sobey

Setting FTP(ProFTP) sederhana di Slackware 10

February 28, 2008 by subyhandoko

Bismillahirrohmanirrohim

Ini adalah isi file asli proftpd.conf bawaan slackware10

—————proftpd.conf—————————

# This is a basic ProFTPD configuration file.

# It establishes a single server and a single anonymous login.

# It assumes that you have a user/group “nobody” and “ftp”

# for normal/anonymous operation.

ServerName “ProFTPD Default Installation”

#ServerType standalone

ServerType inetd

DefaultServer on

# Port 21 is the standard FTP port.

Port 21

# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask 022

# To prevent DoS attacks, set the maximum number of child processes

# to 30. If you need to allow more than 30 concurrent connections

# at once, simply increase this value. Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd)

MaxInstances 30

# Set the user and group that the server normally runs at.

User nobody

Group nogroup

# This next option is required for NIS or NIS+ to work properly:

#PersistentPasswd off

SystemLog /var/log/proftpd.log

TransferLog /var/log/xferlog

# Normally, we want files to be overwriteable.

AllowOverwrite on

</Directory>

# A basic anonymous FTP server configuration.

# To enable this, remove the user ftp from /etc/ftpusers.

RequireValidShell off

User ftp

Group ftp

# We want clients to be able to login with “anonymous” as well as “ftp”

UserAlias anonymous ftp

# Limit the maximum number of anonymous logins

MaxClients 50

# We want ‘welcome.msg’ displayed at login, and ‘.message’ displayed

# in each newly chdired directory.

DisplayLogin welcome.msg

DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot

DenyAll

</Limit>

# An upload directory that allows storing files but not retrieving

# or creating directories.

# <Directory incoming/*>

# <Limit READ>

# DenyAll

# </Limit>

# <Limit STOR>

# AllowAll

# </Limit>

# </Directory>

</Anonymous>

———————-eof proftpd.conf————————–

Konfigurasi diatas sebenarnya jika dijalankan sudah menjadi FTP server tetapi tidak aman. Tidak aman karena DefaultRoot nya tidak didefinisikan sehingga user dapat menjelajah kesystem.

Berikut adalah konfigurasi sederhana ftp agar DefaulRoot user hanya bisa mengakses folder /home/ :

————————-proftpd.conf————————–

ServerName “Sobey ProFTPD Server”

ServerType inetd

DefaultServer on

Port 21

Umask 022

MaxInstances 30

User suby

Group users

DefaultRoot /home/

SystemLog /var/log/proftpd.log

TransferLog /var/log/xferlog

AllowOverwrite on

</Directory>

MaxClients 50

DisplayLogin welcome.msg

DisplayFirstChdir .message

———————–eof proftpd.conf————————

Sebelum menjalankan FTP server kita perlu mengaktifkan servicenya di /etc/inetd.conf karena ServerType yang digunakan pada konfigurasi diatas menggunakan “inetd” bukan “standalone”.

Edit file /etc/inetd.conf:

root@Slackware10:~# pico /etc/inetd.conf

———————inetd.conf————————-

# These are standard services:

# File Transfer Protocol (FTP) server:

ftp stream tcp nowait root /usr/sbin/tcpd proftpd

———————eof inetd.conf———————-

Menjalankan service FTP server:

root@Slackware10:~# /usr/sbin/inetd

Mematikan service FTP server:

root@Slackware10:~# killall inetd

Check service FTP Server:

root@Slackware10:~# ps aux | grep inetd

root 1078 0.0 0.3 1380 528 ? Ss 15:52 0:00

Atau

root@Slackware10:~# nmap localhost

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2007-11-22 15:40

WIT

Interesting ports on localhost (127.0.0.1):

(The 1653 ports scanned but not shown below are in state: closed)

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

37/tcp open time

113/tcp open auth

139/tcp open netbios-ssn

445/tcp open microsoft-ds

Nmap run completed — 1 IP address (1 host up) scanned in 0.724 seconds

Test FTP dari klien:

Buat user baru untuk ftp:

root@Slackware10:~# adduser suby

New password:123456

Re-enter new password:123456

Password changed

Coba lewat DOS:

C:Documents and SettingsIT-PRG>ftp 192.168.1.100

Connected to 192.168.1.100.

220 ProFTPD 1.2.9 Server (ProFTPD Default Installation) [Slackware10.sobey.net.id]

User (192.168.1.100:(none)): suby

331 Password required for suby.

Password:123456

230 User suby logged in.

ftp> ls

200 PORT command successful

150 Opening ASCII mode data connection for file list

sam.txt

Eny.jpg

proftpd.conf

226 Transfer complete.

ftp: 39 bytes received in 0,00Seconds 39000,00Kbytes/sec.

ftp>

Kalau lewat Internet Explorer pada address bar ketik ftp://192.168.1.100

Agar FTP dapat diakses mengunakan alamat domain tambahkan konfigurasi pada akhir /etc/inetd.conf sbb:

<VirtualHost sobey.net>

Port 2001

ServerAdmin suby@sobey.net

ServerName “Sobey FTP Server”

TrasferLog /var/spool/syslog/xfer/ftp.sobey.net

MaxLoginAttempts 3

RequireValidShell no

DefaultRoot /home/suby/

User suby

Group users

AllowOverWrite yes

<Directory /home/suby/>

<Limit ALL>

AllowUser suby

Allow .sobey.net

Allow 192.168.1.202

DenyAll

</Limit>

</Directory>

</VirtualHost>

Kalau lewat Internet Explorer pada address bar ketik ftp.sobey.net

Catatan server dns untuk sobey.net harus jalan

Posted in Slackware | Leave a Comment »

Setting DNS(BIND) di Slackware 10

February 28, 2008 by subyhandoko

Bismillahirrohmanirrohim

Disini dns(bin) saya taruh pada server proxy yang menggunakan dua lan card ip public eth0 = 61.8.79.122 netmask 255.255.255.248 dan ip local = eth0 172.20.0.1 netmask 255.255.0.0

IP Server yang akan digunakan sbb:

Proxy server = 61.8.79.122 (sebagai ns1)

Mail server = 61.8.79.123 (sebagai ns2)

Web server = 61.8.79.124

Voip server = 172.20.172.172

Mrtg = 61.8.79.122/172.20.0.1

Sarg = 61.8.79.122/172.20.0.1

Saran**

Sebaiknya Proxy tidak dibebani dg mrtg

Edit file /etc/named.conf seperti berikut:

root@Slackware10:/# pico /etc/named.conf

—————named.conf—————————–

controls {

inet 127.0.0.1 allow { localhost; } keys { rndckey; };

};

include “/etc/rndc.key”;

options {

directory “/var/named”;

* If there is a firewall between you and nameservers you want

* to talk to, you might need to uncomment the query-source

* directive below. Previous versions of BIND always asked

* questions using port 53, but BIND 8.1 uses an unprivileged

* port by default.

// query-source address * port 53;

};

// a caching only nameserver config

zone “.” IN {

type hint;

file “named.ca”;

};

zone “localhost” IN {

type master;

file “localhost.zone”;

allow-update { none; };

};

zone “0.0.127.in-addr.arpa” IN {

type master;

file “named.local”;

allow-update { none; };

};

zone “79.8.61″ IN {

type master;

file “db.61.8.79″;

};

zone “20.172.in-addr.arpa” IN {

type master;

file “db.172.20″;

};

zone “lawu.net” IN {

type master;

file “db.lawu”;

};

zone “sobey.net” IN {

type master;

file “db.sobey”;

};

—————–end of file———————–

Copy file named.ca, localhost.zone, named.local dari /var/named/caching-example ke /var/named :

root@Slackware10:/# cd /var/named

root@Slackware10:/var/named# cp caching-example/*.* /var/named

Buat file db.61.8.79, db.172.20, db.lawu, db.sobey :

db.61.8.79

root@Slackware10:/var/named# pico db.61.8.79

$TTL 86400

@ IN SOA lawu.net. suby (

2 ; serial

28800 ; refresh

7200 ; retry

604800 ; expire

86400 ; ttl

)

@ IN NS ns1.lawu.net.

@ IN NS ns2.lawu.net.

122 IN PTR ns1.lawu.net.

123 IN PTR ns2.lawu.net.

123 IN PTR mail.lawu.net.

124 IN PTR www.lawu.net.

db.172.20

root@Slackware10:/var/named# pico db.172.20

$TTL 86400

@ IN SOA lawu.net. suby (

2 ; serial

28800 ; refresh

7200 ; retry

604800 ; expire

86400 ; ttl

)

@ IN NS ns1.lawu.net.

0.1 IN PTR ns1.lawu.net.

IN PTR mail.lawu.net.

IN PTR www.lawu.net.

db.lawu

root@Slackware10:/var/named# pico db.lawu

$TTL 86400

@ IN SOA lawu.net. suby (

2 ; serial

28800 ; refresh

7200 ; retry

604800 ; expire

86400 ; ttl

)

@ IN NS ns1.lawu.net.

@ IN NS ns2.lawu.net.

@ IN MX 10 mail.lawu.net.

ns1 IN A 61.8.79.122

ns2 IN A 61.8.79.123

mail IN A 61.8.79.123

www IN A 61.8.79.124

mrtg IN A 61.8.79.122

sarg IN A 61.8.79.122

vqadmin IN A 61.8.79.123

voip IN A 172.20.172.172

psbonline IN A 172.20.37.202

db.sobey

root@Slackware10:/var/named#

$TTL 86400

@ IN SOA sobey.net. suby (

2 ; serial

28800 ; refresh

7200 ; retry

604800 ; expire

86400 ; ttl

)

@ IN NS ns1.sobey.net.

@ IN NS ns2.sobey.net.

@ IN MX 10 mail.sobey.net.

ns1 IN A 61.8.79.122

ns2 IN A 61.8.79.123

mail IN A 61.8.79.123

www IN A 61.8.79.124

mrtg IN A 61.8.79.122

proxy IN A 61.8.79.122

cak IN CNAME ns1

mas IN CNAME ns2

Edit /etc/resolv.conf seperti berikut:

search lawu.net # nama domain host komputer

nameserver 61.8.79.122 # tambahkan ip ns1 dan ns2 agar domain

nameserver 61.8.79.123 # yang kita buat dikenal dalam jaringan

# lokal

nameserver 202.134.1.10 # DNS ISP

nameserver 202.134.0.155 # DNS ISP

Jalankan dan mematikan sevice :

root@Slackware10:/# /etc/rc.d/rc.bind start | stop | restart

atau kalau rc.bind tidak ada

untuk start:

root@Slackware10:/# /usr/sbin/named

untuk stop:

root@Slackware10:/# killall named

Periksa apakah sudah running dengan benar:

root@Slackware10:/# ps aux | grep named

root 1061 0.0 1.5 4508 2460 ? Ss 20:46 0:00 /usr/sbin/named

atau

root@Slackware10:/# nmap localhost

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2007-11-21 20:32

WIT

Interesting ports on localhost (127.0.0.1):

(The 1652 ports scanned but not shown below are in state: closed)

PORT STATE SERVICE

22/tcp open ssh

37/tcp open time

53/tcp open domain

113/tcp open auth

139/tcp open netbios-ssn

445/tcp open microsoft-ds

953/tcp open rndc

Nmap run completed — 1 IP address (1 host up) scanned in 1.093 seconds

seep berarti bind sudah running..!!

TEST…!!!

Saya test domain sobey.net

root@Slackware10:/# nslookup www.sobey.net

Note: nslookup is deprecated and may be removed from future releases.

Consider using the `dig’ or `host’ programs instead. Run nslookup with

the `-sil[ent]‘ option to prevent this message from appearing.

Server: 192.168.1.100

Address: 192.168.1.100#53

Name: www.sobey.net

Address: 61.8.79.124

root@Slackware10:/var/named# dig sobey.net

; <<>> DiG 9.2.3 <<>> sobey.net

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50907

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;sobey.net. IN A

;; AUTHORITY SECTION:

sobey.net. 86400 IN SOA sobey.net. suby.sobey.net.

2 28800 7200 604800 86400

;; Query time: 4 msec

;; SERVER: 127.0.0.1#53(localhost)

;; WHEN: Wed Nov 21 20:33:59 2007

;; MSG SIZE rcvd: 68

root@Slackware10:/var/named# host -vl sobey.net

Trying “sobey.net”

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30623

;; flags: qr aa ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;

;; ANSWER SECTION:

sobey.net. 86400 IN NS ns1.sobey.net.

sobey.net. 86400 IN NS ns2.sobey.net.

mail.sobey.net. 86400 IN A 61.8.79.123

mrtg.sobey.net. 86400 IN A 61.8.79.122

ns1.sobey.net. 86400 IN A 61.8.79.122

ns2.sobey.net. 86400 IN A 61.8.79.123

proxy.sobey.net. 86400 IN A 61.8.79.122

www.sobey.net. 86400 IN A 61.8.79.124

Received 272 bytes from 127.0.0.1#53 in 6 ms

root@Slackware10:/var/named# host ns1.sobey.net

ns1.sobey.net has address 61.8.79.122

root@Slackware10:/var/named# host -t ns sobey.net

sobey.net name server ns2.sobey.net.

sobey.net name server ns1.sobey.net.

root@Slackware10:/var/named# host -t mx sobey.net

sobey.net mail is handled by 10 mail.sobey.net.

root@Slackware10:/var/named# host -t cname cak.sobey.net

cak.sobey.net is an alias for ns1.sobey.net.

root@Slackware10:/var/named# host -t cname mas.sobey.net

mas.sobey.net is an alias for ns2.sobey.net.

root@Slackware10:/var/named# dig @172.20.0.1 www.sobey.net mx

Posted in Slackware | Leave a Comment »

Samba server dengan User Authentikasi

February 27, 2008 by subyhandoko

Bismillahirrohmanirrohim

1. Instalasi Samba di:

a. Linux/BSD/Unix (tar.gz)

root@linux:/home/install]# tar zxvf samba-3.0.24.tar.gz

root@linux:/home/install]# cd samba-3.0.24

root@linux:/home/install/samba-3.0.24]# ./configure -–prefix=/usr/local/samba

-–sysconfdir=/etc -–with-automount -–with-quotas -–with-acl-support

root@linux:/home/install/samba-3.0.24]# make && make install

b. Slackware 10.2 (tgz)

Mount CDROM:

root@Slackware10:/# mount /mnt/cdrom/

Instal SAMBA dari CD Installer Slackware 10.2:

root@Slackware10:/# installpkg /mnt/cdrom/slackware/n/samba-3.0.20-i486-2.tgz

Pindah ke direktory /etc/samba:

root@Slackware10:/# cd /etc/samba

Lihat isi direktori /etc/samba:

root@Slackware10:/# ls /etc/samba

private/ smb.conf-sample

Copy/rename “smb.conf-sample” menjadi “smb.conf” :

root@Slackware10:/etc/samba# cp smb.conf-sample smb.conf

Sebelum konfigurasi samba terlebih dahulu buat dulu user:

root@Slackware10:/#adduser suby

New password:123456

Re-enter new password:123456

Password changed

Setiap panambahan user baru pada Slackware 10.2, system secara otomatis akan membuat folder “/home/suby” yang nantinya folder ini kita share dan khusus user suby saja yang boleh mengakses.

2.
Konfigurasi smb.conf

Agar folder /home/suby dapat di share lakukan konfigurasi pada file /etc/samba/smb.conf sbb:

root@Slackware10:/#pico /etc/samba/smb.conf

———-start smb.conf——————-

[global]

workgroup = HARSARI

server string = Samba Server

security = user ; —–Klo Tdk Pake Password—-à security = share

encrypt passwords = No

hosts allow = 192.168.1. 127.

load printers = yes

log file = /var/log/samba.%m

max log size = 50

socket options = TCP_NODELAY

domain master = yes

domain logons = yes

wins support = yes

dns proxy = no

[printers]

comment = All Printers

path = /var/spool/samba

browseable = no

# Set public = yes to allow user ‘guest account’ to print

guest ok = no

writable = no

printable = yes

[suby]

path = /home/suby

valid users = suby

public = no File yang akan di sharing

writeable = yes Hanya suby saja yg bisa akses

browseable = yes

guest ok = yes

[ridwan]

path = /home/ridwan

valid users = ridwan

public = no File yang akan di sharing

writeable = yes hanya ridwan saja yg bisa akses

browseable = yes

guest ok = yes

[master]

path = /home/umum

public = Yes File umum siapa saja bisa akses

writeable = no

browseable = yes

guest ok = yes

—————-end file————————

Jangan lupa simpan hasil konfigurasi(smb.conf bisa dikembangkan sesuai kebutuhan)

Password User Samba

Perintah berikut akan mengalami error

root@Slackware10:/# smbpasswd suby

New SMB password:123456

Retype new SMB password:123456

Failed to find entry for user root

Failed to modify password entry for user root

root@Slackware10:/# smbpasswd -a suby

New SMB password:123456

Retype new SMB password:123456

Added user suby

Jalankan service:

root@Slackware10:/# /etc/rc.d/rc.samba start|stop|restart

Starting Samba: /usr/sbin/smbd –D

/usr/sbin/nmbd -D

Kalau di redhat perintahnya : /etc/init.d/smb start

Check service:

root@Slackware10:/# ps aux | grep smb

root 1230 0.0 1.6 6944 2676 ? Ss 14:44 0:00

3. Samba Command line

a. Untuk menampilkan file share pada workgroup HARSARI seperti My Network Places pada Windows:

root@Slackware10:/# smbtree

Password:123456

HARSARI

\\WANTUTRI

\\WANTUTRI\Film

\\WANTUTRI\C$ Default share

\\WANTUTRI\ADMIN$ Remote Admin

\\WANTUTRI\print$ Printer Drivers

\\WANTUTRI\D$ Default share

\\WANTUTRI\IPC$ Remote IPC

\\WANTUTRI\My Documents

\\WANTUTRI\EPSONS EPSON Stylus Photo R230 Series

\\WANTUTRI\E$ Default share

\\SLACKWARE10 Samba Server

\\SLACKWARE10\ADMIN$ IPC Service (Samba Server)

\\SLACKWARE10\IPC$ IPC Service (Samba Server)

\\SLACKWARE10\suby

\\IT-PRG2

\\IT-PRG2\C$ Default share

\\IT-PRG2\ADMIN$ Remote Admin

\\IT-PRG2\Suby_Music

\\IT-PRG2\Suby_Temp

\\IT-PRG2\print$ Printer Drivers

\\IT-PRG2\D$ Default share

\\IT-PRG2\IPC$ Remote IPC

\\IT-PRG2\E$ Default share

\\IT-PRG2\Suby_Master

b. Untuk melihat file share pada host 192.168.1.202:

root@Slackware10:/# smbclient -L //192.168.1.202

Password:123456

Domain=[IT-PRG2] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]

Sharename Type Comment

——— —- ——-

Suby_Master Disk

E$ Disk Default share

IPC$ IPC Remote IPC

D$ Disk Default share

print$ Disk Printer Drivers

Suby_Temp Disk

Suby_Music Disk

ADMIN$ Disk Remote Admin

C$ Disk Default share

Printer Printer Microsoft Office Document Image Writer

session request to 192.168.1.202 failed (Called name not present)

session request to 192 failed (Called name not present)

Domain=[IT-PRG2] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]

Server Comment

——— ——-

Workgroup Master

——— ——-

c. Untuk masuk ke file share pada host IT-PRG2 folder Suby_Master:

root@Slackware10:/# smbclient ‘//IT-PRG2/Suby_Master’

Password:123456

Domain=[IT-PRG2] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]

smb: \> ls

. D 0 Tue Nov 13 10:20:09 2007

.. D 0 Tue Nov 13 10:20:09 2007

Billing D 0 Thu Mar 8 08:55:24 2007

email_source D 0 Tue Jul 3 01:23:56 2007

firefly-thirdparty.exe A 2192562 Wed Aug 1 14:24:08 2007

mapserver-4.8.1-win32-php4.4.2 D 0 Wed Oct 31 10:40:55 2007

MySQL 5.0 D 0 Sat Sep 29 09:07:22 2007

putty.exe A 376832 Thu Sep 9 22:29:32 2004

Symantec pcAnywhere D 0 Fri Nov 9 09:32:04 2007

UkaUka.nrg A 684828982 Wed Jan 1 06:22:27 1997

46312 blocks of size 524288. 7955 blocks available

smb: \>

Untuk mengambil dan menaruh file gunakan mget dan wget seperti pada FTP

d. Mount folder pada host //IT-PRG2 folder Suby_Master ke computer linux kita:

root@Slackware10:/# smbmount //IT-PRG2/Suby_Master /mnt/tmp/

Password:123456

e. Melihat apa saja yang di share :

root@Slackware10:/# smbstatus

Samba version 3.0.4

PID Username Group Machine

——————————————————————-

Service pid machine Connected at

——————————————————-

No locked files

Posted in Slackware | 1 Comment »

sobey

Just another WordPress.com weblog

Setting FTP(ProFTP) sederhana di Slackware 10

Setting DNS(BIND) di Slackware 10

Samba server dengan User Authentikasi

Archives

Categories

Pages

Blogroll

Meta