23 March 2006

Mandriva - Alias bash

Untuk mempermudah penulisan dan kemalasan admin sistem jaringan dalam mengontrol file log. Buatlah alias pada bash untuk mempermudahnya.

Misal :

Bosan menulis :

tail -f /var/log/syslog

atau

less /var/log/messages

?

Jika malas menulisnya, maka buatlah dengan alias. Letakkan baris perintah berikut ini ke /root/.bashrc

alias tslog='/usr/bin/tail /var/log/syslog'
alias lslog='/usr/bin/less /var/log/syslog'
alias tmsg='/usr/bin/tail /var/log/messages'
alias lmsg='/usr/bin/less /var/log/messages'
alias tauth='/usr/bin/tail /var/log/auth.log'
alias lauth='/usr/bin/less /var/log/auth.log'
alias tmail='/usr/bin/tail /var/log/mail/info'
alias lmail='/usr/bin/less /var/log/mail/info'
alias tkern='/usr/bin/tail /var/log/kernel/info'
alias lkern='/usr/bin/less /var/log/kernel/info'
alias thacc='/usr/bin/tail /var/log/httpd/access_log'
alias lhacc='/usr/bin/less /var/log/httpd/access_log'
alias therr='/usr/bin/tail /var/log/httpd/error_log'
alias lherr='/usr/bin/less /var/log/httpd/error_log'
alias thsacc='/usr/bin/tail /var/log/httpd/ssl-access_log'
alias lhsacc='/usr/bin/less /var/log/httpd/ssl-access_log'
alias thserr='/usr/bin/tail /var/log/httpd/ssl-error_log'
alias lhserr='/usr/bin/less /var/log/httpd/ssl-error_log'
alias tsmb='/usr/bin/tail /var/log/samba/log.smbd'
alias lsmb='/usr/bin/less /var/log/samba/log.smbd'
alias tnmb='/usr/bin/tail /var/log/samba/log.nmbd'
alias lnmb='/usr/bin/less /var/log/samba/log.nmbd'

alias urpmi='nice -n 15 urpmi ––split-level 10 ––split-length 8'
alias rpm='nice -n 15 rpm'
alias make='nice -n 16 make'

Alias-alias ini menjadi perintah baru setelah anda login kembali. Jika anda tidak sabar, ketik satu-satu pada prompt supaya alias tersebut bisa digunakan langsung. Pelajari bagaimana perintah baru ini dan administrasi sistem akan lebih mudah.
No comments:

Mandriva - Konfigurasi Teratur

File Konfigurasi

Sulit mengingat dimana letak file konfigurasi layanan yang sedang berjalan?
Maka teraturlah! buat direktori /root/config, sub-directori untuk tiap layanan yang berjalan, dan symlinks untuk file konfigurasi:

Contohnya, sebagai root:

mkdir /root/config
cd /root/config
mkdir samba apache dns network cups sasl rsync

cd samba
ln -s /etc/samba/smb.conf
ln -s /etc/samba/smbusers
ln -s /etc/lmhosts

cd /root/config/apache
ln -s /etc/httpd/conf/httpd2.conf
ln -s /etc/httpd/conf/commonhttpd.conf
ln -s /etc/httpd/conf/vhosts/Vhosts.conf

cd /root/config/dns
ln -s /etc/hosts
ln -s /etc/resolv.conf
ln -s /var/named/named.ca
ln -s /etc/named.conf
ln -s /etc/networks
ln -s /var/named/localhost

cd /root/config/network
ln -s /etc/sysconfig/network-scripts/ifcfg-eth0
ln -s /etc/sysconfig/network-scripts/ifcfg-eth1
ln -s /etc/services

Sekarang semuanya konfigurasi layanan diletakkan pada satu tempat. Dengan menggunakan editor buatlah file backup , dengan diawali ‘~~’, jika tidak menginginkan.
No comments:

18 March 2006

Cisco 1601 Fast

username :
cisco>enable
password:
cisco#
cisco#conf term
cisco#int eth0
cisco#ip addre 1.1.1.1 ....
dst

cisco#int ser0
cisco#ip addre .......
cisco#no shut
dst...

exit
cisco#ip route 0.0.0.0 0.0.0.0 ser0

exit

dst

selesai deh...

gampang kan ???
No comments:

08 March 2006

Mandriva - Dasar

Dasar

Topik:


Bagian Lainnya: Administrasi Koneksitas Hardware Instalasi Sumber lain Keamanan Pemecahan Masalah Program dan Aplikasi X

Dokumentasi

Di dunia yang ideal, anda tidak memerlukan dokumentasi. Tetapi seperti biasa, anda harus tau dimana menemukannya melalui dokumentasi yang ada.

Halaman Pertama :

Halaman Dua :
Halaman Tiga :

Direktori dan File


Struktur Sistem File pada Linux

Tersesat pada direktori asing Standar Hirarki sistem File ? Halaman ini memberikan petunjuk kepada anda bagaimana menemukan file pada sebuah direktori.

Halaman Pertama :

Halaman Dua :
Halaman Tiga :
Halaman Empat :

Pengertian tentang Perijinan / Permission

Permision adalah atribut pada sebuah file. Pelajari kenapa hal tersebut disini, kenapa dan bagaimana menggunakan permision / perijinan file tersebut.

Halamam Pertama :

Halaman Dua :

Mmenginstal Perangkat Lunak / Software


Dari RPM

RPM adalah paket software yang digunakan untuk memeprmudah proses instalasi, uninstal dan pengaturan software . Dianjurkan menggunakan 'urpmi' atau melalui Mandrake Control Center untuk menginstall software, agar instalasi software yang menggunakan ketergantungan paket lainnya lebih mudah.

Halaman Pertama :

Halaman Dua :
Halaman Tiga :
Halaman Empat :
Halaman Lima :(Contributed by Kevin Masaryk, edited)

lihat topik yang berhubungan software .

Dari kode sumber

Ingin yang lebih? Kompilasi sendiri1.1 Halaman ini menerangkan bagaimana caranya.

Page One :

Page Two :
Page Three (FAQ):

Other

Handling third party (Adobe, Netscape) installers.

Installing Non-RPM Programs {May 21, 02}

Using The Shell

These pages introduce and explain basic shell commands and mechanisms.

Halaman Pertama :

Halaman Dua :
Halaman Tiga :
Halaman Empat :
Halaman Lima :
Halaman Enam :
No comments:

Mandriva - Mendapatkan Bantuan

Mendapatkan bantuan dalam Mengkonfigurasi, Menggunakan, Merawat Linux Mandriva


Dokumentasi



Mandriva terdiri versi online dan cetak dari 'Reference Manual' dan 'Panduan Penggunaan' untuk rilis saat ini dalam bahasa Inggris, Jerman, Italia, dan Spanyol. Semua dokumen ini sama dengan yang ada pada pada RPM 'mandriva-doc' dan bisa diakses setelah instalasi dari bagian 'documentation' pada menu desktop.

Dokumentasi tidak resmi berisikan informasi umum mengenai semua distribusi linux pada umunya.

Bantuan Online, Forum & Mailing lists



Dukungan Komersial Mandriva


Pelatihan Linux


Link dan Tutorial yg berguna


Ahli Mandriva

http://www.mandrivaexpert.com






No comments:

Administrasi dan Software Server

Administrasi dan Software Server


Menjadi 'root'

'root' adalah akun paling powerfull dalam sistem Linux. Pelajari bagaimana menggunakan akun root dengan seksama.

Backup

Anda dianjurkan membackup file data sebelum melangkah lebih lanjut. Biasanya, tiap pengguna menyimpan file data pada direktori /home masing-masing. Semua file konfigurasi administrasi umum disimpan di /etc dan hanya dapat diubah oleh root.

Program untuk membackup:


  • dengan perintah tar

  • dengan perintah dd (device dump)

  • partimage … menyimpan semua jenis partisi Ext2FS, ReiserFS, NTFS and FAT32 - Ini sangat berguna ketika menginstall software aplikasi pada banyak komputer: tinggal menginstall salah satu komputer, membuat image, dan salin image tersebut ke semua komputer yang ada. Kemudian, setelah langkah pertama, masing-masing instalasi yang akan dibuat secara otomatis, dan hanya membutuhkan waktu yang singkat.


Pembetulan keadaan Darurat

Bagaimana mengatasi kesalahan sistem yang ada.

Pengaturan Proses

Hampir semua di Linux adalah sebuah Proses. Lihat apa dan bagaimana mengatur proses-proses tersebut.

Mounting

Bagaimana meng-handle sistem file di Linux.

Penjadwalan

Bagaimana menggunakan komputer agar mengerjakan sesuatu pada waktu tertentu.

Layanan Sistem

Layanan Sistem: apa dan bagaimana mengontrolnya.

Lebih Teratur


File Konfigurasi



Apakah anda pernah mengalami kesulitan mengingat dimana letak file konfigurasi layanan yang sedang berjalan?

Maka teratirlah. buat direktori /root/config, sub-directori untuk tiap layanan yang berjalan, dan symlinks untuk file konfigurasi:

Contohnya, sebagai root:

mkdir /root/config
cd /root/config
mkdir samba apache dns network cups sasl rsync
cd samba
ln -s /etc/samba/smb.conf
ln -s /etc/samba/smbusers
ln -s /etc/lmhosts
cd /root/config/apache
ln -s /etc/httpd/conf/httpd2.conf
ln -s /etc/httpd/conf/commonhttpd.conf
ln -s /etc/httpd/conf/vhosts/Vhosts.conf
cd /root/config/dns
ln -s /etc/hosts
ln -s /etc/resolv.conf
ln -s /var/named/named.ca
ln -s /etc/named.conf
ln -s /etc/networks
ln -s /var/named/localhost
cd /root/config/network
ln -s /etc/sysconfig/network-scripts/ifcfg-eth0
ln -s /etc/sysconfig/network-scripts/ifcfg-eth1
ln -s /etc/services

Sekarang semuanya konfigurasi layanan diletakkan pada satu tempat. Dengan menggunakan editor buatlah file backup , dengan diawali '~~', jika tidak menginginkan.

Alias pada Bash


Apakah anda bosan menulis 
tail /var/log/syslog
atau 
less /var/log/messages
?

Daripada Malas1.1 Buatlah dengan alias. Letakkan baris berikut pada /root/.bashrc.

alias tslog='/usr/bin/tail /var/log/syslog'
alias lslog='/usr/bin/less /var/log/syslog'
alias tmsg='/usr/bin/tail /var/log/messages'
alias lmsg='/usr/bin/less /var/log/messages'
alias tauth='/usr/bin/tail /var/log/auth.log'
alias lauth='/usr/bin/less /var/log/auth.log'
alias tmail='/usr/bin/tail /var/log/mail/info'
alias lmail='/usr/bin/less /var/log/mail/info'
alias tkern='/usr/bin/tail /var/log/kernel/info'
alias lkern='/usr/bin/less /var/log/kernel/info'
alias thacc='/usr/bin/tail /var/log/httpd/access_log'
alias lhacc='/usr/bin/less /var/log/httpd/access_log'
alias therr='/usr/bin/tail /var/log/httpd/error_log'
alias lherr='/usr/bin/less /var/log/httpd/error_log'
alias thsacc='/usr/bin/tail /var/log/httpd/ssl-access_log'
alias lhsacc='/usr/bin/less /var/log/httpd/ssl-access_log'
alias thserr='/usr/bin/tail /var/log/httpd/ssl-error_log'
alias lhserr='/usr/bin/less /var/log/httpd/ssl-error_log'
alias tsmb='/usr/bin/tail /var/log/samba/log.smbd'
alias lsmb='/usr/bin/less /var/log/samba/log.smbd'
alias tnmb='/usr/bin/tail /var/log/samba/log.nmbd'
alias lnmb='/usr/bin/less /var/log/samba/log.nmbd'


alias urpmi='nice -n 15 urpmi ––split-level 10 ––split-length 8'
alias rpm='nice -n 15 rpm'
alias make='nice -n 16 make'


Alias-alias ini menjadi perintah baru setelah anda login kembali. Jika anda tidak sabar, ketik satu-satu pada prompt supaya alias tersebut bisa digunakan langsung. Pelajari bagaimana perintah baru ini dan administrasi sistem akan lebih mudah.

No comments:

04 March 2006

Konfigurasi - Iptables

# Generated by iptables-save v1.2.9 on Mon Feb 20 15:34:03 2006
*filter
:INPUT ACCEPT [54445800:23826333200]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [62795642:29017166036]
[0:0] -A INPUT -s 222.124.30.84 -p tcp -m multiport --dports 80,3128,222 -j ACCEPT
[0:0] -A INPUT -s 222.124.30.84 -p udp -m multiport --dports 80,3128,222 -j ACCEPT
[0:0] -A INPUT -s 203.130.255.196 -p tcp -m multiport --dports 80,222 -j ACCEPT
[0:0] -A INPUT -s 222.124.45.215 -j DROP
[0:0] -A INPUT -s 202.162.218.193 -j DROP
[0:0] -A INPUT -s 204.10.31.12 -j DROP
[0:0] -A INPUT -s 203.130.237.155 -j DROP
[0:0] -A INPUT -s 202.53.243.42 -j DROP
[0:0] -A INPUT -s 200.161.16.189 -j DROP
[0:0] -A INPUT -s 203.128.81.26 -j DROP
[53:2600] -A INPUT -i eth0 -p tcp -m multiport --dports 135,137,138,139,445,143,10000,4559,111,3128,80,23 -j DROP
[61:6751] -A INPUT -i eth0 -p udp -m multiport --dports 135,137,138,139,445,143,4559,111,3128,10000,80,23 -j DROP
[0:0] -A INPUT -i eth0 -p tcp -m multiport --dports 199,3632,222,81,3130,110 -j DROP
[9:1021] -A INPUT -i eth0 -p udp -m multiport --dports 199,3632,222,81,3130,110 -j DROP
[0:0] -A INPUT -i eth0 -p tcp -m multiport --dports 3312,3412,3512,1215,1315,4661,4672,5555,4242,3306,2323 -j DROP
[0:0] -A INPUT -i eth0 -p tcp -m multiport --dports 7778,1863,6346,6257,6699,4661,4672,1214,6881,6889 -j DROP
[0:0] -A INPUT -i eth0 -p udp -m multiport --dports 4661,4672,6881,6889,1214,4661,4672,6257,6699,6346,3312,3412,3512,1215,1315 -j DROP
[0:0] -A INPUT -i eth1 -p tcp -m multiport --dports 135,137,138,139,113 -j DROP
[589:70987] -A INPUT -i eth1 -p udp -m multiport --dports 135,137,138,139,113 -j DROP
[76333:14307628] -A INPUT -i eth1 -j ACCEPT
[0:0] -A INPUT -m iprange --src-range 10.10.10.100-10.10.10.200 -j DROP
[0:0] -A INPUT -m iprange --src-range 10.10.10.201-10.10.10.233 -j DROP
[0:0] -A INPUT -m iprange --src-range 10.10.10.235-10.10.10.254 -j DROP
[0:0] -A INPUT -m iprange --src-range 10.10.10.32-10.10.10.99 -j DROP
[0:0] -A INPUT -m iprange --src-range 10.10.10.21-10.10.10.30 -j DROP
[15510367:3346522673] -A FORWARD -i ! eth0 -o eth0 -j ACCEPT
[14265281:4511345821] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -f -j ACCEPT
#[0:0] -A FORWARD -o eth1 -p tcp -m tcp --sport 31337 --dport 31337 -j DROP
#[0:0] -A FORWARD -o eth0 -p tcp -m tcp --sport 31337 --dport 31337 -j DROP
#[0:0] -A FORWARD -o eth0 -p tcp -m tcp --sport 31337 --dport 31337 -j DROP
#[0:0] -A OUTPUT -o eth1 -p tcp -m tcp --sport 31337 --dport 31337 -j DROP
COMMIT
# Completed on Mon Feb 20 15:34:03 2006
# Generated by iptables-save v1.2.9 on Mon Feb 20 15:34:03 2006
*mangle
:PREROUTING ACCEPT [84465749:31710532148]
:INPUT ACCEPT [54611282:23847630554]
:FORWARD ACCEPT [29775648:7857868494]
:OUTPUT ACCEPT [62796270:29017241181]
:POSTROUTING ACCEPT [93021182:36884094955]
COMMIT
# Completed on Mon Feb 20 15:34:03 2006
# Generated by iptables-save v1.2.9 on Mon Feb 20 15:34:03 2006
*nat
:PREROUTING ACCEPT [844595:65841060]
:POSTROUTING ACCEPT [35876:2688756]
:OUTPUT ACCEPT [1728235:105494341]
[1236:59328] -A PREROUTING -s 10.10.10.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.10.10.1:81
[0:0] -A PREROUTING -s 10.10.10.0/255.255.255.0 -p udp -m udp --dport 80 -j DNAT --to-destination 10.10.10.1:81
[0:0] -A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128
[185790:11017927] -A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Feb 20 15:34:03 2006
No comments:

Konfigurasi - Bridge


yah... lupa lagi :(( padahal cuman gini ae


/usr/sbin/brctl addbr br0
# Tambahkan ethernet yg dipake
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl addif br0 eth1

# buat ethernet on
/sbin/ifconfig eth0 0.0.0.0
/sbin/ifconfig eth1 0.0.0.0

# kasih IP biar si bridge bisa di kontrol dari luar
/sbin/ifconfig br0 62.3.3.26 netmask 255.255.255.248 broadcast 62.3.3.32

# tambah IP internal buat NAT
ip addr add 192.168.0.1/24 dev br0
/sbin/route add default gw 62.3.3.25

IPTABLES nya
iptables -F FORWARD
iptables -P FORWARD DROP
iptables -A FORWARD -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Limit ICMP
# iptables -A FORWARD -p icmp -m limit --limit 4/s -j ACCEPT
# Match string, a good simple method to block some VIRUS very Quickly
# iptables -I FORWARD -j DROP -p tcp -s 0.0.0.0/0 -m string --string "cmd.exe"

# Blok koneksi MySQL
iptables -A FORWARD -p tcp -s 0/0 -d 62.3.3.0/24 --dport 3306 -j DROP

# Linux Mail Server
#
# FTP-DATA ( 20 ) , FTP ( 21 ) , SSH ( 22 )
iptables -A FORWARD -p tcp -s 0.0.0.0/0 -d 62.3.3.27/32 --dport 20:22 -j ACCEPT

# Ijinkan Mail Server konek ke luar
iptables -A FORWARD -p tcp -s 62.3.3.27/32 -d 0/0 -j ACCEPT

# WWW Server
#
# HTTP ( 80 )
iptables -A FORWARD -p tcp -s 0.0.0.0/0 -d 62.3.3.28/32 --dport 80 -j ACCEPT

# HTTPS ( 443 )
iptables -A FORWARD -p tcp -s 0.0.0.0/0 -d 62.3.3.28/32 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 62.3.3.28/32 -d 0/0 -j ACCEPT


sumber:
http://www.linuxsecurity.com/docs/harden-doc/html/securing-debian-howto/ap-bridge-fw.en.html
No comments:

Konfigurasi - Postfix

master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# The script postfix-chroot.sh can be used to set up a Postfix chroot
# environment on your Mandrivalinux System.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - y 60 1 pickup
-o content_filter=
-o receive_override_options=
cleanup unix n - y - 0 cleanup
qmgr fifo n - y 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - y - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - y - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=nobody argv=/usr/bin/maildrop -d ${recipient}
#
# Cyrus. Please See the Postfix CYRUS_README file for details
#
# deliver interface (deprecated), to use this also use
# postconf -e cyrus-deliver_destination_recipient_limit=1
cyrus-deliver unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# for default cyrus socket placement
cyrus unix - n n - - lmtp
-o lmtp_cache_connection=yes
#
# if you configure cyrus socket in the chroot jail
cyrus-chroot unix - - y - - lmtp
-o lmtp_cache_connection=yes
#
# for lmtp to cyrus via tcp
cyrus-inet unix - - y - - lmtp
-o lmtp_cache_connection=yes
-o lmtp_sasl_auth_enable=yes
-o lmtp_sasl_password_maps=hash:/etc/postfix/cyrus_lmtp_sasl_pass
-o lmtp_sasl_security_options=noanonymous
#
# UUCP. Unix to Unix CoPy
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
# These are not distributed with Mandrivalinux
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#bsmtp unix - n n - - pipe
# flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

##### START OF CONTENT FILTER CUSTOMIZATIONS #####
# Please see the Postfix FILTER_README for details.
# These sample entries expect your content filter to
# listen on port 10025 and to inject mail back into
# postfix on port 10026.
#
# to enable such content filter run the command
# postconf -e content_filter=smtp-filter:127.0.0.1:10025
# postconf -e smtp-filter_destination_concurrency_limit=2
# or
# postconf -e content_filter=lmtp-filter:127.0.0.1:10025
# postconf -e lmtp-filter_destination_concurrency_limit=2
# and the command
# postconf -e receive_override_options=no_address_mappings
#

127.0.0.1:10026 inet n - y - - smtpd
-o content_filter=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_client_connection_limit_exceptions=127.0.0.0/8

lmtp-filter unix - - y - - lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes

smtp-filter unix - - y - - smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes


#clamsmtpd
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes

127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8


##### END OF CONTENT FILTER CUSTOMIZATIONS #####

main.cf
# These are only the parameters changed from a default install
# see /etc/postfix/main.cf.dist for a commented, fuller version of this file.

# These are changed by postfix install script
readme_directory = /usr/share/doc/postfix-2.2.5/README_FILES
html_directory = /usr/share/doc/postfix-2.2.5/html
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/lib/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix

# User configurable parameters

inet_interfaces = all

mynetworks = 10.10.10.0/24, 127.0.0.0/8
mynetworks_style = subnet
delay_warning_time = 4h
smtpd_banner = $myhostname ESMTP kampesMail ($mail_version) (Kampes_Komprang)
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_helo_required = yes
smtpd_client_restrictions =
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client bl.spamcannibal.org,
reject_rbl_client relays.ordb.org,
reject_rbl_client dnsbl.antispam.or.id,
permit

#inet_interfaces = localhost
#mynetworks_style = host
#delay_warning_time = 4h
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (Mandriva Linux)
unknown_local_recipient_reject_code = 450
smtp-filter_destination_concurrency_limit = 2
lmtp-filter_destination_concurrency_limit = 2
smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2

smtpd_error_sleep_time = 60
smtpd_soft_error_limit = 60
smtpd_hard_error_limit = 10

myhostname = hujan.semusim.info
mydomain = semusim.info
myorigin = $mydomain
mydestination = $myhostname localhost.$mydomain $mydomain
owner_request_spesial = no
relay_domains = $mydestination semusim.info
alias_maps = hash:/etc/postfix/aliases

content_filter = scan:127.0.0.1:10025
#receive_override_options = no_address_mappings

clamstpd.conf
# ------------------------------------------------------------------------------
# SAMPLE CLAMSMTPD CONFIG FILE
# ------------------------------------------------------------------------------
#
# - Comments are a line that starts with a #
# - All the options are found below with sample settings


# The address to send scanned mail to.
# This option is required unless TransparentProxy is enabled
OutAddress: 10026


# The maximum number of connection allowed at once.
# Be sure that clamd can also handle this many connections
#MaxConnections: 64

# Amount of time (in seconds) to wait on network IO
#TimeOut: 180

# Keep Alives (ie: NOOP's to server)
#KeepAlives: 0

# Send XCLIENT commands to receiving server
#XClient: off

# Address to listen on (defaults to all local addresses on port 10025)
#Listen: 0.0.0.0:10025
Listen: 127.0.0.1:10025

# The address clamd is listening on
#ClamAddress: /var/run/clamav
ClamAddress: /var/lib/clamav/clamd.socket

# A header to add to all scanned email
Header: X-Virus-Scanned: ClamAV using ClamSMTP

# Directory for temporary files
TempDirectory: /tmp

# Whether or not to bounce email (default is to silently drop)
#Bounce: off

# Whether or not to keep virus files
#Quarantine: off
Quarantine: on

# Enable transparent proxy support
#TransparentProxy: off

# User to switch to
User: clamav

# Virus actions: There's an option to run a script every time a virus is found.
# !IMPORTANT! This can open a hole in your server's security big enough to drive
# farm vehicles through. Be sure you know what you're doing. !IMPORTANT!
#VirusAction: /path/to/some/script.sh
1 comment:

Konfigurasi - Squid

http_port 10.10.10.1:81
http_port 3128

icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255

#cache_peer 203.130.255.196 parent 3128 3130
cache_peer random.us.ircache.net sibling 3128 3130 login=cs-info@plasa.com:phowEfalsajrasu
#cache_peer 202.143.61.37 sibling 3128 3130 proxy-only
icp_query_timeout 0
maximum_icp_query_timeout 2000
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 8 MB
cache_swap_low 98
cache_swap_high 99
maximum_object_size 51200 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 16 KB
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 1024
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /var/spool/squid 10000 32 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log on
log_ip_on_direct on
mime_table /etc/squid/mime.conf
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off

client_netmask 255.255.255.255

ftp_user Squid@kates.com
ftp_list_width 48
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on
#cache_dns_program /usr/lib/squid/dnsserver
dns_timeout 5 minutes
dns_nameservers 10.10.10.1 202.134.1.10 61.94.192.12 202.134.0.155 202.134.2.5
hosts_file /etc/hosts
# diskd_program /usr/lib/squid/diskd
# unlinkd_program /usr/lib/squid/unlinkd
# pinger_program /usr/lib/squid/pinger
# redirect_children 5
# redirect_rewrites_host_header on
#Recommended minimum configuration:
#auth_param digest program
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param ntlm program
#auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param ntlm use_ntlm_negotiate off
#auth_param basic program
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
# authenticate_cache_garbage_interval 1 hour
# authenticate_ttl 1 hour
# authenticate_ip_ttl 0 seconds
# wais_relay_port 0
# request_header_max_size 10 KB
# request_body_max_size 0 KB
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
refresh_pattern -i ^ftp:// 1440 90% 172800 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern . 180 95% 4320 override-lastmod reload-into-ims
refresh_pattern -i \.spinbox.net$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.tar.gz$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.mp3$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.zip$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.png$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.gif$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.jpg$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.jpeg$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.swf$ 10080 90% 10080 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i /$ 2880 90% 4320 override-expire override-lastmod ignore-reload reload-into-ims
#refresh_pattern -i /index.htm?$ 2880 90% 4320 override-expire override-lastmod ignore-reload reload-into-ims
#refresh_pattern -i /welcome.htm$ 2880 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
#refresh_pattern -i /default.htm$ 2880 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
#refresh_pattern -i \.(htm|html|cgi|asp|cfm)$ 2880 90% 86400 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.class$ 43200 90% 86400 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i ^ftp:// 1440 90% 172800 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(gif|jp?g|xbm|png|swf|bmp)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(mov|avi|qtm|mp?)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.(zip|exe|gz|Z|lha|arj)$ 21600 90% 43200 override-expire override-lastmod ignore-reload reload-into-ims
#refresh_pattern . 100080 90% 432000 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^gopher: 1440 90% 172800 override-expire override-lastmod ignore-reload reload-into-ims


# TAG: quick_abort_pct (percent)
#Default:
# quick_abort_min 16 KB
# quick_abort_max 16 KB
quick_abort_pct 100
# negative_ttl 5 minutes
# positive_dns_ttl 6 hours
# negative_dns_ttl 1 minute
# range_offset_limit 0 KB
# forward_timeout 4 minutes
connect_timeout 1 minute
# peer_connect_timeout 30 seconds
# read_timeout 15 minutes
# request_timeout 5 minutes
# persistent_request_timeout 1 minute
# client_lifetime 1 day
# half_closed_clients on
# pconn_timeout 120 seconds
# ident_timeout 10 seconds
# shutdown_lifetime 30 seconds
#Examples:
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 2083 2087 2096 4081
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT


#virus WMF
acl blockedtypereq req_mime_type -i ^application/x-msmetafile$
acl blockedtypereq req_mime_type -i application/x-msmetafile
acl blockedtyperep rep_mime_type -i ^application/x-msmetafile$
acl blockedtyperep rep_mime_type -i application/x-msmetafile
acl blocked_contdisp rep_header Content-Disposition -i .wmf

#antinya virus WMF
http_access deny blockedtypereq all
http_access deny blockedtyperep all
http_reply_access deny blocked_contdisp


# follow_x_forwarded_for deny all
#Default:
# acl_uses_indirect_client on
# delay_pool_uses_indirect_client on
# log_uses_indirect_client on
# http_access deny all
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

acl kates arp "/etc/squid/mac/mac-user.txt"
#acl wedus src "/etc/squid/mac/ip.txt"
acl smp1 src 10.10.10.31

#---------------------------
#acl badomain dstdomain "/etc/squid/mac/domain.txt"
#http_access deny badomain
#---------------------------

#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
# And finally deny all other access to this proxy
http_access allow localhost

acl generic_browser browser Mozilla
acl generic_browser browser IE

http_access allow kates
#http_access allow wedus

#maksimal connection
#acl maksimal maxconn 4
#
http_access deny all

http_reply_access allow all

# icp_access deny all
icp_access allow all

# miss_access allow all

# ident_lookup_access deny all


# reply_header_max_size 20 KB

# reply_body_max_size 0 allow all


# cache_mgr root

cache_effective_user squid
cache_effective_group squid

visible_hostname localhost


# announce_period 0
# announce_host tracker.ircache.net
# announce_port 3131


httpd_accel_host virtual
httpd_accel_port 80


# httpd_accel_single_host off

httpd_accel_with_proxy on

httpd_accel_uses_host_header on


# TAG: logfile_rotate
# Specifies the number of logfile rotations to make when you
# type 'squid -k rotate'. The default is 10, which will rotate
# with extensions 0 through 9. Setting logfile_rotate to 0 will
# disable the rotation, but the logfiles are still closed and
# re-opened. This will enable you to rename the logfiles
# yourself just before sending the rotate signal.
#
# Note, the 'squid -k rotate' command normally sends a USR1
# signal to the running squid process. In certain situations
# (e.g. on Linux with Async I/O), USR1 is used for other
# purposes, so -k rotate uses another signal. It is best to get
# in the habit of using 'squid -k rotate' instead of 'kill -USR1
# '.
#
#Default:
# logfile_rotate 0

# TAG: append_domain
# Appends local domain name to hostnames without any dots in
# them. append_domain must begin with a period.
#
# Be warned there are now Internet names with no dots in
# them using only top-domain names, so setting this may
# cause some Internet sites to become unavailable.
#
#Example:
# append_domain .yourdomain.com
#
#Default:
# none

# tcp_recv_bufsize 0 bytes



# memory_pools on

# TAG: memory_pools_limit (bytes)
# Used only with memory_pools on:
# memory_pools_limit 50 MB
#

# forwarded_for on

# log_icp_queries on

# icp_hit_stale off

# minimum_direct_hops 4

# minimum_direct_rtt 400

#Example:
# cachemgr_passwd secret shutdown
# cachemgr_passwd lesssssssecret info stats/objects
# cachemgr_passwd disable all
#
#Default:
# none
#cachemgr_passwd netsisfo all

# store_avg_object_size 13 KB

# store_objects_per_bucket 20

# client_db on
client_db on

# netdb_low 900
# netdb_high 1000

# netdb_ping_period 5 minutes

#query_icmp off
query_icmp on

# test_reachability off

# buffered_logs off

# reload_into_ims off
reload_into_ims on

#We don't want to limit downloads on our local network
acl magic_words1 url_regex -i 10.10.

#We want to limit downloads of these type of files
#Put this all in one line
acl pelem url_regex -i \.mp3$ \.rm$ \.mpg$ \.mpeg$ \.avi$ \.dat$ \.exe$ \.vqf$ \.tar.gz$ \.gz$ \.rpm$ \.zip$ \.rar$ \.mpe$ \.qt$ \.iso$ \.raw$ \.wav$ \.mov$ \.pdf$ \.wmv$ \.wam$ \.bin$ \.sis$ \.3gp$ \.7z$ \.tar$ \.bzip$
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .pdf .wmv .iso .wma .bin .3gp .sis .7z .tar .bzip
#.bmp .jpg .jpeg .gif .pdf .doc .xls .ppt
acl magic_words3 url_regex -i ftp .bmp .pdf .doc .xls .ppt .swf .fla

#acl kampes src 10.10.10.234
#acl day time 09:00-21:00


#We don't block .html, .gif, .jpg and similar files, because they
#generally don't consume much bandwidth

#We have two different delay_pools
delay_pools 3

#First delay pool
#W don't want to delay our local traffic
#There are three pool classes; here we will deal only with the second
delay_class 1 2

#-1/-1 mean that there are no limits
delay_parameters 1 -1/-1 -1/-1

#magic_words1: 192.168
delay_access 1 allow magic_words1

#Second delay pool
#we want to delay downloading files mentioned in magic_words2
delay_class 2 2

#The numbers here are values in bytes;
#we must remember that Squid doesn't consider start/stop bits
#5000/150000 are values for the whole network
#5000/120000 are values for the single IP
#after downloaded files exceed about 150000 bytes,
#(or even twice or three times as much)
#they will continue to download at about 5000 bytes/s
#delay_parameters 2 5000/150000 5000/12000
#delay_parameters 2 5000/120000 2000/12000
delay_parameters 2 8000/13000 100/15000
#delay_access 2 deny !day

delay_access 2 allow magic_words2
delay_access 2 allow pelem
delay_access 2 deny all


delay_class 3 2
delay_parameters 3 6000/13000 1000/4500
delay_access 3 allow magic_words3
delay_access 3 deny all

#delay_class 4 2
#delay_parameters 3 18000/110000 8000/22000
#delay_access 4 allow day
#delay_access 4 deny all

coredump_dir /var/spool/squid
client_persistent_connections on
server_persistent_connections on
ie_refresh off
No comments:
Subscribe to: Posts (Atom)