Tuesday, January 18, 2011

Installing DNS,DHCP,Webserver,Proxy,FTP,DDOS protection,IDS

7:27 PM Blackmygo

Install DNS,DHCP,Webserver,Proxy,FTP,DDOS protection,IDS

[root@ns1 gtoms]# uname -a
Linux ns1.xyz.co.id 2.6.18-194.11.1.el5 #1 SMP Tue Aug 10 19:09:06 EDT 2010 i686 i686 i386 GNU/Linux

[root@ns1 gtoms]# cat /etc/redhat-release
CentOS release 5.5 (Final)

[root@ns1 gtoms]# /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:BA:C3:71:D2
inet addr:202.137.2x.2xx Bcast:202.137.20.223 Mask:255.255.255.240
inet6 addr: fe80::250:baff:fec3:71d2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1028 errors:0 dropped:0 overruns:0 frame:0
TX packets:757 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:93229 (91.0 KiB) TX bytes:143908 (140.5 KiB)
Interrupt:209 Base address:0×2000

eth1 Link encap:Ethernet HWaddr 00:13:D4:01:65:1F
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1124 errors:0 dropped:0 overruns:0 frame:0
TX packets:1124 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1981916 (1.8 MiB) TX bytes:1981916 (1.8 MiB)

Instalasi Domain Name Server sebagai Primary Nameserver

[root@ns1 selinux]# yum install bind-chroot
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
addons: centos.idrepo.or.id
base: centos.idrepo.or.id
extras: centos.idrepo.or.id
updates: centos.idrepo.or.id
Setting up Install Process
Package 30:bind-chroot-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Nothing to do
[root@ns1 gtoms]#

[root@ns1 gtoms]# chmod 755 /var/named/
[root@ns1 gtoms]# chmod 775 /var/named/chroot/
[root@ns1 gtoms]# chmod 775 /var/named/chroot/var/
[root@ns1 gtoms]# chmod 775 /var/named/chroot/var/named/
[root@ns1 gtoms]# chmod 775 /var/named/chroot/var/run/
[root@ns1 gtoms]# chmod 777 /var/named/chroot/var/run/named/
[root@ns1 gtoms]# cd /var/named/chroot/var/named/
[root@ns1 named]# ln -s ../../ chroot
[root@ns1 named] cp /usr/share/doc/bind-9.3.6/sample/var/named/named.local /var/named/chroot/var/named/named.local
[root@ns1 named] cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/named.root
[root@ns1 named] touch /var/named/chroot/etc/named.conf.local

[root@ns1 named]# nano /var/named/chroot/etc/named.conf
key “rndckey” {
algorithm hmac-md5;
secret “PatIBVa6D1zrSKnEOBsO4siZyJO0cytbujld1boBT7W8RrVee5dsCkGSID79”;
};

options {
listen-on port 53 { 127.0.0.1; 192.168.0.2; 202.137.2x.2xx; };
listen-on-v6 port 53 { ::1; };
directory “/var/named/chroot/var/named”;
dump-file “/var/named/chroot/var/named/data/cache_dump.db”;
statistics-file “/var/named/chroot/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/chroot/var/named/data/named_mem_stats.txt”;
allow-query { localhost; };
recursion yes;
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “.” IN {
type hint;
file “named.root”;
};

zone “xyz.co.id” IN {
type om;
file “data/xyz.co.id.zone”;
allow-update { none; };
};

[root@ns1 named]# nano /var/named/chroot/var/named/data/xyz.co.id

$ORIGIN .
$TTL 86400 ; 1 day

xyz.co.id IN SOA ns1.xyz.co.id. admin.xyz.co.id. (
2010082100
7200
7200
1209600
86400 )
NS ns1.xyz.co.id.
NS ns2.xyz.co.id.
A 202.137.2x.2xx
MX 10 mail.xyz.co.id.

$ORIGIN xyz.co.id.

webmail A 202.137.2x.2zz
ns1 A 202.137.2x.2xx
ns2 A 202.137.2x.2yy
mail A 202.137.2x.2zz
www A 202.137.2x.2xx
mail2 A 202.137.2x.2yy
xyz.co.id. IN TXT “PT. xyz”
IP 202.137.2x.2zz dengan mail.xyz.co.id merupakan server mailserver menggunakan Zimbra 6.0.6 berada beda mesin dengan server ini.

[root@ns1 named]# /etc/init.d/named start
Starting named: [ OK ]

[root@ns1 etc]# tail -f /var/log/messages
Aug 21 11:31:35 ns1 named[3766]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named -t /var/named/chroot
Aug 21 11:31:35 ns1 named[3766]: adjusted limit on open files from 1024 to 1048576
Aug 21 11:31:35 ns1 named[3766]: found 2 CPUs, using 2 worker threads
Aug 21 11:31:35 ns1 named[3766]: using up to 4096 sockets
Aug 21 11:31:35 ns1 named[3766]: loading configuration from ‘/etc/named.conf’
Aug 21 11:31:35 ns1 named[3766]: using default UDP/IPv4 port range: [1024, 65535]
Aug 21 11:31:35 ns1 named[3766]: using default UDP/IPv6 port range: [1024, 65535]
Aug 21 11:31:35 ns1 named[3766]: listening on IPv6 interface lo, ::1#53
Aug 21 11:31:35 ns1 named[3766]: listening on IPv4 interface lo, 127.0.0.1#53
Aug 21 11:31:35 ns1 named[3766]: listening on IPv4 interface eth1, 192.168.0.2#53
Aug 21 11:31:35 ns1 named[3766]: listening on IPv4 interface eth0, 202.137.2x.2xx#53
Aug 21 11:31:35 ns1 named[3766]: command channel listening on 127.0.0.1#953
Aug 21 11:31:35 ns1 named[3766]: command channel listening on ::1#953
Aug 21 11:31:35 ns1 named[3766]: zone xyz.co.id/IN: loaded serial 2010082100
Aug 21 11:31:35 ns1 named[3766]: running
Aug 21 11:31:35 ns1 named[3766]: zone xyz.co.id/IN: sending notifies (serial 2010082100)

Instalasi DHCP Server

[root@ns1 data]# yum install dhcp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
addons: centos.idrepo.or.id
base: centos.idrepo.or.id
extras: centos.idrepo.or.id
updates: centos.idrepo.or.id
Setting up Install Process
Resolving Dependencies—> Running transaction check—-> Package dhcp.i386 12:3.0.5-23.el5_5.1 set to be updated—> Finished Dependency Resolution
——————————————cut————————————————————-

Total download size: 867 k
Is this ok [y/N]: y
Downloading Packages:
dhcp-3.0.5-23.el5_5.1.i386.rpm | 867 kB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : dhcp 1/1

Installed:
dhcp.i386 12:3.0.5-23.el5_5.1

Complete!
[root@ns1 data]#

[root@ns1 data]# nano /etc/dhcpd.conf

authoritative;
ddns-update-style interim;
ignore client-updates;

subnet 192.168.0.0 netmask 255.255.255.0 {
option routers 192.168.0.2;
option subnet-mask 255.255.255.0;
option domain-name “xyz.co.id”;
option domain-name-servers 192.168.0.2,202.137.2x.2xx;
range dynamic-bootp 192.168.0.9 192.168.0.254;
default-lease-time 43200;
max-lease-time 604800;

}

Range IP untuk seluruh komputer karyawan 192.168.0.9 192.168.0.254

[root@ns1 data]# /etc/init.d/dhcpd start
Starting dhcpd: [ OK ]

[root@ns1 data]# tail -f /var/log/messages
Aug 21 11:44:36 ns1 dhcpd: Internet Systems Consortium DHCP Server V3.0.5-RedHat
Aug 21 11:44:36 ns1 dhcpd: Copyright 2004-2006 Internet Systems Consortium.
Aug 21 11:44:36 ns1 dhcpd: All rights reserved.
Aug 21 11:44:36 ns1 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Aug 21 11:44:36 ns1 dhcpd: Wrote 0 leases to leases file.
Aug 21 11:44:36 ns1 dhcpd:
Aug 21 11:44:36 ns1 dhcpd: No subnet declaration for eth0 (202.137.2x.2xx).
Aug 21 11:44:36 ns1 dhcpd: ** Ignoring requests on eth0. If this is not what
Aug 21 11:44:36 ns1 dhcpd: you want, please write a subnet declaration
Aug 21 11:44:36 ns1 dhcpd: in your dhcpd.conf file for the network segment
Aug 21 11:44:36 ns1 dhcpd: to which interface eth0 is attached. **
Aug 21 11:44:36 ns1 dhcpd:
Aug 21 11:44:36 ns1 dhcpd: Listening on LPF/eth1/00:13:d4:01:65:1f/192.168.0/24
Aug 21 11:44:36 ns1 dhcpd: Sending on LPF/eth1/00:13:d4:01:65:1f/192.168.0/24
Aug 21 11:44:36 ns1 dhcpd: Sending on Socket/fallback/fallback-net

3766 ? Ssl 0:00 /usr/sbin/named -u named -t /var/named/chroot
3928 ? Ss 0:00 /usr/sbin/dhcpd
[root@ns1 gtoms]#

Instalasi Webserver menggunakan Apache

[root@ns1 gtoms]# yum install httpd httpd-devel mysql-server php php-mysql php-mbstring php-mcrypt

[root@ns1 gtoms]# nano /etc/httpd/conf/httpd.conf

Listen 202.137.2x.2xx:80

NameVirtualHost *:80


ServerAdmin webmaster@xyz.co.id
DocumentRoot /home/webxyz
ServerName xyz.co.id
ServerAlias http://www.xyz.co.id


ServerAdmin webmaster@xyz.co.id
DocumentRoot /var/www/html/stat
ServerName xyz.co.id/stat
ServerAlias http://www.xyz.co.id/stat


Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all

Instalasi SQUID sebagai cache proxy server 

[root@ns1 gtoms]# yum install squid
[root@ns1 gtoms]# cd /etc/squid

[root@ns1 squid] nano squid.conf

[root@ns1 squid]# /usr/sbin/squid -z

Instalasi SQUIDGUARD sebagai content filtering.

[root@ns1 gtoms]# wget http://www.excaliburtech.net/wp-content/...2010-08-21 18:49:02—http://www.excaliburtech.net/wp-content/uploads/2009/02/squidguard-1.4-3.i386.rpm
Resolving http://www.excaliburtech.net… 72.66.114.15
Connecting to http://www.excaliburtech.net|72.66.114.15|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 119416 (117K) [application/x-rpm]
Saving to: `squidguard-1.4-3.i386.rpm’
2010-08-21 18:49:05 (54.0 KB/s) – `squidguard-1.4-3.i386.rpm’ saved [119416/119416]

[root@ns1 gtoms]# rpm ivh squidguard1.4-3.i386.rpm
Preparing… ########################################### [100%]
1:squidguard ########################################### [100%]

[root@ns1 gtoms]# locate squidguard
/etc/logrotate.d/squidguard
/etc/squid/squidguard.conf
/home/gtoms/squidguard-1.4-3.i386.rpm
/usr/bin/squidguard
/usr/libexec/webmin/blue-theme/squidguard
/usr/libexec/webmin/blue-theme/squidguard/images
/usr/libexec/webmin/blue-theme/squidguard/images/icon.gif
/usr/share/doc/squidguard-1.4
/usr/share/doc/squidguard-1.4/LDAPFlow.txt
/usr/share/doc/squidguard-1.4/authentication.html
/usr/share/doc/squidguard-1.4/authentication.txt
/usr/share/doc/squidguard-1.4/configuration.html
/usr/share/doc/squidguard-1.4/configuration.txt
/usr/share/doc/squidguard-1.4/configure.html
/usr/share/doc/squidguard-1.4/configure.txt
/usr/share/doc/squidguard-1.4/expressionlist.html
/usr/share/doc/squidguard-1.4/expressionlist.txt
/usr/share/doc/squidguard-1.4/extended.html
/usr/share/doc/squidguard-1.4/extended.txt
/usr/share/doc/squidguard-1.4/faq.html
/usr/share/doc/squidguard-1.4/faq.txt
/usr/share/doc/squidguard-1.4/features.html
/usr/share/doc/squidguard-1.4/features.txt
/usr/share/doc/squidguard-1.4/index.html
/usr/share/doc/squidguard-1.4/install.html
/usr/share/doc/squidguard-1.4/install.txt
/usr/share/doc/squidguard-1.4/installation.html
/usr/share/doc/squidguard-1.4/installation.txt
/usr/share/doc/squidguard-1.4/ldap-ad-tips.html
/usr/share/doc/squidguard-1.4/ldap-ad-tips.txt
/usr/share/doc/squidguard-1.4/ldap.html
/usr/share/doc/squidguard-1.4/ldap.txt
/usr/share/doc/squidguard-1.4/runtimeops.html
/usr/share/doc/squidguard-1.4/runtimeops.txt
/usr/share/doc/squidguard-1.4/sample.conf
/usr/share/doc/squidguard-1.4/squidguard-simple.cgi
/usr/share/doc/squidguard-1.4/squidguard.cgi
/usr/share/doc/squidguard-1.4/squidguard.gif
/usr/share/doc/squidguard-1.4/troubleshoot.html
/usr/share/doc/squidguard-1.4/troubleshoot.txt

Sebelum mengkonfigurasi squidguard.conf install dahulu Shalla’s Blacklists

[root@ns1 gtoms]# wget http://www.shallalist.de/Downloads/shallalist.tar.gz%E2%80%942010-08-21 19:02:00—http://www.shallalist.de/Downloads/shallalist.tar.gz
Resolving http://www.shallalist.de… 78.47.242.85
Connecting to http://www.shallalist.de|78.47.242.85|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 9670277 (9.2M) [application/x-tar]
Saving to: `shallalist.tar.gz’

11% [============> ] 1,126,182 119K/s eta 80s

[root@ns1 gtoms]# mkdir /var/lib/squidguard/db

[root@ns1 gtoms]# mv shallalist.tar.gz /var/lib/squidguard/db

[root@ns1 gtoms]# cd /var/lib/squidguard/db

[root@ns1 db]# gzip -d shallalist.tar.gz

[root@ns1 db]# tar xfv shallalist.tar
BL/
BL/porn/
BL/porn/domains
BL/porn/urls
BL/gamble/
BL/gamble/domains
BL/gamble/urls
BL/chat/
BL/chat/domains
BL/chat/urls
BL/automobile/
BL/automobile/cars/
BL/automobile/cars/domains
BL/automobile/cars/urls
BL/automobile/bikes/
BL/automobile/bikes/domains
BL/automobile/bikes/urls
BL/automobile/boats/
BL/automobile/boats/domains
BL/automobile/boats/urls
BL/automobile/planes/
BL/automobile/planes/urls
BL/automobile/planes/domains
BL/recreation/
BL/recreation/humor/
BL/recreation/humor/domains
BL/recreation/humor/urls
BL/recreation/martialarts/
BL/recreation/martialarts/urls
BL/recreation/martialarts/domains
BL/recreation/sports/
BL/recreation/sports/domains
BL/recreation/sports/urls
BL/recreation/travel/
BL/recreation/travel/urls
BL/recreation/travel/domains
BL/recreation/wellness/
BL/recreation/wellness/domains
BL/recreation/wellness/urls
BL/recreation/restaurants/
BL/recreation/restaurants/urls
BL/recreation/restaurants/domains
BL/webradio/
BL/webradio/domains
BL/webradio/urls
BL/webmail/
BL/webmail/domains
BL/webmail/urls
BL/warez/
BL/warez/urls
BL/warez/domains
BL/shopping/
BL/shopping/domains
BL/shopping/urls
BL/adv/
BL/adv/domains
BL/adv/urls
BL/movies/
BL/movies/urls
BL/movies/domains
BL/science/
BL/science/chemistry/
BL/science/chemistry/urls
BL/science/chemistry/domains
BL/science/astronomy/
BL/science/astronomy/domains
BL/science/astronomy/urls
BL/hobby/
BL/hobby/pets/
BL/hobby/pets/domains
BL/hobby/pets/urls
BL/hobby/cooking/
BL/hobby/cooking/domains
BL/hobby/cooking/urls
BL/hobby/gardening/
BL/hobby/gardening/urls
BL/hobby/gardening/domains
BL/hobby/games-online/
BL/hobby/games-online/domains
BL/hobby/games-online/urls
BL/hobby/games-misc/
BL/hobby/games-misc/domains
BL/hobby/games-misc/urls
BL/violence/
BL/violence/domains
BL/violence/urls
BL/music/
BL/music/domains
BL/music/urls
BL/hacking/
BL/hacking/domains
BL/hacking/urls
BL/isp/
BL/isp/urls
BL/isp/domains
BL/drugs/
BL/drugs/domains
BL/drugs/urls
BL/aggressive/
BL/aggressive/domains
BL/aggressive/urls
BL/news/
BL/news/urls
BL/news/domains
BL/redirector/
BL/redirector/urls
BL/redirector/domains
BL/spyware/
BL/spyware/domains
BL/spyware/urls
BL/dating/
BL/dating/urls
BL/dating/domains
BL/finance/
BL/finance/banking/
BL/finance/banking/urls
BL/finance/banking/domains
BL/finance/other/
BL/finance/other/domains
BL/finance/other/urls
BL/finance/moneylending/
BL/finance/moneylending/domains
BL/finance/moneylending/urls
BL/finance/insurance/
BL/finance/insurance/urls
BL/finance/insurance/domains
BL/finance/realestate/
BL/finance/realestate/domains
BL/finance/realestate/urls
BL/finance/trading/
BL/finance/trading/domains
BL/finance/trading/urls
BL/dynamic/
BL/dynamic/urls
BL/dynamic/domains
BL/COPYRIGHT
BL/jobsearch/
BL/jobsearch/urls
BL/jobsearch/domains
BL/tracker/
BL/tracker/domains
BL/tracker/urls
BL/models/
BL/models/domains
BL/models/urls
BL/forum/
BL/forum/domains
BL/forum/urls
BL/webtv/
BL/webtv/urls
BL/webtv/domains
BL/downloads/
BL/downloads/urls
BL/downloads/domains
BL/ringtones/
BL/ringtones/domains
BL/ringtones/urls
BL/searchengines/
BL/searchengines/domains
BL/searchengines/urls
BL/socialnet/
BL/socialnet/urls
BL/socialnet/domains
BL/updatesites/
BL/updatesites/domains
BL/updatesites/urls
BL/weapons/
BL/weapons/domains
BL/weapons/urls
BL/webphone/
BL/webphone/domains
BL/webphone/urls
BL/global_usage
BL/religion/
BL/religion/domains
BL/religion/urls
BL/sex/
BL/sex/lingerie/
BL/sex/lingerie/urls
BL/sex/lingerie/domains
BL/sex/education/
BL/sex/education/urls
BL/sex/education/domains
BL/imagehosting/
BL/imagehosting/domains
BL/imagehosting/urls
BL/podcasts/
BL/podcasts/domains
BL/podcasts/urls
BL/hospitals/
BL/hospitals/domains
BL/hospitals/urls
BL/military/
BL/military/urls
BL/military/domains
BL/politics/
BL/politics/domains
BL/politics/urls
BL/remotecontrol/
BL/remotecontrol/urls
BL/remotecontrol/domains
BL/fortunetelling/
BL/fortunetelling/domains
BL/fortunetelling/urls
BL/library/
BL/library/domains
BL/library/urls
BL/costtraps/
BL/costtraps/urls
BL/costtraps/domains
BL/homestyle/
BL/homestyle/domains
BL/homestyle/urls
BL/education/
BL/education/schools/
BL/education/schools/domains
BL/education/schools/urls
BL/government/
BL/government/domains
BL/government/urls
BL/alcohol/
BL/alcohol/domains
BL/alcohol/urls
BL/radiotv/
BL/radiotv/domains
BL/radiotv/urls
[root@ns1 db]#

[root@ns1 db]# cd BL

[root@ns1 BL] cp -R * /var/lib/squidguard/db

[root@ns1 BL]# nano /etc/squid/squidguard.conf

dbhome /var/lib/squidguard/db
logdir /var/log/squid


dest whitelist {
domainlist whitelist/domains
urllist whitelist/urls
}

dest adv {
domainlist adv/domains
urllist adv/urls
}

acl {
default {

pass whitelist !adv

redirect http://www.xyz.co.id/redirect.html
}

}


[root@ns1 BL]# /usr/bin/squidguard -C all

[root@ns1 db]# chmod -R 777 *

[root@ns1 db]# chown -R squid:squid /var/lib/squidguard/db/*

[root@ns1 squid]# nano /etc/squid/squid.conf

url_rewrite_program /usr/bin/squidguard -c /etc/squid/squidguard.conf
url_rewrite_children 8

[root@ns1 squid]# /usr/sbin/squid -k reconfigure

[root@ns1 db]# tail -f /var/log/squid/cache.log

2010/08/22 08:52:43| Reconfiguring Squid Cache (version 2.6.STABLE21)...
2010/08/22 08:52:43| FD 10 Closing HTTP connection
2010/08/22 08:52:43| FD 12 Closing ICP connection
2010/08/22 08:52:43| Initialising SSL.
2010/08/22 08:52:43| User-Agent logging is disabled.
2010/08/22 08:52:43| Referer logging is disabled.
2010/08/22 08:52:43| DNS Socket created at 0.0.0.0, port 52827, FD 9
2010/08/22 08:52:43| Adding nameserver 202.137.2x.2xx from squid.conf
2010/08/22 08:52:43| helperOpenServers: Starting 8 ‘squidguard’ processes
2010/08/22 08:52:43| Accepting transparently proxied HTTP connections at 0.0.0.0, port 3128, FD 19.
2010/08/22 08:52:43| Accepting ICP messages at 0.0.0.0, port 3130, FD 20.
2010/08/22 08:52:43| WCCP Disabled.
2010/08/22 08:52:43| Loaded Icons.
2010/08/22 08:52:43| Ready to serve requests.

Instalasi FTP Server menggunakan VSFTP

[root@ns1 gtoms]# yum install vsftpd

Disini tinggal mengkonfigurasi user untuk akses ke webserver.

Instalasi MRTG

[root@ns1 gtoms]# yum install mrtg net-snmp net-snmp-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
addons: centos.idrepo.or.id
base: centos.idrepo.or.id
epel: bali.idrepo.or.id
extras: centos.idrepo.or.id
updates: centos.idrepo.or.id
addons | 951 B 00:00
base | 2.1 kB 00:00
epel | 3.4 kB 00:00
extras | 2.1 kB 00:00
updates | 1.9 kB 00:00
Setting up Install Process
Package 1:net-snmp-5.3.2.2-9.el5_5.1.i386 already installed and latest version————————cut—————————————-

Installed:
mrtg.i386 0:2.14.5-2 net-snmp-utils.i386 1:5.3.2.2-9.el5_5.1

Complete!
[root@ns1 gtoms]#

[root@ns1 gtoms]# nano /etc/snmp/snmpd.conf

com2sec local localhost public
com2sec mynetwork 192.168.0.0/24 public
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
group MyROGroup v1 mynetwork
group MyROGroup v2c mynetwork
group MyROGroup usm mynetwork
view all included .1 80
access MyROGroup “” any noauth exact all none none
access MyRWGroup “” any noauth exact all all none
syslocation PT. xyz, Jakarta
syscontact Root

[root@ns1 gtoms]# /etc/init.d/snmpd start
Starting snmpd: [ OK ]
[root@ns1 gtoms]#

[root@ns1 gtoms]# tail -f /var/log/messages
Aug 21 21:13:50 ns1 yum: Installed: 1:net-snmp-utils-5.3.2.2-9.el5_5.1.i386
Aug 21 21:13:53 ns1 yum: Installed: mrtg-2.14.5-2.i386
Aug 21 21:22:54 ns1 snmpd[7612]: Creating directory: /var/net-snmp
Aug 21 21:22:54 ns1 snmpd[7612]: NET-SNMP version 5.3.2.2

[root@ns1 gtoms]# /usr/bin/snmpwalk v 1 -c public localhost IPMIB::ipAdEntIfIndex
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1
IP-MIB::ipAdEntIfIndex.192.168.0.2 = INTEGER: 3
IP-MIB::ipAdEntIfIndex.202.137.2x.2xx = INTEGER: 2
[root@ns1 gtoms]#

[root@ns1 gtoms]# /usr/bin/cfgmaker—global ‘WorkDir: /var/www/mrtg’—output /etc/mrtg/mrtg.cfg public@localhost

[root@ns1 gtoms]# /usr/bin/indexmaker—output=/var/www/mrtg/index.html /etc/mrtg/mrtg.cfg

[root@ns1 mrtg]# nano /etc/cron.d/mrtg

*/5 * * * * root LANG=C LC_ALL=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg—lock-file /var/lock/mrtg/mrtg_l—confcache-file /var/lib/mrtg/mrtg.ok

[root@ns1 mrtg]# nano /etc/httpd/conf.d/mrtg.conf
Alias /mrtg /var/www/mrtg


Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from ::1

[root@ns1 mrtg]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]

Untuk mengkases melalui browser ke http://iphostname/mrtg/

Memonitor server/router lain kedalam MRTG

Jika menggunakan device router/modem tinggal mengaktifkan snmp, jika server lain linux ingin di monitor tinggal menginstall snmp, contoh disini pada server lain dengan IP 202.137.2x.2zz :

[root@mail gtoms]# yum install net-snmp net-snmp-utils
Setting up Install Process
Parsing package install arguments
Resolving Dependencies—> Running transaction check—-> Package net-snmp.i386 1:5.3.2.2-9.el5_5.1 set to be updated—> Processing Dependency: libsensors.so.3 for package: net-snmp—> Processing Dependency: net-snmp-libs = 1:5.3.2.2-9.el5_5.1 for package: net-snmp—-> Package net-snmp-utils.i386 1:5.3.2.2-9.el5_5.1 set to be updated—> Running transaction check—-> Package net-snmp-libs.i386 1:5.3.2.2-9.el5_5.1 set to be updated—-> Package lm_sensors.i386 0:2.10.7-9.el5 set to be updated—> Finished Dependency Resolution
———————-cutt————————————-

Installed: net-snmp-utils.i386 1:5.3.2.2-9.el5_5.1
Dependency Installed: lm_sensors.i386 0:2.10.7-9.el5 net-snmp.i386 1:5.3.2.2-9.el5_5.1
Updated: net-snmp-libs.i386 1:5.3.2.2-9.el5_5.1
Complete!
[root@mail gtoms]#

[root@mail gtoms]# nano /etc/snmp/snmpd.conf

com2sec local localhost public
com2sec mynetwork 192.168.0.0/24 public
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
group MyROGroup v1 mynetwork
group MyROGroup v2c mynetwork
group MyROGroup usm mynetwork
view all included .1 80
access MyROGroup “” any noauth exact all none none
access MyRWGroup “” any noauth exact all all none
syslocation Zimbra Mailserver XYZ, Jakarta
syscontact Root

[root@mail gtoms]# /etc/init.d/snmpd start
Starting snmpd: [ OK ]
[root@mail gtoms]#

Kembali ke server MRTG nya

[root@ns1 gtoms]# /usr/bin/cfgmaker—global ‘WorkDir: /var/www/mrtg’—output /etc/mrtg/mrtg.cfg public@202.137.2x.2zz

[root@ns1 mrtg]# /usr/bin/cfgmaker—global ‘WorkDir: /var/www/mrtg’—output /etc/mrtg/mrtg.cfg public@192.168.0.1

Instalasi Webmin 

[root@ns1 gtoms]# rpm U webmin1.510-1.noarch.rpm
warning: webmin-1.510-1.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 11f63c51
Operating system is CentOS Linux
Webmin install complete. You can now login to https://ns1.xyz.co.id:10000/
as root with your root password.
[root@ns1 gtoms]#

Instalasi IDS mengunakan The Advanced Intrusion Detection Environmen

Untuk mengkonfigurasi AIDE, SELINUX harus enabled.

[root@ns1 gtoms]# yum install aide

[root@ns1 gtoms]# /usr/sbin/aide—init

[root@ns1 gtoms]# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
[root@ns1 gtoms]# /usr/sbin/aide—check

[root@ns1 gtoms]# aide—check
AIDE, version 0.13.1

### All files match AIDE database. Looks okay!

[root@ns1 gtoms]# vi /etc/cron.weekly/aide.cron

#!/bin/bash
/usr/sbin/aide—check | /bin/mail -s “Weekly Aide Data” IT@zyx.co.id

Instalasi DDOS protection
APF —Advanced Policy-based Firewall

[root@ns1 gtoms]# wget http://rfxnetworks.com/downloads/apf-current.tar.gz
[root@ns1 gtoms]# tar xfz apf-current.tar.gz
[root@ns1 apf-current]# cd apf-*
[root@ns1 apf-current]# ./install.sh

[root@ns1 apf-current]# vi /etc/apf/conf.apf
DEVEL_MODE=”0”
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,3306”
IG_UDP_CPORTS=”53,111”
USE_AD=”1”

[root@ns1 apf-current]# vi /etc/apf/ad/conf.antidos
sesuaikan sendiri ….

BFD —Brute Force Detection 

[root@ns1 gtoms]# wget http://rfxnetworks.com/downloads/bfd-current.tar.gz
[root@ns1 gtoms]# tar xfz bfd-current.tar.gz
[root@ns1 bfd-current]# cd bfd-*
[root@ns1 bfd-current]# ./install.sh

[root@ns1 bfd-current]# vi /usr/local/bfd/conf.bfd

ALERT=”1”
EMAIL_USR=”IT@xyz.co.id”

[root@ns1 bfd-current]# vi /usr/local/bfd/ignore.hosts
sesuaikan sendiri ….

DDoS Deflate 

[root@ns1 gtoms]# wget http://sourceforge.net/projects/rkhunter...z/download
[root@ns1 gtoms]# tar xfz rkhunter-1.3.6.tar.gz
[root@ns1 gtoms]# cd rkhunter-1.3.6
[root@ns1 rkhunter-1.3.6]# ./installer.sh
[root@ns1 rkhunter-1.3.6]# run rkhunter
[root@ns1 rkhunter-1.3.6]# rkhunter -c

Install Mod_dosevasive untuk Apache

[root@ns1 gtoms]# wget http://www.zdziarski.com/projects/mod_ev...0.1.tar.gz

[root@ns1 gtoms]# tar -zxvf mod_evasive_1.10.1.tar.gz

[root@ns1 gtoms]# cd mod_evasive_1.10.1

[root@ns1 mod_evasive_1.10.1]# $APACHE_ROOT/bin/apxs -cia mod_evasive20.c

[root@ns1 mod_evasive_1.10.1]# vi /usr/local/apache/conf/httpd.conf


DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 300

[root@ns1 mod_evasive_1.10.1]# /usr/loca/apache/bin/apachectl restart

Install Mod_security

[root@ns1 gtoms]# http://www.modsecurity.org/download/mods...9.2.tar.gz

[root@ns1 gtoms]# tar zxvf modsecurityapache-1.9.2.tar.gz

[root@ns1 gtoms]# cd modsecurity-apache-1.9.2

[root@ns1 modsecurity-apache-1.9.2]# /usr/local/apache/bin/apxs -cia mod_security.c

Buat sebuah file dengan nama mod_security.conf didalam folder /usr/local/apache/conf

[root@ns1 modsecurity-apache-1.9.2]# vi /usr/local/apache/conf/mod_security.conf

Rules yang dapat kita buat bisa merujuk ke http://www.modsecurity.org/documentation...mples.html

Kita masukkan path mod_security.conf kedalam file httpd.conf

[root@ns1 modsecurity-apache-1.9.2]# vi /usr/local/apache/conf/httpd.conf

/usr/local/apache/conf/mod_security.conf

[root@ns1 modsecurity-apache-1.9.2]# /usr/local/apache/bin/apachectl stop

[root@ns1 modsecurity-apache-1.9.2]# /usr/local/apache/bin/apachectl start

Selesai,Tinggal memonitor.

Sedikit Tambahan Dari saya.
salah satu MRTG itu fungsinya buat ngelihat bandwidth monitoring.

ini kalau buat windows

1. aktifkan SNMP pada windows
masuk ke control panel –> add or remove programs –> add/remove windows components –> centang management and monitoring tools, klik details


2. download dan install Perl
3. download paket mrtg kemudian install/ekstrak di
http://oss.oetiker.ch/mrtg/pub/?M=D

4. rename folder hasil ekstraknya dengan mrtg
5. lalu buat satu folder baru dan beri nama mrtghtml
6. membuat setting konfigurasi dengan cfgmaker

masuk ke cmd, misal mrtg berada pada drive D

Microsoft Windows DOS
Copyright Microsoft Corp 1990-1999
C:\>d:
D:\>cd mrtg\bin
D:\mrtg\bin>perl cfgmaker public@202.158.170.1 --global "WorkDir: d:\mrtghtml" --output server.cfg

Nanti dihasilkan sebuah file server.cfg

7. sebelum me-run mrtg, sebaiknya dibuat indexmaker agar semua interface yang diamati tersebut bisa dilihat secara bersamaan, ga satu per satu

D:\mrtg\bin>perl indexmaker --output index.htm server.cfg

diperoleh file index.htm, lalu copy-kan ke direktory D:\mrtghtml

8. masuk ke D:\mrtg\bin kemudian edit file server.cfg pake notepad.
Tambahkan :

RunAsDaemon: Yes
Interval: 5
Agar mrtg selalu merefresh tiap 5 menit sekali
Options[_]: bits
ShortLegend[_]: b/s
Untuk mengubah parameter skala bytes menjadi bits

9. menjalankan mrtg

D:\mrtg\bin>perl mrtg server.cfg



Sekian Dulu Dari Saya Nanti saya akan Update Kembali Jika Ada Kesalahan.

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Radio Online