Scribd
Upload
17 views5 pages

Debian Konfigurasi HH

This document configures a Linux server to act as a DHCP, DNS, web, mail, and FTP server. It details the steps to install and configure necessary packages and services. Key points include: - Configuring the network interfaces and IP tables for DHCP, static IP, and NAT functionality - Installing and configuring packages like ISC DHCP, Bind, Apache, Postfix, Dovecot to enable core networking and server services - Creating DNS records and zones for the internal domain - Setting up user accounts and web content for the Apache server - Configuring Postfix, Dovecot, and Roundcube for email services - Installing VSFTPD and creating an

Uploaded by

Yusuf 25
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
17 views5 pages

Debian Konfigurasi HH

This document configures a Linux server to act as a DHCP, DNS, web, mail, and FTP server. It details the steps to install and configure necessary packages and services. Key points include: - Configuring the network interfaces and IP tables for DHCP, static IP, and NAT functionality - Installing and configuring packages like ISC DHCP, Bind, Apache, Postfix, Dovecot to enable core networking and server services - Creating DNS records and zones for the internal domain - Setting up user accounts and web content for the Apache server - Configuring Postfix, Dovecot, and Roundcube for email services - Installing VSFTPD and creating an

Uploaded by

Yusuf 25
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

--- PATHING ---

root@lks:~# echo $PATH


root@lks:~# PATH="/sbin:$PATH"

--- network configuration ---


root@lks:~# nano /etc/network/interfaces
# Mendapatkan IP DHCP CLIENT
# IP Default NAT 10.0.2.0/24 dari 192.168.1.0/24
auto enp0s3
iface enp0s3 inet dhcp
# Server Menggunakan IP Static
auto enp0s8
iface enp0s8 inet static
address 192.168.100.1
#network 192.168.100.0
netmask 255.255.255.0
#broadcast 192.168.100.255
root@lks:~# systemctl restart networking
root@lks:~# ip a
root@lks:~# nano /etc/resolv.conf
nameserver 192.168.100.1
nameserver 192.168.1.254
nameserver 8.8.8.8
root@lks:~# ping google.com

root@lks:~# nano /etc/apt/sources.list


deb [trusted=yes] http://192.168.1.199/debian bullseye main contrib non-free
deb [trusted=yes] http://192.168.1.199/debian bullseye-updates main contrib
non-free
deb [trusted=yes] http://192.168.1.199/debian-security bullseye-security main
contrib non-free

root@lks:~# apt update


root@lks:~# apt upgrade

--- SUDO ---


root@lks:~# apt install sudo
root@lks:~# dpkg -l sudo
root@lks:~# nano /etc/sudoers
# User setara dengan root
grid ALL=(ALL:ALL) ALL
root@lks:~# systemctl reboot

--- host configuration ---


nano /etc/hosts
nano /etc/hostname
systemctl reboot

--- DHCP Server ---


root@lks:~# apt install isc-dhcp-server
root@lks:~# dpkg -s isc-dhcp-server
root@lks:~# nano /etc/default/isc-dhcp-server
INTERFACESv4="enp0s8"
root@lks:~# nano /etc/dhcp/dhcpd.conf
subnet 10.0.2.0 netmask 255.255.255.0 {
}
# A slighly different configuration for an internal subnet
subnet 192.168.100.0 netmask 255.255.255.0{
range 192.168.100.2 192.168.100.254;
option domain-name-servers 192.168.100.1, 192.168.1.254;
option domain-name "itnsa.id";
option routers 192.168.100.1;
option broadcast-address 192.168.100.255;
default-lease-time 600;
max-lease-time 7200;
}
root@lks:~# dhcpd -t
root@lks:~# systemctl restart isc-dhcp-server

--- IPTABLES ---


root@lks:~# apt install iptables net-tools
root@lks:~# nano /etc/sysctl.conf
hapus pagar #net.ipv4.ip_forward=1
root@lks:~# iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
root@lks:~# sysctl -w net.ipv4.ip_forward=1

--- SSH Server ---


root@lks:~# apt install openssh-server
root@lks:~# systemctl status ssh
root@lks:~# nano /etc/ssh/sshd_config
rubah #Port 22 menjadi Port 2233
r ubah #PermitRootLogin Prohibit-password menjadi PermitRootLogin No
root@lks:~# systemctl restart ssh

--- SSH REMOTE FROM CLIENT ---


root@lks:~# apt install putty
root@lks:~# ssh [email protected] -p 22

--- SSH Key-Pair Authentikasi FROM client ---


root@lks:~# ssh-keygen -t rsa
root@lks:~# (enter)
root@lks:~# (Skills39)
root@lks:~# ls /home/user/.ssh/
root@lks:~# ssh-copy-id -p 2222 user@ip
root@lks:~# (yes)
root@lks:~# (masukan password root 1234)

--- DNS Server ---


root@lks:~# apt install bind9 bind9utils
root@lks:~# cd /etc/bind
root@lks:~/etc/bind# cp db.local db.itnsa
root@lks:~/etc/bind# cp db.127 db.reverse
root@lks:~/etc/bind# nano db.itnsa
localhost diganti itnsa.id
@ IN A 192.168.100.1
www IN A 192.168.100.1
ftp IN A 192.168.100.1
mail IN A 192.168.100.1
root@lks:~/etc/bind# nano db.reverse
localhost diganti itnsa.id
1 IN PTR itnsa.id
root@lks:~/etc/bind# nano named.conf.local
zone "lks1xx.net"{
type master;
file "/etc/bind/db.itnsa";
};
zone "100.168.192.in-addr.arpa"{
type master;
file "/etc/bind/db.reverse";
};
root@lks:~/etc/bind# systemctl restart bind9
root@lks:~/etc/bind# nslookup itnsa.id
root@lks:~/etc/bind# nslookup www.itnsa.id
root@lks:~/etc/bind# nslookup ftp.itnsa.id
root@lks:~/etc/bind# nslookup mail.itnsa.id
root@lks:~/etc/bind# nslookup 192.168.100.1

--- WEB Server ---


root@lks:~# apt install apache2 lynx
root@lks:~# lynx 192.168.100.1
untuk keluar dari tampilan lynx tekan huruf q > y
root@lks:~# mkdir -p /var/www/itnsa
root@lks:~# chmod -R 755 /var/www/itnsa
root@lks:~# chown -R user:user /var/www/itnsa
root@lks:~# cd /var/www/itnsa
root@lks:/var/www/itnsa# nano index.html
<html>
<head>
<title>itnsa.id</title>
</head>
<body>
<h1> Selamat datang di WEB itnsa.id </h1>
<p>
</br></br>
<b> nama : Abdul Hamid </b></br>
<i> Kelas : Produktif TKJ </i></br>
<u> Absen : 1001 malam </u></br>
</p>
</body>
</html>

root@lks:/var/www/itnsa# cd /etc/apache2/sites-available
root@lks:/etc/apache2/sites-available# cp 000-default.conf itnsa.conf
root@lks:/etc/apache2/sites-available# nano itnsa.conf
ServerAdmin email masing2
DocumentRoot /var/www/itnsa
ServerName itnsa.id
ServerAlias www.itnsa.net
root@lks:/etc/apache2/sites-available# a2ensite itnsa.conf
root@lks:/etc/apache2/sites-available# a2dissite 000-default.conf
root@lks:/etc/apache2/sites-available# systemctl restart apache2

--- FTP Server vsftpd ---


root@lks:~# apt install vsftpd
root@lks:~# systemctl status vsftpd
root@lks:~# su -l
root@lks:~# adduser ftpuser
root@lks:~# echo ftpuser >> /etc/vsftpd.chroot_list
root@lks:~# mkdir -p /home/ftpuser/ftp
root@lks:~# chmod -R 750 /home/ftpuser/ftp
root@lks:~# chown -R ftpuser:ftpuser /home/ftpuser/ftp
root@lks:~# nano /etc/vsftpd.conf
#write_enable=YES --> hapus tanda pagar
#chroot_local_user=YES --> hapus tanda pagar
#chroot_list_enable=YES --> hapus tanda pagar
root@lks:~# systemctl restart vsftpd
--- MAIL SERVER POSTFIX DOVECOT ---
root@lks:~# apt install postfix dovecot-imapd dovecot-pop3d
pilih internet site
mail name : itnsa.id
root@lks:~# nano /etc/postfix/main.cf
tambahkan paling bawah
home_mailbox = Maildir/
root@lks:~# maildirmake.dovecot /etc/skel/Maildir
root@lks:~# tree /etc/skel
root@lks:~# dpkg-reconfigure postfix
internet site
itnsa.id
root kosongkan saja
next
debian, itnsa.id, mail.itnsa.id, localhost,
tambahkan pada local network 0.0.0.0/0
next
next
ipv4
root@lks:~# systemctl restart postfix
root@lks:~# nano /etc/dovecot/conf.d/10-mail.conf
hapus pagar mail_location = maildir:~/Maildir
kasih pagar mail_location = mbox:~/mail:INBOX=/var/mail/%u
root@lks:~# systemctl restart dovecot
root@lks:~# adduser ops
root@lks:~# adduser dev
root@lks:~# adduser admin
root@lks:~# cat /etc/passwd
root@lks:~# telnet mail.itnsa.id 25
mail from: [email protected] -> enter
rcpt to: [email protected] -> enter
data -> enter
Uji Coba Mail
Assalamualaikum
. -> enter
quit
root@lks:~# telnet mail.itnsa.id 110
user ops -> enter
pass 1234 -> enter
list -> enter
retr 1 -> enter
quit -> enter
root@lks:~# telnet mail.itnsa.id 143
a login ops 1234 -> enter
b select inbox -> enter
c FETCH 1 BODY[TEXT] -> enter
c logout -> enter

--- MAIL SERVER ROUNDCUBE ---


root@lks:~# apt install mariadb-server
root@lks:~# apt install roundcube
yes -> enter
password root -> enter
password root -> enter
root@lks:~# nano /etc/roundcube/config.inc.php
$config['default_host'] = 'mail.itnsa.id';
$config['smtp_server'] = 'mail.itnsa.id';
$config['smtp_port'] = '25';
$config['smtp_user'] = '';
$config['smtp_pass'] = '';
root@lks:~# dpkg-reconfigure roundcube-core
kosongkan saja -> enter
en_us -> enter
no -> enter
apache2 saja yang dipilih -> enter
restart yes -> enter
keep local -> -> enter
root@lks:~# nano /etc/apache2/apache2.conf
tambahkan paling bawah
Include /etc/roundcube/apache.conf
root@lks:~# cd /etc/apache2/sites-available
root@lks:/etc/apache2/sites-available# cp 000-default.conf itnsa-mail.conf
root@lks:/etc/apache2/sites-available# nano itnsa-mail.conf
ServerAdmin email masing2
DocumentRoot /usr/share/roundcube
ServerName itnsa.id
ServerAlias mail.itnsa.net
root@lks:/etc/apache2/sites-available# a2ensite itnsa-mail.conf
root@lks:/etc/apache2/sites-available# ls /etc/apache2/sites-enabled
root@lks:/etc/apache2/sites-available# systemctl restart apache2
root@lks:/etc/apache2/sites-available# systemctl restart dovecot
root@lks:/etc/apache2/sites-available# systemctl restart postfix

--- SSL Certificate Authority ---


root@lks:~# apt install openssl ssl-cert
root@lks:~# mkdir backupssl
root@lks:~# cd backupssl
root@lks:~/backupssl# openssl genrsa -out RootCA.key 4096
root@lks:~/backupssl# cat RootCA.key
root@lks:~/backupssl# openssl req -x509 -new -nodes -sha256 -days 1095 -key
RootCA.key -out RootCA.crt
country name : ID
Province : JAWA TIMUR
Locality : PROBOLINGGO
Organization name : SMKN 1 BANYUANYAR
Organization Unit : TKJ
common name : LKS1xx-Root
email : email masing2
root@lks:~/backupssl# openssl x509 -noout -text -in RootCA.crt
root@lks:~/backupssl# openssl genrsa -out www.key 4096
root@lks:~/backupssl# openssl req -new -nodes -sha256 -key www.key -out www.csr
root@lks:~/backupssl# openssl x509 -sha256 -req -days 365 -in www.csr -CA
RootCA.crt -CAkey RootCA.key -CAcreateserial -out www.crt
root@lks:~/backupssl# openssl verify -CAfile RootCA.crt www.crt
root@lks:~/backupssl# openssl genrsa -out ftp.key 4096
root@lks:~/backupssl# openssl req -new -nodes -sha256 -key ftp.key -out ftp.csr
root@lks:~/backupssl# openssl x509 -sha256 -req -days 365 -in ftp.csr -CA
RootCA.crt -CAkey RootCA.key -CAcreateserial -out ftp.crt
root@lks:~/backupssl# openssl verify -CAfile RootCA.crt ftp.crt
root@lks:~/backupssl# cp /root/backupssl/www.* /etc/ssl

You might also like