Mas Rony’s Notes

written by Mas Rony

Artikel ini dibuat dengan menggunakan OS Centos 5.4 dengan ISPConfig versi 2.
Sebelumnya mohon maaf, saya tidak banyak menjelaskan masing-masing bagian dari proses instalasi ini seperti pada post entry sebelum-sebelumnya. Jadi hanya point-point yang penting saja yang saya sebutkan. Instalasi ini mencakup keseluruhan dari service-service yang dibutuhkan seperti dibawah ini :

- OS : OS Centos 5.4 (disini tidak dibahas mengenai instalasi OS. Instalasi OS yg dibutuhkan standard package no GUI)
- Web Server: Apache/2.2.3 with PHP 5.1.6
- Web statistik : Webalizer V2.01-10
- Database Server: MySQL 5.0.77
- Mail Server: Postfix
- DNS Server: BIND9 (chrooted)
- FTP Server: Proftpd v1.3.2c
- POP3/IMAP server: Dovecot 1.0.7

# lspci | grep Ethernet

# tar zxvf l2-linux-v1.0.40.4.tar.gz
# cd l2-linux-v1.0.40.4/src
# make && make install

# vi /etc/hosts

# vi /etc/resolv.conf

# vi /etc/sysconfig/network

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

# /etc/init.d/network restart

# ifconfig

Instalasi paket yang dibutuhkan :
Remove paket yang tidak diinginkan (opsional) :

# yum remove vsftpd NetworkManager irda isdn pcscd

Setting repository ke lokal repo kambing.ui.ac.id (opsional bergantung repo yang biasa anda pakai) :
# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.asli
# vim /etc/yum.repos.d/kambing.repo

# Repository dari server kambing.ui.ac.id
[kambing-base]
name=CentOS.kambing-$releasever – Base
baseurl=http://kambing.ui.ac.id/centos/$releasever/os/$basearch/
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-updates]
name=CentOS.kambing-$releasever – Updates
baseurl=http://kambing.ui.ac.id/centos/$releasever/updates/$basearch/
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-addons]
name=CentOS.kambing-$releasever – Addons
baseurl=http://kambing.ui.ac.id/centos/$releasever/addons/$basearch/
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-extras]
name=CentOS.kambing-$releasever – Extras
baseurl=http://kambing.ui.ac.id/centos/$releasever/extras/$basearch/
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-centosplus]
name=CentOS.kambing-$releasever – Centosplus
baseurl=http://kambing.ui.ac.id/centos/$releasever/centosplus/$basearch/
enable=1
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-contrib]
name=CentOS.kambing-$releasever – Contrib
baseurl=http://kambing.ui.ac.id/centos/$releasever/contrib/$basearch/
enable=1
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-fasttrack]
name=CentOS.kambing-$releasever – Fasttrack
baseurl=http://kambing.ui.ac.id/centos/$releasever/fasttrack/$basearch/
enable=1
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

import GPG key untuk authentikasi :
# rpm –import http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5
# yum clean all
# yum makecache
# yum update
# reboot
# uname -a

Linux jempol 2.6.18-164.11.1.el5.centos.plusxen #1 SMP Wed Jan 20 20:14:28 EST 2010 i686 i686 i386 GNU/Linux

Install paket yang diperlukan :

# yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils gcc \
gcc-c++ quota bind bind-chroot mysql mysql-devel mysql-server cyrus-sasl cyrus-sasl-devel \
cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot php php-devel php-gd php-imap \
php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick \
libxml2 libxml2-devel httpd-devel ruby ruby-devel mod_python perl-HTML-Parser perl-DBI perl-Net-DNS \
perl-Digest-SHA1 webalizer ntp

Setting quota :
tambahkan usrquota,grpquota dibelakang defaults pada root :
# vi /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0

# touch /aquota.user /aquota.group
# chmod 600 /aquota.*
# mount -o remount /
# quotacheck -avugm
# quotaon -avug

Setting Chrooted DNS Server (BIND9) :
# chmod 755 /var/named/
# chmod 775 /var/named/chroot/
# chmod 775 /var/named/chroot/var/
# chmod 775 /var/named/chroot/var/named/
# chmod 775 /var/named/chroot/var/run/
# chmod 777 /var/named/chroot/var/run/named/
# cd /var/named/chroot/var/named/
# ln -s ../../ chroot
# cp /usr/share/doc/bind-9.3.6/sample/var/named/named.local /var/named/chroot/var/named/named.local
# cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/named.root
# touch /var/named/chroot/etc/named.conf
# chkconfig –levels 235 named on
# /etc/init.d/named start

Setting MySQL Server :
# vi /etc/my.cnf
Hapus tanda # pada bagian skip-networking
# chkconfig –levels 235 mysqld on
# /etc/init.d/mysqld start
# mysqladmin -u root password rootpasswordmysql
# mysqladmin -h jempol.wedus.us -u root password rootpasswordmysql

Setting SMTP-AUTH dan TLS pada Postfix :
# postconf -e ’smtpd_sasl_local_domain =’
# postconf -e ’smtpd_sasl_auth_enable = yes’
# postconf -e ’smtpd_sasl_security_options = noanonymous’
# postconf -e ‘broken_sasl_auth_clients = yes’
# postconf -e ’smtpd_sasl_authenticated_header = yes’
# postconf -e ’smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination’
# postconf -e ‘inet_interfaces = all’
# postconf -e ‘mynetworks = 127.0.0.0/8′
Aktifkan PLAIN dan LOGIN untuk login dengan melakukan editing file :
# vi /usr/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login

Notes : untuk CentOS 64 bit letak file smtpd.conf di /usr/lib64/sasl2/smtpd.conf

Certificate untuk TLS :

# mkdir /etc/postfix/ssl
# cd /etc/postfix/ssl/
# openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

# chmod 600 smtpd.key
# openssl req -new -key smtpd.key -out smtpd.csr

# openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

# openssl rsa -in smtpd.key -out smtpd.key.unencrypted

# mv -f smtpd.key.unencrypted smtpd.key
# openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Configure Postfix for TLS:

# postconf -e ’smtpd_tls_auth_only = no’
# postconf -e ’smtp_use_tls = yes’
# postconf -e ’smtpd_use_tls = yes’
# postconf -e ’smtp_tls_note_starttls_offer = yes’
# postconf -e ’smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key’
# postconf -e ’smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt’
# postconf -e ’smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem’
# postconf -e ’smtpd_tls_loglevel = 1′
# postconf -e ’smtpd_tls_received_header = yes’
# postconf -e ’smtpd_tls_session_cache_timeout = 3600s’
# postconf -e ‘tls_random_source = dev:/dev/urandom’

Set hostname untuk Postfix :
postconf -e ‘myhostname = jempol.wedus.us’
Konfigurasi Postfix selesai, silahkan cek hasil konfigurasinya :
# cat /etc/postfix/main.cf (comments sudah dihilangkan)

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
myhostname = jempol.wedus.us

Aktivasi protokol imap, imaps, pop3, dan pop3s pada Dovecot :
# vi /etc/dovecot.conf

# Protocols we want to be serving: imap imaps pop3 pop3s
# If you only want to use dovecot-auth, you can set this to “none”.
protocols = imap imaps pop3 pop3s

Start on boot Postfix, saslauthd, Dovecot dan disable sendmail :

# chkconfig –levels 235 sendmail off
# chkconfig –levels 235 postfix on
# chkconfig –levels 235 saslauthd on
# chkconfig –levels 235 dovecot on
# /etc/init.d/sendmail stop
# /etc/init.d/postfix start
# /etc/init.d/saslauthd start
# /etc/init.d/dovecot start

##############
To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your Postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH LOGIN PLAIN

everything is fine.

[root@server1 ssl]# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 server1.example.com ESMTP Postfix
ehlo localhost
250-server1.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@server1 ssl]#

Type

quit

Setting Maildir Dovecot
Format Dovecot tidak menggunakan mbox tetapi menggunakan Maildir, aktifkan Maildir ini dari menu ISPConfig di Management -> Server -> Settings -> Email.

postconf -e ‘home_mailbox = Maildir/’
postconf -e ‘mailbox_command =’
/etc/init.d/postfix restart

Setting Apache Webserver :
# vi /etc/httpd/conf/httpd.conf

DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl

Instalasi ISPCpnfig :
Download ISPConfig2 terlebih dahulu di sini
# tar zxvf ISPConfig.tar.gz
# cd ISPConfig
# ./setup

CentOS 5.4
Neuinstallation eines ISPConfig-Systems. / Installation of a new ISPConfig system. / Installation d’ISPConfig sur un nouveau syst�me.
W�hlen Sie Ihre Sprache (deutsch/englisch/spanisch/franz�sisch/italienisch/niederl�ndisch/polnisch/schwedisch): / Please choose your language (German/English/Spanish/French/Italian/Dutch/Polish/Swedish): / Merci de choisir votre langue (Allemand/Anglais/Espagnol/Fran�ais/Italien/N�erlandais/Polonais/Su�dois):
1) de
2) en
3) es
4) fr
5) it
6) nl
7) pl
se
Ihre Wahl: / Your Choice: / Votre Choix:2
With the system installation, some system files are replaced where adjustments were made. This can lead to loss of entries in httpd.conf, named.conf as well as in the Sendmail configuration.

Do you want to continue with the installation? [y/n]y
Please read through the licence carefully:

Copyright (c) 2005, projektfarm GmbH, Till Brehm, Falko Timme
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Do you accept the licence? [y/n]y

Please select the installation mode. In expert mode you have to answer some additional questions. In standard mode standard values are assumed for these questions.
1) standard
2) expert
Your Choice: 1

########## MAIL SERVER ##########

Checking for MTA…
/usr/sbin/postfix
OK

ISPConfig found the following MTA:
postfix
Is this correct? [y/n]y

########## FTP SERVER ##########

Checking if an FTP server is installed…
/usr/sbin/proftpd
OK

ISPConfig found the following FTP server:
proftpd
Is this correct? [y/n]y

########## PROCMAIL ##########

Checking for package procmail…
/usr/bin/procmail
OK

########## QUOTA ##########

Checking for package quota…
/usr/bin/quota
OK

########## MYSQL SERVER ##########

Checking for package MySQL…
/usr/bin/mysql
OK

########## OPENSSL ##########

Checking for package openssl…
/usr/bin/openssl
OK

########## DNS SERVER ##########

Checking for package bind…
/usr/sbin/named
OK

########## IPTABLES/IPCHAINS/IPFW ##########

Checking for program iptables/ipchains/ipfw…
/sbin/iptables
OK

########## WEB SERVER ##########

Checking for program httpd…
/usr/sbin/httpd
OK
Checking the syntax of the httpd.conf…
Syntax OK
The syntax is ok!

########## gcc ##########

/usr/bin/gcc
OK

########## make ##########

/usr/bin/make
OK

########## lex ##########

/usr/bin/lex
OK

########## g++ ##########

/usr/bin/g++
OK

########## INSTALLATION ##########

proses instalasi……….
————
Generating custom certificate signed by own CA [CUSTOM]
______________________________________________________________________

STEP 0: Decide the signature algorithm used for certificates
The generated X.509 certificates can contain either
RSA or DSA based ingredients. Select the one you want to use.
Signature Algorithm ((R)SA or (D)SA) [R]:R
______________________________________________________________________

STEP 1: Generating RSA private key for CA (1024 bit) [ca.key]
178805 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
………………….++++++
………………….++++++
e is 65537 (0×10001)
______________________________________________________________________

STEP 2: Generating X.509 certificate signing request for CA [ca.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
1. Country Name (2 letter code) [XY]:ID
2. State or Province Name (full name) [Snake Desert]:East Java
3. Locality Name (eg, city) [Snake Town]:Malang
4. Organization Name (eg, company) [Snake Oil, Ltd]:PT. Wedus Gembel
5. Organizational Unit Name (eg, section) [Certificate Authority]:Wedus Team
6. Common Name (eg, CA name) [Snake Oil CA]:Wedus CA
7. Email Address (eg, name@FQDN) [ca@snakeoil.dom]:ca@wedus.us
8. Certificate Validity (days) [365]:365
______________________________________________________________________

STEP 3: Generating X.509 certificate for CA signed by itself [ca.crt]
Certificate Version (1 or 3) [3]:3
Signature ok
subject=/C=ID/ST=East Java/L=Malang/O=PT. Wedus Gembel/OU=Wedus Team/CN=Wedus CA/emailAddress=ca@wedus.us
Getting Private key
Verify: matching certificate & key modulus
Verify: matching certificate signature
../conf/ssl.crt/ca.crt: /C=ID/ST=East Java/L=Malang/O=PT. Wedus Gembel/OU=Wedus Team/CN=Wedus CA/emailAddress=ca@wedus.us
error 18 at 0 depth lookup:self signed certificate
OK
______________________________________________________________________

STEP 4: Generating RSA private key for SERVER (1024 bit) [server.key]
178947 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
………++++++
……………++++++
e is 65537 (0×10001)
______________________________________________________________________

STEP 5: Generating X.509 certificate signing request for SERVER [server.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
1. Country Name (2 letter code) [XY]:ID
2. State or Province Name (full name) [Snake Desert]:East Java
3. Locality Name (eg, city) [Snake Town]:Malang
4. Organization Name (eg, company) [Snake Oil, Ltd]:PT. Wedus Gembel
5. Organizational Unit Name (eg, section) [Webserver Team]:Wedus Team
6. Common Name (eg, FQDN) [www.snakeoil.dom]:www.wedus.us
7. Email Address (eg, name@fqdn) [www@snakeoil.dom]:info@wedus.us
8. Certificate Validity (days) [365]:365
______________________________________________________________________

STEP 6: Generating X.509 certificate signed by own CA [server.crt]
Certificate Version (1 or 3) [3]:3
Signature ok
subject=/C=ID/ST=East Java/L=Malang/O=PT. Wedus Gembel/OU=Wedus Team/CN=www.wedus.us/emailAddress=info@wedus.us
Getting CA Private Key
Verify: matching certificate & key modulus
Verify: matching certificate signature
../conf/ssl.crt/server.crt: OK
______________________________________________________________________

STEP 7: Enrypting RSA private key of CA with a pass phrase for security [ca.key]
The contents of the ca.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: y
writing RSA key
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:
Fine, you’re using an encrypted private key.
_______________________________________________________________________

STEP 8: Enrypting RSA private key of SERVER with a pass phrase for security [server.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: y
writing RSA key
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:

————
Connected successfully to MySQL server
no crontab for root
Restarting some services…
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
Shutting down proftpd: [ OK ]
Starting proftpd: [ OK ]
Starting ISPConfig system…
Apache/1.3.41 mod_ssl/2.8.31 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server jempol.wedus.us:81 (RSA)
Enter pass phrase:

Ok: Pass Phrase Dialog successful.
/root/ispconfig/httpd/bin/apachectl startssl: httpd started
ISPConfig system is now up and running!
Congratulations! Your ISPConfig system is now installed. If you had to install quota, please take the steps described in the installation manual. Otherwise your system is now available without reboot.
Please direct your browser to

https://jempol.wedus.us:81

and log in:
Username: admin
Password: admin

[root@jempol install_ispconfig]#

Reference : http://www.howtoforge.org

written by Mas Rony

Setelah sekian lama make ubuntu ternyata baru tahu kalau ada software untuk membuat atau mengedit entri blog / live journal tanpa kita perlu masuk ke journal/blog kita, namanya Drivel. Journal yang disupport ternyata juga cukup lengkap dari mulai wordpress (pastinya ), blogger, atom, livejournal, dan juga advogato. Post entry ini ditulis menggunakan drivel sekaligus nyoba
Kalo berminat dan kebetulan seiman dengan saya (maksudnya sama-sama pake ubuntu) tinggal ketik :
$ sudo aptitude install drivel
Dann.. happy blogging…

written by Mas Rony

Untuk menginstall Database PostgreSQL di Ubuntu OS tidaklah sulit, apalagi ubuntu udah menyediakan package-packagenya. Mungkin yang perlu diperhatikan hanyalah langkah-langkahnya, berikut adalah langkah-langkah menginstall Databas PostgreSQL:

Langkah pertama adalah menginstall PostgreSQL Server disini saya menggunakan PostgreSQL Server 8.4, untuk mendapatkan packagenya bisa menggunakan Synaptic Package Manager

→ Quick Search with key “postgresql”

maka akan muncul nama-nama package yang tersedia di ubuntu

→ postgresql-server-dev-8.4

pilih mark for installation lalu Applay maka secara otomatis proses installasi akan berjalan dengan sendirinya.

Langkah berikutnya adalah install PostgreSQL Client, PostgreSQL Contrib & Install PgAdmin3, pada intalasi berikut bisa dilakukan melalui Synaptic atau langsung melalui Continue reading »

written by gophiel \\ tags: PostgreSQL 8.4

Apa yang anda lakukan ketika pertama kali melakukan fresh install ubuntu ?
Setelah melakukan update ke repository terdekat biasanya ada beberapa package yang perlu diinstall untuk kenyamanan kita menggunakan ubuntu, diantaranya :
1. Ubuntu extras

 $ sudo aptitude install sudo aptitude install ubuntu-restricted-extras build-essential gwget xchat python-glade2 usb-imagewriter pidgin mozilla-thunderbird filezilla wine youtube-dl httrack webhttrack xchm

2. Software Packager

 $ sudo aptitude install unace rar unrar zip unzip p7zip-full p7zip-rar sharutils aish uudeview mpack lha arj cabextract file-roller

3. More fonts

 $ sudo aptitude install msttcorefonts ttf-larabie-straight ttf-larabie-deco xfonts-terminus-dos xfonts-terminus xfonts-terminus-oblique xfonts-mona ttf-farsiweb ttf-opensymbol ttf-freefont ttf-dustin ttf-devanagari-fonts ttf-dejavu-extra ttf-dejavu-core ttf-dejavu ttf-bpg-georgian-fonts ttf-alee

Continue reading »

written by Mas Rony \\ tags: install ubuntu, ubuntu

Langkah-langkah instalasi Openbravo ERP dan dependensinya di Ubuntu. Langkah instalasi ini diinstall di environment Jaunty desktop dan disarankan menggunakan memory 1GB.
a. PostgreSQL
- Install paket postgreSQL :
$ sudo aptitude install postgresql-8.3 postgresql-contrib-8.3
- Ubah password root postgresql :
$ sudo su – postgres -c psql
postgres=# alter role postgres with password ‘new_password’;
postgres=# \q

b. Sun Java (JDK)
- Install paket instalasi java JDK:
$ sudo aptitude install sun-java6-jdk
- Set Sun Java JDK sebagai default JDK:
$ sudo update-java-alternatives -s java-6-sun
- Buat variable JAVA_HOME:
$ sudo echo ‘JAVA_HOME=”/usr/lib/jvm/java-6-sun”‘ | sudo tee -a /etc/environment
- Supaya variabel ini bisa langsung digunakan tulis :
$ source /etc/environment
Continue reading »

written by Mas Rony \\ tags: crm, erp, install openbravo, openbravo

Untuk mengubah boot order di ubuntu, open file /boot/grub/menu.lst dan pada bagian default, ganti angka disitu dengan urutan boot menunya.
Untuk mengubah run init level di linux biasanya tinggal mengubah init default di file /etc/inittab dan disesuaikan dengan run level yang diinginkan. Tapi di ubuntu agak berbeda, karena ubuntu berjalan di init level 2 dan semuanya berjalan di xwindow. Apabila menginginkan booting manual ke console (init level 3), buat file /etc/inittab (di jaunty server tidak ada file ini) dan tambahkan dengan :

id:3:initdefault:

Kemudian pindahkan atau rename file /etc/rc3.d/S*0gdm. Kemudian restart….
Root access di ubuntu by default dilock, untuk aktifinnya (hanya apabila diperlukan saja) :

$ sudo bash

atau :

$ sudo su

kemudian ganti password dengan password yang diinginkan :

# passwd root

Root udah aktif..
Dan untuk menonaktifkan lagi root access apabila tidak diperlukan :

$ sudo passwd -l root

Permission file

user		group	world
r+w+x	  r+x	  r+x
4+2+1	4+0+1	4+0+1  = 755

written by Mas Rony \\ tags: ubuntu tips

Setelah nunggu sepagian nggak nongol-nongol, akhirnya release resmi Ubuntu 9.04 dengan code name Jaunty Jackalope diumumkan. Release ini sesuai dengan janji pihak Ubuntu yang akan mengeluarkan release terbaru setiap 6 bulan sekali. Ya tepatnya hari ini tanggal 23 April 2009, tentunya waktu US sono, bukan Indonesia hehehe. Tentunya bagi para ubuntuer, ini adalah saat-saat yang ditunggu-tunggu apalagi release ini menjanjikan banyak perubahan. Untuk change log release Jaunty Jackalope ini bisa dilihat di official website Ubuntu disini.
Saya pribadi sebenarnya ndak nunggu download iso-nya glondongan, cukup pengen upgrade aja dari intrepid ke jaunty, tapi nunggu sampai ready di repository lokal telkom aja. Biar ndak kroyokan download/upgrade apalagi secara bandwidth disini juga pas-pasan.
Setelah ngecek berkali-kali, akhirnya release yang ditunggu keluar juga . Yukz langsung upgrade aja. Terserah mau pake cara yang mana. Kalau mau pake update manager :

$ update-manager -d

Sampai muncul gambar seperti dibawah ini :

Continue reading »

written by Mas Rony \\ tags: jaunty jackalope release, ubunt 9.04 jaunty jackalope, ubuntu

Upgrade database oracle sebaiknya dilakukan di mesin testing terlebih dahulu sebelum dilakukan upgrade yang sesungguhnya di mesin production, untuk meminimalisir kesalahan atau error di database production. Untuk list patch set terbaru oracle silahkan anda berkunjung ke website resmi oracle disini. Testing disini menggunakan OS Windows 2003 SP2 dengan oracle versi 10.2.0.1 dalam kondisi fresh install.

Persiapan Sebelum Upgrade

• Download patch set number 6810189 dari metalink oracle.
  tentunya anda juga harus mempunyai account suppot identifier oracle (CSI) yang valid.
• Buat instan database
  Buat instan database dengan spesifikasi yang sama dengan database production. Dalam contoh ini saya menggunakan SID : ORCL
• Import database
  Import database dari backup server production, dengan cara yang biasa anda lakukan di environment anda, dan pastikan telah bekerja dengan baik.
• Matikan semua service oracle
  Continue reading »

written by Mas Rony \\ tags: Oracle, oracle 10g, oracle patch, oracle update, oracle upgrade

Artikel ini merupakan lanjutan dari artikel sebelumnya yaitu Metasploit I : Teknik Dasar. Dalam artikel yang kedua ini saya ingin membahas mengenai penggunaan metasploit untuk mass exploitation dengan menggunakan db_autopwn.
Sebelumnya pastikan instalasi metasploit kita sudah terintegrasi terlebih dahulu dengan database (bisa menggunakan MySQL, postgre, ataupun SQLite3) dan nmap. Prosedur instalasinya silahkan anda lihat disini.
Metode mass exploitation pertama yang akan saya gunakan dalam artikel ini menggunakan teknik mass exploit pada satu mesin dengan memanfaatkan vulnerability di seluruh layanan server/port yang terbuka, atau kita istilahkan pendekatan secara vertikal (istilah ini ndak akan ketemu kalo mbuka-mbuka kamus eksploitasi sistem, lha wong istilahnya made in indo hahaha.. ). Model pendekatan yang lain juga akan dicoba (secara singkat) di bawah artikel ini.

Metode mass exploit secara vertikal
Ya dah langsung kita coba aja ke satu mesin yang sudah kita siapkan sebelumnya.
Continue reading »

written by Mas Rony \\ tags: db_autopwn, mass exploit, mass exploitation, metasploit, metasploit how to, pentest, pentest tools