Install DNS,DHCP,Webserver,Proxy,FTP,DDOS protection,IDS

| Posted in DNS, Linux Server, Project, Security, Squid

Kelebihan OS Linux adalah dapat menempatkan beberapa services runing bersamaan dalam satu server. Tujuan membuat satu server linux berisi DNS, DHCP, Webserver, Proxy, FTP, IDS, DDOS protection, MRTG, Webmin adalah :

- Distro Centos 5.5 sebagai sistem operasi Linux yang free dan mudah diinstall.


- DNS menggunakan BIND ISC untuk nameserver(primary DNS) domain perusahaan ini. Primary DNS disini menghandle NS,MX,Web perusahaan. Untuk settingan MX di pointing ke server mail server perusahaan ini beda mesin menggunakan Zimbra.


- DHCP menggunakan DHCP dari ISC berfungsi untuk pemberian intenet address ototmatis ke seluruh komputer karyawan di perusahaan ini yang sudah tersambung dalam jaringan local area network(LAN)


- Webserver mengunakan Apache, berfungsi sebagai tempat file-file website domain perusahaan yang dapat diakses menggunakan www atau http, Apache juga dapat diset untuk meng host domain-domain lain yang dimiliki perusahaan ini.


- Proxy menggunakan SQUID sebagai cache proxy gateway akses browsing semua komputer karyawan. Untuk access filtering digunakan SQUIDGUARD dan Shalla’s Blacklists


- IDS sebagai security intrusion detection dalam hal ini menggunakan The Advanced Intrusion Detection Environment (AIDE)


- DDOS protection untuk menghadapin serangan baik dari incoming dan outgoing. Untuk ini digunakan APF, BFD, mod_dosevasive, dan mod_security.


- FTP menggunakan VSFTP yang berfungsi sebagai file transfer ke webserver prusahaan jika untuk mengupdate website perusahaan.


- MRTG menggunakan mrtg untuk visual monitoring bandiwdth management baik pada server ini, server lain,dan router. Data dari mrtg bisa di capture dan diberikan ke ISP jika didapat kapasitas Bandwidth yang disewa jauh dibawah rata-rata.


Cukup bicara teori, sekarang dilanjutkan ke instalasi dan konfigurasi, yang dalam artikel ini sistem operasi Linux  distro Centos 5.5 sudah diinstall minimalis.

[root@ns1 gtoms]# uname -a
Linux ns1.xyz.co.id 2.6.18-194.11.1.el5 #1 SMP Tue Aug 10 19:09:06 EDT 2010 i686 i686 i386 GNU/Linux

[root@ns1 gtoms]# cat /etc/redhat-release
CentOS release 5.5 (Final)

[root@ns1 gtoms]# /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:BA:C3:71:D2
inet addr:202.137.2x.2xx Bcast:202.137.20.223 Mask:255.255.255.240
inet6 addr: fe80::250:baff:fec3:71d2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1028 errors:0 dropped:0 overruns:0 frame:0
TX packets:757 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:93229 (91.0 KiB) TX bytes:143908 (140.5 KiB)
Interrupt:209 Base address:0×2000

eth1 Link encap:Ethernet HWaddr 00:13:D4:01:65:1F
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1124 errors:0 dropped:0 overruns:0 frame:0
TX packets:1124 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1981916 (1.8 MiB) TX bytes:1981916 (1.8 MiB)

Instalasi Domain Name Server  sebagai Primary Nameserver

[root@ns1 selinux]# yum install bind-chroot
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
addons: centos.idrepo.or.id
base: centos.idrepo.or.id
extras: centos.idrepo.or.id
updates: centos.idrepo.or.id
Setting up Install Process
Package 30:bind-chroot-9.3.6-4.P1.el5_4.2.i386 already installed and latest version
Nothing to do
[root@ns1 gtoms]#

[root@ns1 gtoms]# chmod 755 /var/named/
[root@ns1 gtoms]# chmod 775 /var/named/chroot/
[root@ns1 gtoms]# chmod 775 /var/named/chroot/var/
[root@ns1 gtoms]# chmod 775 /var/named/chroot/var/named/
[root@ns1 gtoms]# chmod 775 /var/named/chroot/var/run/
[root@ns1 gtoms]# chmod 777 /var/named/chroot/var/run/named/
[root@ns1 gtoms]# cd /var/named/chroot/var/named/
[root@ns1 named]# ln -s ../../ chroot
[root@ns1 named] cp /usr/share/doc/bind-9.3.6/sample/var/named/named.local /var/named/chroot/var/named/named.local
[root@ns1 named] cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/named.root
[root@ns1 named] touch /var/named/chroot/etc/named.conf.local

[root@ns1 named]# nano /var/named/chroot/etc/named.conf
key “rndckey” {
algorithm hmac-md5;
secret “PatIBVa6D1zrSKnEOBsO4siZyJO0cytbujld1boBT7W8RrVee5dsCkGSID79”;
};

options {
listen-on port 53 { 127.0.0.1; 192.168.0.2; 202.137.2x.2xx; };
listen-on-v6 port 53 { ::1; };
directory “/var/named/chroot/var/named”;
dump-file “/var/named/chroot/var/named/data/cache_dump.db”;
statistics-file “/var/named/chroot/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/chroot/var/named/data/named_mem_stats.txt”;
allow-query { localhost; };
recursion yes;
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “.” IN {
type hint;
file “named.root”;
};

zone “xyz.co.id” IN {
type master;
file “data/xyz.co.id.zone”;
allow-update { none; };
};

[root@ns1 named]# nano /var/named/chroot/var/named/data/xyz.co.id

$ORIGIN .
$TTL 86400 ; 1 day

xyz.co.id IN SOA ns1.xyz.co.id. admin.xyz.co.id. (
2010082100
7200
7200
1209600
86400 )
NS ns1.xyz.co.id.
NS ns2.xyz.co.id.
A 202.137.2x.2xx
MX 10 mail.xyz.co.id.

$ORIGIN xyz.co.id.

webmail A 202.137.2x.2zz
ns1 A 202.137.2x.2xx
ns2 A 202.137.2x.2yy
mail A 202.137.2x.2zz
www A 202.137.2x.2xx
mail2 A 202.137.2x.2yy
xyz.co.id. IN TXT “PT. xyz”
IP 202.137.2x.2zz dengan mail.xyz.co.id merupakan server mailserver menggunakan Zimbra 6.0.6 berada beda mesin dengan server ini.

[root@ns1 named]# /etc/init.d/named start
Starting named: [ OK ]

[root@ns1 etc]# tail -f /var/log/messages
Aug 21 11:31:35 ns1 named[3766]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named -t /var/named/chroot
Aug 21 11:31:35 ns1 named[3766]: adjusted limit on open files from 1024 to 1048576
Aug 21 11:31:35 ns1 named[3766]: found 2 CPUs, using 2 worker threads
Aug 21 11:31:35 ns1 named[3766]: using up to 4096 sockets
Aug 21 11:31:35 ns1 named[3766]: loading configuration from ‘/etc/named.conf’
Aug 21 11:31:35 ns1 named[3766]: using default UDP/IPv4 port range: [1024, 65535]
Aug 21 11:31:35 ns1 named[3766]: using default UDP/IPv6 port range: [1024, 65535]
Aug 21 11:31:35 ns1 named[3766]: listening on IPv6 interface lo, ::1#53
Aug 21 11:31:35 ns1 named[3766]: listening on IPv4 interface lo, 127.0.0.1#53
Aug 21 11:31:35 ns1 named[3766]: listening on IPv4 interface eth1, 192.168.0.2#53
Aug 21 11:31:35 ns1 named[3766]: listening on IPv4 interface eth0, 202.137.2x.2xx#53
Aug 21 11:31:35 ns1 named[3766]: command channel listening on 127.0.0.1#953
Aug 21 11:31:35 ns1 named[3766]: command channel listening on ::1#953
Aug 21 11:31:35 ns1 named[3766]: zone xyz.co.id/IN: loaded serial 2010082100
Aug 21 11:31:35 ns1 named[3766]: running
Aug 21 11:31:35 ns1 named[3766]: zone xyz.co.id/IN: sending notifies (serial 2010082100)

Instalasi DHCP Server

[root@ns1 data]# yum install dhcp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
addons: centos.idrepo.or.id
base: centos.idrepo.or.id
extras: centos.idrepo.or.id
updates: centos.idrepo.or.id
Setting up Install Process
Resolving Dependencies—> Running transaction check—-> Package dhcp.i386 12:3.0.5-23.el5_5.1 set to be updated—> Finished Dependency Resolution
——————————————cut————————————————————-

Total download size: 867 k
Is this ok [y/N]: y
Downloading Packages:
dhcp-3.0.5-23.el5_5.1.i386.rpm | 867 kB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : dhcp 1/1

Installed:
dhcp.i386 12:3.0.5-23.el5_5.1

Complete!
[root@ns1 data]#

[root@ns1 data]# nano /etc/dhcpd.conf

authoritative;
ddns-update-style interim;
ignore client-updates;

subnet 192.168.0.0 netmask 255.255.255.0 {
option routers 192.168.0.2;
option subnet-mask 255.255.255.0;
option domain-name “xyz.co.id”;
option domain-name-servers 192.168.0.2,202.137.2x.2xx;
range dynamic-bootp 192.168.0.9 192.168.0.254;
default-lease-time 43200;
max-lease-time 604800;

}

Range IP untuk seluruh komputer karyawan 192.168.0.9 192.168.0.254

[root@ns1 data]# /etc/init.d/dhcpd start
Starting dhcpd: [ OK ]

[root@ns1 data]# tail -f /var/log/messages
Aug 21 11:44:36 ns1 dhcpd: Internet Systems Consortium DHCP Server V3.0.5-RedHat
Aug 21 11:44:36 ns1 dhcpd: Copyright 2004-2006 Internet Systems Consortium.
Aug 21 11:44:36 ns1 dhcpd: All rights reserved.
Aug 21 11:44:36 ns1 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Aug 21 11:44:36 ns1 dhcpd: Wrote 0 leases to leases file.
Aug 21 11:44:36 ns1 dhcpd:
Aug 21 11:44:36 ns1 dhcpd: No subnet declaration for eth0 (202.137.2x.2xx).
Aug 21 11:44:36 ns1 dhcpd: ** Ignoring requests on eth0. If this is not what
Aug 21 11:44:36 ns1 dhcpd: you want, please write a subnet declaration
Aug 21 11:44:36 ns1 dhcpd: in your dhcpd.conf file for the network segment
Aug 21 11:44:36 ns1 dhcpd: to which interface eth0 is attached. **
Aug 21 11:44:36 ns1 dhcpd:
Aug 21 11:44:36 ns1 dhcpd: Listening on LPF/eth1/00:13:d4:01:65:1f/192.168.0/24
Aug 21 11:44:36 ns1 dhcpd: Sending on LPF/eth1/00:13:d4:01:65:1f/192.168.0/24
Aug 21 11:44:36 ns1 dhcpd: Sending on Socket/fallback/fallback-net

3766 ? Ssl 0:00 /usr/sbin/named -u named -t /var/named/chroot
3928 ? Ss 0:00 /usr/sbin/dhcpd
[root@ns1 gtoms]#


Instalasi Webserver menggunakan Apache

[root@ns1 gtoms]# yum install httpd httpd-devel mysql-server php php-mysql php-mbstring php-mcrypt

[root@ns1 gtoms]# nano /etc/httpd/conf/httpd.conf

Listen 202.137.2x.2xx:80

NameVirtualHost *:80


ServerAdmin webmaster@xyz.co.id
DocumentRoot /home/webxyz
ServerName xyz.co.id
ServerAlias www.xyz.co.id


ServerAdmin webmaster@xyz.co.id
DocumentRoot /var/www/html/stat
ServerName xyz.co.id/stat
ServerAlias www.xyz.co.id/stat


Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all

Instalasi SQUID sebagai cache proxy server

[root@ns1 gtoms]# yum install squid
[root@ns1 gtoms]# cd /etc/squid

[root@ns1 squid] nano squid.conf

[root@ns1 squid]# /usr/sbin/squid -z

Banyak konfigurasi di file squid.conf tinggal disesuaikan sesuai kebutuhan salah satunya squid si setting transparant proxy, dan jika ingin menggunakan Squidguard jangan lupa menambahkan url_rewrite_program /usr/bin/squidguard -c /etc/squid/squidguard.conf jika sudah menginstall squidguard.

Instalasi SQUIDGUARD sebagai content filtering.

[root@ns1 gtoms]# wget http://www.excaliburtech.net/wp-content/uploads/2009/02/squidguard-1.4-3.i386.rpm—2010-08-21 18:49:02—http://www.excaliburtech.net/wp-content/uploads/2009/02/squidguard-1.4-3.i386.rpm
Resolving www.excaliburtech.net… 72.66.114.15
Connecting to www.excaliburtech.net|72.66.114.15|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 119416 (117K) [application/x-rpm]
Saving to: `squidguard-1.4-3.i386.rpm’
2010-08-21 18:49:05 (54.0 KB/s) – `squidguard-1.4-3.i386.rpm’ saved [119416/119416]

[root@ns1 gtoms]# rpm ivh squidguard1.4-3.i386.rpm
Preparing… ########################################### [100%]
1:squidguard ########################################### [100%]

[root@ns1 gtoms]# locate squidguard
/etc/logrotate.d/squidguard
/etc/squid/squidguard.conf
/home/gtoms/squidguard-1.4-3.i386.rpm
/usr/bin/squidguard
/usr/libexec/webmin/blue-theme/squidguard
/usr/libexec/webmin/blue-theme/squidguard/images
/usr/libexec/webmin/blue-theme/squidguard/images/icon.gif
/usr/share/doc/squidguard-1.4
/usr/share/doc/squidguard-1.4/LDAPFlow.txt
/usr/share/doc/squidguard-1.4/authentication.html
/usr/share/doc/squidguard-1.4/authentication.txt
/usr/share/doc/squidguard-1.4/configuration.html
/usr/share/doc/squidguard-1.4/configuration.txt
/usr/share/doc/squidguard-1.4/configure.html
/usr/share/doc/squidguard-1.4/configure.txt
/usr/share/doc/squidguard-1.4/expressionlist.html
/usr/share/doc/squidguard-1.4/expressionlist.txt
/usr/share/doc/squidguard-1.4/extended.html
/usr/share/doc/squidguard-1.4/extended.txt
/usr/share/doc/squidguard-1.4/faq.html
/usr/share/doc/squidguard-1.4/faq.txt
/usr/share/doc/squidguard-1.4/features.html
/usr/share/doc/squidguard-1.4/features.txt
/usr/share/doc/squidguard-1.4/index.html
/usr/share/doc/squidguard-1.4/install.html
/usr/share/doc/squidguard-1.4/install.txt
/usr/share/doc/squidguard-1.4/installation.html
/usr/share/doc/squidguard-1.4/installation.txt
/usr/share/doc/squidguard-1.4/ldap-ad-tips.html
/usr/share/doc/squidguard-1.4/ldap-ad-tips.txt
/usr/share/doc/squidguard-1.4/ldap.html
/usr/share/doc/squidguard-1.4/ldap.txt
/usr/share/doc/squidguard-1.4/runtimeops.html
/usr/share/doc/squidguard-1.4/runtimeops.txt
/usr/share/doc/squidguard-1.4/sample.conf
/usr/share/doc/squidguard-1.4/squidguard-simple.cgi
/usr/share/doc/squidguard-1.4/squidguard.cgi
/usr/share/doc/squidguard-1.4/squidguard.gif
/usr/share/doc/squidguard-1.4/troubleshoot.html
/usr/share/doc/squidguard-1.4/troubleshoot.txt

Sebelum mengkonfigurasi squidguard.conf  install dahulu Shalla’s Blacklists

[root@ns1 gtoms]# wget http://www.shallalist.de/Downloads/shallalist.tar.gz—2010-08-21 19:02:00—http://www.shallalist.de/Downloads/shallalist.tar.gz
Resolving www.shallalist.de… 78.47.242.85
Connecting to www.shallalist.de|78.47.242.85|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 9670277 (9.2M) [application/x-tar]
Saving to: `shallalist.tar.gz’

11% [============> ] 1,126,182 119K/s eta 80s

[root@ns1 gtoms]# mkdir /var/lib/squidguard/db

[root@ns1 gtoms]# mv shallalist.tar.gz /var/lib/squidguard/db

[root@ns1 gtoms]# cd /var/lib/squidguard/db

[root@ns1 db]# gzip -d shallalist.tar.gz

[root@ns1 db]# tar xfv shallalist.tar
BL/
BL/porn/
BL/porn/domains
BL/porn/urls
BL/gamble/
BL/gamble/domains
BL/gamble/urls
BL/chat/
BL/chat/domains
BL/chat/urls
BL/automobile/
BL/automobile/cars/
BL/automobile/cars/domains
BL/automobile/cars/urls
BL/automobile/bikes/
BL/automobile/bikes/domains
BL/automobile/bikes/urls
BL/automobile/boats/
BL/automobile/boats/domains
BL/automobile/boats/urls
BL/automobile/planes/
BL/automobile/planes/urls
BL/automobile/planes/domains
BL/recreation/
BL/recreation/humor/
BL/recreation/humor/domains
BL/recreation/humor/urls
BL/recreation/martialarts/
BL/recreation/martialarts/urls
BL/recreation/martialarts/domains
BL/recreation/sports/
BL/recreation/sports/domains
BL/recreation/sports/urls
BL/recreation/travel/
BL/recreation/travel/urls
BL/recreation/travel/domains
BL/recreation/wellness/
BL/recreation/wellness/domains
BL/recreation/wellness/urls
BL/recreation/restaurants/
BL/recreation/restaurants/urls
BL/recreation/restaurants/domains
BL/webradio/
BL/webradio/domains
BL/webradio/urls
BL/webmail/
BL/webmail/domains
BL/webmail/urls
BL/warez/
BL/warez/urls
BL/warez/domains
BL/shopping/
BL/shopping/domains
BL/shopping/urls
BL/adv/
BL/adv/domains
BL/adv/urls
BL/movies/
BL/movies/urls
BL/movies/domains
BL/science/
BL/science/chemistry/
BL/science/chemistry/urls
BL/science/chemistry/domains
BL/science/astronomy/
BL/science/astronomy/domains
BL/science/astronomy/urls
BL/hobby/
BL/hobby/pets/
BL/hobby/pets/domains
BL/hobby/pets/urls
BL/hobby/cooking/
BL/hobby/cooking/domains
BL/hobby/cooking/urls
BL/hobby/gardening/
BL/hobby/gardening/urls
BL/hobby/gardening/domains
BL/hobby/games-online/
BL/hobby/games-online/domains
BL/hobby/games-online/urls
BL/hobby/games-misc/
BL/hobby/games-misc/domains
BL/hobby/games-misc/urls
BL/violence/
BL/violence/domains
BL/violence/urls
BL/music/
BL/music/domains
BL/music/urls
BL/hacking/
BL/hacking/domains
BL/hacking/urls
BL/isp/
BL/isp/urls
BL/isp/domains
BL/drugs/
BL/drugs/domains
BL/drugs/urls
BL/aggressive/
BL/aggressive/domains
BL/aggressive/urls
BL/news/
BL/news/urls
BL/news/domains
BL/redirector/
BL/redirector/urls
BL/redirector/domains
BL/spyware/
BL/spyware/domains
BL/spyware/urls
BL/dating/
BL/dating/urls
BL/dating/domains
BL/finance/
BL/finance/banking/
BL/finance/banking/urls
BL/finance/banking/domains
BL/finance/other/
BL/finance/other/domains
BL/finance/other/urls
BL/finance/moneylending/
BL/finance/moneylending/domains
BL/finance/moneylending/urls
BL/finance/insurance/
BL/finance/insurance/urls
BL/finance/insurance/domains
BL/finance/realestate/
BL/finance/realestate/domains
BL/finance/realestate/urls
BL/finance/trading/
BL/finance/trading/domains
BL/finance/trading/urls
BL/dynamic/
BL/dynamic/urls
BL/dynamic/domains
BL/COPYRIGHT
BL/jobsearch/
BL/jobsearch/urls
BL/jobsearch/domains
BL/tracker/
BL/tracker/domains
BL/tracker/urls
BL/models/
BL/models/domains
BL/models/urls
BL/forum/
BL/forum/domains
BL/forum/urls
BL/webtv/
BL/webtv/urls
BL/webtv/domains
BL/downloads/
BL/downloads/urls
BL/downloads/domains
BL/ringtones/
BL/ringtones/domains
BL/ringtones/urls
BL/searchengines/
BL/searchengines/domains
BL/searchengines/urls
BL/socialnet/
BL/socialnet/urls
BL/socialnet/domains
BL/updatesites/
BL/updatesites/domains
BL/updatesites/urls
BL/weapons/
BL/weapons/domains
BL/weapons/urls
BL/webphone/
BL/webphone/domains
BL/webphone/urls
BL/global_usage
BL/religion/
BL/religion/domains
BL/religion/urls
BL/sex/
BL/sex/lingerie/
BL/sex/lingerie/urls
BL/sex/lingerie/domains
BL/sex/education/
BL/sex/education/urls
BL/sex/education/domains
BL/imagehosting/
BL/imagehosting/domains
BL/imagehosting/urls
BL/podcasts/
BL/podcasts/domains
BL/podcasts/urls
BL/hospitals/
BL/hospitals/domains
BL/hospitals/urls
BL/military/
BL/military/urls
BL/military/domains
BL/politics/
BL/politics/domains
BL/politics/urls
BL/remotecontrol/
BL/remotecontrol/urls
BL/remotecontrol/domains
BL/fortunetelling/
BL/fortunetelling/domains
BL/fortunetelling/urls
BL/library/
BL/library/domains
BL/library/urls
BL/costtraps/
BL/costtraps/urls
BL/costtraps/domains
BL/homestyle/
BL/homestyle/domains
BL/homestyle/urls
BL/education/
BL/education/schools/
BL/education/schools/domains
BL/education/schools/urls
BL/government/
BL/government/domains
BL/government/urls
BL/alcohol/
BL/alcohol/domains
BL/alcohol/urls
BL/radiotv/
BL/radiotv/domains
BL/radiotv/urls
[root@ns1 db]#

[root@ns1 db]# cd BL

[root@ns1 BL] cp -R * /var/lib/squidguard/db

[root@ns1 BL]# nano /etc/squid/squidguard.conf

dbhome /var/lib/squidguard/db
logdir /var/log/squid

dest whitelist {
domainlist whitelist/domains
urllist whitelist/urls
}

dest adv {
domainlist adv/domains
urllist adv/urls
}

acl {
default {

pass whitelist    !adv

redirect http://www.xyz.co.id/redirect.html
}

}


[root@ns1 BL]# /usr/bin/squidguard -C all

[root@ns1 db]# chmod -R 777 *

[root@ns1 db]# chown -R squid:squid /var/lib/squidguard/db/*

[root@ns1 squid]# nano /etc/squid/squid.conf

url_rewrite_program /usr/bin/squidguard -c /etc/squid/squidguard.conf
url_rewrite_children 8

[root@ns1 squid]# /usr/sbin/squid -k reconfigure

[root@ns1 db]# tail -f /var/log/squid/cache.log

2010/08/22 08:52:43| Reconfiguring Squid Cache (version 2.6.STABLE21)...
2010/08/22 08:52:43| FD 10 Closing HTTP connection
2010/08/22 08:52:43| FD 12 Closing ICP connection
2010/08/22 08:52:43| Initialising SSL.
2010/08/22 08:52:43| User-Agent logging is disabled.
2010/08/22 08:52:43| Referer logging is disabled.
2010/08/22 08:52:43| DNS Socket created at 0.0.0.0, port 52827, FD 9
2010/08/22 08:52:43| Adding nameserver 202.137.2x.2xx from squid.conf
2010/08/22 08:52:43| helperOpenServers: Starting 8 ‘squidguard’ processes
2010/08/22 08:52:43| Accepting transparently proxied HTTP connections at 0.0.0.0, port 3128, FD 19.
2010/08/22 08:52:43| Accepting ICP messages at 0.0.0.0, port 3130, FD 20.
2010/08/22 08:52:43| WCCP Disabled.
2010/08/22 08:52:43| Loaded Icons.
2010/08/22 08:52:43| Ready to serve requests.

Instalasi FTP Server menggunakan VSFTP

[root@ns1 gtoms]# yum install vsftpd

Disini tinggal mengkonfigurasi user untuk akses ke webserver.

Instalasi MRTG

[root@ns1 gtoms]# yum install mrtg net-snmp net-snmp-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
addons: centos.idrepo.or.id
base: centos.idrepo.or.id
epel: bali.idrepo.or.id
extras: centos.idrepo.or.id
updates: centos.idrepo.or.id
addons | 951 B 00:00
base | 2.1 kB 00:00
epel | 3.4 kB 00:00
extras | 2.1 kB 00:00
updates | 1.9 kB 00:00
Setting up Install Process
Package 1:net-snmp-5.3.2.2-9.el5_5.1.i386 already installed and latest version————————cut—————————————-

Installed:
mrtg.i386 0:2.14.5-2 net-snmp-utils.i386 1:5.3.2.2-9.el5_5.1

Complete!
[root@ns1 gtoms]#

[root@ns1 gtoms]# nano /etc/snmp/snmpd.conf

com2sec local localhost public
com2sec mynetwork 192.168.0.0/24 public
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
group MyROGroup v1 mynetwork
group MyROGroup v2c mynetwork
group MyROGroup usm mynetwork
view all included .1 80
access MyROGroup “” any noauth exact all none none
access MyRWGroup “” any noauth exact all all none
syslocation PT. xyz, Jakarta
syscontact Root

[root@ns1 gtoms]# /etc/init.d/snmpd start
Starting snmpd: [ OK ]
[root@ns1 gtoms]#

[root@ns1 gtoms]# tail -f /var/log/messages
Aug 21 21:13:50 ns1 yum: Installed: 1:net-snmp-utils-5.3.2.2-9.el5_5.1.i386
Aug 21 21:13:53 ns1 yum: Installed: mrtg-2.14.5-2.i386
Aug 21 21:22:54 ns1 snmpd[7612]: Creating directory: /var/net-snmp
Aug 21 21:22:54 ns1 snmpd[7612]: NET-SNMP version 5.3.2.2

[root@ns1 gtoms]# /usr/bin/snmpwalk v 1 -c public localhost IPMIB::ipAdEntIfIndex
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1
IP-MIB::ipAdEntIfIndex.192.168.0.2 = INTEGER: 3
IP-MIB::ipAdEntIfIndex.202.137.2x.2xx = INTEGER: 2
[root@ns1 gtoms]#

[root@ns1 gtoms]# /usr/bin/cfgmaker—global ‘WorkDir: /var/www/mrtg’—output /etc/mrtg/mrtg.cfg public@localhost

[root@ns1 gtoms]# /usr/bin/indexmaker—output=/var/www/mrtg/index.html /etc/mrtg/mrtg.cfg

[root@ns1 mrtg]# nano /etc/cron.d/mrtg

*/5 * * * * root LANG=C LC_ALL=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg—lock-file /var/lock/mrtg/mrtg_l—confcache-file /var/lib/mrtg/mrtg.ok

[root@ns1 mrtg]# nano /etc/httpd/conf.d/mrtg.conf
Alias /mrtg /var/www/mrtg


Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from ::1

[root@ns1 mrtg]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]

Untuk mengkases melalui browser ke http://iphostname/mrtg/

Memonitor server/router lain kedalam MRTG

Jika menggunakan device router/modem tinggal mengaktifkan snmp, jika server lain linux ingin di monitor tinggal menginstall snmp, contoh disini pada server lain dengan IP 202.137.2x.2zz :

[root@mail gtoms]# yum install net-snmp net-snmp-utils
Setting up Install Process
Parsing package install arguments
Resolving Dependencies—> Running transaction check—-> Package net-snmp.i386 1:5.3.2.2-9.el5_5.1 set to be updated—> Processing Dependency: libsensors.so.3 for package: net-snmp—> Processing Dependency: net-snmp-libs = 1:5.3.2.2-9.el5_5.1 for package: net-snmp—-> Package net-snmp-utils.i386 1:5.3.2.2-9.el5_5.1 set to be updated—> Running transaction check—-> Package net-snmp-libs.i386 1:5.3.2.2-9.el5_5.1 set to be updated—-> Package lm_sensors.i386 0:2.10.7-9.el5 set to be updated—> Finished Dependency Resolution
———————-cutt————————————-

Installed: net-snmp-utils.i386 1:5.3.2.2-9.el5_5.1
Dependency Installed: lm_sensors.i386 0:2.10.7-9.el5 net-snmp.i386 1:5.3.2.2-9.el5_5.1
Updated: net-snmp-libs.i386 1:5.3.2.2-9.el5_5.1
Complete!
[root@mail gtoms]#

[root@mail gtoms]# nano /etc/snmp/snmpd.conf

com2sec local localhost public
com2sec mynetwork 192.168.0.0/24 public
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
group MyROGroup v1 mynetwork
group MyROGroup v2c mynetwork
group MyROGroup usm mynetwork
view all included .1 80
access MyROGroup “” any noauth exact all none none
access MyRWGroup “” any noauth exact all all none
syslocation Zimbra Mailserver XYZ, Jakarta
syscontact Root

[root@mail gtoms]# /etc/init.d/snmpd start
Starting snmpd: [ OK ]
[root@mail gtoms]#

Kembali ke server MRTG nya

[root@ns1 gtoms]# /usr/bin/cfgmaker—global ‘WorkDir: /var/www/mrtg’—output /etc/mrtg/mrtg.cfg public@202.137.2x.2zz

[root@ns1 mrtg]# /usr/bin/cfgmaker—global ‘WorkDir: /var/www/mrtg’—output /etc/mrtg/mrtg.cfg public@192.168.0.1

Instalasi Webmin

[root@ns1 gtoms]# rpm U webmin1.510-1.noarch.rpm
warning: webmin-1.510-1.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 11f63c51
Operating system is CentOS Linux
Webmin install complete. You can now login to https://ns1.xyz.co.id:10000/
as root with your root password.
[root@ns1 gtoms]#

Instalasi IDS mengunakan The Advanced Intrusion Detection Environment (AIDE)

Untuk mengkonfigurasi AIDE, SELINUX harus enabled.

[root@ns1 gtoms]# yum install aide

[root@ns1 gtoms]# /usr/sbin/aide—init

[root@ns1 gtoms]# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
[root@ns1 gtoms]# /usr/sbin/aide—check

[root@ns1 gtoms]# aide—check
AIDE, version 0.13.1

### All files match AIDE database. Looks okay!

[root@ns1 gtoms]# vi /etc/cron.weekly/aide.cron

#!/bin/bash
/usr/sbin/aide—check | /bin/mail -s “Weekly Aide Data” IT@zyx.co.id

Instalasi DDOS protection

APF —Advanced Policy-based Firewall

[root@ns1 gtoms]# wget http://rfxnetworks.com/downloads/apf-current.tar.gz
[root@ns1 gtoms]# tar xfz apf-current.tar.gz
[root@ns1 apf-current]# cd apf-*
[root@ns1 apf-current]# ./install.sh

[root@ns1 apf-current]# vi /etc/apf/conf.apf
DEVEL_MODE=”0”
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,3306”
IG_UDP_CPORTS=”53,111”
USE_AD=”1”

[root@ns1 apf-current]# vi /etc/apf/ad/conf.antidos
sesuaikan sendiri ….

BFD —Brute Force Detection
[root@ns1 gtoms]# wget http://rfxnetworks.com/downloads/bfd-current.tar.gz
[root@ns1 gtoms]# tar xfz bfd-current.tar.gz
[root@ns1 bfd-current]# cd bfd-*
[root@ns1 bfd-current]# ./install.sh

[root@ns1 bfd-current]# vi /usr/local/bfd/conf.bfd

ALERT=”1”
EMAIL_USR=”IT@xyz.co.id”

[root@ns1 bfd-current]# vi /usr/local/bfd/ignore.hosts
sesuaikan sendiri ….

DDoS Deflate
[root@ns1 gtoms]# wget http://www.inetbase.com/scripts/ddos/install.sh
[root@ns1 gtoms]# sh install.sh

[root@ns1 gtoms]#vi  /usr/local/ddos/ddos.conf
sesuaikan sendiri ….

[root@ns1 gtoms]# /usr/local/ddos/ddos.sh -c

RootKit—Spyware and Junkware detection and removal tool

[root@ns1 gtoms]# wget http://sourceforge.net/projects/rkhunter/files/rkhunter/1.3.6/rkhunter-1.3.6.tar.gz/download
[root@ns1 gtoms]# tar xfz  rkhunter-1.3.6.tar.gz
[root@ns1 gtoms]# cd rkhunter-1.3.6
[root@ns1 rkhunter-1.3.6]# ./installer.sh
[root@ns1 rkhunter-1.3.6]# run rkhunter
[root@ns1 rkhunter-1.3.6]# rkhunter -c

Install Mod_dosevasive untuk Apache

[root@ns1 gtoms]# wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz

[root@ns1 gtoms]# tar -zxvf mod_evasive_1.10.1.tar.gz

[root@ns1 gtoms]# cd mod_evasive_1.10.1

[root@ns1 mod_evasive_1.10.1]# $APACHE_ROOT/bin/apxs -cia mod_evasive20.c

[root@ns1 mod_evasive_1.10.1]# vi /usr/local/apache/conf/httpd.conf


DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 300

[root@ns1 mod_evasive_1.10.1]# /usr/loca/apache/bin/apachectl restart

Install Mod_security

[root@ns1 gtoms]# http://www.modsecurity.org/download/modsecurity-apache-1.9.2.tar.gz

[root@ns1 gtoms]# tar zxvf modsecurityapache-1.9.2.tar.gz

[root@ns1 gtoms]# cd modsecurity-apache-1.9.2

[root@ns1 modsecurity-apache-1.9.2]# /usr/local/apache/bin/apxs -cia mod_security.c

Buat sebuah file dengan nama mod_security.conf didalam folder /usr/local/apache/conf

[root@ns1 modsecurity-apache-1.9.2]# vi /usr/local/apache/conf/mod_security.conf

Rules yang dapat kita buat bisa merujuk ke http://www.modsecurity.org/documentation/quick-examples.html

Kita masukkan path  mod_security.conf kedalam file httpd.conf

[root@ns1 modsecurity-apache-1.9.2]# vi /usr/local/apache/conf/httpd.conf

/usr/local/apache/conf/mod_security.conf

[root@ns1 modsecurity-apache-1.9.2]# /usr/local/apache/bin/apachectl stop

[root@ns1 modsecurity-apache-1.9.2]# /usr/local/apache/bin/apachectl start

Selesai,Tinggal memonitor.

henry@gultom.or.id

Comments (3)

mantaps gan…..
sangat membantu….......

gan… setingan diatas bisa buat warnet ??????
ato bisa …akang bisa buatkan contoh buat warnet… yang membuat akses cepat, game tanpa lag, download sedang… terima kasih kang…... semoga ilmu akang ditambah sama Allah SWT

[...] :http://henry.gultom.or.id/2010/08/27/installing-dns-dhcp-webserver-proxy-ftp-hids-ddosprotection/ Share this:TwitterFacebookLike this:LikeBe the first to like this post. Categories: [...]

e viagra generic online putting
party|viagra and nitrates
how much does viagra cost at walmart

i viagra sex opposite
meant|online pharmacy viagra
what do viagra pills look like

s buy generic viagra charge
ye|generic name for viagra
low cost viagra

Write a comment