OpenBSD System & Network Administrator Disusun Oleh

OpenBSD System & Network Administrator

Disusun Oleh:

Budi Santosa,STKurusetra Computer

www.kurusetra.web.id

http://www.kurusetra.web.id/


Daftar IsiBerkeley Software Distribution..................................................................................................3OpenBSD Filesystem Hierarchy.................................................................................................3Instalasi OpenBSD......................................................................................................................4Login OpenBSD..........................................................................................................................6Repository OpenBSD..................................................................................................................7Pengelolaan User dan Group.......................................................................................................7Pengelolaan Tanggal dan Jam.....................................................................................................8Pencarian File dan direktori........................................................................................................9Pengelolaan Perangkat Keras......................................................................................................9Pengelolaan Proses....................................................................................................................10System Service Startup.............................................................................................................12Sistem Log................................................................................................................................12File Konfigurasi /ETC...............................................................................................................13OpenBSD Networking..............................................................................................................14BIND9 DNS Server..................................................................................................................16Webmin System Management...................................................................................................16Apache Web Server & MySQL Database.................................................................................16Squid3 proxy Server..................................................................................................................18Internet Gateway.......................................................................................................................19Port Forwarding........................................................................................................................21Firewall Packet Filtering...........................................................................................................21Ikuti Kursus OpenBSD Online.................................................................................................22

-- 2 --


Instalasi OpenBSD

-- 4 --


-- 5 --


Login OpenBSD

Instalasi Shell BASH

ssh 192.168.56.25 (IP OpenBSD)

export PKG_PATH=ftp://mirror.planetunix.net/pub/OpenBSD/`uname -r`/packages/`machine -a`/

pkg_add -i -v bashbash-4.2.36:libiconv-1.14: ok bash-4.2.36:gettext-0.18.1p3: ok Shell /usr/local/bin/bash appended to /etc/shells bash-4.2.36: ok # whereis bash /usr/local/bin/bash # chsh -s /usr/local/bin/bash # chsh -s /usr/local/bin/bash budi

Logout dari ssh dan masuk lagi maka akan tampil prompt bash root-bash-4.2#

-- 6 --


Repository OpenBSD

Konfigurasi Repository

Repo Lokal: http://kambing.ui.ac.id/openbsdexport PKG_PATH=http://ftp3.usa.openbsd.org/pub/OpenBSD/`uname -r`/packages/`machine -a`/

echo "export PKG_PATH=http://ftp3.usa.openbsd.org/pub/OpenBSD/`uname -r`/packages/`machine -a`/" > .bashrc

Manajemen Paket Aplikasi

pkg_infopkg_info nanopkg_add -r nanopkg_add -r wgetpkg_add -r pstreepkg_add -r p5-Net-SSLeaypkg_add -u nano (Upgrade)pkg_delete nano

pkg_add -r pkg_mgr

Pengelolaan User dan Group

Default Shell Bash

nano /etc/usermgmt.conf group users base_dir /home skel_dir /etc/skel shell /usr/local/bin/bash class inactive Null (unset) expire Null (unset) preserve false

-- 7 --

http://kambing.ui.ac.id/openbsd


Pengelolaan User

adduserEnter username []: didik Enter full name []: budi santosa Enter shell bash csh ksh nologin sh [bash]: Uid [1002]: Login group didik [didik]: Login group is ``didik''. Invite didik into other groups: guest no [no]: Login class authpf bgpd daemon default staff [default]: Enter password []:

passwd didikrmuser didik

Pengelolaan group

groupadd salesuser mod -G sales didik groupinfo salesname sales passwd * gid 1003 members didik

Pengelolaan Tanggal dan Jam

Timezone

cp /usr/share/zoneinfo/Asia/Jakarta /etc/localtime

Set Tanggal dan Jam

Tanggal 28 – Maret – 2013 , jam 19:52

date 201303281952 Thu Mar 28 19:52:00 WIT 2013

-- 8 --


Pencarian File dan direktori

Pencarian dengan Locate

/usr/libexec/locate.updatedblocate pf/etc/ospfd.conf /etc/pf.conf /etc/pf.os

Pencarian dengan Find

Pengelolaan Perangkat Keras

Deteksi Hardisk

dmesg | grep wd wd0 at pciide0 channel 0 drive 0: <VBOX HARDDISK> wd0: 128-sector PIO, LBA, 2928MB, 5996544 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 root on wd0a (4532e3adb8bccb7c.a) swap on wd0b dump on wd0b

sysctl -a | grep hw hw.machine=amd64 hw.model=AMD Athlon(tm) II X3 455 Processor hw.ncpu=3 hw.byteorder=1234 hw.pagesize=4096 hw.disknames=wd0:4532e3adb8bccb7c,cd0:,sd0: hw.diskcount=3

Informasi mounting direktori

df -h Filesystem Size Used Avail Capacity Mounted on /dev/wd0a 828M 742M 45.0M 94% / /dev/wd0e 312M 18.6M 278M 6% /home /dev/wd0d 1.5G 1.3G 144M 90% /usr

-- 9 --


Informasi partisi hardisk

fdisk wd0 Disk: wd0 geometry: 743/128/63 [5996544 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start: size ] ------------------------------------------------------------------------------- 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 0 1 2 - 742 127 63 [ 64: 5991488 ] OpenBSD

Monitoring I/O

iostat -w 3 tty wd0 cd0 cpu tin tout KB/t t/s MB/s KB/t t/s MB/s us ni sy in id 1 52 11.91 13 0.15 0.00 0 0.00 0 0 2 1 98 0 60 0.00 0 0.00 0.00 0 0.00 0 0 0 0100 0 21 0.00 0 0.00 0.00 0 0.00 0 0 0 0100

Pengelolaan Proses

Informasi Proses Realtime

top

-- 10 --


Identitas proses

ps ax17168 ?? I 0:00.03 httpd: child (httpd) 9280 ?? I 0:00.01 httpd: child (httpd)

ps auxsquid 17683 0.0 0.1 640 1396 ?? I 12:53AM 0:04.70 (logfile-daem squid 4600 0.0 0.1 352 1332 ?? I 12:53AM 0:03.79 (unlinkd) (un root 15048 0.0 0.3 3472 3208 ?? Is 1:01AM 0:00.51 sshd: root@tt

pstree|-+= 16186 www httpd: parent [chroot /var/www] (httpd) | |--- 23713 www httpd: child (httpd) | |--- 06701 www httpd: child (httpd) | |--- 28913 www httpd: child (httpd) | |--- 17168 www httpd: child (httpd) | \--- 09280 www httpd: child (httpd)

pgrep -l squid11689 squid 30542 squid

fuser -cu /var/log/ /var/log: 2794c(root) 12793crt(_dhcp) 24875ct(root) 30188c(root) 15048c(root) 4600c(squid) 17683c(squid) 11689(squid) 30542c(root) 9992c(root) 24699c(root) 10301c(root) 22347c(root) 25495c(root) 3666c(root) 1511c(root) 32625c(root) 18060c(root) 9280cr(www) 17168cr(www) 6968c(_sndio) 28913cr(www) 6701cr(www) 23713cr(www) 18191c(root) 16186cr(www) 11389c(root) 29569c(root) 11382c(_ntp) 883cr(_ntp) 4440c(root) 6422cr(named) 27818c(root) 6158crt(_pflogd) 8277ct(root) 8144cr(_syslogd) 27064c(root) 1ct(root)

fstatsquid squid 11689 wd /usr 184944 drwxr-xr-x r 512 squid squid 11689 0 / 53395 crw-rw-rw- rw null squid squid 11689 1 / 53395 crw-rw-rw- rw null squid squid 11689 2 / 53395 crw-rw-rw- rw null squid squid 11689 3 /usr 184955 -rw-r----- rw 164343

fuser -k /tmp/file.txtsystat

Kill Proses

ps ax | grep squid 23848 ?? Is 0:00.06 /usr/local/squid/sbin/squid -f /usr/local/squid/etc/s 6463 ?? S 0:06.73 (squid-1) -f /usr/local/squid/etc/squid.conf (squid)

kill 2348

-- 11 --

mailto:root@tt


System Service Startup

File /etc/rc.conf.local

xdm_flags= # enabled during install ntpd_flags=named_flags=httpd_flags=

File /etc/rc.securelevel

nano /etc/rc.securelevel # # Place local actions here. # /usr/local/squid/sbin/squid -f /usr/local/squid/etc/squid.conf

File /etc/rc.local

/usr/local/sbin/vsftpd

Sistem Log

File /etc/syslog.conf

nano /etc/syslog.conf*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages kern.debug;syslog,user.info /var/log/messages auth.info /var/log/authlog authpriv.debug /var/log/secure cron.info /var/cron/log daemon.info /var/log/daemon ftp.info /var/log/xferlog lpr.debug /var/log/lpd-errs mail.info /var/log/maillog

-- 12 --


File /etc/login.conf

Konfigurasi authentifikasi user dan server seperti ftp.

File /etc/pf.conf

Konfigurasi Packet Filter OpenBSD

File /etc/passwd

Informasi semua user pada openBSD beserta dengan User ID.

File /etc/master.passwd

Informasi password user terenskripsi.

OpenBSD Networking

Konfigurasi Alamat IP

cat /etc/hostname.em1 inet 192.168.56.25 255.255.255.0

Gateway

cat /etc/mygate192.168.56.1

Resolver DNS

cat /etc/resolv.conf nameserver 10.0.2.2 lookup file bind

Hostname

cat /etc/myname kurusetra.kurusetra.web.id

-- 14 --


Informasi Alamat IP

ifconfig em1 em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 08:00:27:13:fe:74 priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 192.168.56.25 netmask 0xffffff00 broadcast 192.168.56.255 inet6 fe80::a00:27ff:fe13:fe74%em1 prefixlen 64 scopeid 0x2

Restart network interface

bash /etc/netstart em1ifconfig em1 downifconfig em1 up

Cek Default Gateway

route show

Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default 10.0.2.2 UGS 0 14120 - 8 em0 10.0.2/24 link#1 UC 1 0 - 4 em0 10.0.2.2 52:54:00:12:35:02 UHLc 1 154 - 4 em0

Cek koneksi internet

ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=254 time=109.701 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=254 time=108.472 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=254 time=107.507 ms

Cek Resolver DNS

nslookup www.detik.com Server: 10.0.2.2 Address: 10.0.2.2#53

Non-authoritative answer: www.detik.com canonical name = detik.com. Name: detik.com Address: 203.190.242.69

-- 15 --


BIND9 DNS Server

Instalasi BIND9

wget -c ftp://ftp.isc.org/isc/bind9/9.9.2-P2/bind-9.9.2-P2.tar.gztar xzvf bind-9.9.2-P2.tar.gzcd bind-9.9.2-P2./configuremakemake install

Webmin System Management

Instalasi dan konfigurasi Webmin

wget -c http://prdownloads.sourceforge.net/webadmin/webmin-1.620.tar.gztar xzvf webmin-1.620.tar.gzcd webmin-1.620./setup.sh

Login webmin Console

http://192.168.56.25:10000User dan password dimasukan pada saat instalasi

Apache Web Server & MySQL Database

Instalasi MySQL Server

pkg_add -r mysql-server/usr/local/bin/mysql_install_db/usr/local/bin/mysqld_safe & /usr/local/bin/mysqladmin -u root password '12345678

-bash-4.2# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 5 Server version: 5.1.63-log OpenBSD port: mysql-server-5.1.63p0 mysql> '

-- 16 --

http://192.168.56.25:10000/

ftp://ftp.isc.org/isc/bind9/9.9.2-P2/bind-9.9.2-P2.tar.gz


Instalasi phpMyAdmin

dpkg_add -r phpMyAdmin php-mysqliln -sf /var/www/conf/modules.sample/php-5.3.conf /var/www/conf/modules/php.conf ln -sf /etc/php-5.3.sample/gd.ini /etc/php-5.3/gd.iniln -sf /etc/php-5.3.sample/mysql.ini /etc/php-5.3/mysql.iniln -sf /etc/php-5.3.sample/mcrypt.ini /etc/php-5.3/mcrypt.iniln -sf /etc/php-5.3.sample/mysqli.ini /etc/php-5.3/mysqli.ini

nano /etc/php-5.3.iniextension=php_gd2.dllextension=php_mysql.dll

nano /var/www/phpMyAdmin/config.inc.php$cfg['Servers'][$i]['host'] = '127.0.0.1';cfg['Servers'][$i]['extension'] = 'mysql';

nano /var/www/conf/httpd.confAlias /phpmyadmin /var/www/phpMyAdmin

apachectl restart

Akses phpMyAdmin

http://192.168.56.25/phpmyadmin

-- 17 --

http://192.168.56.25/phpmyadmin


Squid3 proxy Server

Instalasi dan Konfigurasi SQuid3

wget -c http://www.squid-cache.org/Versions/v3/3.3/squid-3.3.3.tar.gzcd squid-3.3.3./configuremakemake install

useradd -b /usr/local squid groupadd squiduser mod -G squid squid

nano /usr/local/squid/etc/squid.conf #Running squid3 user & groupcache_effective_user squid cache_effective_group squid

#Konfigurasi Squid3 tambahancache_mem 2000 MBmaximum_object_size_in_memory 80000 KBmemory_replacement_policy lruminimum_object_size 0 KBmaximum_object_size 4096000 KBcache_swap_low 93cache_swap_high 95ipcache_size 102400 0ipcache_low 93 ipcache_high 95fqdncache_size 1024000

chown -R squid.squid /usr/local/squid//usr/local/squid/sbin/squid -z/usr/local/squid/sbin/squid -f /usr/local/squid/etc/squid.conf

-- 18 --

http://www.squid-cache.org/Versions/v3/3.3/squid-3.3.3.tar.gz


Internet Gateway

Aktifkan PF

nano /etc/rc.conf# set the following to "YES" to turn them on pf=YES # Packet filter / NAT

IP Forwarding

nano /etc/sysctl.confnet.inet.ip.forwarding=1 net.inet.ip.mforwarding=1 net.inet.icmp.rediraccept=1

Aktifkan Log PF

nano /etc/pf.confpass in log all pass out log all

Monitoring Log Realtime

pftop

-- 19 --


Monitoring Paket Data

tcpdump -n -e -ttt -i pflog0

NAT out interface

#em0 = internet#em1 = LANmatch out on em0 from em1:network to any nat-to (em0) pass on em0 from em1:network to any

Restart PF

pfctl -f /etc/pf.conf

Status PF

pfctl -f /etc/pf.conf Load the pf.conf filepfctl -nf /etc/pf.conf Parse the file, but don't load itpfctl -sr Show the current rulesetpfctl -ss Show the current state tablepfctl -si Show filter stats and counterspfctl -sa Show EVERYTHING it can showpfctl -s info

-- 20 --


Port Forwarding

Web Server

#NAT/PAT pass in on em1 proto tcp from any to (em1) port 8888 rdr-to 103.29.214.254 port 80pass in on em1 proto tcp from any to (em1) port 80 rdr-to 103.29.214.254pass in on em1 proto tcp from any to (em1) port 443 rdr-to 103.29.214.254

Mail Server

pass in on em1 proto tcp from any to (em1) port 110 rdr-to 103.29.214.253 port 110pass in on em1 proto tcp from any to (em1) port 25 rdr-to 103.29.214.253 port 25

Transparent Squid proxy

#http_port 3128 transparent#Rubah hak izin akses#chmod 660 /dev/pf#Rubah menjadi milik group squid#chgrp squid /dev/pf pass in on em1 proto tcp from any to any port 80 rdr-to (em1) port 3128

Firewall Packet Filtering

PF Macros

portdilarang = “{100:200,5000,6000}”subnetdilarang = “{192.168.100.0/24, 192.168.40.0/24}”hostdilarang = “{192.168.50.100 192.168.50.20 192.168.50.22}”

PF Table

table <ipdilarang> file “/etc/tabel/ipdilarang”

File Tabel

nano /etc/tabel/ipdilarang #Range IP 192.168.56.98 – 192.168.56.104192.168.56.98/31 192.168.56.100/30 192.168.56.104/32

-- 21 --


Definis Rule PF

block drop in from <ipdilarang> to any block drop in from $subnetdilarang to anyblock drop in from $hostdilarang to anyblock drop in proto tcp from any to any port $portdilarang

Default Drop

set block-policy droppass out on em0 from 192.168.56.100 to any pass in on em0 from any to 192.168.56.100

Ikuti Kursus OpenBSD Online

Ada tambahan materi integrasi OpenLDAP dengan Samba 4

Untuk pendaftaran hubungi:Budi SantosaHP : 085 736 167 850Email : [email protected] : www.kurusetra.web.idYM : budi_santosa24

-- 22 --

http://www.kurusetra.web.id/

mailto:[email protected]

OpenBSD System & Network Administrator Disusun Oleh

Documents

Transcript of OpenBSD System & Network Administrator Disusun Oleh