More Related Content
Similar to Configuring Linux Server and its Security Maintenance.pptx (20)
Configuring Linux Server and its Security Maintenance.pptx
- 3. • History of Linux
1
• Linux Distribution
2
• Install Ubuntu Server
Edition 12.04.x LTS
3
Today’s Overview
Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
- 4. • Basic LAN Configure in
Server
4
• Start Ubuntu 13.10
Desktop PC
5
• Internet Gateway Server
6
Today’s Overview
Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
- 5. • Configuring DNS Server
7
• Enable Firewall Security
8
• Configure Squid
(Proxy Server)
9
Today’s Overview
Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
- 6. • SARG Proxy Report
10
• Install samba Server
11
Today’s Overview
Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
- 7. History of Linux
• Linus Torvalds, who was then a student at the University of
Helsinki in Finland, developed Linux in 1991. He released it for free
on the Internet. Due to the far reach of the Free Software
Foundation (FSF) and the GNU Project, Linux popularity increased
rapidly, with utilities developed and released for free online. A
commercial version of Unix was released by RedHat in the early
1990’s (combining the OS with technical support and
documentation) and the popularity of Linux continued to
skyrocket.
• A system is termed UNIX only if it complies fully with (and is
certified by) the Single Unix Specification (SUS) standards. Similar
systems that do not comply fully or are not certified, such as
Linux, are termed “Unix-like” operating systems.
Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
- 8. Linux Distribution
• A Linux distribution is a collection of software applications built on top of the Linux kernel
and operating system. There are many variations between distributions, as each strives to
provide a unique user experience.
Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
- 10. Install Ubuntu Server Edition 12.04.x LTS
Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
- 14. Put IP Address on the Interface and dns address
Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
- 15. Real IP (Provided By ISP)
Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
- 16. Local IP (Provided By Client)
Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
- 20. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Restart DNS
- 21. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Check eth (Ethernet) IP
- 22. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Check DNS Address (nslookup royal.edu.bd)
- 23. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Check Internet Connection (ping yahoo.com)
- 24. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
apt-get update
- 25. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
apt-get upgrade
- 26. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Start Ubuntu 13.10 Desktop PC
- 28. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Client PC Root Login
- 29. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Configure Client IP (Ubuntu Desktop)
- 30. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Ping Server Machine (ping 192.168.10.140)
- 31. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Configuring Linux Server
- 32. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Internet Gateway Server
Login with putty (172.30.1.111)
- 33. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Install package of requerment
apt-get -q –y install rcconf vimnox iftop htop iptables
- 34. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Open nat_firewall.sh
vim /usr/bin/nat_firewall.sh
- 35. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Configure of nat_firewall.sh
POSTROUTING -> 192.168.10.0/24 & source -> 172.30.1.111
- 36. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Permission File to Executable
chmod 755 /usr/bin/nat_firewall.sh
- 37. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Add the following line before exit 0
/usr/bin/nat_firewall.sh
- 38. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Run nat_firewall.sh file
root@rud:~# /usr/bin/nat_firewall.sh
- 39. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
echo '1' ip_forward
echo '1' > /proc/sys/net/ipv4/ip_forward
- 40. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Check NAT
root@rud:~# Iptablels -nvL
- 41. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Active Internet Access to Client PC
Add gateway 192.168.10.1
- 42. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Active Internet Access to Client PC
Add gateway 192.168.10.1
- 43. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Check ping Reply
root@rud:~# ping royal.edu.bd
- 44. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Blousing WEB Page
- 45. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Configuring DNS Server
root@rud:~# apt-get install daemontools daemontools-run ucspi-tcp dbndns dnsutils
- 46. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
DNS Log User Create
root@rud:~# adduser --no-create-home --disabled-login --shell /bin/false dnslog
- 47. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Dnscache User Create
root@rud:~# adduser --no-create-home --disabled-login --shell /bin/false dnscache
- 48. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Set IP Address
root@rud:~# dnscache-conf dnscache dnslog /etc/dnscache 192.168.15.1
- 49. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Open dnscache Directory
root@rud:~# cd /etc/dnscache
- 50. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Create Network ID of Real IP file
root@rud:~# touch /etc/dnscache/root/ip/172.30.1
- 51. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Create Local Host File
root@rud:~# touch /etc/dnscache/root/ip/192.168.10
- 52. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Create Defult Network ID IP File
root@rud:~# touch /etc/dnscache/root/ip/127.0.0.1
- 53. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Service Work
root@rud:~# cd /etc/service
root@rud:~# ln -sf /etc/dnscache/
root@rud:~# mkdir /service
root@rud:~# cd /service
root@rud:~# ln -sf /etc/dnscache/
- 54. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Some Service Restart
root@rud:~# initctl stop svscan
root@rud:~# initctl start svscan
root@rud:~# initctl restart svscan
- 55. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
10. Print cashadns Byte Size
root@rud:~# echo "10000000" > CACHESIZE
root@rud:~# echo "30000000" > DATALIMIT
- 56. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Show My Dns IP
root@rud:~# nslookup roual.edu.bd
- 57. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Restart & reload service
root@rud:~# svc -t /service/dnscache
root@rud:~# svc -h /service/dnscache
- 58. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Checking status
root@rud:~# svstat /etc/dnscache
- 59. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Shutting & Starting Up dnscache
root@rud:~# svc -d /etc/dnscache
root@rud:~# svc -u /etc/dnscache
- 60. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Set New DNS IP Address in Server
root@rud:~# vim /etc/resolvconf/resolv.conf.d/head
- 61. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Set New DNS Addres in Client PC
root@rud:~# vim /etc/resolvconf/resolv.conf.d/head
- 62. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Show Client PC DNS
root@rud:~# nslookup royal.edu.bd
- 65. Drop Gateway IP Serice
Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Drop 192.168.10.0/24 IP
- 66. Run The nat_firewall.sh File
Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
root@rud:~# /usr/bin/nat_firewall.sh
- 70. To Access Client PC
Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
- 73. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Configure Squid (Proxy Server)
apt-get package install
vim-nox iftop htop build-essential vnstat dnsutils telnet rcconf dialog unzip unrar
locate rsync
- 74. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Configure Squid (Proxy Server)
apt-get install squid3 privoxy
- 75. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Configure Squid (Proxy Server)
CP & Blank Sqide
# cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original
- 76. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Open sqide.conf file
# vim /etc/squid3/squid.conf
- 77. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Configure squide
- 78. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Save Configure squide
- 79. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
If any error check and resolve
# squid3 -k parse
- 80. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Create access.log file
# touch /var/log/squid3/access.log
- 81. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Create cache.log file
# touch /var/log/squid3/cache.log
- 82. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Run squid
# squid3 -z
- 83. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Restarting proxy server
# service squid3 stop
# service squid3 start
# service privoxy restart
- 84. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Configure a line in sh nat_firewal file
- 85. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Run nat_firrwall.sh file
# /usr/bin/nat_firewall.sh
- 88. Show proxy server web link
Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
# tail –f /var/logsquid3/access.log
- 89. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
SARG Proxy Report
root@rud:~# apt-get install sarg apache2 php5
- 90. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
SARG Proxy Report
root@rud:~# apt-get install sarg apache2 php5
- 91. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
SARG Proxy Report
root@rud:~# apt-get install sarg apache2 php5
- 92. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
SARG Proxy Report
root@rud:~# apt-get install sarg apache2 php5
- 93. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Open sarg.conf file
root@rud:~# vim /etc/sarg/sarg.conf
- 94. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Configure sarg.con
access_log /var/log/squid3/access.log
title "Squid User Access Reports"
output_dir /var/www/squid-reports
- 95. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Configure sarg.con
access_log /var/log/squid3/access.log
title "Squid User Access Reports"
output_dir /var/www/squid-reports
- 96. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Make rudreport directory
root@rud:~# mkdir /var/www/rud-reports
- 97. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Open sarg.sh file
root@rud:~# vim /usr/bin/sarg.sh
- 98. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Open sarg_ini.sh
root@rud:~# vim /usr/bin/sarg_ini.sh
- 99. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Configure sarg_ini.sh
#!/bin/bash
# TEMP FilesTMPFILE=/tmp/sarg-reports.$RANDOM
ERRORS="${TMPFILE}.errors“
/usr/bin/sarg -f /etc/sarg/sarg.conf
- 100. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Executable Permission of sarg.sh
# chmod 755 /usr/bin/sarg.sh
- 101. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Run sarg.sh
root@rud:~# /usr/bin/sarg.sh
- 102. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Blousing Report of local host
- 103. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Blousing Report of localhost
- 104. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Install samba Server
root@rud:~# apt-grt install samba
- 105. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Create RUD Share Folder
root@rud:~# mkdir –m 0777 /rud
- 106. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
samba conf file
root@rud:~# vi /etcsamba/smb.conf
- 107. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
samba smb.conf file
- 108. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
Configuring samba
- 109. Copyright © 2014 Salehin Yazuz Nirbhou |
Royal University of Dhaka.
SAMBA Server Restart
root@rud:~# service smb restart