifo" PID_FILE = / var / run / opensips / opensips.pid
•
Sekarang membuat database: opensipsdbctl create • Perintah ini akan meminta password root mysql. • Konfigurasi Mysql dukungan: melakukan perubahan berikut dalam file opensips konfigurasi /usr/local/etc/opensips/ opensips.cfg /: nano /usr/local/etc/opensips/opensips.cfg LoadModule "db_mysql.so" LoadModule "auth.so" LoadModule "auth_db.so" modparam ( "usrloc", "db_mode", 0); # INI HARUS MENJADI LINE Commented modparam ( "usrloc", "db_mode", 2) modparam ( "usrloc", "db_url", "mysql: / / opensips: opensipsrw @ localhost / opensips") ----- ----- Auth_db params / * Tanda komentar pada baris berikut jika Anda ingin mengaktifkan otentikasi berbasis DB * / modparam ( "auth_db", "calculate_ha1", ya) modparam ( "auth_db", "password_column", "password") modparam ( "auth_db", "db_url", "mysql: / / opensips: opensipsrw @ localhost / opensips")
•
Buat pengguna SoftPhone dalam database:
opensipsctl add 1001 1001 opensipsctl add 1002 1002
•
Buat pengguna Opensips di Mysql:
mysql> GRANT ALL PRIVILEGES ON *.* TO opensips @ localhost IDENTIFIED BY 'opensips'; GRANT ALL PRIVILEGES ON *.* TO
[email protected] IDENTIFIED BY 'opensips';
•
Memulai OpenSIPS
Ada dua cara memulai opensips: Gunakan saja salah satu dari ini; 1. / etc / init.d / opensips start | stop 2. opensipsctl start | stop • Selesai instalasi. Sekarang Anda dapat menguji menggunakan X-lite atau SoftPhone Anda mendaftar dengan opensips dibuat pengguna. misalnya: opensips yang diciptakan pengguna; • Buat pengguna SoftPhone dalam database: opensipsctl add 1001 1001 # # pengguna dan password opensipsctl add 1002 1002
Setelah konfigurasi pada server sekarang tinggal konfigurasi pada client. Misalnya client menggunakan OS Windows maka kita pakai aplikasi x-lite sebagai bantuan penggunaan voip. Konfigurasi x-lite sebagai berikut pada SIP Acount
Display name : diisi nama User name : nomer yang telah di setting pada server Password: kata kunci yang telah di setting di server
Authorization user name : di isi sesuai user name Domain : alamat dari server (IP server) 7.
Hotspot •
Install Freeradius apt-get install apache2 php5 php5-mysql ssl-cert freeradius freeradius-mysql mysql-server-5.0 php5-common php5-gd php-pear php-db libapache2-mod-php5
•
Install Chillispot wget http://www.chillispot.info/download/chillispot_1.0_i386.deb dpkg –i chillispot_1.0_i386.deb
Berikut konfigurasi yang diperlukan : •
Freeradius a. Edit file /etc/apache2/apache2.conf tambahkan di bagian bawah file nya: ServerName 192.168.15.1 IP address ini adalah IP address eth0 anda.
b. Edit file /etc/php5/apache2/php.ini Cari tulisan: ; extension=msql.so Hapus tanda titik koma nya dan ganti msql.so jadi mysql.so extension=mysql.so Cari juga tulisan: post_max_size = 8M Ganti 8M menjadi 16M post_max_size = 16M
c. Download paket phpmyprepaid lalu letakkan di folder /var/www dan ekstrak #cd /var/www #tar -xzvf phpmyprepaid04RC2.tgz
Sebelum menginstall PhpMyPrepaid, ubah dulu akses folder dari folder di bawah ini ke 777 #chmod 777 /var/www/phpmprepaid/www
Buat table phpmyprepaid di mysql anda. #mysql -u root -p
mysql> CREATE DATABASE phpmyprepaid; mysql> GRANT ALL PRIVILEGES ON phpmyprepaid.* to ‘phpmyprepaid’@'localhost’ IDENTIFIED BY ‘passphpmyprepaid-mysql-gwa’; mysql> exit
Install Program PhpMyPrepaid Buka Mozilla Firefox dan arahkan addressnya ke : http://192.168.15.1/phpmyprepaid/www/install/setup.php Saya ingatkan lagi, 192.168.15.1 adalah ip address eth0 yang terhubung ke internet Klik start • Konfigurasi yang harus dipastikan benar adalah sebagai berikut: PhpMyPrepaid install directory : /var/www/phpmyprepaid FreeRADIUS binary files directory : /usr/sbin FreeRADIUS config files directory : /etc/freeradius FreeRADIUS dictionary directory : /usr/share/radius FreeRADIUS start/stop/restart/status script : /etc/init.d/freeradius FreeRADIUS radius log file path : /var/log/freeradius/radius.log RRDTOOL binary path : /usr/bin/rrdtool Sudo binary path : /usr/bin/sudo System log file path : /var/log/messages Radclient command : /usr/bin/radclient MySQL client commmand : /usr/bin/mysql snmpwalk command : /usr/bin/snmpwalk snmpget command : /usr/bin/snmpget Lalu konfigurasi di halaman selanjutnya adalah sebagai berikut Root password for MySQL : passroot-mysql-gwa PhpMyPrepaid Database Name (phpmyprepaid) : phpmyprepaid PhpMyPrepaid Database Password : passphpmyprepaid-mysql-gwa Confirm Password : passphpmyprepaid-mysql-gwa Database location (localhost) : localhost FreeRadius location (localhost) : localhost FreeRadius version : 1.X • Lalu konfigurasi di halaman selanjutnya adalah sebagai berikut Administrator login for PhpMyPrepaid : userlogin-phpmyprepaid-gw Administrator password for PhpMyPrepaid : passlogin-phpmyprepaid-gw Confirm Password : passlogin-phpmyprepaid-gw
Administrator name for PhpMyPrepaid : shinigami Administrator surname for PhpMyPrepaid : shinigami dika Administrator email for PhpMyPrepaid :
[email protected] Administrator language for PhpMyPrepaid : en
Konfigurasi paska instalasi PhpMyPrepaid • Hapus folder instalasi #rm -rf /var/www/phpmyprepaid/www/install Ubah Hak Akses foldernya kembali #chmod 755 /var/www/phpmyprepaid/www
•
Setting Chillispot
• Buka /etc/chilli.conf. Isi konfigurasi minimal sebagai berikut net 10.3.11.0 dns 192.168.15.77 radiusserver1 127.0.0.1 radiussecret passsecretnya-radius-gw dhcpif eth1 uamserver https://10.3.11.1/cgi-bin/hotspotlogin.cgi uamsecret pass-secret-uam-gw uam listen 10.3.11.0
• Buat file hotspotlogin.cgi di folder cgi-bin #cp /sr/share/doc/chillispot/hotspotlogin.cgi.gz /usr/lib/cgi-bin #gunzip /usr/lib/cgi-bin/hotspotlogin.cgi.gz #cd /usr/lib/cgi-bin #chmod 755 hotspotlogin.cgi
• Edit file /usr/lib/cgi-bin/hotspotlogin.cgi Uncomment 2 buah baris, sehingga menjadi seperti di bawah ini $uamsecret = “pass-secret-uam-gw”; $userpassword=1;
• Aktifkan firewall chillispot dan buat firewallnya agar diaktifkan setiap kali server restart #sh /usr/share/doc/chillispot/firewall.iptables #cp /usr/share/doc/chillispot/firewall.iptables /etc/init.d/chilli.iptables #chmod u+x /etc/init.d/chilli.iptables #ln -s /etc/init.d/chilli.iptables /etc/rcS.d/S40chilli.iptables
•
Setting FreeRadius
• Edit file /etc/freeradius/clients.conf Cari konfigurasi berikut dan modifikasi menjadi seperti ini client 127.0.0.1 { secret
= pass-client-radius-testing123-gw
shortname nastype
= localhost = other
}
• Edit file /etc/freeradius/sql.conf #Connect Info server = “localhost” login = “phpmyprepaid” password = “passphpmyprepaid-mysql-gwa” #Database table configuration radius_db = “phpmyprepaid” •
Edit file /etc/freeradius/radiusd.conf Cari konfigurasi berikut $INCLUDE ${confdir}/sql.conf Dan tambahkan baris di bawahnya sehingga menjadi sebagai berikut $INCLUDE ${confdir}/sql.conf sqlcounter noresetcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = “SELECT SUM(AcctSessionTime) FROM radacct where UserName = ‘%{%k}’” }
Cari konfigurasi untuk accounting, instantiate, dan authorize. Lalu setting menjadi seperti di bawah ini dengan cara menghilangkan tanda pagarnya. Selain itu, berikan tanda pagar untuk yang lain. accounting { unix radutmp
sql } instantiate { exec expr noresetcounter } authorize { preprocess chap mschap suffix sql noresetcounter }
Setting Certificate • Konfigurasi Sertifikasi #cd /etc/apache2 #mkdir ssl #make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem Lalu jawab pertanyaan-pertanyaan nya hehe…
• Aktifkan dengan cara #a2enmod ssl #/etc/init.d/apache2 force-reload
• Lalu buat file ssl dengan meng-copy dari default #cd /etc/apache2/sites-available #cp default ssl
• Lalu edit /etc/apache2/sites-available/ssl. Ubah bagian awalnya jadi seperti ini NameVirtualHost *:443
ServerAdmin webmail@localhost SSLEngine On SSLCertificateFIle /etc/apache2/ssl/apache.pem DocumentRoot /var/www/
• Kemudian di enable dengan cara #a2ensite ssl #/etc/init.d/apache2 reload #/etc/init.d/apache2 restart
• Restart semua aplikasi #/etc/init.d/apache2 restart #/etc/init.d/mysql restart #/etc/init.d/chillispot restart #/etc/init.d/freeradius restart
8. FTP apt-get install proftpd Berikut konfigurasi yang diperlukan :
Konfigurasisnya sebagai berikut :modifikasi file konfigurasi /etc/ptoftpd.conf # /etc/proftpd/proftpd.conf This is a basic ProFTPD configuration file. # To really apply changes reload proftpd after modifications. # Includes DSO modules Include /etc/proftpd/modules.conf # Set off to disable IPv6 support which is annoying on IPv4 only boxes. #UseIPv6 on ServerName "PTI-UNY" ServerType standalone Defer Welcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayChdir .message true ListOptions "-l" DenyFilter \*.*/ # Use this to jail all users in their homes # DefaultRoot ~ # Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain. # RequireValidShell off # Port 21 is the standard FTP port. Port 21 # In some cases you have to specify passive ports range to by-pass # firewall limitations. Ephemeral ports can be used for that, but # feel free to use a more narrow range. # PassivePorts 49152 65534 # If your host was NATted, this option is useful in order to # allow passive tranfers to work. You have to use your public # address and opening the passive ports used on your firewall as well. # MasqueradeAddress 1.2.3.4 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User root Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 # Normally, we want files to be overwriteable. AllowOverwrite on # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords: # PersistentPasswd off # This is required to use both PAM-based authentication and local passwords # AuthOrder *modfiauth_pam.c mod_auth_unix.c # Be warned: use of this directive impacts CPU average load! # Uncomment this if you like to see progress and transfer rate with ftpwho # in downloads. That is not needed for uploads rates. # # UseSendFile off # Choose a SQL backend among MySQL or PostgreSQL. # Both modules are loaded in default configuration, so you have to specify the backend # or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values. # # # SQLBackend mysql # TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log QuotaEngine off Ratios off # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 # It is on by default. DelayEngine on ControlsEngine off ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock AdminControlsEngine off # Alternative authentication frameworks #Include /etc/proftpd/ldap.conf #Include /etc/proftpd/sql.conf # This is used for FTPS connections #Include /etc/proftpd/tls.conf # A basic anonymous configuration, no upload directories. User ftp Group nogroup # We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp # Cosmetic changes, all files belongs to ftp user DirFakeUser on ftp DirFakeGroup on ftp RequireValidShell off # Limit the maximum number of anonymous logins MaxClients 10 # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLogin welcome.msg DisplayChdir .message # Limit WRITE everywhere in the anonymous chroot DenyAll # Uncomment this if you're brave. # # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 DenyAll AllowAll
9. Mail Server apt-get install postfix Berikut konfigurasi yang diperlukan : •
Selanjutnya lakukan konfigurasi postfix pada file main.cf # nano /etc/postfix/main.cf contoh konfigurasi : myhostname = mail.pti-uny.com mydomain = pti-uny.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = $mydomain, localhost
relayhost = #mailbox_command = procmail -a “$EXTENSION” mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all home_mailbox = Maildir/ mynetworks = 127.0.0.0/8 192.168.15.1/24
•
Install squirrelmail # apt-get install squirrelmail
Jalankan perintah dibawah ini -configure buat konfigurasinya… tekan D dan ketik courier server software : courier
Quit dan simpan kofigurasi •
Buat Virtualhost squirrelmail dengan cara edit /etc/apache2/apache2.conf Tambahkan dibaris terakhir script di bawah ini : Include /etc/squirrelmail/apache.conf Restart apache2 # /etc/init.d/apache2 restart
•
Membuat folder Maildir secara Otomatis # cd /etc/skel # maildirmake Maildir
•
Buat user “test1” dan amati direktory /home/test1
•
Testing squirrelmail Buka browser : Address arahkan ke 192192.168.15.1/squirrelmail
10. Gateway Apt-get install quagga -
Kita harus aktifkan daemon quagga untuk protokol ruting kita inginkan. zebra : Deklarasi interface dan static routing bgpd : BGP routing protocol ospfd : OSPF routing protocol ospf6d : OSPF IPv6 routing protocol ripd : RIP v2 routing protocol ripngd : RIP IPv6 routing protocol
-
contoh kita hanya aktifin zebra dan ospf IPv4 # nano /etc/quagga/daemons zebra=yes bgpd=no ospfd=yes ospf6d=no ripd=no ripngd=no
- Konfigurasi file berada di /etc/quagga/*.conf, tiap-tiap daemon mempunyai file sendirisendiri zebra : zebra.conf bgpd : bgpd.conf ospfd : ospfd.conf ospf6d : ospf6d.conf ripd : ripd.conf ripngd : ripngd.conf
kita copy paste aja dari contohnya : # cp /usr/share/doc/quagga/examples/zebra.conf.sample /etc/quagga/zebra.conf # cp /usr/share/doc/quagga/examples/ospfd.conf.sample /etc/quagga/ospfd.conf
- Kita bisa akses dengan telnet ke port masing2. zebra : 2601 ripd : 2602 ripngd : 2603 ospfd : 2604 bgpd : 2605
ospf6d : 2606
misal # telnet localhost 2601 - Untuk bisa pake vtysh, harus copy dan paste lagi # cp /usr/share/doc/quagga/examples/vtysh.conf.sample /etc/quagga/vtysh.conf /etc/quagga/vtysh.conf ! ! Sample ! ! service integrated-vtysh-config hostname quagga-router username root nopassword !
- Biar tidak ngeblink waktu di vtysh # echo VTYSH_PAGER=more > /etc/environnement
- Set untuk permisi konfigurasi filenya # chown quagga.quaggavty /etc/quagga/*.conf # chmod 640 /etc/quagga/*.conf - Restart Service # /etc/init.d/quagga restart o
Cara penggunaan bisa dengan telnet atau vtysh # telnet localhost 2601 atau # vtysh
atau jika mau langsung dari shell # vtysh -c “command”