Post on 08-Jan-2023
OpenBSD System & Network Administrator
Disusun Oleh:
Budi Santosa,STKurusetra Computer
www.kurusetra.web.id
OpenBSD System & Network Administrator
Daftar IsiBerkeley Software Distribution..................................................................................................3OpenBSD Filesystem Hierarchy.................................................................................................3Instalasi OpenBSD......................................................................................................................4Login OpenBSD..........................................................................................................................6Repository OpenBSD..................................................................................................................7Pengelolaan User dan Group.......................................................................................................7Pengelolaan Tanggal dan Jam.....................................................................................................8Pencarian File dan direktori........................................................................................................9Pengelolaan Perangkat Keras......................................................................................................9Pengelolaan Proses....................................................................................................................10System Service Startup.............................................................................................................12Sistem Log................................................................................................................................12File Konfigurasi /ETC...............................................................................................................13OpenBSD Networking..............................................................................................................14BIND9 DNS Server..................................................................................................................16Webmin System Management...................................................................................................16Apache Web Server & MySQL Database.................................................................................16Squid3 proxy Server..................................................................................................................18Internet Gateway.......................................................................................................................19Port Forwarding........................................................................................................................21Firewall Packet Filtering...........................................................................................................21Ikuti Kursus OpenBSD Online.................................................................................................22
-- 2 --
OpenBSD System & Network Administrator
Berkeley Software Distribution
OpenBSD Filesystem Hierarchy
/ |-- altroot |-- bin |-- boot |-- bsd |-- bsd.rd |-- bsd.sp |-- dev |-- etc |-- home |-- mnt |-- root |-- sbin |-- stand |-- sys -> usr/src/sys |-- tmp |-- usr `-- var
-- 3 --
OpenBSD System & Network Administrator
Login OpenBSD
Instalasi Shell BASH
ssh 192.168.56.25 (IP OpenBSD)
export PKG_PATH=ftp://mirror.planetunix.net/pub/OpenBSD/`uname -r`/packages/`machine -a`/
pkg_add -i -v bashbash-4.2.36:libiconv-1.14: ok bash-4.2.36:gettext-0.18.1p3: ok Shell /usr/local/bin/bash appended to /etc/shells bash-4.2.36: ok # whereis bash /usr/local/bin/bash # chsh -s /usr/local/bin/bash # chsh -s /usr/local/bin/bash budi
Logout dari ssh dan masuk lagi maka akan tampil prompt bash root-bash-4.2#
-- 6 --
OpenBSD System & Network Administrator
Repository OpenBSD
Konfigurasi Repository
Repo Lokal: http://kambing.ui.ac.id/openbsdexport PKG_PATH=http://ftp3.usa.openbsd.org/pub/OpenBSD/`uname -r`/packages/`machine -a`/
echo "export PKG_PATH=http://ftp3.usa.openbsd.org/pub/OpenBSD/`uname -r`/packages/`machine -a`/" > .bashrc
Manajemen Paket Aplikasi
pkg_infopkg_info nanopkg_add -r nanopkg_add -r wgetpkg_add -r pstreepkg_add -r p5-Net-SSLeaypkg_add -u nano (Upgrade)pkg_delete nano
pkg_add -r pkg_mgr
Pengelolaan User dan Group
Default Shell Bash
nano /etc/usermgmt.conf group users base_dir /home skel_dir /etc/skel shell /usr/local/bin/bash class inactive Null (unset) expire Null (unset) preserve false
-- 7 --
OpenBSD System & Network Administrator
Pengelolaan User
adduserEnter username []: didik Enter full name []: budi santosa Enter shell bash csh ksh nologin sh [bash]: Uid [1002]: Login group didik [didik]: Login group is ``didik''. Invite didik into other groups: guest no [no]: Login class authpf bgpd daemon default staff [default]: Enter password []:
passwd didikrmuser didik
Pengelolaan group
groupadd salesuser mod -G sales didik groupinfo salesname sales passwd * gid 1003 members didik
Pengelolaan Tanggal dan Jam
Timezone
cp /usr/share/zoneinfo/Asia/Jakarta /etc/localtime
Set Tanggal dan Jam
Tanggal 28 – Maret – 2013 , jam 19:52
date 201303281952 Thu Mar 28 19:52:00 WIT 2013
-- 8 --
OpenBSD System & Network Administrator
Pencarian File dan direktori
Pencarian dengan Locate
/usr/libexec/locate.updatedblocate pf/etc/ospfd.conf /etc/pf.conf /etc/pf.os
Pencarian dengan Find
Pengelolaan Perangkat Keras
Deteksi Hardisk
dmesg | grep wd wd0 at pciide0 channel 0 drive 0: <VBOX HARDDISK> wd0: 128-sector PIO, LBA, 2928MB, 5996544 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 root on wd0a (4532e3adb8bccb7c.a) swap on wd0b dump on wd0b
sysctl -a | grep hw hw.machine=amd64 hw.model=AMD Athlon(tm) II X3 455 Processor hw.ncpu=3 hw.byteorder=1234 hw.pagesize=4096 hw.disknames=wd0:4532e3adb8bccb7c,cd0:,sd0: hw.diskcount=3
Informasi mounting direktori
df -h Filesystem Size Used Avail Capacity Mounted on /dev/wd0a 828M 742M 45.0M 94% / /dev/wd0e 312M 18.6M 278M 6% /home /dev/wd0d 1.5G 1.3G 144M 90% /usr
-- 9 --
OpenBSD System & Network Administrator
Informasi partisi hardisk
fdisk wd0 Disk: wd0 geometry: 743/128/63 [5996544 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start: size ] ------------------------------------------------------------------------------- 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 0 1 2 - 742 127 63 [ 64: 5991488 ] OpenBSD
Monitoring I/O
iostat -w 3 tty wd0 cd0 cpu tin tout KB/t t/s MB/s KB/t t/s MB/s us ni sy in id 1 52 11.91 13 0.15 0.00 0 0.00 0 0 2 1 98 0 60 0.00 0 0.00 0.00 0 0.00 0 0 0 0100 0 21 0.00 0 0.00 0.00 0 0.00 0 0 0 0100
Pengelolaan Proses
Informasi Proses Realtime
top
-- 10 --
OpenBSD System & Network Administrator
Identitas proses
ps ax17168 ?? I 0:00.03 httpd: child (httpd) 9280 ?? I 0:00.01 httpd: child (httpd)
ps auxsquid 17683 0.0 0.1 640 1396 ?? I 12:53AM 0:04.70 (logfile-daem squid 4600 0.0 0.1 352 1332 ?? I 12:53AM 0:03.79 (unlinkd) (un root 15048 0.0 0.3 3472 3208 ?? Is 1:01AM 0:00.51 sshd: root@tt
pstree|-+= 16186 www httpd: parent [chroot /var/www] (httpd) | |--- 23713 www httpd: child (httpd) | |--- 06701 www httpd: child (httpd) | |--- 28913 www httpd: child (httpd) | |--- 17168 www httpd: child (httpd) | \--- 09280 www httpd: child (httpd)
pgrep -l squid11689 squid 30542 squid
fuser -cu /var/log/ /var/log: 2794c(root) 12793crt(_dhcp) 24875ct(root) 30188c(root) 15048c(root) 4600c(squid) 17683c(squid) 11689(squid) 30542c(root) 9992c(root) 24699c(root) 10301c(root) 22347c(root) 25495c(root) 3666c(root) 1511c(root) 32625c(root) 18060c(root) 9280cr(www) 17168cr(www) 6968c(_sndio) 28913cr(www) 6701cr(www) 23713cr(www) 18191c(root) 16186cr(www) 11389c(root) 29569c(root) 11382c(_ntp) 883cr(_ntp) 4440c(root) 6422cr(named) 27818c(root) 6158crt(_pflogd) 8277ct(root) 8144cr(_syslogd) 27064c(root) 1ct(root)
fstatsquid squid 11689 wd /usr 184944 drwxr-xr-x r 512 squid squid 11689 0 / 53395 crw-rw-rw- rw null squid squid 11689 1 / 53395 crw-rw-rw- rw null squid squid 11689 2 / 53395 crw-rw-rw- rw null squid squid 11689 3 /usr 184955 -rw-r----- rw 164343
fuser -k /tmp/file.txtsystat
Kill Proses
ps ax | grep squid 23848 ?? Is 0:00.06 /usr/local/squid/sbin/squid -f /usr/local/squid/etc/s 6463 ?? S 0:06.73 (squid-1) -f /usr/local/squid/etc/squid.conf (squid)
kill 2348
-- 11 --
OpenBSD System & Network Administrator
System Service Startup
File /etc/rc.conf.local
xdm_flags= # enabled during install ntpd_flags=named_flags=httpd_flags=
File /etc/rc.securelevel
nano /etc/rc.securelevel # # Place local actions here. # /usr/local/squid/sbin/squid -f /usr/local/squid/etc/squid.conf
File /etc/rc.local
/usr/local/sbin/vsftpd
Sistem Log
File /etc/syslog.conf
nano /etc/syslog.conf*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages kern.debug;syslog,user.info /var/log/messages auth.info /var/log/authlog authpriv.debug /var/log/secure cron.info /var/cron/log daemon.info /var/log/daemon ftp.info /var/log/xferlog lpr.debug /var/log/lpd-errs mail.info /var/log/maillog
-- 12 --
OpenBSD System & Network Administrator
Direktori /var/log
/var/log/ |-- adduser |-- authlog |-- daemon |-- failedlogin |-- lastlog |-- maillog |-- messages |-- pflog |-- rdist |-- secure |-- security.out |-- security.out.old |-- sendmail.st |-- weekly.out |-- wtmp |-- xdm.log `-- xferlog
File Konfigurasi /ETC
File /etc/adduser.conf
File berisi informasi konfigurasi pengelolaan user
File /etc/fstab
File informasi mounting direktori perangkat keras hardisk
File /etc/myname
File konfigurasi nama komputer / hostname
File /etc/rc.conf
Konfigurasi parameter server yang dijalankan oleh openBSD. Tidak perlu diedit file ini
File /etc/rc.conf.local
Konfigurasi server yang akan dijalankan oleh openBSD saat booting
-- 13 --
OpenBSD System & Network Administrator
File /etc/login.conf
Konfigurasi authentifikasi user dan server seperti ftp.
File /etc/pf.conf
Konfigurasi Packet Filter OpenBSD
File /etc/passwd
Informasi semua user pada openBSD beserta dengan User ID.
File /etc/master.passwd
Informasi password user terenskripsi.
OpenBSD Networking
Konfigurasi Alamat IP
cat /etc/hostname.em1 inet 192.168.56.25 255.255.255.0
Gateway
cat /etc/mygate192.168.56.1
Resolver DNS
cat /etc/resolv.conf nameserver 10.0.2.2 lookup file bind
Hostname
cat /etc/myname kurusetra.kurusetra.web.id
-- 14 --
OpenBSD System & Network Administrator
Informasi Alamat IP
ifconfig em1 em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 08:00:27:13:fe:74 priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 192.168.56.25 netmask 0xffffff00 broadcast 192.168.56.255 inet6 fe80::a00:27ff:fe13:fe74%em1 prefixlen 64 scopeid 0x2
Restart network interface
bash /etc/netstart em1ifconfig em1 downifconfig em1 up
Cek Default Gateway
route show
Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default 10.0.2.2 UGS 0 14120 - 8 em0 10.0.2/24 link#1 UC 1 0 - 4 em0 10.0.2.2 52:54:00:12:35:02 UHLc 1 154 - 4 em0
Cek koneksi internet
ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=254 time=109.701 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=254 time=108.472 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=254 time=107.507 ms
Cek Resolver DNS
nslookup www.detik.com Server: 10.0.2.2 Address: 10.0.2.2#53
Non-authoritative answer: www.detik.com canonical name = detik.com. Name: detik.com Address: 203.190.242.69
-- 15 --
OpenBSD System & Network Administrator
BIND9 DNS Server
Instalasi BIND9
wget -c ftp://ftp.isc.org/isc/bind9/9.9.2-P2/bind-9.9.2-P2.tar.gztar xzvf bind-9.9.2-P2.tar.gzcd bind-9.9.2-P2./configuremakemake install
Webmin System Management
Instalasi dan konfigurasi Webmin
wget -c http://prdownloads.sourceforge.net/webadmin/webmin-1.620.tar.gztar xzvf webmin-1.620.tar.gzcd webmin-1.620./setup.sh
Login webmin Console
http://192.168.56.25:10000User dan password dimasukan pada saat instalasi
Apache Web Server & MySQL Database
Instalasi MySQL Server
pkg_add -r mysql-server/usr/local/bin/mysql_install_db/usr/local/bin/mysqld_safe & /usr/local/bin/mysqladmin -u root password '12345678
-bash-4.2# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 5 Server version: 5.1.63-log OpenBSD port: mysql-server-5.1.63p0 mysql> '
-- 16 --
OpenBSD System & Network Administrator
Instalasi phpMyAdmin
dpkg_add -r phpMyAdmin php-mysqliln -sf /var/www/conf/modules.sample/php-5.3.conf /var/www/conf/modules/php.conf ln -sf /etc/php-5.3.sample/gd.ini /etc/php-5.3/gd.iniln -sf /etc/php-5.3.sample/mysql.ini /etc/php-5.3/mysql.iniln -sf /etc/php-5.3.sample/mcrypt.ini /etc/php-5.3/mcrypt.iniln -sf /etc/php-5.3.sample/mysqli.ini /etc/php-5.3/mysqli.ini
nano /etc/php-5.3.iniextension=php_gd2.dllextension=php_mysql.dll
nano /var/www/phpMyAdmin/config.inc.php$cfg['Servers'][$i]['host'] = '127.0.0.1';cfg['Servers'][$i]['extension'] = 'mysql';
nano /var/www/conf/httpd.confAlias /phpmyadmin /var/www/phpMyAdmin
apachectl restart
Akses phpMyAdmin
http://192.168.56.25/phpmyadmin
-- 17 --
OpenBSD System & Network Administrator
Squid3 proxy Server
Instalasi dan Konfigurasi SQuid3
wget -c http://www.squid-cache.org/Versions/v3/3.3/squid-3.3.3.tar.gzcd squid-3.3.3./configuremakemake install
useradd -b /usr/local squid groupadd squiduser mod -G squid squid
nano /usr/local/squid/etc/squid.conf #Running squid3 user & groupcache_effective_user squid cache_effective_group squid
#Konfigurasi Squid3 tambahancache_mem 2000 MBmaximum_object_size_in_memory 80000 KBmemory_replacement_policy lruminimum_object_size 0 KBmaximum_object_size 4096000 KBcache_swap_low 93cache_swap_high 95ipcache_size 102400 0ipcache_low 93 ipcache_high 95fqdncache_size 1024000
chown -R squid.squid /usr/local/squid//usr/local/squid/sbin/squid -z/usr/local/squid/sbin/squid -f /usr/local/squid/etc/squid.conf
-- 18 --
OpenBSD System & Network Administrator
Internet Gateway
Aktifkan PF
nano /etc/rc.conf# set the following to "YES" to turn them on pf=YES # Packet filter / NAT
IP Forwarding
nano /etc/sysctl.confnet.inet.ip.forwarding=1 net.inet.ip.mforwarding=1 net.inet.icmp.rediraccept=1
Aktifkan Log PF
nano /etc/pf.confpass in log all pass out log all
Monitoring Log Realtime
pftop
-- 19 --
OpenBSD System & Network Administrator
Monitoring Paket Data
tcpdump -n -e -ttt -i pflog0
NAT out interface
#em0 = internet#em1 = LANmatch out on em0 from em1:network to any nat-to (em0) pass on em0 from em1:network to any
Restart PF
pfctl -f /etc/pf.conf
Status PF
pfctl -f /etc/pf.conf Load the pf.conf filepfctl -nf /etc/pf.conf Parse the file, but don't load itpfctl -sr Show the current rulesetpfctl -ss Show the current state tablepfctl -si Show filter stats and counterspfctl -sa Show EVERYTHING it can showpfctl -s info
-- 20 --
OpenBSD System & Network Administrator
Port Forwarding
Web Server
#NAT/PAT pass in on em1 proto tcp from any to (em1) port 8888 rdr-to 103.29.214.254 port 80pass in on em1 proto tcp from any to (em1) port 80 rdr-to 103.29.214.254pass in on em1 proto tcp from any to (em1) port 443 rdr-to 103.29.214.254
Mail Server
pass in on em1 proto tcp from any to (em1) port 110 rdr-to 103.29.214.253 port 110pass in on em1 proto tcp from any to (em1) port 25 rdr-to 103.29.214.253 port 25
Transparent Squid proxy
#http_port 3128 transparent#Rubah hak izin akses#chmod 660 /dev/pf#Rubah menjadi milik group squid#chgrp squid /dev/pf pass in on em1 proto tcp from any to any port 80 rdr-to (em1) port 3128
Firewall Packet Filtering
PF Macros
portdilarang = “{100:200,5000,6000}”subnetdilarang = “{192.168.100.0/24, 192.168.40.0/24}”hostdilarang = “{192.168.50.100 192.168.50.20 192.168.50.22}”
PF Table
table <ipdilarang> file “/etc/tabel/ipdilarang”
File Tabel
nano /etc/tabel/ipdilarang #Range IP 192.168.56.98 – 192.168.56.104192.168.56.98/31 192.168.56.100/30 192.168.56.104/32
-- 21 --
OpenBSD System & Network Administrator
Definis Rule PF
block drop in from <ipdilarang> to any block drop in from $subnetdilarang to anyblock drop in from $hostdilarang to anyblock drop in proto tcp from any to any port $portdilarang
Default Drop
set block-policy droppass out on em0 from 192.168.56.100 to any pass in on em0 from any to 192.168.56.100
Ikuti Kursus OpenBSD Online
Ada tambahan materi integrasi OpenLDAP dengan Samba 4
Untuk pendaftaran hubungi:Budi SantosaHP : 085 736 167 850Email : linux.multimedia@gmail.comWebsite : www.kurusetra.web.idYM : budi_santosa24
-- 22 --