LOMBA KETERAMPILAN SISWA

SEKOLAH MENENGAH KEJURUAN

TINGKAT PROVINSI LAMPUNG
2018

MODUL A
LINUX ENVIRONMENT

IT NETWORK SYSTEMS
ADMINISTRATION
LKSPROV2018_ITNSA_MODUL_A
 2
MODUL A – LINUX ENVIRONMENT

CONTENTS
This Test Project proposal consists of the following document/file:
LKSPROVINSI2018_ITNSA_MODULA.pdf

INTRODUCTION
The competition has a fixed start and finish time. You must decide how to best divide your
time. Please carefully read the following instructions!
When the competition time ends, please leave your station in a running state.

PHYSICAL MACHINE (HOST)

FOLDER PATHS
Virtual Machines: C:\LKS\Virtual Machine
ISO Images: C:\LKS\ISO

Version: 1.0
LKSPROV2018_IT
NSA Date: 08.04.2018
 3
PART I
WORK TASK INSTALLATION (CORESRV, BRANCHSRV)
Note Please use the default configuration if you are not given details.

WORK TASK CORESRV

Configure the server with the hostname, domain and IP specified in the appendix.
o Configure the disk and partitions
 Add 3 disk with 5 GB of each disk.
 Use the three virtual disks to create a software RAID 5.
 Mount it as /files

o Create 30 local UNIX users with password “lksprovinsi2018”

 Username: user[1-30]. ex: user1, user2, …, user30

o Install the services:

1. DNS (bind9)
 Configure and install DNS Server with two domain
- roadtowscrussian.net to CORESRV
- roadtoindoskills.id to BRANCHSRV
 Create subdomain files.roadtowscrussian.net and internal.roadtowscrussian.net
 Create subdomain monitor.roadtoindoskills.id and vpn.roadtoindoskills.id
 Create a host www.roadtowscrussian.net for IP Public CORERTR

2. Web Server (apache2 including php5)

 Create website “http://internal.roadtowscrussian.net” and
“http://www.roadtowscrussian.net”
- Use the following code for index.html in the http://internal.roadtowscrussian.net
<html>
<center>
<h1>Welcome to the INTERNAL roadtowscrussian.net</h1>
</center>
</html>

- Use the following code for index.html in the http://www.roadtowscrussian.net

<html>
<center>
<h1>Welcome to the roadtowscrussian.net</h1>
</center>
</html>

- Create info.php in the http://internal.roadtowscrussian.net/info.php and

http://www.roadtowscrussian.net/info.php to check the php version installed. Use
the following code for info.php
<?php
phpinfo();
?>

Version: 1.0
LKSPROV2018_IT
NSA Date: 08.04.2018
 4
 Make sure “http://internal.roadtoindoskills.id” is protected by authentication
- Allow users from “user11” to “user20”
 Enable HTTPs for both sites
- Use a certificate signed by CA Service in BRANCHSRV
- Make sure no certificate warning is shown.

3. FTP (proftpd)
 Enable FTPS
- Use a certificate signed by BRANCHSRV
 Each user (user21 to user30) will have a home directory.
 Make sure file transfer to the server is possible.

4. Mail
 Make sure user11 to user20 have access via POP3, IMAP and SMTP
 Before you finish your project make sure you send an email message from user14 to
user19 and another message from user19 to user14.
 Do not delete these email messages.

5. File Server (Samba)

 Share “MANAGER”
o Path is /files/manager
o Give access only to users “user1” to “user10”
o Make sure the share is not shown in the network browser of the clients
 Share “GUEST”
o Path is /files/guest
o Enable read-only access to everyone

6. SSH Server
 Install SSH Server
 Change SSH port default to 2018

Version: 1.0
LKSPROV2018_IT
NSA Date: 08.04.2018
 5
WORK TASK BRANCHSRV
Configure the server with the hostname, domain and IP specified in the appendix.
o Install the services:
1. CA (openssl)
 Configure as CA
 CA attributes should be set as follows
- Country code is set to ID
- State or Province Name is set to Lampung
- Locallity Name is set to Metro
- Organization Name is set to LKSPROVINSI2018
- Organizational Unit Name is set to IT Network Systems Administration
 Create a root CA certificate
 Store the certificate in directory /cert

2. Monitoring Server (Cacti)

 Configure Cacti with url http://monitor.roadtoindoskills.id
 Create an admin-user “admin” with password “lksprov2018”
 Create a graph showing the statistics of the CPU, Memory and interfaces traffic of
CORERO

3. DHCP
o Create DHCP Pool INTERNAL:
 Range: 192.168.172.2 – 192.168.172.126
 Netmask: /25
 Gateway: 192.168.172.1
 DNS: 172.70.55.3
o DNS-Suffix: roadtowscrussian.net
o The clients should automatically register their name with the DNS server after they
have been assigned with an IP address by the DHCP server.

Version: 1.0
LKSPROV2018_IT
NSA Date: 08.04.2018
 6

PART II
WORK TASK NETWORK CONFIGURATION (CORERTR)
Note Please use the default configuration if you are not given details.

WORK TASK ROUTER CORERTR

Configure the server with the hostname, domain and IP specified in the appendix.
o Install the services:
1. Routing
 Enable routing to router forward IPv4 Packet

2. DHCP Relay
 Configure DHCP Relay to BRANCHSRV for internal client

3. Reverse Proxy (nginx)

 Configure a reverse proxy for http://www.roadtowscrussian.net
(https://www.roadtowscrussian.net), which is hosted by CORESRV

4. VPN Server
 Configure VPN for access to CORESRV and BRANCHSRV. External clients should
connect to 212.77.25.65
 Use address range 10.20.0.1 to 10.20.0.10 and DNS CORESRV for VPN clients
 For login create a user “remote” with password “usercoresrv2018”

5. Firewall
 External network allows the ICMP packet to interface external CORERTR
 External network can access to http://www.roadtowscrussian.net
 External network can’t access to CORESRV and BRANCHSRV before the vpn
established.
 Ensure the vpn client can’t access to internal client (PELAJARCLT) when the vpn
established. (Can only access to CORESRV and BRANCHSRV)
 Deny all other traffic from external to all internal network.

Version: 1.0
LKSPROV2018_IT
NSA Date: 08.04.2018
 7

PART III
WORK TASK LINUX CLIENT (PUBLICCLT, STUDENTCLT)
Note Please use the default configuration if you are not given details.

WORK TASK LINUX EXTERNAL (PUBLIKCLT)

Note Please use the default configuration if you are not given details.
o Install the base OS and use Gnome for the GUI
o Configure the client with the hostname, domain and IP specified in the appendix.
o Make sure the PUBLICCLT can access to http://www.roadtowscrussian.net
o Make sure the PUBLICCLT can access to BRANCHSRV and CORESRV (via CORERTR) through
VPN
o Make sure the root CA certificate of BRANCHSRV is trusted
o Make sure the client certificate is installed
o Install FileZilla FTP client
o Make sure the client can access samba shares.

WORK TASK LINUX INTERNAL (STUDENTCLT)

Note Please use the default configuration if you are not given details.
o Install the base OS and use Gnome for the GUI
o Configure the client with the hostname, domain and IP specified in the appendix.
o Make sure the root CA certificate of BRANCHSRV is trusted
o Make sure the client certificate is installed
o Install FileZilla FTP client
o Make sure the client can access samba shares

Version: 1.0
LKSPROV2018_IT
NSA Date: 08.04.2018
 8
APPENDIX
SPECIFICATIONS
CORESRV
Operating System Linux Debian 8.7
Computer name: CORESRV
Root password mastercoresrv2018
User Name: coresrvuser
User Password: usercoresrv2018
eth0: 172.70.55.3/29

BRANCHSRV
Operating System Linux Debian 8.7
Computer name: BRANCHSRV
Root password masterbranchsrv2018
User Name: branchsrvuser
User Password: userbranchsrv2018
eth0: 172.70.55.4/29

CORERTR
Operating System Linux Debian 8.7
Computer name: CORERTR
Root password Mastercorertr2018
User Name: corertruser
User Password: Usercorertr2018
eth0: 212.77.25.65/28
eth1: 172.70.55.1/29
eth2: 192.168.172.1/25

PUBLICCLT
Operating System Linux Debian 8.7 (GUI)
Computer name: PUBLICCLT
Root password Masterpublicclt2018
User Name: publiccltuser
User Password: Userpublicclt2018
eth0: 212.77.25.70/28

Version: 1.0
LKSPROV2018_IT
NSA Date: 08.04.2018
 9

STUDENTCLT
Operating System Linux Debian 8.7 (GUI)
Computer name: STUDENTCLT
Root password Masterstudentclt2018
User Name: studentcltuser
User Password: Userstudentclt2018
eth0: DHCP from BRANCHSRV

Version: 1.0
LKSPROV2018_IT
NSA Date: 08.04.2018
 NETWORK SPESIFICATION

Windows 8.1 Hostmachine (PC1) Windows 8.1 Hostmachine (PC2)

Name : CORESRV
OS : Debian 8.7

IP-Address : Internal Network fresh-Install

172.70.55.3/29 tall Name : PUBLICCLT (External)
Service: OS : Debian 8.7 (GUI)
Bridged Adapter1
- RAID
- DNS IP-Address :
- Web 212.77.25.70/28
- FTP Service:
- Email - OpenVPN Client
- Samba CORERTR - Filezilla
- SSH
CORESRV PUBLICCLT
Bridged Adapter1

Bridged Adapter2

Name : BRANCHSRV Fresh-Install

OS : Debian 8.7 Name : CORERTR
OS : Debian 8.7
Name : STUDENTCLT (Internal)
IP-Address : OS : Debian 8.7 (GUI)
172.70.55.4/29 IP-Address :
Service: Exter nal : 212.77.25.65/28
Server : 172.70.55.1/29 IP-Address :
- Monitoring (Cacti) DHCP From BRANCHSRV
- CA Internal : 192.168.172.1/25
Service: Service:
- DHCP Ser ver - Filezilla
Internal - Rou ting
- DHCP Relay Bridged Adapter2
Network
BRANCHSRV
- Reverse Proxy (nginx)
- Firewall
STUDENTCLT
- OpenVPN Server