Setting FTP(ProFTP) sederhana di Slackware 10

Bismillahirrohmanirrohim

Ini adalah isi file asli proftpd.conf bawaan slackware10

—————proftpd.conf—————————
# This is a basic ProFTPD configuration file.
# It establishes a single server and a single anonymous login.
# It assumes that you have a user/group “nobody” and “ftp”
# for normal/anonymous operation.
ServerName                 “ProFTPD Default Installation”
#ServerType                standalone
ServerType                 inetd
DefaultServer              on
# Port 21 is the standard FTP port.
Port                       21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                      022
# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances               30
# Set the user and group that the server normally runs at.
User                       nobody
Group                      nogroup
# This next option is required for NIS or NIS+ to work properly:
#PersistentPasswd off
SystemLog                   /var/log/proftpd.log
TransferLog                /var/log/xferlog
# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite           on
</Directory>
# A basic anonymous FTP server configuration.
# To enable this, remove the user ftp from /etc/ftpusers.
<Anonymous ~ftp>
RequireValidShell        off
User                     ftp
Group                           ftp
# We want clients to be able to login with “anonymous” as well as “ftp”
UserAlias                anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients               50
# We want ‘welcome.msg’ displayed at login, and ‘.message’ displayed
# in each newly chdired directory.
DisplayLogin                    welcome.msg
DisplayFirstChdir        .message
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
# An upload directory that allows storing files but not retrieving
# or creating directories.
#  <Directory incoming/*>
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
</Anonymous>
———————-eof proftpd.conf————————–

Konfigurasi diatas sebenarnya jika dijalankan sudah menjadi FTP server tetapi tidak aman. Tidak aman karena DefaultRoot nya tidak didefinisikan sehingga user dapat menjelajah kesystem.

Berikut adalah konfigurasi sederhana ftp agar DefaulRoot user hanya bisa mengakses folder /home/ :
————————-proftpd.conf————————–
ServerName                 “Sobey ProFTPD Server”
ServerType                 inetd
DefaultServer              on
Port                       21
Umask                      022
MaxInstances               30
User                       suby
Group                      users
DefaultRoot                /home/
SystemLog                  /var/log/proftpd.log
TransferLog                /var/log/xferlog
<Directory /home>
AllowOverwrite           on
</Directory>
MaxClients                 50
DisplayLogin               welcome.msg
DisplayFirstChdir          .message
———————–eof proftpd.conf————————

Sebelum menjalankan FTP server kita perlu mengaktifkan servicenya di /etc/inetd.conf karena ServerType yang digunakan pada konfigurasi diatas menggunakan “inetd” bukan “standalone”.

Edit file /etc/inetd.conf:
root@Slackware10:~# pico /etc/inetd.conf
———————inetd.conf————————-
.
.
# These are standard services:
#
# File Transfer Protocol (FTP) server:
ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  proftpd
#
.
.
.
———————eof inetd.conf———————-

Menjalankan service FTP server:
root@Slackware10:~# /usr/sbin/inetd

Mematikan service FTP server:
root@Slackware10:~# killall inetd

Check service FTP Server:
root@Slackware10:~# ps aux | grep inetd
root      1078  0.0  0.3  1380  528 ?        Ss   15:52   0:00
Atau
root@Slackware10:~# nmap localhost
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2007-11-22 15:40
WIT
Interesting ports on localhost (127.0.0.1):
(The 1653 ports scanned but not shown below are in state: closed)
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
37/tcp  open  time
113/tcp open  auth
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
Nmap run completed — 1 IP address (1 host up) scanned in 0.724 seconds

Test FTP dari klien:
Buat user baru untuk ftp:
root@Slackware10:~# adduser suby
New password:123456
Re-enter new password:123456
Password changed

Coba lewat DOS:
C:\Documents and SettingsIT-PRG>ftp 192.168.1.100
Connected to 192.168.1.100.
220 ProFTPD 1.2.9 Server (ProFTPD Default Installation) [Slackware10.sobey.net.id]
User (192.168.1.100:(none)): suby
331 Password required for suby.
Password:123456
230 User suby logged in.
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list

sam.txt
Eny.jpg
proftpd.conf

226 Transfer complete.
ftp: 39 bytes received in 0,00Seconds 39000,00Kbytes/sec.
ftp>

Kalau lewat Internet Explorer pada address bar ketik ftp://192.168.1.100
Agar FTP dapat diakses mengunakan alamat domain tambahkan konfigurasi pada akhir /etc/inetd.conf sbb:

<VirtualHost sobey.net>
Port                    2001
ServerAdmin             suby@sobey.net
ServerName              “Sobey FTP Server”
TrasferLog              /var/spool/syslog/xfer/ftp.sobey.net
MaxLoginAttempts        3
RequireValidShell       no
DefaultRoot             /home/suby/
User                    suby
Group                   users
AllowOverWrite          yes
<Directory /home/suby/>
<Limit ALL>
AllowUser suby
Allow .sobey.net
Allow 192.168.1.202
DenyAll
</Limit>
</Directory>
</VirtualHost>

Kalau lewat Internet Explorer pada address bar ketik ftp.sobey.net
*Catatan server dns untuk sobey.net harus jalan

Setting DNS(BIND) di Slackware 10

Bismillahirrohmanirrohim

Disini dns(bin) saya taruh pada server proxy yang menggunakan dua lan card ip public eth0 = 61.8.79.122 netmask 255.255.255.248 dan ip local = eth0 172.20.0.1 netmask 255.255.0.0

IP Server yang akan digunakan sbb:

• Proxy server = 61.8.79.122 (sebagai ns1)
• Mail server     = 61.8.79.123 (sebagai ns2)
• Web server     = 61.8.79.124
• Voip server    = 172.20.172.172
• Mrtg                  = 61.8.79.122/172.20.0.1
• Sarg                   = 61.8.79.122/172.20.0.1

Saran**
Sebaiknya Proxy tidak dibebani dg mrtg

Edit file /etc/named.conf seperti berikut:

root@Slackware10:/# pico /etc/named.conf
—————named.conf—————————–
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include “/etc/rndc.key”;

options {
directory “/var/named”;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below.  Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//

zone “.” IN {
type hint;
file “named.ca”;
};

zone “localhost” IN {
type master;
file “localhost.zone”;
allow-update { none; };
};

zone “0.0.127.in-addr.arpa” IN {
type master;
file “named.local”;
allow-update { none; };
};

zone “79.8.61″ IN {
type master;
file “db.61.8.79″;
};

zone “20.172.in-addr.arpa” IN {
type master;
file “db.172.20″;
};

zone “lawu.net” IN {
type master;
file “db.lawu”;
};

zone “sobey.net” IN {
type master;
file “db.sobey”;
};
—————–end of file———————–

Copy file named.ca, localhost.zone, named.local dari /var/named/caching-example ke /var/named :
root@Slackware10:/# cd /var/named
root@Slackware10:/var/named# cp caching-example/*.* /var/named

Buat file db.61.8.79, db.172.20, db.lawu, db.sobey :
db.61.8.79
root@Slackware10:/var/named# pico db.61.8.79
$TTL 86400
@     IN    SOA   lawu.net.   suby (
2 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)
@     IN    NS    ns1.lawu.net.
@     IN    NS    ns2.lawu.net.
122   IN    PTR   ns1.lawu.net.
123   IN    PTR   ns2.lawu.net.
123   IN    PTR   mail.lawu.net.
124   IN    PTR   www.lawu.net.

db.172.20
root@Slackware10:/var/named# pico db.172.20
$TTL 86400
@     IN    SOA   lawu.net.   suby (
2 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)
@     IN    NS    ns1.lawu.net.
0.1   IN    PTR   ns1.lawu.net.
IN    PTR   mail.lawu.net.
IN    PTR   www.lawu.net.

db.lawu
root@Slackware10:/var/named# pico db.lawu
$TTL 86400
@     IN    SOA   lawu.net.  suby (
2 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)
@           IN    NS    ns1.lawu.net.
@           IN    NS    ns2.lawu.net.
@           IN    MX    10    mail.lawu.net.
ns1         IN    A     61.8.79.122
ns2         IN    A     61.8.79.123
mail        IN    A     61.8.79.123
www         IN    A     61.8.79.124
mrtg        IN    A     61.8.79.122
sarg        IN    A     61.8.79.122
vqadmin     IN    A     61.8.79.123
voip        IN    A     172.20.172.172
psbonline   IN    A     172.20.37.202

db.sobey
root@Slackware10:/var/named# pico db.sobey
$TTL 86400
@     IN    SOA   sobey.net.  suby (
2 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)
@     IN    NS    ns1.sobey.net.
@     IN    NS    ns2.sobey.net.
@     IN    MX    10    mail.sobey.net.
ns1   IN    A     61.8.79.122
ns2   IN    A     61.8.79.123
mail  IN    A     61.8.79.123
www   IN    A     61.8.79.124
mrtg  IN    A     61.8.79.122
proxy IN    A     61.8.79.122
cak   IN    CNAME       ns1
mas   IN    CNAME       ns2

Edit /etc/resolv.conf seperti berikut:

search lawu.net               # nama domain host komputer
nameserver 61.8.79.122        # tambahkan ip ns1 dan ns2 agar domain
nameserver 61.8.79.123        # yang kita buat dikenal dalam jaringan lokal
nameserver 202.134.1.10       # DNS ISP
nameserver 202.134.0.155      # DNS ISP

Jalankan dan mematikan sevice :
root@Slackware10:/# /etc/rc.d/rc.bind start | stop | restart

atau kalau rc.bind tidak ada
untuk start:
root@Slackware10:/# /usr/sbin/named

untuk stop:
root@Slackware10:/# killall named

Periksa apakah sudah running dengan benar:
root@Slackware10:/# ps aux | grep named
root  1061  0.0  1.5  4508 2460 ?   Ss  20:46  0:00 /usr/sbin/named
atau
root@Slackware10:/# nmap localhost
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2007-11-21 20:32
WIT
Interesting ports on localhost (127.0.0.1):
(The 1652 ports scanned but not shown below are in state: closed)
PORT    STATE SERVICE
22/tcp  open  ssh
37/tcp  open  time
53/tcp  open  domain
113/tcp open  auth
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
953/tcp open  rndc
Nmap run completed — 1 IP address (1 host up) scanned in 1.093 seconds

seep berarti bind sudah running..!!

TEST…!!!

Saya test domain sobey.net

root@Slackware10:/# nslookup www.sobey.net
Note:  nslookup is deprecated and may be removed from future releases.
Consider using the `dig’ or `host’ programs instead.  Run nslookup with
the `-sil[ent]‘ option to prevent this message from appearing.
Server:         192.168.1.100
Address:        192.168.1.100#53
Name:   www.sobey.net
Address: 61.8.79.124

root@Slackware10:/var/named# dig sobey.net
; <<>> DiG 9.2.3 <<>> sobey.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50907
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;sobey.net.                     IN      A
;; AUTHORITY SECTION:
sobey.net.              86400   IN      SOA     sobey.net. suby.sobey.net.
2 28800 7200 604800 86400
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Wed Nov 21 20:33:59 2007
;; MSG SIZE  rcvd: 68

root@Slackware10:/var/named# host -vl sobey.net
Trying “sobey.net”
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30623
;; flags: qr aa ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;
;; ANSWER SECTION:
sobey.net.              86400   IN      NS      ns1.sobey.net.
sobey.net.              86400   IN      NS      ns2.sobey.net.
mail.sobey.net.         86400   IN      A       61.8.79.123
mrtg.sobey.net.         86400   IN      A       61.8.79.122
ns1.sobey.net.          86400   IN      A       61.8.79.122
ns2.sobey.net.          86400   IN      A       61.8.79.123
proxy.sobey.net.        86400   IN      A       61.8.79.122
www.sobey.net.          86400   IN      A       61.8.79.124
Received 272 bytes from 127.0.0.1#53 in 6 ms

root@Slackware10:/var/named# host ns1.sobey.net
ns1.sobey.net has address 61.8.79.122

root@Slackware10:/var/named# host -t ns sobey.net
sobey.net name server ns2.sobey.net.
sobey.net name server ns1.sobey.net.

root@Slackware10:/var/named# host -t mx sobey.net
sobey.net mail is handled by 10 mail.sobey.net.

root@Slackware10:/var/named# host -t cname cak.sobey.net
cak.sobey.net is an alias for ns1.sobey.net.

root@Slackware10:/var/named# host -t cname mas.sobey.net
mas.sobey.net is an alias for ns2.sobey.net.

root@Slackware10:/var/named# dig @172.20.0.1 www.sobey.net mx

Samba server dengan User Authentikasi

Bismillahirrohmanirrohim

A. INSTALL SAMBA
1. Linux/BSD/Unix (tar.gz)
root@linux:/home/install]# tar zxvf samba-3.0.24.tar.gz
root@linux:/home/install]# cd samba-3.0.24
root@linux:/home/install/samba-3.0.24]# ./configure –prefix=/usr/local/samba –sysconfdir=/etc –with-automount –with-quotas –with-acl-support
root@linux:/home/install/samba-3.0.24]# make && make install

2. Slackware 10.2 (tgz)
Mount CDROM:
root@Slackware10:/# mount /mnt/cdrom/

Instal SAMBA dari CD Installer Slackware 10.2:
root@Slackware10:/# installpkg /mnt/cdrom/slackware/n/samba-3.0.20-i486-2.tgz

Pindah ke direktory /etc/samba:
root@Slackware10:/# cd /etc/samba

Lihat isi direktori /etc/samba:
root@Slackware10:/# ls /etc/samba
private/ smb.conf-sample

Copy/rename “smb.conf-sample” menjadi “smb.conf” :
root@Slackware10:/etc/samba# cp smb.conf-sample smb.conf

Sebelum konfigurasi samba terlebih dahulu buat dulu user:
root@Slackware10:/#adduser suby
New password:123456
Re-enter new password:123456
Password changed

Setiap panambahan user baru pada Slackware 10.2, system secara otomatis akan membuat folder “/home/suby” yang nantinya folder ini kita share dan khusus user suby saja yang boleh mengakses.

B. KONFUGURASI (smb.conf)
Agar folder /home/suby dapat di share lakukan konfigurasi pada file /etc/samba/smb.conf sbb:
root@Slackware10:/#pico /etc/samba/smb.conf
———-start smb.conf——————-
[global]
workgroup = HARSARI
server string = Samba Server
security = user ; —–Klo Tdk Pake Password—-à security = share
encrypt passwords = No
hosts allow = 192.168.1. 127.
load printers = yes
log file = /var/log/samba.%m
max log size = 50
socket options = TCP_NODELAY
domain master = yes
domain logons = yes
wins support = yes
dns proxy = no

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user ‘guest account’ to print
guest ok = no
writable = no
printable = yes

[suby]
path = /home/suby
valid users = suby
public = no ;File yang akan di sharing
writeable = yes ;Hanya suby saja yg bisa akses
browseable = yes
guest ok = yes

[ridwan]
path = /home/ridwan
valid users = ridwan
public = no ;File yang akan di sharing
writeable = yes ;hanya ridwan saja yg bisa akses
browseable = yes
guest ok = yes

[master]
path = /home/umum
public = Yes ;File umum siapa saja bisa akses
writeable = no
browseable = yes
guest ok = yes
—————-end file————————

Jangan lupa simpan hasil konfigurasi(smb.conf bisa dikembangkan sesuai kebutuhan)

C. PASSWORD USER
Perintah berikut akan mengalami error
root@Slackware10:/# smbpasswd suby
New SMB password:123456
Retype new SMB password:123456
Failed to find entry for user root
Failed to modify password entry for user root

root@Slackware10:/# smbpasswd -a suby
New SMB password:123456
Retype new SMB password:123456
Added user suby

Jalankan service:
root@Slackware10:/# /etc/rc.d/rc.samba start|stop|restart
Starting Samba: /usr/sbin/smbd –D
/usr/sbin/nmbd -D

Kalau di redhat perintahnya : /etc/init.d/smb start
Check service:
root@Slackware10:/# ps aux | grep smb
root 1230 0.0 1.6 6944 2676 ? Ss 14:44 0:00

D. SAMBA COMMAND LINE
1. Untuk menampilkan file share pada workgroup HARSARI seperti My Network Places pada Windows:
root@Slackware10:/# smbtree
Password:123456
HARSARI
\\WANTUTRI
\\WANTUTRI\Film
\\WANTUTRI\C$ Default share
\\WANTUTRI\ADMIN$ Remote Admin
\\WANTUTRI\print$ Printer Drivers
\\WANTUTRI\D$ Default share
\\WANTUTRI\IPC$ Remote IPC
\\WANTUTRI\My Documents
\\WANTUTRI\EPSONS EPSON Stylus Photo R230 Series
\\WANTUTRI\E$ Default share
\\SLACKWARE10 Samba Server
\\SLACKWARE10\ADMIN$ IPC Service (Samba Server)
\\SLACKWARE10\IPC$ IPC Service (Samba Server)
\\SLACKWARE10\suby
\\IT-PRG2
\\IT-PRG2\C$ Default share
\\IT-PRG2\ADMIN$ Remote Admin
\\IT-PRG2\Suby_Music
\\IT-PRG2\Suby_Temp
\\IT-PRG2\print$ Printer Drivers
\\IT-PRG2\D$ Default share
\\IT-PRG2\IPC$ Remote IPC
\\IT-PRG2\E$ Default share
\\IT-PRG2\Suby_Master

2. Untuk melihat file share pada host 192.168.1.202:
root@Slackware10:/# smbclient -L //192.168.1.202
Password:123456
Domain=[IT-PRG2] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
Sharename Type Comment
——— —- ——-
Suby_Master Disk
E$ Disk Default share
IPC$ IPC Remote IPC
D$ Disk Default share
print$ Disk Printer Drivers
Suby_Temp Disk
Suby_Music Disk
ADMIN$ Disk Remote Admin
C$ Disk Default share
Printer Printer Microsoft Office Document Image Writer
session request to 192.168.1.202 failed (Called name not present)
session request to 192 failed (Called name not present)
Domain=[IT-PRG2] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
Server Comment
——— ——-
Workgroup Master
——— ——-

3. Untuk masuk ke file share pada host IT-PRG2 folder Suby_Master:
root@Slackware10:/# smbclient ‘//IT-PRG2/Suby_Master’
Password:123456
Domain=[IT-PRG2] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
smb: \> ls
. D 0 Tue Nov 13 10:20:09 2007
.. D 0 Tue Nov 13 10:20:09 2007
Billing D 0 Thu Mar 8 08:55:24 2007
email_source D 0 Tue Jul 3 01:23:56 2007
firefly-thirdparty.exe A 2192562 Wed Aug 1 14:24:08 2007
mapserver-4.8.1-win32-php4.4.2 D 0 Wed Oct 31 10:40:55 2007
MySQL 5.0 D 0 Sat Sep 29 09:07:22 2007
putty.exe A 376832 Thu Sep 9 22:29:32 2004
Symantec pcAnywhere D 0 Fri Nov 9 09:32:04 2007
UkaUka.nrg A 684828982 Wed Jan 1 06:22:27 1997
46312 blocks of size 524288. 7955 blocks available
smb: \>

Untuk mengambil dan menaruh file gunakan mget dan wget seperti pada FTP

4. Mount folder pada host //IT-PRG2 folder Suby_Master ke computer linux kita:
root@Slackware10:/# smbmount //IT-PRG2/Suby_Master /mnt/tmp/
Password:123456

5. Melihat apa saja yang di share :
root@Slackware10:/# smbstatus
Samba version 3.0.4
PID Username Group Machine
——————————————————————-
Service pid machine Connected at
——————————————————-
No locked files