Install Fedora dan Web Server [download]

I’ve been supporting over 80 MediaWiki wikis and half a dozen or so WordPress blogs at Intuit, Inc.

I started out on a couple of old Dell PCs with Mandrake. When they were overloaded, and that didn’t take too long, I moved to an HP DL360 XEON Dual Processor server with 4 gig of RAM, redundant BIOS, 37 gig RAID 1, etc… A nice box.

At first I tried using a RedHat Enterprise image, but I quickly found that too limited. I downloaded Fedora Core 4 ISOs and installed that instead.

I’d just started using Linux a few months ago with Mandriva, and Fedora was just as easy to install. But then I hit a big roadblock: PHP 5 and it’s crazy –without-mysql default configuration. About the lack of MySQL support… The PHP FAQ says:

This won’t actually affect that many people.

Yeah, right. That’s why Google returns hundreds of results where people have this problem. What a pain and a state of denial by the PHP folks.

I ended up forcing a PHP4 install on the box and I’ve hated it ever since. XSLT never has worked properly – I ended up creating my own PHP function that shells to the command line XSL transform app.

So when the need arose to setup a server for another group, I dusted off one of those old Dells and decided to figure out how to do it right – with all the latest versions of Apache, MySQL and PHP, and all working together nicely. It took me a few days to figure out, but I finally have a clean, working system.

I actually have every single click and step mapped out on the Intuit Innovation Lab’s internal wiki, and I won’t list every one of them here – only where there’s a change from the default.

1. Download Fedora Core 4 ISO files and burn them to CDs

http://download.fedora.redhat.com/pub/fedora/linux/core/4/i386/iso/FC4-i386-disc1.iso
http://download.fedora.redhat.com/pub/fedora/linux/core/4/i386/iso/FC4-i386-disc2.iso
http://download.fedora.redhat.com/pub/fedora/linux/core/4/i386/iso/FC4-i386-disc3.iso
http://download.fedora.redhat.com/pub/fedora/linux/core/4/i386/iso/FC4-i386-disc4.iso

2. Boot to Disc 1 and install using the graphical interface (skip the Media check unless you want to waste an hour or so)
3. Select the Server installation
4. In the Firewall section, you can install it if you really want… but a hardware firewall works much better. The IPTables and SELinux really slow down the box, so I disable both of those.
5. In the Packages, add Gnome, Graphical Internet, Graphics, FTP, MySQL and Development Tools
6. Also, in the Web Server details, add mod_auth_mysql, mod_auth_ldap and php-mysql
7. Click through to let the install do its thing

When it is finished installing, you’ll need to create your default user. Then you’ll be presented with a logon screen.

1. Login to the box with the user you created
2. Access a terminal window: Applications/System Tools/Terminal
3. Go root: type su and hit Enter
4. Update your software: yum update apache mysql php
5. Check that everything is running, plus configure stuff to run on boot:
   /sbin/chkconfig httpd on
   /sbin/service httpd start
   /sbin/chkconfig mysqld on
   /sbin/service mysqld start
6. Create a root password for MySQL:
   mysqladmin -u root password ‘password’
7. Browse to http://localhost and see that Apache installed
8. Create a test page for PHP:
   vi /var/www/html/phpinfo.php
   i (insert mode in the VI editor)
   <?php echo phpinfo(); ?>
   Press Escape (exit insert mode in VI) then :wq and press Enter (colon write quit)
9. Browse to the PHP test page at http://localhost/phpinfo.php

As you can see from the PHP test page, the configuration is –without-mysql by default. Argh. So now for the hard part – configuring PHP with MySQL support.

1. Get the PHP source files – you gotta compile ’em
   wget http://us2.php.net/get/php-5.1.2.tar.gz/from/www.php.net/mirror
2. Extract them:
   tar -zxvf php-5.1.2.tar.gz
   This will create a folder called php-5.1.2 – in your user’s home folder assuming you haven’t gone CD’ing around since you started following these instructions.
3. Install the Apache developer files – Fedora Core 4 is missing a file that will cause PHP’s configure command to fail, but the developer files have what you need.
   yum install httpd-devel-2.0.54
   Note that the reason I’m installing 2.0.54 is because that’s the version of Apache that’s running. It shows up on that phpinfo.php page that you browse to. You should make sure that you install the same version that you are running if it’s changed since I posted this.
   This will ask you about installing 4 packages and updating 11 more – don’t worry, just let ‘er rip!
4. Now for the lovely configuration and compile runs. First, change to the php source directory:
   cd php-5.1.2
5. Now run the configuration. Okay, this is a pretty big and hairy command, but basically it is the exact same configuration that shows in that phpinfo.php browse that you did earlier, with a few minor changes:
   ‘–with-mysql’ rather than ‘–without-mysql’ – the reason we’re all here
   ‘–without-unixODBC’ rather than ‘–with-unixODBC=shared,/usr’ – otherwise you get a lovely config error ’cause it isn’t installed by default on Core 4
   ‘–without-pspell’ rather than ‘–with-pspell’ – yet another thing that Core 4 is missing
   And here’s the line to execute – just copy and paste it
   ./configure ‘–build=i386-redhat-linux’ ‘–host=i386-redhat-linux’ ‘–target=i386-redhat-linux-gnu’ ‘–program-prefix=’ ‘–prefix=/usr’ ‘–exec-prefix=/usr’ ‘–bindir=/usr/bin’ ‘–sbindir=/usr/sbin’ ‘–sysconfdir=/etc’ ‘–datadir=/usr/share’ ‘–includedir=/usr/include’ ‘–libdir=/usr/lib’ ‘–libexecdir=/usr/libexec’ ‘–localstatedir=/var’ ‘–sharedstatedir=/usr/com’ ‘–mandir=/usr/share/man’ ‘–infodir=/usr/share/info’ ‘–cache-file=../config.cache’ ‘–with-libdir=lib’ ‘–with-config-file-path=/etc’ ‘–with-config-file-scan-dir=/etc/php.d’ ‘–disable-debug’ ‘–with-pic’ ‘–disable-rpath’ ‘–with-bz2’ ‘–with-curl’ ‘–with-exec-dir=/usr/bin’ ‘–with-freetype-dir=/usr’ ‘–with-png-dir=/usr’ ‘–enable-gd-native-ttf’ ‘–without-gdbm’ ‘–with-gettext’ ‘–with-gmp’ ‘–with-iconv’ ‘–with-jpeg-dir=/usr’ ‘–with-openssl’ ‘–with-png’ ‘–without-pspell’ ‘–with-expat-dir=/usr’ ‘–with-pcre-regex=/usr’ ‘–with-zlib’ ‘–with-layout=GNU’ ‘–enable-exif’ ‘–enable-ftp’ ‘–enable-magic-quotes’ ‘–enable-sockets’ ‘–enable-sysvsem’ ‘–enable-sysvshm’ ‘–enable-sysvmsg’ ‘–enable-track-vars’ ‘–enable-trans-sid’ ‘–enable-yp’ ‘–enable-wddx’ ‘–with-pear=/usr/share/pear’ ‘–with-kerberos’ ‘–enable-ucd-snmp-hack’ ‘–without-unixODBC’ ‘–enable-memory-limit’ ‘–enable-shmop’ ‘–enable-calendar’ ‘–enable-dbx’ ‘–enable-dio’ ‘–with-mime-magic=/etc/httpd/conf/magic’ ‘–without-sqlite’ ‘–with-libxml-dir=/usr’ ‘–with-xml’ ‘–with-apxs2=/usr/sbin/apxs’ ‘–with-mysql’ ‘–without-gd’ ‘–without-odbc’ ‘–disable-dom’ ‘–disable-dba’
6. Pray and then press Enter
   If all goes well, you’ll get a License message and “Thank you for using PHP.”. You’re welcome.
7. Now you have to compile the configuration you just built. That’s easy:
   make
   Note that there are quite a few parameters differ in signedness warnings – don’t worry, the signedness-challenged nature of the php source doesn’t seem to hurt anything.
8. Now install it – first, stop Apache:
   /sbin/service httpd stop
9. Now run the install: make install
10. Before restarting and testing everything, you need to avoid a Warning that Apache shows due to the install causing a duplicate line in the Apache configuration. So edit the Apache config file:
    vi /etc/httpd/conf/httpd.conf
    and locate LoadModule php5_module /usr/lib/httpd/modules/libphp5.so and add a # before it:
    # LoadModule php5_module /usr/lib/httpd/modules/libphp5.so
    (remember press i to insert, then Escape and :wq to write it and quit)
11. Now for the big moment, restart Apache!
    /sbin/service httpd restart

Check the installation by browsing once again to http://localhost/phpinfo.php and see if you were successful! You should see –with-mysql now, and all your troubles are over… Until the next time…

Install Webserver di Fedora

Apa itu webserver

Web server atau yang kita kenal world wide web server) adalah server internet yang mampu melayani koneksi transfer data dalam protokol HTTP (hypertex transfer protokol). webserver pada umumnya melayani data dalam bentuk file HTML (hypertex markup language). Dari file ini kemudian dapat dikaitkan ke file HTML lainnya, ke file gambar, ke file suara, dan segala jenis file komputer yang hendak anda publikasikan..

wah dari pada panjang lebar ngebahas pengertian webserver mending langsung aja kita ke proses instalasinya… (siapkan just mangga n tiga buah apel).

langkah pertama untuk menginstall webserver kita harus mendowload dahulu souce yang kita butuhkan.

1. httpd-2.0.52.tar.gz (source yang saya gunakan di server saya) http://www.apache.org
2. mysql-4.0.17.tar.gz (source yang saya gunakan di server saya) http://www.mysql.com
3. php-5.0.3.tar.gz (source yang saya gunakan di server saya) http://www.php.org

semua file yang telah kita download kita letakkan di /usr/local/src/. untuk menginstall ketiga source diatas saya menggunakan linux (fedora). untuk sistem operasi lain langkah2nya hampir sama.
kedua kita masuk ke direktori tempat source yang kita download tadi.
(anda harus login sebagai root)

[root@ruslan src]#cd /usr/local/src
[root@ruslan src]# ls
php-5.0.3.tar.gz httpd-2.0.52.tar.gz mysql-4.0.17.tar.gz

kita extrak ketiga source diatas.

[root@ruslan src]# tar -zxvf httpd-2.0.52.tar.gz
[root@ruslan src]# tar -zxvf php-5.0.3.tar.gz
[root@ruslan src]# tar -zxvf mysql-4.0.17.tar.gz

setelah itu kita lihat hasil dari exstrak di atas

[root@ruslan src]# ls
httpd-2.0.52 php-5.0.3 mysql-4.0.17
httpd-2.0.52.tar.gz php-5.0.3.tar.gz mysql-4.0.17.tar.gz
[root@ruslan src]#

setelah kita sukses mengekstrak ketiga file ditas.
selanjut kita masuk ke direktori.

[root@ruslan src]# cd httpd-2.0.52
[root@ruslan httpd-2.0.52]#./configure –prefix=/usr/local/apache2
[root@ruslan httpd-2.0.52]# make
[root@ruslan httpd-2.0.52]# make install

untuk menjalankannya

[root@ruslan httpd-2.0.52]#/usr/local/apache2/bin/apachetl start &

dari sini kita telah sukses menginstall server web kita…
untuk mengetahui apakah webserver kita sudah jalan silahkan anda
buka browser anda dan ketikkan http://localhost/.

untuk konfigurasi [root@ruslan root]#/usr/local/apache2/conf/httpd.conf

Install mysql
sebelum menginstall mysql, harus buat dulu user dan group mysql
[root@ruslan src]# groupadd mysql
[root@ruslan src]# useradd -g mysql mysql

setelah itu masuk ke direktori mysql

[root@ruslan src]# cd mysql-4.0.17

opsi pertama
[root@ruslan mysql-4.0.17]#./configure –prefix=/usr/local/mysql (*konfigurasi ini adalah konfigurasi default dari mysql, jika anda ingin meletakkan semua data mysql di tempay lain. anda bisa menggunakan localstatedir=”directory data*)

opsi kedua [root@ruslan mysql-4.0.17]#./configure –prefix=/usr/local/mysql –localstatedir=/var/mysql (*dengan menggunkan printah ini semua data mysql tidak di letakkan di directory default mysql di install, tapi di letakkan di directory /var/mysql*)

[root@ruslan mysql-4.0.17]# make
[root@ruslan mysql-4.0.17]# make install
[root@ruslan mysql-4.0.17]# scripts/mysql_install_db
[root@ruslan mysql-4.0.17]# chown -R root /usr/local/mysql
[root@ruslan mysql-4.0.17]# chown -R mysql /usr/local/mysql/var (*jika anda menggunkan opsi pertama, data instalasi berada di directory /usr/loca/mysql*)

[root@ruslan mysql-4.0.17]# chown -R mysql /var/mysql (*jika anda menggunkan opsi kedua*)

[root@ruslan mysql-4.0.17]# chgrp -R mysql /usr/local/mysql
[root@ruslan mysql-4.0.17]# cp support-files/my-medium.cnf /etc/my.cnf
[root@ruslan mysql-4.0.17]# /usr/local/mysql/bin/mysqld_safe –user=mysql &

untuk memeriksa apakah mysql sudah jalan.

[root@ruslan mysql-4.0.17]#/usr/local/mysql/bin/mysql mysql

Install php

[root@ruslan src]# cd php-5.0.3
[root@ruslan php-5.0.3]# ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql
[root@ruslan php-5.0.3]# make
[root@ruslan php-5.0.3]# make install
[root@ruslan php-5.0.3]# cp php.ini-recommended /usr/local/lib/php.ini

Edit /usr/local/lib/php.ini

Edit doc_root = "/usr/local/apache2/htdocs/"
Edit file_uploads = Off

tambahkan perintah dibawah ini di /usr/local/apache2/conf/httpd.conf

DirektoryIndex index.html index.php

LoadModule php5_module libexec/libphp5.so
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps

setelah menambah script di atas di konfigurasi httpd.conf nya, sekarang kta coba buat script test php apakah udah includ dengan webservernya

untuk membuat script php disini menggunkan editor vi

dengan printah vi test.php

<html> <head><title>test page php</title></head> <body> <? phpinfo (); ?> </body> </html>

lalu simpan script di atas dengan printah :wq!

jalankan server web

[root@ruslan root]#/usr/local/apache2/bin/apachetl start &

untuk memeriksa apakah php sudah jalan

silahkan anda buat file dibawah ini

test.php

simpan file yang telah dibuat diatas

buka browser anda dan ketikkan http://localhost/test.php

Selamat anda sudah bisa menginstall webserver……………….. OK

Dalam hal ini bisa dilihat juga di

Linux Internet Web Server

Fedora Core 4 Install

These instructions assume an i386 to i686 system (32 bit) with, an “always on” LAN or broadband connection configured “DHCP” and at least 10 GB of free disk space for the Fedora partition. Instructions for dual booting Windows and Fedora are included.

For x86_64 processors (64-bit AMD64, EM64T) you should probably get FC4-x86_64-disc1.iso, FC4-x86_64-disc2.iso, FC4-x86_64-disc3.iso, and FC4-x86_64-disc4.iso. These instructions will not strictly apply for 64 bit computers using the 64 bit isos. 64 bit capable processors like Athlon 64, Opteron and Xeon are supposed to be backwardly compatible with 32 bit instruction sets and are known to run 32 bit editions of Linux. Therefore the i386 isos may work with these. I understand that Fedora Core for 64 bit processors still has some unresolved issues. Your mileage may vary.

Contents:

Installation Configuring your monitor A warning about mixing repositories Yum Apt and Synaptic Firefox and Thunderbird nVidia and ATI graphics acceleration True Type fonts Fedora Extras Yum Extender Java Flash RealPlayer Rhythmbox Adobe Reader Xine – a DVD and multimedia player Totem-xine – the Totem front end for Xine MPlayer – another multimedia player XMMS – a music and MP3 player Beep – another media player VLC – the Videolan stand-alone media player Amarok – a KDE multimedia player NTFS support Bittorrent and bittorrent-gui Azureus for bittorrent LimeWire – a Java P2P application Web Server FTP Server PHP and Perl MySQL phpMyAdmin Resources

“The Red Hat” by Madalina Iordache (used with permission)

Installation:

• The following guide outlines the author’s personal installation preferences including instructions for installing third party software that is not available from the Fedora Project. Formal Fedora Core documentation is available at http://fedora.redhat.com/docs/ and should be consulted for detailed explanations of all formally supported installation options including the rationale behind each.

• Download and burn the five Fedora Core 4 CDs from iso images or the DVD iso image from your nearest mirror site. (You should get FC4-i386-disc1.iso, FC4-i386-disc2.iso, FC4-i386-disc3.iso, FC4-i386-disc4.iso and FC4-i386-rescuecd.iso.) The CD iso images or the DVD iso image are also available using bittorrent.

• Partition your hard disk with something like one of the disk partition creation/editing tools on the System Rescue CD available at http://www.sysresccd.org/. You could also use a commercial product such as PartitionMagic. You may leave the partition that you wish to use for Fedora as unformatted space. The installation program will format this partition, create swap space within it, and make a directory structure.

• Configure your bios settings to boot first from the CD drive.

• Insert the first Fedora Core 4 CD or the DVD and reboot your machine.

• At the “boot” prompt hit enter.

• Hit enter for “ok” and enter again for “Test” to test your CD or DVD media or the right arrow key to select the “Continue” box and hit enter to skip this test. (I recommend testing your media to determine if your CDs or DVDs are properly burned.) If your media passes you will be given an opportunity to check additional CDs or DVDs. When you are finished testing hit enter for “ok”, right arrow to the “Continue” box and hit enter to continue.

• When Anaconda, the Fedora Core installer loads click “Next” at the “Welcome…” page.

• Click “Next” at the “Language Selection” page for default English or select your language.

• Click “Next” at the “Keyboard Configuration” page for default U. S. English or select your language.

• Select the type of installation that you feel suits your needs on the “Installation Type” page. Regardless of your choice you will have the opportunity to upgrade or downgrade to “Personal Desktop”, “Workstation”, “Server” or “Custom” after your initial installation with the “system-config-packages” application. Your initial choice is by no means final. Fedora Core is very flexible in this regard. Click “Next”.

• Select “automatically partition” on the “Disk Partitioning Setup” page. Click “Next”. If you elect to manually edit your partition with Disk Druid, double click on the partition, select the “swap” file type, and configure your swap space size to equal about twice your computer’s physical memory size. Double click on the remainder of the partition to configure it as a Linux ext3 file system. At minimum you must designate this remaining space (probably /dev/hda2 or /dev/sda2) as the root “/” partition mount point.

• If you are going to dual boot Windows and Fedora and you already have Windows installed on another partition select “keep all partitions and use existing free space” on the “Automatic Partitioning” page. Otherwise select “Remove all partitions on this system” to use all of your hard disk for Fedora or choose “Remove all Linux partitions on this system” for a fresh install over any existing Linux partitions. Click “Next”.

• Click “Next” on the “Disk Setup” page.

• If you are dual booting Windows and Fedora Check the “other” check box on the “Boot Loader Configuration” page. Click “edit”. Type “Windows” in the “label” box and uncheck the “default boot target” check box. Click “ok”.

• Click the “default” check box next to “Fedora Core” to make it your default boot operating system. Click “Next”.

• Leave “eth0” and hostname “automatically via DHCP” on the “Network Configuration” page. Click “Next”.

• Leave “Enable firewall” selected on the “Firewall Configuration” page. There is no need to tick the check boxes for “ssh”, “http”, “https”, “ftp” and “smtp” at this time. If you need any of these services after your initial installation you will have the opportunity to select them with the “system-config-securitylevel” application. Leave “Enable SELinux” “active”. Click “Next”.

• Click on the map for your location on the “Time Zone Selection” page. Click “Next”.

• Set your preferred root password on the “Set Root Password” page. Click “Next”.

• Depending on the type of installation you have selected you may next see a “Package Installation Defaults” page. On the “Package Installation Defaults” page you will have an opportunity to customize the software packages to be installed by selecting the radio button for “Customize software packages to be installed” or to leave the default packages selected. If you choose “Install default software packages” you will have an opportunity to customize your software package selections after your initial installation with the “system-config-packages” application. Click “Next”.

• You will see a message “Reading package information…”.

• Depending on the type of installation you have selected or if you selected “Customize software packages to be installed” on the “Package Installation Defaults” page you may next see a “Package Group Selection” page. Scroll down through the “Package Group Selection” page and select your preferred groups and packages. You will have an opportunity to modify your software package selections after your initial installation with the “system-config-packages” application. Click “Next”.

• You will see a message “Checking dependencies…”

• Click “Next” on “About to Install” page.

• Click “continue” to get to the “Installing Packages” page. You will see a “Formatting / file system…” message, a “Starting install process…” message, a “Preparing to install…” message, and you will eventually be prompted to insert the remainder of the installation CDs unless you are using the DVD.

• When the installation is complete remove the last CD or the DVD and click “reboot” for the first boot screen.

• After Fedora reboots click “Next” on the “Welcome” page.

• Click the appropriate radio button to agree to the license agreement and Click “Next”.

• If you are already connected to an “always on” LAN or broadband connection click on the “Network Time Protocol” tab, click in the “Enable Network Time Protocol” check box, click the down arrow in the “Server” box, select “clock.redhat.com” , click “Add” and click “Next”. You will see a message “Contacting NTP Server. Please wait…”.

• On the “Display” page select your preferred screen resolution and color depth based upon the capabilities of your monitor. If your monitor’s screen resolution is not available in the dialog box or if Fedora did not recognize your monitor or graphics card you will have an opportunity to configure them later. Click “Next”.

• On the “System User” page choose a user name (in lower case, not “root”), a full name (any case), and a password for that default user. Click “Next”.

• Click “play test sound” on the “Sound Card” page to test your sound system. You should hear three chords in sequence. If you don’t you can try to configure your sound card later. Click “No” or “Yes” in the “Did you hear the sample sound?” dialog box. Click “Next”.

• Click “Next” on the “Additional CDs” page.

• Click “Next” on the “Finish Setup” page.

• Log in as “root” with the root password you selected earlier.

• When Fedora finishes booting to the graphical interface you have the option of moving the panels. To try it click on the top panel, hold your left mouse button down, drag the top panel to the bottom of the screen, and release the mouse button. This is my personal preference.

• Click “Applications” > “System Tools”. Right click on “Terminal” and select “Add this launcher to panel”.

• Right click on the terminal icon on the bottom panel and select “move”. Move the icon to the left near the other icons and click to position it there.

• Fedora Core includes the rhgb (Red Hat Graphical Boot) package as well as a “hidden menu” which opens up only if the user hits enter during the initial stage of the boot process and which presents a dialog in which the user can select from multiple operating systems if he has for example opted to dual boot his computer with Fedora Core and Windows. It also allows the operator to select from multiple kernels if they are available. The hidden menu exists to prevent confusion since normally the novice user will want to automatically boot into his default selection choice made during the installation process. The author prefers to disable this feature as well as the graphical boot screens so that the boot sequence which normally happens “behind the scenes” becomes visible and so that the alternate operating system(s) and kernel choices become immediately available. In order to do this be sure you are logged in as root, then click on the terminal icon. This will open the terminal.

• Type:

  gedit /boot/grub/grub.conf

• Hit enter and gedit will open. Revise the “hiddenmenu” and “kernel” lines in grub.conf so that your file looks like this:

  # grub.conf generated by anaconda
  #
  # Note that you do not have to rerun grub after making changes to this file
  # NOTICE:  You have a /boot partition.  This means that
  #          all kernel and initrd paths are relative to /boot/, eg.
  #          root (hd0,1)
  #          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
  #          initrd /initrd-version.img
  #boot=/dev/hda
  default=0
  timeout=5
  splashimage=(hd0,1)/grub/splash.xpm.gz
  #hiddenmenu
  title Fedora Core 4 (2.6.11-1.1369_FC4)
  	root (hd0,0)
  	kernel /vmlinuz-2.6.11-1.1369_FC4 ro root=/dev/VolGroup00/LogVol00 vga=771
  	initrd /initrd-2.6.11-1.1369_FC4.img
  title Windows
  	rootnoverify (hd0,0)
  	chainloader +1

  Disabling the “hiddenmenu” with the “#” comment and removing “rhgb quiet” from the kernel line will cause the operating system selection menu to display immediately upon boot and will also disable the graphical boot screens so that you will see the boot sequence scroll by in text. Click on the “save” icon in gedit and close it. Close the terminal.

• Click on “Desktop” > “System Settings” > “Server Settings” > “Services” and deselect system services that you will not immediately use. When you click on each of them you will see a description as to what they are for. If you’re not sure, leave them in there. (I deselected “anacron”, “apmd”, “atd”, “bluetooth”, “canna”, “cpuspeed”, “cups”, “cups-config-daemon”, “hpoj”, “mDNSResponder”, “mdmonitor”, “nfslock”, “nifd”, “pcmcia”, “rpcgssd”, “rpcidmapd”, and “sendmail”.) Click the “save” icon. You should also select “Edit Runlevel” on the menu, select “Runlevel 3”, deselect the same system services as you just did for run level 5, and save them as well by clicking the “save” icon. Then close the service configuration screen. (Run level 3 is for text mode only without X windows and we will use this run level later when configuring the nVidia driver.)

• Fedora Core 4 has an “automatic” log in feature. You should seriously consider whether or not to enable this feature for security reasons. If you would like to enable it click on “Desktop” > “System Settings” > “Login Screen”. Under the “Timed Login” section click on the “Login a user automatically after a specified number of seconds” check box. Type or select your default user name that you selected during installation (lower case, not “root”) in the “Timed login username:” box and type “5” in the “Seconds before login:” box . Click “close”.

• Click “Desktop” > “Log Out” > “Restart the computer” and click “ok”.

• After boot up you should be logged in as the default user. Click on the top panel, hold your left mouse button down, drag the top panel to the bottom of the screen, and release the mouse button.

• Rather than updating my Fedora Core installation with up2date (the flashing red icon in the panel) I prefer to use the update feature of yum which is the preferred application for software updates, dependency resolution, and software installation. In order to do this open a terminal, type “su -“, hit enter, enter your root password, type “rpm –import /usr/share/doc/fedora-release-*/*GPG-KEY*”, hit enter, type “yum -y update”, hit enter, and wait for your installation to update. You should do this immediately after your initial installation to get the most recent Fedora Core software updates and bug fixes. If you prefer to use up2date click the red flashing up2date icon in the lower right. Click “Forward”. Click “Forward”. Click “Forward”. Click “Apply”. Click on the up2date icon in the lower right again. Click on the “Launch up2date…” box. Type in your root password and click “ok”. Click on the “Package Exceptions” tab, click on “kernel*” and click on the “Remove” box. Click “ok” again. Click on “yes” to install the key. Click “Forward”. Click “Forward” again. After the headers are downloaded click on the “select all packages” check box and click “Forward”. You will see a progress dialog “Testing package set / solving RPM dependencies”. Click “Yes” on each instance if you get messages “…not signed with a GPG signature…” When this is complete the updates will be downloaded. (This may take a very long time depending upon your connection speed the first time you run up2date and you may think that your installation has hung but it actually has not. If you don’t have the patience for this import the Fedora key by typing “rpm –import /usr/share/doc/fedora-release-*/*GPG-KEY*” in a terminal as root, hit enter and then do a “yum -y update” as root instead.) Click “Forward” to install the updates and “Forward” again to complete. Click “Finish”. “Click “Close”. Click “Activate” in the Subscription Alert box if it appears, launch up2date, and check for updates again as described above. Click “Desktop” > “Log Out” > “Restart the computer” and click “ok” to reboot.

Configuring your monitor:

• If Fedora did not recognize your monitor during installation, log in as root. (If you are already logged in as your default user or a user other than root click “Actions” > “Log Out”, click “OK”, type “root” in the “Username:” box, hit enter, type your root password in the “Password:” box and hit enter.) Open a terminal. Alternately you may open a terminal, type, “su -“, hit enter, type your root password when prompted, and hit enter again to log in as root.

• Type:

  gedit /etc/X11/xorg.conf

  Hit enter and gedit will open. Scroll down to the “Monitor” section. Find the “HorizSync” line and enter your monitor’s supported horizontal frequency range. The line should look something like “HorizSync 30.0 – 70.0”. Enter your monitor’s supported vertical frequency range opposite “VertRefresh”. The line should look something like “VertRefresh 50.0 – 160.0”. Scroll down to the “Screen” section and opposite each instance of “modes” enter you monitor’s supported pixel resolution, starting with the highest. The line should look something like “Modes “1024×768” “800×600” “640×480″”. You should be able to get these values from your monitor’s manual or from a search for your monitor by manufacturer and model number on the Internet. Use caution when entering these values and be sure that they conform to your monitor’s published specifications or you could be left with a non-working graphical environment. Hit the “save” button in gedit and exit gedit. Log out and log back in.

• Click “Desktop” > “System Settings” > “Display”. Type your root password in the dialog box presented and hit enter. Click the down arrow on the right of the “Resolution:” box and select your preferred pixel resolution. Click the down arrow on the right of the “Color Depth:” box and select your preferred color depth. Click “OK”. Log out and log back in.

• Click “Desktop” > “Preferences” > “Screen Resolution”. Click the down arrow on the right of the “Resolution:” box and select your preferred pixel resolution. Click the down arrow on the right of the “Refresh rate:” box and select the highest refresh rate available. A refresh rate of 85 Hz or more will decrease noticeable flicker significantly and may eliminate it completely. Click “Apply”. Log out and log back in.

Special warning regarding mixing incompatible repositories for up2date, yum, and apt:

• We will be using the program applications Yum, Yumex, Apt, and Synaptic below as methods to obtain software and to update your Fedora Core installation. You will be configuring these programs by adding repositories which are groups of software created by third party packagers that we use in addition to original Fedora Core and Fedora Extras repositories that come standard with your new installation.As you continue please keep the following in mind: You should not use the livna.org repository in conjunction with the dag/freshrpms/dries/newrpms (RPMforge) collection of rpms in your configuration files for automatic updates. Use one group or the other but not both. These two groups are mutually incompatible and can cause errors in your installation if used together for automatic updates. Regardless of which group you choose you should also avoid using the ATrpms repository in your yum or apt configuration files for these reasons. Some additional information can be found here. (If the center of that page comes up empty reload the page.)

  With this being said please note that it is nonetheless possible to obtain single RPM packaged applications from incompatible third party repositories in cases where such packages do not create errors when installed with yum. More specifically it is possible to configure other repositories with their enable flags set to “0” (off) so that the yum “–enablerepo” command must be used when one of those packages is desired. We will do this to obtain the totem-xine package by configuring the livna.org stable repository with its enable flag set to “0” and then enabling it for one download and rpm installation as described in the totem-xine section below.

  I myself subscribe to the RPMforge collection as you can see in my yum and apt repository selection instructions below. The dag/freshrpms/dries/newrpms/PlanetCCRMA (RPMforge) repositories have provided me with all of the programs I have needed as additions to the Fedora base.

  Note that up2date looks in /etc/yum.repos.d/ by default for its repositories so that if you change your yum configuration you will have changed your up2date configuration at the same time.

  To configure your Fedora Core 4 yum and apt repositories to use the RPMForge repositories proceed as follows:

Yum:

• Open the terminal. Type:

  wget http://ftp.belnet.be/packages/dries.ulyssis.org/fedora/fc4/i386/RPMS.dries/rpmforge-release-0.2-2.2.fc4.rf.i386.rpm

  Hit enter. Wait for the download to complete. Type:

  su

  Hit enter. Type your root password. Hit enter. Type:

  rpm -Uvh *.rpm

  Hit enter. wait for the installation to complete. Type:

  rm *.rpm

  Type “y”. Hit enter. Type:

  su -

  Hit enter. Type:

  gedit /etc/yum.repos.d/freshrpms.repo

  Hit enter and gedit will open. Type the following in gedit:

  [core]
  name=FreshRPMS-Core
  baseurl=http://ayo.freshrpms.net/fedora/linux/$releasever/$basearch/core
  	http://ayo.us5.freshrpms.net/fedora/linux/$releasever/$basearch/core
  failovermethod=priority
  enabled=1
  gpgcheck=1
  [updates]
  name=FreshRPMS-Updates
  baseurl=http://ayo.freshrpms.net/fedora/linux/$releasever/$basearch/updates
  	http://ayo.us5.freshrpms.net/fedora/linux/$releasever/$basearch/updates
  failovermethod=priority
  enabled=1
  gpgcheck=1
  [freshrpms]
  name=FreshRPMS-Fresh
  baseurl=http://ayo.freshrpms.net/fedora/linux/$releasever/$basearch/freshrpms
  	http://ayo.us5.freshrpms.net/fedora/linux/$releasever/$basearch/freshrpms
  failovermethod=priority
  enabled=1
  gpgcheck=1

  Be sure there is a carriage return (blank line) at the bottom of the file. Click the “save” icon in gedit and then close gedit. Type the following in the root terminal:

  gedit /etc/yum.repos.d/dries.repo

  Hit enter and gedit will open. Type the following in gedit:

  [dries]
  name=Extra Fedora rpms dries - $releasever - $basearch
  baseurl=http://ftp.belnet.be/packages/dries.ulyssis.org/fedora/linux/$releasever/$basearch/dries/RPMS/
  	http://apt.sw.be/dries/fedora/fc4/$basearch/dries/RPMS/
  failovermethod=priority
  enabled=1
  gpgcheck=1

  Be sure there is a carriage return (blank line) at the bottom of the file. Click the “save” icon in gedit and then close gedit. Type the following in the root terminal:

  gedit /etc/yum.repos.d/newrpms.repo

  Hit enter and gedit will open. Type the following in gedit:

  [newrpms.sunsite.dk]
  name=Fedora Core 4 i386 NewRPMS.sunsite.dk
  baseurl=http://newrpms.sunsite.dk/apt/redhat/en/$basearch/fc$releasever
  	http://newrpms.atrpms.net/apt/redhat/en/$basearch/fc$releasever
  failovermethod=priority
  enabled=1
  gpgcheck=1

  Be sure there is a carriage return (blank line) at the bottom of the file. Click the “save” icon in gedit and then close gedit.

• While still in the root terminal type:

  rpm --import http://freshrpms.net/packages/RPM-GPG-KEY.txt

  Hit enter. Type:

  rpm --import http://dries.ulyssis.org/rpm/RPM-GPG-KEY.dries.txt

  Hit enter. Type:

  rpm --import http://newrpms.sunsite.dk/gpg-pubkey-newrpms.txt

  Hit enter. Type:

  rpm --import /usr/share/doc/fedora-release-*/*GPG-KEY*

  Hit enter. You have just imported the GPG keys for your yum repositories. Type:

  yum update

  Hit enter. Your system will be updated. Answer “y” for “yes” in the appropriate places. Reboot.

• Note: You can temporarily disable a troublesome repository with a command such as, for example “yum –disablerepo=dries update” as root. This is especially useful if you get the message “No more mirrors to try…” which occurs occasionally when the mirrors are very busy or down. If you get errors with up2date or yum with error messages similar to “Error: Missing Dependency: arts = 8:1.5.0-0.2.fc4 is needed by package arts-devel” do as root a “yum –exclude arts –exclude arts-devel update”. If you get errors with up2date or yum update related to gnbd-kernel, GFS-kernel, cman-kernel and/or dlm-kernel do a “yum remove gnbd-kernel GFS-kernel cman-kernel dlm-kernel” as root and then a “yum update” as root and reboot into the new kernel. After you do this, if you want these files back, just do a “yum install gnbd-kernel GFS-kernel cman-kernel dlm-kernel”. These are cluster related packages that you probably don’t need anyway. Please see the official Fedora Core Yum guide at http://fedora.redhat.com/docs/yum/ for more details about Yum and its configuration.

Apt and Synaptic:

• Apt and Synaptic are now deprecated in Fedora Core in favor of Yum, however they are still available and can be installed although this is not recommended. Apt and Synaptic lack critical features like multilib support that are required in Fedora. Mutilib support means that software from different architectures like i386 and x86_64 can be mixed together. Because of this incompatibility Apt does not understand multi lib RPMs and treats them as duplicates. Please see http://fedoraproject.org/wiki/Tools/Apt. As mentioned in the preface this document assumes an i386 to i686 system (32 bit). I suggest using the Apt/Synaptic combination only on 32 bit systems and only as a complement to Yum which is now the recommended application for rpm installation, dependency resolution, and updates. To install Apt and Synaptic enable the repositories as described above for Yum, then open a terminal and type:

  su -

  Hit enter. Type your root password. Hit enter. Type:

  yum -y install apt

  Hit enter. Wait for the installation to complete. Type:

  yum -y install synaptic

  Hit enter. Wait for the installation to complete. Type:

  gedit /etc/apt/sources.list.d/dag.list

  Hit enter and gedit will open. If there is nothing in this file (blank page), type the following in gedit:

  # Name: Dag RPM Repository
  # URL: http://dag.wieers.com/apt/
  
  ### Dag RPM Repository for Fedora Core
  rpm http://apt.sw.be fedora/4/en/i386 dag

  Be sure there is a carriage return (blank line) at the bottom of the file. Click the “save” icon in gedit and then close gedit. While still in the root terminal, type:

  gedit /etc/apt/sources.list.d/freshrpms.list

  Hit enter and gedit will open. If there is nothing in this file (blank page), type the following in gedit:

  # Name: FreshRPMS
  # URL: http://ayo.freshrpms.net/
  
  ### Fedora Core
  rpm http://ayo.freshrpms.net fedora/linux/4/i386 freshrpms

  Be sure there is a carriage return (blank line) at the bottom of the file. Click the “save” icon in gedit and then close gedit. While still in the root terminal, type:

  gedit /etc/apt/sources.list.d/dries.list

  Hit enter and gedit will open. If there is nothing in this file (blank page), type the following in gedit:

  # Name: Dries RPM Repository
  # URL: http://dries.studentenweb.org/apt/
  
  ### Fedora Core
  rpm http://apt.sw.be dries/fedora/fc4/i386 dries

  gedit /etc/apt/sources.list.d/newrpms.list

Install Fedora 6

Cara Install Fedora 6 dan beberapa aplikasi pendukung sbb:

• Web Server: Apache 2.2.3
• Database Server: MySQL 5.0.22
• Mail Server: Postfix
• DNS Server: BIND9 (chrooted)
• FTP Server: proftpd
• POP3/IMAP server: dovecot
• Webalizer for web site statistics

Selanjutnya klik DISINI

Script IpTables Squid

Form : Arief Yudhawarman

Script IpTables Squid

Sebelumnya skemanya seperti ini:

eth0 eth1/ppp0
[ LAN ]—[ Linux BOX ]—–[modem adsl]— link adsl — PSTN

Jadi eth0 interface untuk local area network,

Ini rc.firewall:

——– skrip /etc/rc.d/rc.firewall mulai di sini ——

#!/bin/sh

PATH=/sbin:/bin:/usr/bin

INET_IFACE=”ppp0″
INET_IP=`ifconfig $INET_IFACE | sed -n ‘/inet/s/^[ ]*inet addr:\([0-9.]*\).*/\1/p’`

LAN_IFACE=”eth0″
LAN_MASK=”255.255.255.0″
LAN_IP=`ifconfig $LAN_IFACE | sed -n ‘/inet/s/^[ ]*inet addr:\([0-9.]*\).*/\1/p’`
LAN_IP_RANGE=”192.168.0.0/24″

LO_IFACE=”lo”
LO_IP=”127.0.0.1″

##IPTABLES=”/usr/local/sbin/iptables”
IPTABLES=”/sbin/iptables”

# Flush table

$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X

# Filter table

$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP

#
# bad_tcp_packets chain
#

$IPTABLES -N bad_tcp_packets
$IPTABLES -F bad_tcp_packets
$IPTABLES -A bad_tcp_packets -p tcp –tcp-flags SYN,ACK SYN,ACK \
-m state –state NEW -j REJECT –reject-with tcp-reset
# no log
#$IPTABLES -A bad_tcp_packets -p tcp ! –syn -m state –state NEW -j LOG \
#–log-prefix “New not syn:”
$IPTABLES -A bad_tcp_packets -p tcp ! –syn -m state –state NEW -j DROP

#
# allowed chain
#

$IPTABLES -N allowed
$IPTABLES -F allowed
$IPTABLES -A allowed -p TCP –syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state –state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A allowed -p TCP -j DROP

#
# TCP rules
#

$IPTABLES -N tcp_packets
$IPTABLES -F tcp_packets
$IPTABLES -A tcp_packets -p TCP -s 0/0 –dport 113 -j allowed

#
# ICMP rules
#

$IPTABLES -N icmp_packets
$IPTABLES -F icmp_packets
# echo reply
$IPTABLES -A icmp_packets -p icmp –icmp-type 0 -m limit –limit 1/second -j ACCEPT
# echo request
$IPTABLES -A icmp_packets -p icmp –icmp-type 8 -m limit –limit 1/second -j ACCEPT
# destination unreachable
$IPTABLES -A icmp_packets -p icmp -m icmp –icmp-type 3 -j ACCEPT
$IPTABLES -A icmp_packets -p icmp -m icmp –icmp-type 11 -j ACCEPT

#
# WWW.INVOLUITON.COM
#

# Log Suspicious Packets
#
$IPTABLES -N CHECK_FLAGS
$IPTABLES -F CHECK_FLAGS

## NMAP FIN/URG/PSH
$IPTABLES -A CHECK_FLAGS -p tcp –tcp-flags ALL FIN,URG,PSH -m limit \
–limit 5/minute -j LOG –log-level 6 –log-prefix “NMAP-XMAS:”
$IPTABLES -A CHECK_FLAGS -p tcp –tcp-flags ALL FIN,URG,PSH -j DROP

## Xmas Tree
$IPTABLES -A CHECK_FLAGS -p tcp –tcp-flags ALL ALL -m limit \
–limit 5/minute -j LOG –log-level 6 –log-prefix “Merry XMAS:”
$IPTABLES -A CHECK_FLAGS -p tcp –tcp-flags ALL ALL -j DROP

## Another Xmas Tree
$IPTABLES -A CHECK_FLAGS -p tcp –tcp-flags ALL SYN,RST,ACK,FIN,URG -m limit \
–limit 5/minute -j LOG –log-level 6 –log-prefix “XMAS-PSH:”
$IPTABLES -A CHECK_FLAGS -p tcp –tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP

## Null Scan(possibly)
$IPTABLES -A CHECK_FLAGS -p tcp –tcp-flags ALL NONE -m limit \
–limit 5/minute -j LOG –log-level 6 –log-prefix “NULL_SCAN:”
$IPTABLES -A CHECK_FLAGS -p tcp –tcp-flags ALL NONE -j DROP
## SYN/RST
$IPTABLES -A CHECK_FLAGS -p tcp –tcp-flags SYN,RST SYN,RST -m limit \
–limit 5/minute -j LOG –log-level 6 –log-prefix “SYN/RST:”
$IPTABLES -A CHECK_FLAGS -p tcp –tcp-flags SYN,RST SYN,RST -j DROP

## SYN/FIN — Scan(possibly)
$IPTABLES -A CHECK_FLAGS -p tcp –tcp-flags SYN,FIN SYN,FIN -m limit \
–limit 5/minute -j LOG –log-level 6 –log-prefix “SYN/FIN:”
$IPTABLES -A CHECK_FLAGS -p tcp –tcp-flags SYN,FIN SYN,FIN -j DROP

## Make some types of port scans annoyingly slow, also provides some protection
## against certain DoS attacks. The rule in chain KEEP_STATE referring to the
## INVALID state should catch most TCP packets with the RST or FIN bits set that
## aren’t associate with an established connection. Still, these will limit the
## amount of stuff that is accepted through our open ports(if any). I suggest you
## test these for your configuration before you uncomment them, as they could cause
## problems.

# This chain will DROP/LOG packets based on port number

$IPTABLES -N DENY_SPORTS
$IPTABLES -F DENY_SPORTS

## Unknow virus spreading itself through port 30128, 35959, 36088, 36215
## 38228, 38345, 38464

for sports in 30128 35959 36088 36215 38228 38345 38464
do
$IPTABLES -A DENY_SPORTS -i $LAN_IFACE -p tcp –sport $sports -j DROP
done

$IPTABLES -N DENY_PORTS
$IPTABLES -F DENY_PORTS

## NFS, X, VNC, SMB, blah blah
$IPTABLES -A DENY_PORTS -p tcp –dport 137:139 -j DROP
# microsoft-ds
$IPTABLES -A DENY_PORTS -p tcp –dport 445 -j DROP
# NFS-or-IIS
$IPTABLES -A DENY_PORTS -p tcp –dport 1025 -j DROP
$IPTABLES -A DENY_PORTS -p tcp –sport 137:139 -j DROP

$IPTABLES -A DENY_PORTS -p tcp –dport 1433 -j DROP
$IPTABLES -A DENY_PORTS -p tcp –sport 1433 -j DROP

$IPTABLES -A DENY_PORTS -p tcp –dport 2049 -j DROP
$IPTABLES -A DENY_PORTS -p tcp –sport 2049 -j DROP

$IPTABLES -A DENY_PORTS -p tcp –dport 5432 -j DROP
$IPTABLES -A DENY_PORTS -p tcp –sport 5432 -j DROP

$IPTABLES -A DENY_PORTS -p tcp –dport 5999:6063 -j DROP
$IPTABLES -A DENY_PORTS -p tcp –sport 5999:6063 -j DROP

$IPTABLES -A DENY_PORTS -p tcp –dport 5900:5910 -j ACCEPT
$IPTABLES -A DENY_PORTS -p tcp –sport 5900:5910 -j ACCEPT

## (Possibly) Evil Stuff ##

## Possible rpc.statd exploit shell
$IPTABLES -A DENY_PORTS -p tcp –dport 9704 -j DROP
$IPTABLES -A DENY_PORTS -p tcp –dport 9704 -m limit –limit 5/minute \
-j LOG –log-level 6 –log-prefix “rpc.statd(9704) Shell:”

$IPTABLES -A DENY_PORTS -p tcp –sport 9704 -j DROP
$IPTABLES -A DENY_PORTS -p tcp –sport 9704 -m limit –limit 5/minute \
-j LOG –log-level 6 –log-prefix “rpc.statd(9704) Shell:”

## NetBus and NetBus Pro
$IPTABLES -A DENY_PORTS -p tcp –dport 20034 -j DROP
$IPTABLES -A DENY_PORTS -p tcp –dport 20034 -m limit –limit 5/minute \
-j LOG –log-level 6 –log-prefix “NetBus Pro:”
$IPTABLES -A DENY_PORTS -p tcp –dport 12345:12346 -j DROP
$IPTABLES -A DENY_PORTS -p tcp –dport 12345:12346 -m limit –limit 5/minute \
-j LOG –log-level 6 –log-prefix “NetBus:”

## Trinoo
$IPTABLES -A DENY_PORTS -p tcp –sport 27665 -j DROP
$IPTABLES -A DENY_PORTS -p tcp –dport 27665 -j DROP
$IPTABLES -A DENY_PORTS -p tcp –sport 27665 -m limit –limit 5/minute \
-j LOG –log-level 6 –log-prefix “Trinoo:”
$IPTABLES -A DENY_PORTS -p tcp –dport 27665 -m limit –limit 5/minute \
-j LOG –log-level 6 –log-prefix “Trinoo:”

$IPTABLES -A DENY_PORTS -p udp –sport 27444 -j DROP
$IPTABLES -A DENY_PORTS -p udp –dport 27444 -j DROP
$IPTABLES -A DENY_PORTS -p udp –sport 27444 -m limit –limit 5/minute \
-j LOG –log-level 6 –log-prefix “Trinoo:”
$IPTABLES -A DENY_PORTS -p udp –dport 27444 -m limit –limit 5/minute \
-j LOG –log-level 6 –log-prefix “Trinoo:”

$IPTABLES -A DENY_PORTS -p udp –sport 31335 -j DROP
$IPTABLES -A DENY_PORTS -p udp –dport 31335 -j DROP
$IPTABLES -A DENY_PORTS -p udp –sport 31335 -m limit –limit 5/minute \
-j LOG –log-level 6 –log-prefix “Trinoo:”
$IPTABLES -A DENY_PORTS -p udp –dport 31335 -m limit –limit 5/minute \
-j LOG –log-level 6 –log-prefix “Trinoo:”

## Back Orifice
$IPTABLES -A DENY_PORTS -p tcp –dport 31337 -j DROP
$IPTABLES -A DENY_PORTS -p udp –dport 31337 -j DROP

$IPTABLES -A DENY_PORTS -p tcp –sport 31337 -j DROP
$IPTABLES -A DENY_PORTS -p udp –sport 31337 -j DROP

$IPTABLES -A DENY_PORTS -p tcp –dport 31337 -m limit –limit 5/minute \
-j LOG –log-level 6 –log-prefix “BackOrifice-TCP:”
$IPTABLES -A DENY_PORTS -p udp –dport 31337 -m limit –limit 5/minute \
-j LOG –log-level 6 –log-prefix “BackOrifice-UDP:”

$IPTABLES -A DENY_PORTS -p tcp –sport 31337 -m limit –limit 5/minute \
-j LOG –log-level 6 –log-prefix “BackOrifice-TCP:”
$IPTABLES -A DENY_PORTS -p udp –sport 31337 -m limit –limit 5/minute \
-j LOG –log-level 6 –log-prefix “BackOrifice-UDP:”

## Special Chain SRC_EGRESS
## Rules to Provide Egress Filtering Based on Source IP Address.

$IPTABLES -N SRC_EGRESS
$IPTABLES -F SRC_EGRESS

## Block EGRESS traffic and worm propagation attempts
WORMPORTS=31337,33270,1234,6711,16660,60001,12345,12346,1524,27665,27444,31335,6000,6001,6002

$IPTABLES -A SRC_EGRESS -p udp -m multiport –dport $WORMPORTS -j DROP
$IPTABLES -A SRC_EGRESS -p tcp -m multiport –dport $WORMPORTS -j DROP

## Special Chain DST_EGRESS
## Rules to Provide Egress Filtering Based on Destination IP Address.

$IPTABLES -N DST_EGRESS
$IPTABLES -F DST_EGRESS

## DROP all reserved private IP addresses. Some of these may be legit
## for certain networks and configurations. For connection problems,
## traceroute is your friend.

## Class A Reserved
$IPTABLES -A DST_EGRESS -d 10.0.0.0/8 -j DROP

## Class B Reserved
$IPTABLES -A DST_EGRESS -d 172.16.0.0/12 -j DROP

## Class C Reserved
#$IPTABLES -A DST_EGRESS -d 192.168.0.0/24 -j ACCEPT

## Class D Reserved
$IPTABLES -A DST_EGRESS -d 224.0.0.0/4 -j DROP

## Class E Reserved
$IPTABLES -A DST_EGRESS -d 240.0.0.0/5 -j DROP

#
# Bad TCP packets we don’t want.
#

$IPTABLES -A INPUT -p tcp -j bad_tcp_packets

# http://www.involution.com
$IPTABLES -A INPUT -p tcp -j CHECK_FLAGS
#
# Rules for special networks not part of the Internet
#

$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -m state –state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p ICMP -i $LAN_IFACE -s $LAN_IP_RANGE -j icmp_packets
$IPTABLES -A INPUT -p TCP –syn –dport 8080 -m connlimit –connlimit-above 20 -j DROP
$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT

#
# Rules for incoming packets from the internet.
#

# do not accept all traffic except established & related (EXCEPT 113) !
$IPTABLES -A INPUT -p ALL -d $INET_IP -m state –state ESTABLISHED,RELATED \
-j ACCEPT
$IPTABLES -A INPUT -p TCP -i $INET_IFACE -j tcp_packets

#
# If you have a Microsoft Network on the outside of your firewall, you may
# also get flooded by Multicasts. We drop them so we do not get flooded by
# logs
#

$IPTABLES -A INPUT -i $INET_IFACE -d 224.0.0.0/8 -j DROP

#
# Log weird packets that don’t match the above.
#

#no log please
#$IPTABLES -A INPUT -m limit –limit 3/minute –limit-burst 3 -j LOG \
#–log-level DEBUG –log-prefix “IPT INPUT packet died: ”

#
# 4.1.5 FORWARD chain
#

#
# Bad TCP packets we don’t want
#

$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets
$IPTABLES -A FORWARD -p tcp -j CHECK_FLAGS
$IPTABLES -A FORWARD -p tcp -j DENY_PORTS
$IPTABLES -A FORWARD -p tcp -j DENY_SPORTS
$IPTABLES -A FORWARD -p udp -j DENY_PORTS
# Block faked or spoofed packets from getting through the firewall
$IPTABLES -A FORWARD -i $LAN_IFACE -s ! $LAN_IP_RANGE -j DROP
$IPTABLES -A FORWARD -p all -j SRC_EGRESS
$IPTABLES -A FORWARD -p all -j DST_EGRESS

#
# Accept the packets we actually want to forward
#

$IPTABLES -A FORWARD -i $LAN_IFACE -m tcp -p tcp –dport 23 -j DROP
# smtp keluar diblok, mencegah virus
$IPTABLES -A FORWARD -i $LAN_IFACE -m tcp -p tcp –dport 25 -j DROP
$IPTABLES -A FORWARD -p TCP -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -p ICMP -i $LAN_IFACE -j DROP
$IPTABLES -A FORWARD -p UDP -i $LAN_IFACE -j DROP
#$IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT

#
# Special OUTPUT rules to decide which IP’s to allow.
#
# problem with squid redirect when the computer reboot/shutdown
# so the local ip is always accepted

$IPTABLES -A OUTPUT -p ALL -s $LO_IP -d $LO_IP -j ACCEPT

#
# Bad TCP packets we don’t want.
#
$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets

$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT

# 4.2 nat table
#
# PREROUTING chain
#

$IPTABLES -t nat -A PREROUTING -i $LAN_IFACE -s $LAN_IP_RANGE -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 8080

#
# Enable simple IP Forwarding and Network Address Translation
#

$IPTABLES -t nat -A POSTROUTING -s $LAN_IP_RANGE -o $INET_IFACE -j SNAT –to-source $INET_IP

——– skrip /etc/rc.d/rc.firewall berakhir di sini ——

Apakah ini sudah dijalankan?

echo “1″ > /proc/sys/net/ipv4/ip_forward
echo “1″ > /proc/sys/net/ipv4/ip_dynaddr

Proteksi Situs anda dengan .htaccess

Terkadang kita ingin disuatu folder milik kita tidak dapat diakses oleh user lain, baik itu user maupun search engine seperti google dan yahoo.

Caranya kita buat file .htaccess dan .htpasswd

#> vi .htaccess

AuthType Basic
AuthUserFile /home/user/.htpasswd -> tempat file .htpasswd (disarankan diluar public_html karena masih dapat di download dengan menggunakan wget)
AuthName sany  -> Nama anda
require valid-user
satisfy any

setelah itu biat file .htpasswd

#> vi /home/user/.htpasswd

isi dengan format UserLogin:Password

Agar password anda tidak dapat di baca oleh orang lain anda bisa mengenkripsikan dengan enkripsi gratis di situs ini (Click Here)

Setelah selesai tambahkan beberapa baris ini di

Debian  : vi /etc/apache2/apache2.conf

Other    :  vi /etc/apache2/http.conf

dengan

deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow

kemudia restart apache anda

#> /etc/init.d/apache2 restart

Simple bukan.

Regards,

Sany Asy’ari S,Kom

Setting route Posted in Tip and Trik, Linux,

Setelah mengajarkan setting route maka saya akan mengajarkan bagaimana setting route agar pada saat komputer off atau restart settingan tidak akan mati.

pertama buka file route.conf

#> vi /etc/network/route.conf

Jika file tidak ada buat file tersebut

Settingan Konfigurasi adalah

network gateway netmask metric interface

10.1.0.0 10.1.16.1 255.255.0.0 0 eth1

Setelah itu tekan Esc :wq

file akan tersave dan jika komputer anda restart settinga routing komputer anda tidak akan hilang.

Jika ada kasus dimana pada saat kita #>route -n ada ip dan tidak ada gateway serta tidak adanya network mana yang di set (hal ini terjadi pada route yang menggunakan portsentry) maka kita bisa menghilangkan dengan command del

route del -host IPADDRESS reject

7 Memasukkan database sql via shell

Anda ingin memasukkan database mysql via command shell. Apalagi jika file dikatogorikan file besar, yaitu diatas 20 MB. Gunakan cara dibawah ini.
mysql -u root -p NAMA_DATABASE < NAMA_FILE.sql

Masukkan password anda.

07 Menghapus “Forgot” Password root pada mysql

anda lupa (forgot) password root mysql anda. Hal ini akan mempersulit kehidupdan dan kerja anda.  Berikut ini cara menghapus password root mysql anda.

Stop mysql anda

#>/etc/init.d/mysql stop

Jalankan perintah ini

#> /usr/bin/mysqld_safe –skip-grant-tables &
[1] 6702
Starting mysqld daemon with databases from /var/lib/mysql
mysqld_safe[6763]: started

Secara otomatis mysql anda akan jalan dengan metode save mode

Kemudian masuk ke mysql anda

#>mysql –user=root mysql
Enter password:  -> Tekan Enter

mysql> update user set Password=PASSWORD(’MasukkanPasswordBaruAnda‘) WHERE User=’root’;
Query OK, 2 rows affected (0.04 sec)
Rows matched: 2  Changed: 2  Warnings: 0

mysql> flush privileges;
Query OK, 0 rows affected (0.02 sec)

mysql> exit
Bye

Restart mysql anda :

#>/etc/init.d/mysql stop

#>etc/init.d/mysql start

Sekarang coba masuk ke mysql

#>mysql -u root -p

Enter password: ->  Gunakan password baru anda

Sukses…  Semoga ilmu ini bermanfaat.

* Sudah saya coba di debian sarge MYsql : 4.0.24_Debian-10sarge2

2.07.07 Mematikan Login Root Via SSH

Untuk menjaga keamanan dari server anda, disarankan (Wajib sih) mematikan login As Root Via SSH. Caranya :

1. SSH Ke server yang mau di seting disable root login
2. Edit /etc/ssh/sshd_config
3. cari “Protocol 2,1″(Tantpa tanda kutip) dan rubah menjadi “Protocol 2″
4. selanjutnya cari “PermitRootLogin yes�? dan rubah menjadi “�?PermitRootLogin no�?
5. simpan dan keluar
6. Lalu restart ssh
/etc/rc.d/init.d/sshd restart