Kurusetra Computer

Kursus Online Linux

Linux Network Administrator

Budi Santosa,ST
[email protected]
www.kurusetra.web.id

-- 1 --

Kurusetra Computer

Konsep TCP / IP
Layer OSI

Transmission Control Protocol (TCP)

-- 2 --

Kurusetra Computer
User Datagram Protocol (UDP)

Informasi Jaringan
Konfigurasi Alamat IP
root@server:~# vim /etc/network/interfaces
#Thisfiledescribesthenetworkinterfacesavailableonyoursystem
#andhowtoactivatethem.Formoreinformation,seeinterfaces(5).
#Theloopbacknetworkinterface
autolo
ifaceloinetloopback
#Theprimarynetworkinterface
autoeth0
ifaceeth0inetstatic
address192.168.0.71
netmask255.255.255.0
autoeth1
ifaceeth1inetstatic
address122.200.52.23
netmask255.255.255.128
gateway122.200.52.1

Ifconfig
root@budi-desktop:~# ifconfig
eth0Linkencap:EthernetHWaddr02:39:ac:31:06:7d
inetaddr:192.168.20.1Bcast:192.168.20.255Mask:255.255.255.0
UPBROADCASTMULTICASTMTU:1500Metric:1
RXpackets:0errors:0dropped:0overruns:0frame:0
TXpackets:0errors:0dropped:0overruns:0carrier:0
collisions:0txqueuelen:1000
RXbytes:0(0.0B)TXbytes:0(0.0B)
Interrupt:43Baseaddress:0x2000

-- 3 --

Kurusetra Computer
Network Statistic
root@budi-desktop:~# netstat -nr
KernelIProutingtable
DestinationGatewayGenmaskFlagsMSSWindowirttIface
0.0.0.010.20.31.240.0.0.0UG000ppp0
10.8.0.00.0.0.0255.255.255.0U000tap0
10.20.31.240.0.0.0255.255.255.255UH000ppp0
169.254.0.00.0.0.0255.255.0.0U000ppp0
192.168.0.010.8.0.1255.255.255.0UG000tap0
192.168.20.00.0.0.0255.255.255.0U000eth0

Hostname Lookup
root@budi-desktop:~# nslookup www.detik.com
Server:
Address:

10.17.125.230
10.17.125.230#53

Nonauthoritativeanswer:
www.detik.com
canonicalname=detik.com.
Name: detik.com
Address:203.190.242.69
Name: detik.com
Address:203.190.241.43

Network TOP
root@budi-desktop:~# apt-get install ntop
root@budi-desktop:~# ntop -u root -i eth0
Buka web browser kemudian ketik alamat http://127.0.0.1:3000
Network Mapping
root@budi-desktop:~# apt-get install nmap
root@budi-desktop:~# nmap -sP 192.168.20.0/24 (Scan alamat IP)
root@budi-desktop:~# nmap -sS 192.168.20.1 (Scan port number)
StartingNmap5.21(http://nmap.org)at2012072822:43WIT
Nmapscanreportfor192.168.20.1
Hostisup(0.000011slatency).
Notshown:979closedports
PORTSTATESERVICE
21/tcpopenftp
22/tcpopenssh
25/tcpopensmtp
53/tcpopendomain
80/tcpopenhttp
110/tcpopenpop3

Interface TOP
root@budi-desktop:~# apt-get install iftop
root@budi-desktop:~# iftop -i ppp0
interface:ppp0
IPaddressis:10.231.116.232
MACaddressis:00:00:00:00:00:00

-- 4 --

Kurusetra Computer
Service Whois
root@budi-desktop:~# whois 122.200.52.41
%[whois.apnic.netnode1]
%Whoisdatacopyrighttermshttp://www.apnic.net/db/dbcopyright.html
inetnum:122.200.48.0122.200.55.255
netname:DIGINETID
descr:PTDigitalWirelessIndonesia

OS Fingerprinting
root@budi-desktop:~# apt-get install xprobe
root@budi-desktop:~# xprobe2 192.168.20.1
Router Internet

IP Forwarding
root@budi-desktop:~# vim /etc/sysctl.conf
#UncommentthenextlinetoenablepacketforwardingforIPv4
net.ipv4.ip_forward=1

Network Address Translation

root@budi-desktop:~# vim /etc/rc.local
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
exit 0

-- 5 --

Kurusetra Computer

Dynamic Host Configuration Protocol

Instalasi DHCP
root@budi-desktop:~# apt-get install dhcpd
root@budi-desktop:~# vim /etc/default/udhcpd
# Comment the following line to enable
#DHCPD_ENABLED="no"
Konfigurasi DHCP
root@budi-desktop:~# vim /etc/udhcpd.conf
start192.168.20.20
end192.168.20.254
interfaceeth0
optdns192.168.10.2192.168.10.10
optionsubnet255.255.255.0
optrouter192.168.20.1
optwins192.168.20.1
optiondomainkurusetra.web.id
optionlease864000#10daysofseconds

Firewall IPTables

Network Filtering
iptables -A INPUT -s 192.168.20.100 -j REJECT
iptables -A FORWARD -s 192.168.20.100 -j REJECT
iptables -A FORWARD -s 0/0 -d 202.46.1.2 -j REJECT
iptables -A FORWARD -s 0/0 -d www.yahoo.com -j REJECT
iptables -A INPUT -m iprange --src-range 192.168.20.50-192.168.20.70 -j REJECT
-- 6 --

Kurusetra Computer
iptables -A FORWARD -m iprange --src-range 192.168.20.50-192.168.20.70 -j REJECT
iptables -A INPUT -m mac --mac-source f6:29:52:46:70:ba -j REJECT
iptables -A FORWARD -m mac --mac-source f6:29:52:46:70:ba -j REJECT
iptables -A FORWARD -o eth1 -p tcp --dport 25 -j REJECT
iptables -A FORWARD -o eth1 -p tcp --dport 4636:5000 -j REJECT
iptables -A FORWARD -o eth1 -p udp --dport 4636:5000 -j REJECT
iptables -A INPUT -m string --string facebook --algo kmp -j REJECT
iptables -A FORWARD -m string --string facebook --algo kmp -j REJECT
Manajemen Iptables
root@budi-desktop:~# iptables -L

ChainINPUT(policyACCEPT)
targetprotoptsourcedestination
REJECTall192.168.20.100anywhererejectwithicmpportunreachable
REJECT all anywhere anywhere sourceIPrange192.168.20.50
192.168.20.70rejectwithicmpportunreachable
REJECTallanywhereanywhereMACF6:29:52:46:70:BArejectwith
icmpportunreachable

root@budi-desktop:~# iptables -D INPUT 1

root@budi-desktop:~# iptables -D INPUT 2
root@budi-desktop:~# iptables -F
root@budi-desktop:~# iptables -Z
Network Address Translation
iptables -t nat -A POSTROUTING -d 192.168.20.30 -j SNAT --to 192.168.20.1
iptables -t nat -A POSTROUTING -d 192.168.20.23 -j SNAT --to 192.168.20.22
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2244 -j DNAT --to 192.168.20.20:22
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to 192.168.20.50:25
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 110 -j DNAT --to 192.168.20.50:110
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.20.100
root@budi-desktop:~# iptables -t nat -L
ChainPREROUTING(policyACCEPT)
targetprotoptsourcedestination
DNATtcpanywhereanywheretcpdpt:2244to:192.168.20.20:22
DNATtcpanywhereanywheretcpdpt:smtpto:192.168.20.50:25
DNATtcpanywhereanywheretcpdpt:pop3to:192.168.20.50:110
DNATtcpanywhereanywheretcpdpt:httpto:192.168.20.100

root@budi-desktop:~# iptables -t nat -F

root@budi-desktop:~# iptables -t nat -Z

-- 7 --

Kurusetra Computer
Startup Firewall dan NAT
Buat Script
root@budi-desktop:~# vim /usr/sbin/firewall
iptables -A FORWARD -p tcp --dport 5000:6000 -j REJECT
iptables -A FORWARD -s 192.168.20.34 -d 0/0 -j REJECT
root@budi-desktop:~# chmod 755 /usr/sbin/firewall
root@budi-desktop:~# vim /etc/rc.local
/usr/sbin/firewall
exit 0

SQUID PROXY SERVER

KonfigurasiRepositoryUbuntu
vim/etc/apt/sources.list
debhttp://dl2.fossid.web.id/ubuntuhardymainuniversemultiverserestricted
debhttp://dl2.fossid.web.id/ubuntuhardyupdatesmainuniversemultiverserestricted
aptgetupdate
InstalasiSquid
AplikasisquidsecaradefaultsudahtersediapadadistroLinux(RedHat,Mandrake,Sussedan
Debian).Untukmenginstallsquidandaharusloginsebagaisuperuser(root),mountcdromdan
kemudianmengetikkanperintah;
aptgetupdate
aptgetinstallsquid
vim/etc/squid/squid.conf
Paketsecaraotomatisakanterinstall,sedangkanfilekonfigurasiberadadidirektori
/etc/squid/squid.conf.
KonfigurasiSquid
Squidsecaradefaultberkomunikasidenganklienmelaluiport3128yangditunjukanfilekonfigurasi
/etc/squid/squid.conf.
visible_hostnamegw.ardelindo.com
http_port3128transparent
#512/2=256
#cache_mem=memoryfisik(RAM)
cache_mem128MB
cache_swap_low94
cache_swap_high96
maximum_object_size1000096KB
maximum_object_size_in_memory8000KB
ipcache_size1024
ipcache_low90
ipcache_high95

-- 8 --

Kurusetra Computer
cache_replacement_policylru
memory_replacement_policylru
#cache_dirufstempat_direktorikapasitaslevel1level2
cache_dirufs/var/spool/squid10016256
pid_filename/var/run/squid.pid
debug_optionsALL,1
cache_access_log/var/log/squid/access.log
cache_log/var/log/squid/cache.log
cache_store_log/var/log/squid/store.log
dns_nameservers202.134.1.10202.134.0.155

AccessControlList

aclLAN1src192.168.0.0/255.255.255.0
aclLAN2src10.0.0.0/255.255.0.0
acladminsrc192.168.0.100/255.255.255.255
acladmin2src/etc/squid/admin2
aclmultimediaurlpath_regex/etc/squid/multimedia
aclsitusurl_regex/etc/squid/situs
aclpagitime08:0012:00
aclistirahattime12:0013:00
aclsiangtime13:0018:00
#operator
http_accessallowadmin
http_accessallowadmin2
http_accessdenypagimultimedia
http_accessdenysitus
http_accessallowLAN1
http_accessdenypagiLAN2
http_accessdenyall
#File:vim/etc/squid/multimedia
\.iso$
\.mp3$
\.3gp$
#File:vim/etc/squid/situs
youtube
friendster
hi5
flickr
photobucket
liveconnector
#File:vim/etc/squid/admin2
192.168.0.34
192.168.0.37
192.168.0.200

-- 9 --

Kurusetra Computer

Samba Filesharing
Penambahan user
#Departemen MIS
adduser budi
adduser ahmad
adduser dani
smbpasswd -a budi
smbpasswd -a ahmad
smbpasswd -a dani
groupadd mis
gpasswd -a budi mis
gpasswd -a ahmad mis
gpasswd -a dani mis
mkdir /home/mis
chown -R budi.mis /home/mis
chmod -R 775 /home/mis
#Departemen Accounting
adduser heri
adduser lia
adduser yuni
smbpasswd -a heri
smbpasswd -a lia
smbpasswd -a yuni
groupadd accounting
gpasswd -a heri
gpasswd -a lia
gpasswd -a yuni
mkdir /home/accounting
chown -R heri.accounting /home/accounting
chmod -R 775 /home/accounting
#Departemen purchasing
useradd rony
useradd sherly
useradd siti
smbpasswd -a rony
smbpasswd -a sherly
smbpasswd -a siti
groupadd purchasing
gpasswd -a rony
-- 10 --

Kurusetra Computer
gpasswd -a sherly
gpasswd -a siti
mkdir /home/purchasing
chown -R rony.purchasing /home/purchasing
chmod -R 775 /home/purchasing

Konfigurasi Global
[global]
worksgrop = KURUSETRA
netbios name = DATACENTER
server string = %h server (Samba, Ubuntu)
wins support = yes
local master = yes
Share Folder
[MIS]
path = /home/mis
valid users = @mis
write list = budi dani
read list = ahmad
browseable = yes
inherit permissions = yes
force create mode = 0775
force directory mode = 0775
force group = mis
[ACCOUNTING]
nt acl support = yes
veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/*.iso/*.exe/
delete veto files = yes
path = /home/accounting
valid users = @accounting
browseable = yes
writeable = yes
inherit permissions = yes
force create mode = 0775
force directory mode = 0775
force group = accounting

-- 11 --

Kurusetra Computer
[PURCHASING]
nt acl support = yes
veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/*.iso/*.exe/
delete veto files = yes
path = /home/purchasing
valid users = rony sherly siti
browseable = yes
writeable = yes
inherit permissions = yes
Module Recycle Bin
[MIS]
vfs object = recycle audit extd_audit
recycle:repository = ../sampah/%u
recycle:keeptree = Yes
recycle:versions = Yes
path = /home/mis
valid users = @mis
write list = budi dani
read list = ahmad
browseable = yes
inherit permissions = yes
force create mode = 0777
force directory mode = 0777
force group = mis
[ACCOUNTING]
vfs object = recycle audit extd_audit
recycle:repository = ../sampah/%u
recycle:keeptree = Yes
recycle:versions = Yes
nt acl support = yes
veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/.recycle/
delete veto files = yes
path = /home/accounting
valid users = heri lia yuni
browseable = yes
writeable = yes
inherit permissions = yes
force create mode = 0777
force directory mode = 0777
force group = accounting

-- 12 --

Kurusetra Computer
[PURCHASING]
vfs object = recycle audit extd_audit
recycle:repository = ../sampah/%u
recycle:keeptree = Yes
recycle:versions = Yes
nt acl support = yes
veto files = /*.mp3/*.mpeg/*.mpg/*.avi/*.asf/*.wmv/*.3gp/*.dat/.recycle/
delete veto files = yes
path = /home/purchasing
valid users = rony sherly siti
browseable = yes
writeable = yes
inherit permissions = yes
force create mode = 0777
force directory mode = 0777
force group = purchasing

File Transfer Protokol

Instalasi FTP Server
root@budi-desktop:~# apt-get install proftpd-basic
root@budi-desktop:~# /etc/init.d/proftpd restart
Konfigurasi ProFTPD
root@budi-desktop:~# vim /etc/proftpd/proftpd.conf
# Use this to jail all users in their homes
DefaultRoot
~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
RequireValidShell
off
Penambahan User FTP
adduser didik
adduser doni
adduser ahmad

-- 13 --

Kurusetra Computer

Domain Name System Server

Konfigurasi DNS Server Bind9
Kalian pernah mendengar yang namanya DNS Server, pasti sudah khan, karena DNS Server
merupakan komponen terpenting dalam jaringan internet. Fungsi DNS Server adalah untuk
menterjemahkan nama komputer menjadi alamat IP, www.kurusetra.web.id menjadi 192.168.1.100.
Agar aplikasi web browser bisa tersambung dengan server web yang dituju. Selain itu fungsi DNS
juga untuk melakukan manajemen domain internet dan sebagai Mail Exchange.
Tutorial kali ini membahas konfigurasi DNS Server BIND9 pada sistem operasi linux ubuntu.
Untuk lebih mudahnya kita gunakan aplikasi Webmin, web based system administrator tools yang
berjalan pada port 10000 dan https. Webmin dapat di download di www.webmin.com dengan
pilihan paket Debian. Konfigurasi kita bahas untuk melakukan manajemen domain kurusetra.web.id
dengan nama komputer www, mail, vpn dan ftp. Langkah yang perlu kita lakukan adalah;
Instalasi Webmin
root@ubuntu:~# dpkg -i webmin_1.580_all.deb
root@ubuntu:~# apt-get -f install
root@ubuntu:~# /etc/init.d/webmin restart
Instalasi Bind9
root@ubuntu:~# apt-get install bind9
Login ke Webmin
Setelah ada tampilan login, masukan user root dan password.
Konfigurasi Bind9
Pilih pada Un-used Modules klik BIND DNS Server, setelah tampil konfigurasi lihat Existing
DNS Zones dan klik Create master zone.
Konfigurasi Domain
Setelah tampil Create Master Zone, masukan di textfield Domain name / Network: kurusetra.web.id
dengan Email address: [email protected] kemudian klik buton Create. Yang lain
biarkan default.

-- 14 --

Kurusetra Computer

Konfigurasi Master Zone

Sekarang yang kita lakukan adalah menambahkan nama komputer. Pada Tampilan Edit Master Zone
klik icon Komputer Address (0).
Konfigurasi Address Records
Konfigurasi address record ini untuk menambahkan nama komputer beserta alamat IP. Isi textfield
Name: www dan 192.168.1.100 , kemudian klik Create

Ulangi prosesnya untuk nama komputer mail (192.168.1.34), ftp (192.168.1.123) dan vpn
(192.168.1.44). Setelah semua selesai klik link Return to zone list.
Kemudian klik pojok kanan atas link Apply Configuration.

-- 15 --

Kurusetra Computer
MX Record

Pengujian DNS Server

Untuk menguji DNS Server kita edit file /etc/resolv.conf kita arahkan ke dns server yang baru kita
setting. Pada contoh gunakan alamat IP localhost 127.0.0.1
root@ubuntu:~# vim /etc/resolv.conf
nameserver 127.0.0.1
root@ubuntu:~# nslookup www.kurusetra.web.id
Server:
127.0.0.1
Address:
127.0.0.1#53
Name: www.kurusetra.web.id
Address: 192.168.1.100
root@ubuntu:~# nslookup vpn.kurusetra.web.id
Server:
127.0.0.1
Address:
127.0.0.1#53
Name: vpn.kurusetra.web.id
Address: 192.168.1.44
Settingan DNS Server sudah berhasil.

Apache Web Server

HTTP
Praktek instalasi aplikasi berbasis web pada direktori /var/www/
HTTPS
a2enmod ssl
mkdir /etc/apache2/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out
/etc/apache2/ssl/apache.crt
vim /etc/apache2/sites-available/default-ssl
#File sertifikat dan key apache disesuaikan
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
-- 16 --

Kurusetra Computer
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
chown -R www-data.www-data /etc/apache2/ssl/
a2ensite default-ssl
service apache2 reload
Virtual Domain Web Server
Menambah user virtual domain
adduser selosari
adduser sawo
adduser magetan
Edit file userdir.conf
vim /etc/apache2/mods-available/userdir.conf
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled root
UserDir enabled selosari sawo magetan
Options ExecCGI
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
</IfModule>
Edit file selosari,sawo dan magetan
vim /etc/apache2/sites-available/selosari
<VirtualHost *:80>
ServerName www.selosari.co.cc
DocumentRoot /home/selosari/public_html
ErrorLog /home/selosari/error.log
TransferLog /home/selosari/access.log
ServerAdmin [email protected]
</VirtualHost>

-- 17 --

Kurusetra Computer
vim /etc/apache2/sites-available/sawo
<VirtualHost *:80>
ServerName www.sawo.co.cc
DocumentRoot /home/sawo/public_html
ErrorLog /home/sawo/error.log
TransferLog /home/sawo/access.log
ServerAdmin [email protected]
</VirtualHost>
vim /etc/apache2/sites-available/magetan
<VirtualHost *:80>
ServerName www.magetan.uni.me
DocumentRoot /home/magetan/public_html
ErrorLog /home/magetan/error.log
TransferLog /home/magetan/access.log
ServerAdmin [email protected]
</VirtualHost>
Aktifkan Virtual Domain
a2ensite selosari
a2ensite sawo
a2ensite magetan
Restart Apache Web Server
/etc/init.d/apache2 restart

Postfix SMTP
Instalasi Postfix
root@budi-desktop:~# apt-get install postfix
Konfigurasi Postfix
root@budi-desktop:~# vim /etc/postfix/main.cf
myhostname=budidesktop
mydomain=kurusetra.web.id
myorigin=$mydomain
alias_maps=hash:/etc/aliases
alias_database=hash:/etc/aliases
mydestination=budidesktop,localhost.localdomain,$mydomain,localhost
relayhost=
mynetworks=127.0.0.0/8[::ffff:127.0.0.0]/104[::1]/128,
192.168.20.0/24,122.200.52.41
mailbox_size_limit=0
recipient_delimiter=+
inet_interfaces=all

-- 18 --

Kurusetra Computer

Dovecot POP3 & IMAP4

Instalasi Dovecot
root@budi-desktop:~# apt-get install dovecot-pop3d dovecot-imapd
Konfigurasi Dovecot
root@budi-desktop:~# vim /etc/dovecot/dovecot.conf
listen = *, ::
root@budi-desktop:~# vim /etc/dovecot/conf.d/10-master.conf
serviceimaplogin{
inet_listenerimap{
port=143
}
inet_listenerimaps{
#port=993
#ssl=yes
}
servicepop3login{
inet_listenerpop3{
port=110
}
inet_listenerpop3s{
#port=995
#ssl=yes
}
}

root@budi-desktop:~# vim /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no
auth_mechanisms = plain
vim /etc/dovecot/conf.d/10-mail.conf
mail_location = mbox:~/mail:INBOX=/var/mail/%u
Pengujian Dovecot POP3
root@budi-desktop:~# telnet 127.0.0.1 110
Trying127.0.0.1...
Connectedto127.0.0.1.
Escapecharacteris'^]'.
+OKDovecotready.
userbudi
+OK
pass1

-- 19 --

Kurusetra Computer

Squirrelmail Webmail Client

Instalasi Squirrelmail
root@budi-desktop:~# apt-get install squirrelmail
Konfigurasi Squirrelmail
root@budi-desktop:~# vim /etc/apache2/apache2.conf
Alias /webmail /usr/share/squirrelmail/
root@budi-desktop:~# /etc/init.d/apache2 restart
Login ke squirrelmail
Buka web browser lalu ketik http://127.0.0.1/webmail/ kemudian login menggunakan user dan
password POP3.

Integrasi Antivirus Clamav

Pertama kita install clamsmtp
budi@budi-desktop:~$ sudo su [sudo] password for budi:
root@budi-desktop:~# apt-get install clamsmtp
Kemudian kita konfigurasi postfix main.cf
root@budi-desktop:~# vim /etc/postfix/main.cf
#baris paling bawah kita tambahkan
content_filter = scan:127.0.0.1:10026
receive_override_options = no_address_mappings

-- 20 --

Kurusetra Computer
Konfigurasikan juga postfix master.cf
root@budi-desktop:~# vim /etc/postfix/master.cf
smtpinetnsmtpd
scanunixn16smtp
osmtp_send_xforward_command=yes
#Forinjectingmailbackintopostfixfromthefilter
127.0.0.1:10027inetnn16smtpd
ocontent_filter=
oreceive_override_options=no_unknown_recipient_checks,no_header_body_checks
osmtpd_helo_restrictions=
osmtpd_client_restrictions=
osmtpd_sender_restrictions=
osmtpd_recipient_restrictions=permit_mynetworks,reject
omynetworks_style=host
osmtpd_authorized_xforward_hosts=127.0.0.0/8

Rubah port di clamsmtpd.conf

root@budi-desktop:~# vim /etc/clamsmtpd.conf
OutAddress: 10027
Restart postfix dan clamsmtp
root@budi-desktop:~# /etc/init.d/postfix restart
root@budi-desktop:~# /etc/init.d/clamsmtp restart
Pengujian integrasi antivirus clamav
Kirim email bervirus ke user account server email
Hasil scanning antivirus clamsmtp

Jul119:10:03budidesktoppostfix/smtp[8738]:B00E9860BA:to=<[email protected]>,
relay=127.0.0.1[127.0.0.1]:10026, delay=1.3, delays=0.15/0.01/0.37/0.79, dsn=2.0.0,
status=sent(250VirusDetected;DiscardedEmail)
Jul 1 19:10:03 budidesktop clamsmtpd: 100000: [email protected],
[email protected],status=VIRUS:Worm.VBS14

-- 21 --

Kurusetra Computer

Integrasi Antispam Spamassassin

Instalasi Paket Spamassassin
apt-get install spamassassin spamc
Pembuatan user dan direktori
groupadd -g 5001 spamd
useradd -u 5001 -g spamd -s /usr/sbin/nologin -d /var/lib/spamassassin spamd
mkdir /var/lib/spamassassin
chown spamd:spamd /var/lib/spamassassin
Startup Spamassassin
vim /etc/default/spamassassin
ENABLED=1
SAHOME="/var/lib/spamassassin/"
OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir ${SAHOME}
-s /var/log/spamd.log"
PIDFILE="${SAHOME}spamd.pid"
Konfigurasi Spamassassin
vim /etc/spamassassin/local.cf
rewrite_header Subject *****SPAM*****
report_safe 1
required_score 2.0
use_bayes 1
bayes_auto_learn 1
Konfigurasi Postfix
vim /etc/postfix/master.cf
smtpinetnsmtpd
ocontent_filter=spamassassin
spamassassinunixnnpipe
user=spamdargv=/usr/bin/spamcfe
/usr/sbin/sendmailoif${sender}${recipient}

Restart Service Postfix dan Spamassassin

/etc/init.d/spamassassin restart
/etc/init.d/postfix restart

-- 22 --

Kurusetra Computer

Simple Network Management Protocol

Instalasi Network SNMP
apt-get install snmp snmpd snmp-mibs-downloader cacti
Konfigurasi SNMP
vim /etc/snmp/snmpd.conf
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161
rocommunity public
com2sec public default public
com2sec public 0.0.0.0 public
sysLocation Router Rumah Magetan
sysContact Budi Santoso <[email protected]>
vim /etc/default/snmpd
SNMPDRUN=yes
Konfigurasi Cacti
Instalasi awal user admin dan password admin

-- 23 --

Kurusetra Computer

-- 24 --

Kurusetra Computer

Virtual Private Networking

Konfigurasi Server VPN
aptgetinstallopenvpnopensshserver
cd/usr/share/doc/openvpn/examples/easyrsa/
cd1.0/
vimvars
source./vars
./cleanall
./buildca
./buildkeyserver
./buildkeyserverserver
./buildkeyclient1
./buildkeyclient2
./buildkeyclient3
./buildkeyclient4
./builddh

cp keys/* /etc/openvpn/
cd/usr/share/doc/openvpn/examples/sampleconfigfiles/
cpserver.conf.gz/etc/openvpn/
cd/etc/openvpn/
gunzipserver.conf.gz
vimserver.conf
port1194
protoudp
devtap
caca.crt
certserver.crt
keyserver.key
dhdh1024.pem
server10.8.20.0255.255.255.0
ifconfigpoolpersistipp.txt
clienttoclient
keepalive10120
complzo
persistkey
persisttun
statusopenvpnstatus.log
verb3
cd/usr/share/doc/openvpn/examples/easyrsa/1.0/keys/
scprclient1.*root@ipclient1:/etc/openvpn/
scprdh1024.pemroot@ipclient1:/etc/openvpn/
scprca.*root@ipclient1:/etc/openvpn/

Konfigurasi Static IP Client

vim /etc/openvpn/server.conf
client-config-dir /etc/openvpn/ccd
mkdir /etc/openvpn/ccd
vim /etc/openvpn/ccd/client1 (nama file sesuai sertifikat)
ifconfig-push 10.8.20.30 255.255.255.0
/etc/init.d/openvpn restart
-- 25 --

Kurusetra Computer

Konfigurasi klien VPN

aptgetinstallopenvpnopensshserver
cd/usr/share/doc/openvpn/examples/sampleconfigfiles/
cpclient.conf/etc/openvpn/
cd/etc/openvpn
vimclient.conf
client
devtun
protoudp
remoteIP_VPN_SERVER1194
resolvretryinfinite
nobind
persistkey
persisttun
caca.crt
certclient1.crt
keyclient1.key
complzo
verb3

-- 26 --