Scribd
Upload
31 views10 pages

Lomba Keterampilan Siswa: Sekolah Menengah Kejuruan Tingkat Kabupaten Subang 2019

The document provides instructions for a skills competition involving configuring several virtual machines to create a network. Participants must install and configure services on 2 servers - SUBANGSRV and MEDIACENTERSRV - and 2 client machines. Key tasks include setting up DNS, web, FTP, mail, monitoring, RADIUS, DHCP and VPN services across the network. Firewalls must allow necessary access while restricting other traffic. The servers and clients must be configured according to the hostnames, domains and IP addresses specified.

Uploaded by

Khusus Download
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views10 pages

Lomba Keterampilan Siswa: Sekolah Menengah Kejuruan Tingkat Kabupaten Subang 2019

The document provides instructions for a skills competition involving configuring several virtual machines to create a network. Participants must install and configure services on 2 servers - SUBANGSRV and MEDIACENTERSRV - and 2 client machines. Key tasks include setting up DNS, web, FTP, mail, monitoring, RADIUS, DHCP and VPN services across the network. Firewalls must allow necessary access while restricting other traffic. The servers and clients must be configured according to the hostnames, domains and IP addresses specified.

Uploaded by

Khusus Download
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

LOMBA KETERAMPILAN SISWA

SEKOLAH MENENGAH KEJURUAN


TINGKAT KABUPATEN SUBANG 2019

LINUX ISLAND

IT NETWORK SYSTEMS
ADMINISTRATION
LKSTKJSMKSBG_ITNSA_LINUX_ISLAND
2

ISLAND A – LINUX ISLAND


CONTENTS
This Test Project proposal consists of the following document/file:
LKSTKJSBG_ITNSA_LinuxIsland.pdf

INTRODUCTION
The competition has a fixed start and finish time. You must decide how to best divide your
time.
Please carefully read the following instructions!
When the competition time ends, please leave your station in a running state.

PHYSICAL MACHINE (HOST)


FOLDER PATHS
Virtual Machines: C:\LKS\Virtual Machine
ISO Images: C:\LKS\ISO

Password for OS Pre-Install : Subang2019

Version: 1.0
LKSTKJSMKSBG_ITNSA
Date: 08.04.2019
3

PART I
WORK TASK INSTALLATION (SUBANGSRV, MEDIACENTERSRV)
Note Please use the default configuration if you are not given details.

WORK TASK SERVER SUBANGSRV


Configure the server with the hostname, domain and IP specified in the appendix.
o Configure the disk and partitions
 Add 3 disk with 7 GB of each disk.
 Use the three virtual disks to create a software RAID 5.
 Mount it as /files

o Create 30 local UNIX users with password “SbgSkills2019”


 Username: user[1-30]. ex: user1, user2, …, user30

o Install the services:


1. DNS (bind9)
 Configure and install DNS Server with two domain
- lkstkjsmksbg.net to SUBANGSRV
- lkstkjsmksbg.edu.id to MEDIACENTERSRV
 Create subdomain files.lkstkjsmksbg.net and internal.lkstkjsmksbg.net
 Create subdomain monitor.lkstkjsmksbg.edu.id and vpn.lkstkjsmksbg.edu.id
 Create a host www.lkstkjsmksbg.net for IP Public LKSTKJSBG

2. Web Server (apache2 including php5)


 Create website “http://internal.lkstkjsmksbg.net” and “http://www.lkstkjsmksbg.net”
- Use the following code for index.html in the http://internal.lkstkjsmksbg.net
<html>
<h1>Welcome in the INTERNAL lkstkjsmksbg.net</h1>
</html>

- Use the following code for index.html in the http://www.lkstkjsmksbg.net


<html>
<h1>Welcome in the lkstkjsmksbg.net</h1>
</html>

 Make sure “http://internal.lkstkjsmksbg.net” is protected by authentication


- Allow users from “user11” to “user20”
 Enable HTTPs for both sites
- Use a certificate signed by CA Service in MEDIACENTERSRV
- Make sure no certificate warning is shown.

3. FTP (proftpd)
 Enable FTPS
- Use a certificate signed by MEDIACENTERSRV
 Each user (user21 to user30) will have a home directory.

Version: 1.0
LKSTKJSMKSBG_ITNSA
Date: 08.04.2019
4

 Make sure the user is jailed in their respective website document root directories.
 Make sure file transfer to the server is possible.

4. Mail
 Make sure user11 to user20 have access via POP3, IMAP and SMTP
 Before you finish your project make sure you send an email message from user14 to
user19 and another message from user19 to user14.
 Do not delete these email messages.

5. File Server (Samba)


 Share “MANAGER”
o Path is /files/manager
o Give access only to users “user1” to “user10”
o Make sure the share is not shown in the network browser of the clients
 Share “GUEST”
o Path is /files/guest
o Enable read-only access to everyone

6. SSH Server
 Install SSH Server
 Use RADIUS MEDIACENTERSRV to authentication users.
 Change SSH port default to 1945

WORK TASK SERVER MEDIACENTERSRV


Configure the server with the hostname, domain and IP specified in the appendix.
o Install the services:
1. CA (openssl)
 Configure as CA
 CA attributes should be set as follows
- Country code is set to ID
- Organization is set to LKSTKJSBG2019
 Create a root CA certificate
 Store the certificate in directory /cert

2. Monitoring Server (Cacti)


 Configure Cacti with url http://monitor.lkstkjsmksbg.edu.id
 Create an admin-user “master” with password “Subang2019”
 Create a graph showing the statistics of the CPU, Memory and interfaces traffic of
LKSTKJSBG

3. RADIUS (FreeRadius)
 Create 5 users with password “Subang2019” for SSH login SUBANGSRV
o Username: user[31-35]. ex: user31, user32, …, user35
 Use “Subang2019” as share key

Version: 1.0
LKSTKJSMKSBG_ITNSA
Date: 08.04.2019
5

4. DHCP
o Create DHCP Pool INTERNAL:
 Range: 192.168.150.51 – 192.168.150.100
 Netmask: /25
 Gateway: 192.168.150.1
 DNS: 172.23.199.3
o DNS-Suffix: skills4future.net
o SUBANGCLT should always receive the following IP: 192.168.150.88
o The clients should automatically register their name with the DNS server after they
have been assigned with an IP address by the DHCP server.

Version: 1.0
LKSTKJSMKSBG_ITNSA
Date: 08.04.2019
6

PART II
WORK TASK NETWORK CONFIGURATION (LKSTKJSBG)
Note Please use the default configuration if you are not given details.

WORK TASK ROUTER LKSTKJSBG


Configure the server with the hostname, domain and IP specified in the appendix.
o Install the services:
1. Routing
 Enable routing to router forward IPv4 Packet

2. DHCP Relay
 Configure DHCP Relay to MEDIACENTERSRV for internal client

3. Reverse Proxy (nginx)


 Configure a reverse proxy for http://www.lkstkjsmksbg.net
(https://www.lkstkjsmksbg.net), which is hosted by SUBANGSRV

4. VPN Server
 Configure VPN for access to SUBANGSRV and MEDIACENTERSRV. External clients
should
connect to 212.99.45.65
 Use address range 10.20.0.1 to 10.20.0.10 and DNS SUBANGSRV for VPN clients
 For login create a user “remote” with password “Subang2019”

5. Firewall
 External network allows the ICMP packet to interface external LKSTKJSBG
 External network can access to http://www.lkstkjsmksbg.net
 External network can’t access to SUBANGSRV and MEDIACENTERSRV before the vpn
established.
 Ensure the vpn client can’t access to internal client (SUBANGCLT) when the vpn
established.
(Can only access to SUBANGSRV and MEDIACENTERSRV)
 Deny all other traffic from external to all internal network.

Version: 1.0
LKSTKJSMKSBG_ITNSA
Date: 08.04.2019
7

PART III
WORK TASK LINUX CLIENT (PEMDASBGCLT, DISDIKSBGCLT)
Note Please use the default configuration if you are not given details.

WORK TASK LINUX EXTERNAL (PEMDASBGCLT)


Note Please use the default configuration if you are not given details.
o Install the base OS and use Gnome for the GUI
o Configure the client with the hostname, domain and IP specified in the appendix.
o Make sure the PEMDASBGCLT can access to http://www.lkstkjsmksbg.net
o Make sure the PEMDASBGCLT can access to MEDIACENTERSRV and SUBANGSRV (via LKSTKJSBG)
through
VPN
o Make sure the root CA certificate of MEDIACENTERSRV is trusted
o Make sure the client certificate is installed
o Install FileZilla FTP client
o Install Icedove mail client
 Configure mailbox of user14
 Make sure user14 can send mails to user19
o Make sure the client can access samba shares.

WORK TASK LINUX INTERNAL (DISDIKSBGCLT)


Note Please use the default configuration if you are not given details.
o Install the base OS and use Gnome for the GUI
o Configure the client with the hostname, domain and IP specified in the appendix.
o Make sure the root CA certificate of MEDIACENTERSRV is trusted
o Make sure the client certificate is installed
o Install FileZilla FTP client
o Install Icedove mail client
 Configure mailbox of user19
 Make sure user19 can send mails to user14
o Make sure the client can access samba shares.
 Mount the MANAGER SMB share to /mnt/manager on boot using fstab

Version: 1.0
LKSTKJSMKSBG_ITNSA
Date: 08.04.2019
8

APPENDIX
SPECIFICATIONS

SUBANGSRV
Operating System Linux Debian 7.8
Computer name: SUBANGSRV
Root password Subang2019
User Name: nanas
User Password: Subang2019
eth0: 172.23.199.3/29

MEDIACENTERSRV
Operating System Linux Debian 7.8
Computer name: MEDIACENTERSRV
Root password Subang2019
User Name: nanas
User Password: Subang2019
IP address: 172.23.199.4/29

LKSTKJSBG
Operating System Linux Debian 7.8
Computer name: LKSTKJSBG
Root password Subang2019
User Name: nanas
User Password: Subang2019
eth0: 212.99.45.65/28
eth1: 172.23.199.1/29
eth2: 192.168.150.1/25

PEMDASBGCLT
Operating System Linux Debian 7.8 (GUI)
Computer name: PEMDASBGCLT
Root password Subang2019
User Name: nanas
User Password: Subang2019
IP address: 212.99.45.70/28

Version: 1.0
LKSTKJSMKSBG_ITNSA
Date: 08.04.2019
9

DISDIKSBGCLT
Operating System Linux Debian 7.8 (GUI)
Computer name: DISDIKSBGCLT
Root password Subang2019
User Name: nanas
User Password: Subang2019
IP address: DHCP

Version: 1.0
LKSTKJSMKSBG_ITNSA
Date: 08.04.2019
NETWORK SPESIFICATION

Windows Hostmachine ( PC1) Windows Hostmachine (PC2)


Name : SUBANGSRV
OS : Debian 7.8

IP-Address : Host Only Pre-Install


172.23.199.3/29 VMnet1 Name : PEMDASBGCLT (External)
Service: OS : Debian 7.8 (GUI)
- RAID
- DNS IP-Address :
- Web 212.99.45.70/28
- FTP
- Email
LKSTKJSBG Service:
- OpenVPN Client
- Samba - IceDove
- SSH - Filezilla
SUBANGSRV
VMNet1 PEMDASBGCLT
VMNet2

Name : MEDIACENTERSRV
OS : Debian 7.8 Name : LKSTKJSBG Pre-Install
OS : Debian 7.8
Name : DIDDIKSBGCLT (Internal)
IP-Address : OS : Debian 7.8 (GUI)
172.23.199.4/29 IP-Address :
Service: External : 212.99.45.65/28
Server : 172.23.199.1/29 IP-Address :
- Cacti DHCP From MEDIACENTERSRV
- FreeRadius Internal : 192.168.150.1/25
Service: Service:
- CA - IceDove
- DHCP Server Host Only - Routing
- DHCP Relay - Filezilla
- Reverse Proxy (nginx)
VMnet2 - DDNS
MEDIACENTERSRV - Firewall
- OpenVPN Server
DISDIKSBGCLT

You might also like