Configuring Linux Server and its Security Maintenance.pptx
•Download as PPTX, PDF•
0 likes•5 views
CONFIGURING LINUX SERVER AND SECURITY MAINTENANCE
Recommended
Recommended
More Related Content
Similar to Configuring Linux Server and its Security Maintenance.pptx
Similar to Configuring Linux Server and its Security Maintenance.pptx (20)
Recently uploaded
Recently uploaded (20)
Configuring Linux Server and its Security Maintenance.pptx
- 1. Welcome
- 2. CONFIGURING LINUX SERVER AND SECURITY MAINTENANCE Salehin Nirbhoy Royal University of Dhaka.
- 3. • History of Linux 1 • Linux Distribution 2 • Install Ubuntu Server Edition 12.04.x LTS 3 Today’s Overview Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 4. • Basic LAN Configure in Server 4 • Start Ubuntu 13.10 Desktop PC 5 • Internet Gateway Server 6 Today’s Overview Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 5. • Configuring DNS Server 7 • Enable Firewall Security 8 • Configure Squid (Proxy Server) 9 Today’s Overview Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 6. • SARG Proxy Report 10 • Install samba Server 11 Today’s Overview Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 7. History of Linux • Linus Torvalds, who was then a student at the University of Helsinki in Finland, developed Linux in 1991. He released it for free on the Internet. Due to the far reach of the Free Software Foundation (FSF) and the GNU Project, Linux popularity increased rapidly, with utilities developed and released for free online. A commercial version of Unix was released by RedHat in the early 1990’s (combining the OS with technical support and documentation) and the popularity of Linux continued to skyrocket. • A system is termed UNIX only if it complies fully with (and is certified by) the Single Unix Specification (SUS) standards. Similar systems that do not comply fully or are not certified, such as Linux, are termed “Unix-like” operating systems. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 8. Linux Distribution • A Linux distribution is a collection of software applications built on top of the Linux kernel and operating system. There are many variations between distributions, as each strives to provide a unique user experience. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 9. Choses My Distribution Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 10. Install Ubuntu Server Edition 12.04.x LTS Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 11. Select Server Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 12. Define SWAP Memory Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 13. Bsic LAN Configure Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 14. Put IP Address on the Interface and dns address Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 15. Real IP (Provided By ISP) Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 16. Local IP (Provided By Client) Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 17. Network Restart Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 18. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Set DNS
- 19. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Set DNS
- 20. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Restart DNS
- 21. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Check eth (Ethernet) IP
- 22. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Check DNS Address (nslookup royal.edu.bd)
- 23. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Check Internet Connection (ping yahoo.com)
- 24. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. apt-get update
- 25. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. apt-get upgrade
- 26. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Start Ubuntu 13.10 Desktop PC
- 27. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Login
- 28. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Client PC Root Login
- 29. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Configure Client IP (Ubuntu Desktop)
- 30. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Ping Server Machine (ping 192.168.10.140)
- 31. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Configuring Linux Server
- 32. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Internet Gateway Server Login with putty (172.30.1.111)
- 33. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Install package of requerment apt-get -q –y install rcconf vimnox iftop htop iptables
- 34. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Open nat_firewall.sh vim /usr/bin/nat_firewall.sh
- 35. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Configure of nat_firewall.sh POSTROUTING -> 192.168.10.0/24 & source -> 172.30.1.111
- 36. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Permission File to Executable chmod 755 /usr/bin/nat_firewall.sh
- 37. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Add the following line before exit 0 /usr/bin/nat_firewall.sh
- 38. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Run nat_firewall.sh file root@rud:~# /usr/bin/nat_firewall.sh
- 39. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. echo '1' ip_forward echo '1' > /proc/sys/net/ipv4/ip_forward
- 40. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Check NAT root@rud:~# Iptablels -nvL
- 41. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Active Internet Access to Client PC Add gateway 192.168.10.1
- 42. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Active Internet Access to Client PC Add gateway 192.168.10.1
- 43. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Check ping Reply root@rud:~# ping royal.edu.bd
- 44. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Blousing WEB Page
- 45. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Configuring DNS Server root@rud:~# apt-get install daemontools daemontools-run ucspi-tcp dbndns dnsutils
- 46. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. DNS Log User Create root@rud:~# adduser --no-create-home --disabled-login --shell /bin/false dnslog
- 47. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Dnscache User Create root@rud:~# adduser --no-create-home --disabled-login --shell /bin/false dnscache
- 48. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Set IP Address root@rud:~# dnscache-conf dnscache dnslog /etc/dnscache 192.168.15.1
- 49. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Open dnscache Directory root@rud:~# cd /etc/dnscache
- 50. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Create Network ID of Real IP file root@rud:~# touch /etc/dnscache/root/ip/172.30.1
- 51. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Create Local Host File root@rud:~# touch /etc/dnscache/root/ip/192.168.10
- 52. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Create Defult Network ID IP File root@rud:~# touch /etc/dnscache/root/ip/127.0.0.1
- 53. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Service Work root@rud:~# cd /etc/service root@rud:~# ln -sf /etc/dnscache/ root@rud:~# mkdir /service root@rud:~# cd /service root@rud:~# ln -sf /etc/dnscache/
- 54. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Some Service Restart root@rud:~# initctl stop svscan root@rud:~# initctl start svscan root@rud:~# initctl restart svscan
- 55. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. 10. Print cashadns Byte Size root@rud:~# echo "10000000" > CACHESIZE root@rud:~# echo "30000000" > DATALIMIT
- 56. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Show My Dns IP root@rud:~# nslookup roual.edu.bd
- 57. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Restart & reload service root@rud:~# svc -t /service/dnscache root@rud:~# svc -h /service/dnscache
- 58. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Checking status root@rud:~# svstat /etc/dnscache
- 59. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Shutting & Starting Up dnscache root@rud:~# svc -d /etc/dnscache root@rud:~# svc -u /etc/dnscache
- 60. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Set New DNS IP Address in Server root@rud:~# vim /etc/resolvconf/resolv.conf.d/head
- 61. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Set New DNS Addres in Client PC root@rud:~# vim /etc/resolvconf/resolv.conf.d/head
- 62. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Show Client PC DNS root@rud:~# nslookup royal.edu.bd
- 63. Enable Firewall Security Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. root@rud:~# vim /usr/bin/nat_firewall.sh
- 64. Enable Firewall Security Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. root@rud:~# vim /usr/bin/nat_firewall.sh
- 65. Drop Gateway IP Serice Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Drop 192.168.10.0/24 IP
- 66. Run The nat_firewall.sh File Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. root@rud:~# /usr/bin/nat_firewall.sh
- 67. Ping Client Internet Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. root@rud:~# ping royal.edu.bd
- 68. Brousing (Not Access) Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 69. Find MAC Address Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. root@rud:~# arp 192.168.10.130
- 70. To Access Client PC Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 71. Successfully Reply Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. root@rud:~# ping royal.edu.bd
- 72. Successfully Browsing WEB Page Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 73. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Configure Squid (Proxy Server) apt-get package install vim-nox iftop htop build-essential vnstat dnsutils telnet rcconf dialog unzip unrar locate rsync
- 74. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Configure Squid (Proxy Server) apt-get install squid3 privoxy
- 75. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Configure Squid (Proxy Server) CP & Blank Sqide # cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original
- 76. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Open sqide.conf file # vim /etc/squid3/squid.conf
- 77. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Configure squide
- 78. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Save Configure squide
- 79. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. If any error check and resolve # squid3 -k parse
- 80. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Create access.log file # touch /var/log/squid3/access.log
- 81. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Create cache.log file # touch /var/log/squid3/cache.log
- 82. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Run squid # squid3 -z
- 83. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Restarting proxy server # service squid3 stop # service squid3 start # service privoxy restart
- 84. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Configure a line in sh nat_firewal file
- 85. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Run nat_firrwall.sh file # /usr/bin/nat_firewall.sh
- 86. Enable Firewall Security Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. root@rud:~#
- 87. Visit Client Blouser Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.
- 88. Show proxy server web link Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. # tail –f /var/logsquid3/access.log
- 89. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. SARG Proxy Report root@rud:~# apt-get install sarg apache2 php5
- 90. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. SARG Proxy Report root@rud:~# apt-get install sarg apache2 php5
- 91. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. SARG Proxy Report root@rud:~# apt-get install sarg apache2 php5
- 92. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. SARG Proxy Report root@rud:~# apt-get install sarg apache2 php5
- 93. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Open sarg.conf file root@rud:~# vim /etc/sarg/sarg.conf
- 94. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Configure sarg.con access_log /var/log/squid3/access.log title "Squid User Access Reports" output_dir /var/www/squid-reports
- 95. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Configure sarg.con access_log /var/log/squid3/access.log title "Squid User Access Reports" output_dir /var/www/squid-reports
- 96. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Make rudreport directory root@rud:~# mkdir /var/www/rud-reports
- 97. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Open sarg.sh file root@rud:~# vim /usr/bin/sarg.sh
- 98. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Open sarg_ini.sh root@rud:~# vim /usr/bin/sarg_ini.sh
- 99. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Configure sarg_ini.sh #!/bin/bash # TEMP FilesTMPFILE=/tmp/sarg-reports.$RANDOM ERRORS="${TMPFILE}.errors“ /usr/bin/sarg -f /etc/sarg/sarg.conf
- 100. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Executable Permission of sarg.sh # chmod 755 /usr/bin/sarg.sh
- 101. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Run sarg.sh root@rud:~# /usr/bin/sarg.sh
- 102. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Blousing Report of local host
- 103. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Blousing Report of localhost
- 104. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Install samba Server root@rud:~# apt-grt install samba
- 105. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Create RUD Share Folder root@rud:~# mkdir –m 0777 /rud
- 106. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. samba conf file root@rud:~# vi /etcsamba/smb.conf
- 107. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. samba smb.conf file
- 108. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. Configuring samba
- 109. Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka. SAMBA Server Restart root@rud:~# service smb restart
- 110. THANKS' ALL Copyright © 2014 Salehin Yazuz Nirbhou | Royal University of Dhaka.