Reehan's Blog: 2010

Google Operating System (2010)

0 komentar Sabtu, 20 November 2010

Google Operating System 2010 Android LiveCD (No Instalation)
Welcome to LiveAndroid, a LiveCD for Android!
Language: English |.ISO |172.46 Mb
Want to give Google Android a try, but dont feel like buying a T-Mobile G1/G2/G3? LiveAndroid lets you download a LiveCD disc image of the Google Android operating system. Just burn the image to a disc, stick it in a CD-ROM drive, and reboot your computer and you can check out Android without installing it or affecting any files on your PC.

You can also use the disc image in a virtualization application like VirtualBox, VMWare or Microsoft Virtual PC if you want to try the operating system without even rebooting your computer. LiveAndroid v0.3 is here Features * OpenDNS added * Audio support * VirtualBox - Intel 8x0 AC97 * VMware - Ensoniq AudioPCI 1371/1373 * SD card support (512M) * Ethernet (DHCP) * Mouse wheel support * High-resolution support (800*600, 1024*768) * Apps added * Software Directory * AndroidVNC * PilotLines, Craigs Races, Super Mario * more net card driver added * Amd PCNET32 PCI * Broadcom 440x/47xx * CS89x0 * Intel PRO/100+ * NE2000/NE1000 * Realtek RTL-8129/8130/8139

link download?

liveandroidv0.3.rar.001

liveandroidv0.3.rar.002

Read On

DHCP Server di Linux dg client Linux & Windows

0 komentar Jumat, 19 November 2010

Server DHCP di Linux

DHCP server adalah sebuah service yg memberikan pelayanan dalam sebuah jaringan komputer dimana IP address (+ beberapa setting lain) tidak dipasang secara statis di masing2x komputer, melainkan diberikan oleh server secara dinamis (bisa juga statis tapi tetap diberikan oleh server, yg dikenal dg reservasi atau pencadangan IP address tertentu yg diberikan kepada komputer dg MAC address tertentu pula). Hal ini akan sangat membantu seorang administrator jaringan untuk mengelola suatu jaringan besar yg terdiri dari ratusan bahkan ribuan komputer dengan mempermudah pengelolaan jaringan dg memusatkan pengelolaan IP address jaringan dalam sebuah server. Jadi setiap komputer dalam jaringan akan meminta konfigurasi IP kepada server DHCP yg akan membagikan IP address sesuai konfigurasi yg dipasang di server tsb.

DHCP server berjalan di atas sistem Windows maupun Linux dg hampir tidak ada perbedaan dalam kemampuannya memberikan layanan utama berupa pemberian IP Address pada jaringan secara dinamis.

Karakteristik dari DHCP server yang berjalan di sistem Linux:

1. Server dapat berjalan lebih cepat & stabil. Sistem-sistem Unix clone sudah diakui mempunyai reliabilitas yang sangat tinggi dalam menjalankan aplikasi-aplikasinya, dan ini berarti termasuk juga di Linux yang juga merupakan salah satu clone Unix. Linux juga seperti turunan Unix lain dapat dioperasikan hanya dengan command text saja. Ini berarti resource yang dibutuhkan server pasti lebih kecil daripada resource yang dibutuhkan untuk menjalankan software berbasis grafis seperti di sistem Windows.
2. Dijalankan dengan dua aplikasi daemon untuk server dan client, misalnya : dhcpd (DHCP daemon) untuk server dan dhcpcd (DHCP client daemon) untuk client.
3. File-file setting untuk DHCP di Linux umumnya diletakkan di dalam direktori /etc dan /var/lib/dhcp
4. Setting DHCP dilakukan dalam sebuah file yaitu : /etc/dhcpd.conf dan akan menyimpan hasil transaksi penyewaan IP address di dalam sebuah file yang bernama /var/lib/dhcpcd.leases. Bila file ini tidak ada, DHCP tidak akan dapat bekerja.
5. Setting relatif mudah karena hanya dipusatkan di satu file saja (/etc/dhcpd.conf) dan hanya terdiri dari beberapa baris perintah untuk memberikan layanan yang cukup lengkap.

Bagaimana DHCP bekerja dalam Linux
Client DHCP bekerja sebagai program level aplikasi. Sekalipun mengkonfigurasikan beberapa aspek mendasar dari operasi kernel sistem operasi, namun tidak perlu dijalankan sebagai kode kernel level. Dalam hal ini semua yang dilakukan client sebenarnya adalah :

* Mengirim dan menerima beberapa paket UDP
* Mengekstrak nilai dari jawaban DHCPACK
* Menerapkan nilai tersebut pada sistem, seperti yang dilakukan ifconfig atau route.

Sedikit kesulitannya adalah client harus menangani lease DHCP sehingga setiap kali ia harus menghubungi server untuk memperpanjang lease terbaru. Untuk alasan ini, client berjalan sebagai “daemon”, yaitu aplikasi yang berjalan pada background, tidak terkoneksi ke terminal apapun (hal ini menjelaskan nama client dhcpcd, sekalipun untuk pertamakalinya akan tampak membingungkan).

Detail lease dicatat dalam dalam suatu file teks. Sekalipun mesin tersebut reboot dalam masa itu, client DHCP dapat menggunakan informasi ini pada saat berikutnya client me-request lease dari server DHCP. Dengan demikian satu mesin dapat menggunakan IP yg sama selama beberapa lama sekalipun alamat tersebut dialokasikan secara dinamis. Informasi ini juga disimpan dalam file dhcpcd.leases yg biasanya terdapat dalam direktodi /var/lib/dhcp

Instalasi DHCP server pada Linux

Cara menginstall server DHCP pada Linux relatif mudah. Di sini saya menggunakan Linux Mandriva 2007.1 yang merupakan turunan dari Red Hat Linux sehingga dapat menggunakan paket instalasi RPM yang lebih mudah. Perintah text instalasi secara manual misalnya seperti ini (sbg root) :

# rpm –ivh dhcp-server-3.0.5-7mdv2007.1.rpm

maka sistem akan menginstalkan paket instalasi DHCP server. Bila ada dependensi harus diinstall dulu secara manual. Tetapi pada distro Mandriva 2007.1 dapat dilakukan cara instalasi yang lebih mudah yaitu dengan menggunakan utility urpmi seperti ini :

# urpmi dhcp

maka sistem akan menginstallkan paket DHCP sekaligus dengan semua dependensi yang dibutuhkan. Untuk melakukan pengecekan apakah software sudah terinstall digunakan perintah :

# rpm –qa |grep dhcp

maka sistem akan menampilkan software-software terinstall yang mengandung kata “dhcp”.

Setelah instalasi selesai, sistem akan membuat file-file konfigurasi untuk DHCP yang terdiri dari 2 file utama yang harus ada untuk dapat menjalankan aplikasi DHCP yang diinstall, yaitu :

* /etc/dhcpd.conf
* /var/lib/dhcp/dhcpcd.leases

Isi dari file /etc/dhcpd.conf yang digunakan untuk memberikan layanan DHCP server pada jaringan bisa di setting sesuai kebutuhan dan dapat dipakai oleh DHCP client baik dari sistem Linux maupun dari sistem Windows. File /var/lib/dhcpd/dhcpcd.leases juga harus ada walaupun pada awalnya hanya sebuah file kosong. Tanpa file ini DHCP tidak akan berjalan. Sebagai contoh di sini kita akan setting server DHCP untuk kebutuhan2x sebagai berikut :

1. PC server DHCP (Linux Mandriva 2007.1) disetting IP statis 192.168.0.1

2. Memberikan alamat IP antara 192.168.0.11 dan 192.168.0.100 pada jaringan

3. Memberikan pada client setting-setting sebagai berikut : subnet mask 255.255.255.0, alamat broadcast 192.168.0.255, default gateway 192.168.0.1, server DNS 192.168.0.10, nama domain default adalah jarkom.net, dan server WINS pada 192.168.0.11 (untuk client windows versi lama)

4. Memberikan lease-lease untuk waktu default 6 jam dan maximal 12 jam

5. Memberikan reservasi alamat IP untuk kartu ethernet dengan MAC address 00-14-2A-06-18-D5 dengan alamat 192.168.0.30 pada komputer Windows XP dan MAC address 00-0C-29-77-78-67 dengan alamat 192.168.0.50 pada komputer Linux openSUSE 10.2

Untuk kebutuhan setting seperti itu maka isi file /etc/dhcpd.conf harus diedit & disesuaikan sehingga menjadi seperti dalam gambar berikut yg sudah diberikan keterangan penggunaan masing2x barisnya.

Dan kemudian untuk menjalankannya harus dilakukan restart terhadap service-nya dulu :

# /etc/rc.d/init.d/dhcpd restart

Perintah ini juga harus selalu dilakukan setelah melakukan perubahan apapun pada isi file /etc/dhcpd.conf. Kemudian apabila menghendaki agar DHCP server selalu start secara otomatis pada saat komputer dijalankan, maka perintah “/etc/rc.d/init.d/dhcpd start” harus dimasukkan dalam file /etc/rc.local yang berfungsi seperti file autoexec.bat dalam sistem Windows.

Instalasi DHCP Client

Memperoleh IP address dinamis server DHCP dari PC client dilakukan dengan cukup mudah baik pada sistem Windows maupun pada sistem Linux. Dan keduanya juga dapat dikonfigurasi dengan menggunakan utility grafis maupun text command. Cara instalasinya misalnya seperti demikian :

1. Client Windows XP Professional SP2.

Dari client Windows bisa dilakukan setting untuk permintaan IP addres di server dengan memilih Obtain dalam halaman setting Control Panel – Network.

Atau juga dapat dengan command text di command prompt dengan mengetikkan di Command Prompt perintah untuk meminta lease IP address baru pada server DHCP :

C:\> ipconfig /renew

Dan bila diinginkan untuk menghapus konfigurasi lesase DHCP yang sedang berjalan digunakan perintah :

C:\> ipconfig /release

Untuk melihat konfigurasi yang telah terpasang, gunakan perintah :

C:\> ipconfig /all

2. Client Linux openSUSE 10.2

Untuk DHCP client di Linux juga relatif mudah memasangnya, pertama dengan menyesuaikan setting di file /etc/sysconfig/network/ifcfg-eth0-[mac-address] seperti gambar berikut. Catatan : path dan nama file bisa tidak sama tergantung distro Linux yang dipakai. Path dan nama file tadi adalah untuk distro Linux openSUSE 10.2 yang saya pakai di sini.

Kemudian cek apakah aplikasi dhcpcd sudah terinstall di komputer Linux yg akan dijadikan DHCP client (cat : untuk distro selain openSUSE mungkin bisa berbeda) :

# rpm -qa |grep dhcpcd

Kalau belum terinstall, install dulu dengan menggunakan tool YaST untuk software DHCP client. Bisa lakukan dg memasukkan kata “dhcpcd” di kolom search software. Setelah muncul, beri check lalu jalankan instalasi. Setelah instalasi selesai ulangi pengecekan di shell dg perintah yg sama.

Kemudian gunakan command text seperti berikut untuk melepas lease IP (dhcpcd –d –k eth0) dan merequest IP address dari server DHCP (dhcpcd –d –B eth0):

Opsi –k >>> adalah untuk melepas lease IP yang sedang berjalan

Opsi -B >>> adalah untuk meminta lease IP baru pada server DHCP

Opsi -d >>> adalah agar dhcpcd mengirimkan banyak informasi ke file /var/log/messages yang akan berguna untuk mengetahui seriap detail proses yang terjadi, termasuk untuk memudahkan troubleshooting bila ada suatu masalah yang terjadi. File tersebut salah satu file log terpenting dalam Linux yang mencatat hampir semua peristiwa yang terjadi dalam sistem, termasuk semua yang terjadi pada saat koneksi DHCP server & client terbentuk.

Gambar berikut adalah menampilkan isi dari file /var/log/messages di shell secara dinamis dengan menampilkan terus menerus baris-baris terbaru yang terjadi, dengan menggunakan perintah :

# tail –f /var/log/messages

Pada client DHCP yang menggunakan Linux, apabila menggunakan konfigurasi DHCP untuk mendapatkan nama domain dan alamat DNS server dalam jaringan, maka setelah client mendapatkan lease IP baru dari server DHCP, maka otomatis DHCP akan merubah isi file /etc/resolv.conf yaitu sebuah file yang berisi konfigurasi nama domain & alamat DNS server untuk komputer yang bersangkutan. Sehingga bila file itu sudah berisi suatu setting tertentu secara manual, maka DHCP akan menghapusnya dan menggantinya dengan konfigurasi yang ada di server DHCP. Sebenarnya hal ini bisa dihindari dengan menambahkan satu opsi lagi dalam command text sewaktu meminta lease IP baru dari server. Opsi-opsi itu dapat dilihat dengan menjalankan perintah :

# man dhcpcd

atau

# dhcpcd –help

Setelah ada DHCP client yang meminta lease IP baru ke server DHCP, maka dhcpd akan menuliskan setiap penyewaan IP yang terjadi ke sebuah file yang bernama : /var/lib/dhcp/dhcpcd.leases di server DHCP. Isi file tersebut adalah seperti gambar berikut :

Read On

Remote Control VNC untuk Linux dan Windows

0 komentar

Remote Control VNC untuk Linux dan Windows

VNC adalah sebuah software remote control, dimana dg melalui software ini suatu komputer dapat melakukan akses untuk bekerja di suatu komputer lain yg terhubung dg jaringan. Hal ini dapat dilakukan baik dalam lingkungan LAN (Local Area Network) yg relatif berjarak dekat sampai dalam jaringan internet yg dapat berjarak ribuan kilometer.Teknologi remote control sebenarnya bukanlah barang baru. Kehadiran teknologi ini sudah cukup lama di dunia komputerisasi. Di dalam dunia operating system UNIX beserta keluarganya, komunikasi remote sudah sangat biasa dilakukan oleh penggunanya. Operating system yang berbasiskan UNIX memang telah dikenal lama sebagai salah satu operating system jaringan yang menonjol dalam aplikasi-aplikasi jaringan termasuk fasilitas untuk mengontrol komputer melalui jaringan dari jarak jauh yang juga telah dilengkapi dengan fasilitas keamanan yang sangat baik. Maka dari itulah teknologi remote control pada awalnya lebih banyak digunakan di lingkungan Unix, termasuk juga dalam operating system Linux.

Remote control di Linux/Unix yang secara native menggunakan command shell dilakukan hanya dengan menampilkan teks saja. Ini karena semua OS clone Unix dapat dioperasikan hanya dengan command text. Contoh yang paling banyak digunakan adalah koneksi SSH. SSH merupakan fasilitas remote yang building pada semua operating system Linux. Selain bisa menyediakan koneksi remote, SSH juga cukup aman untuk digunakan.

Setelah mengetikkan command text pada baris pertama, sistem akan meminta untuk dimasukkan password. Dan setelah password dimasukkan secara benar, maka tampilan prompt akan berubah menjadi tampilan prompt di komputer remote seakan-akan kita sedang berada di depan komputer remote yang mungkin saja berjarak beberapa meter ataupun ribuan kilometer dari komputer client.

Tetapi karena pada tahun2x belakangan ini, terutama dg berkembangnya sistem operasi Macintosh & Windows yang berbasis grafis (yg juga diikuti secara pesat oleh Linux), maka muncul kebutuhan yang lebih besar lagi untuk menggunakan remote control yang tidak sekedar dapat menampilkan text saja. Maka kemudian muncullah program-program remote control yg berbasis grafis seperti PCAnywhere, Radmin, dll. Salah satu dari software remote control berbasis grafis yang terkenal adalah VNC (Virtual Network Computing) yg akan kita pakai di sini.

Penggunaan Remote Control sangat membantu pekerjaan seorang administrator jaringan yang membutuhkan suatu tool yang handal untuk dapat menjangkau seluruh komputer yang ada dalam jaringannya atau karena suatu sebab tidak dapat berada di depan komputer yang bersangkutan, sehingga perbedaan lokasi yang jauh tidak menjadi masalah untuk dapat melakukan pekerjaan sehari-hari. Teknologi remote control saat ini sudah cukup maju dengan adanya software-software semacam VNC yang sangat powerfull karena kecepatannya, tampilannya yang berbasis grafis, dapat dijalankan menggunakan browser, dan dapat digunakan sama baiknya dalam platform komputer yang sama maupun dalam platform komputer yang berbeda seperti lintas platform antara Linux dan Windows.

Karakteristik VNC
Karekteristik yang merupakan keunggulan dari software VNC dibanding software-software sejenis adalah :
1. Multi platform. Software VNC ini dapat digunakan dengan baik di lingkungan Windows, Linux, Beos, Macintosh, Unix dll. bahkan penggunaannya juga dapat dilakukan secara lintas platform. VNC client & VCN server dapat saling diakses misalnya dari sistem Windows ke sistem Linux, maupun dari sistem Linux ke sistem Windows.
2. Client-server. Software terdiri dari aplikasi server & client dan harus diinstall di kedua sisi. Bagi orang-orang tertentu hal ini mungkin malah merepotkan, tapi ini juga berarti melindungi privacy komputer yg menggunakan VNC yang diniatkan untuk sesuatu yang positif.
3. HTTP support. VNC dapat diakses menggunakan default port 5900 atau 5901 untuk TCP maupun port 5800 atau 5801 untuk HTTP. Jadi sebuah VNC server juga dapat diakses oleh VNC client menggunakan sebuah browser seperti Mozilla Firefox, Opera, dan Internet Explorer dengan menggunakan java aplet.
4. Transparan. VNC adalah sebuah program yang sopan, tidak seperti beberapa software remote desktop lain yang menyembunyikan keberadaan dirinya dari user awam sehingga dapat dikategorikan sebagai sebuah software trojan yang akan dideteksi oleh software antivirus. Apabila sebuah komputer Windows dipasang VNC server, akan muncul sebuah icon kecil logo VNC di sebelah kanan taskbar yang akan berubah warna apabila komputer tersebut sedang diakses. VNC juga mengharuskan kita memasang password untuk bisa diaktifkan. Sebelum password dipasang, ia tidak akan mau bekerja.
5. Across internet. VNC dapat digunakan across internet. Cukup mengetahui nomor IP Address dan password VNC tujuan, kita dapat memperlakukannya menjadi program semacam PCAnywhere untuk mengontrol komputer dari jarak jauh melalui Internet.
6. Open Source. VNC bersifat Open Source dengan lisensi GPL (General Publik License). Dengan sifatnya ini, kita bisa dengan leluasa menggunakan dan mendistribusikannya, meski tentu saja harus mengikuti sifat lisensi open-source-nya. VNC telah disediakan secara gratis sejak tahun 1988 dan telah didownload lebih dari 50 juta copy

VNC menggunakan protokol yang sederhana berbasiskan RFB (Remote Frame Buffer). Protokol ini memungkinkan aplikasi remote mengupdate framebuffer yang ditampilkan di pengguna. Viewer di VNC tersedia untuk sistem UNIX, Linux, MS Windows, bahkan PDA. Saat ini VNC memang telah berkembang menjadi beberapa versi yg masing-masing juga dapat dijalankan dalam platform yang berbeda-beda, misalnya saja RealVNC (www.realvnc.com), TightVNC (www.tightvnc.com), dan metaVNC (http://sourceforge.net/projects/metavnc). RealVNC sekarang juga telah mempunyai versi Free, Personal edition, dan Enterprise edition, masing-masing punya harga & kemampuan yang berbeda-beda.

Instalasi VNC di Windows XP
Untuk platform Windows kita bisa menggunakan software RealVNC yg cukup bagus dan juga dapt digunakan secara gratis. Misalnya di sini kita memakai : vnc-3.3.7-x86_win32.exe.

Instalasi software VNC di Windows sangat mudah, hanya dengan menjalankan file executable instalasinya saja, mengikuti step-step instalasi yang semuanya menggunakan form-form grafis, kemudian VNC sudah siap untuk digunakan. Step-step singkat instalasinya adalah sebagai berikut :
1. Double-click pada file instalasinya, misalnya : VNC.3.3.7-x86_win32.exe.

2. Setelah tampilan window welcome & perjanjian lisensi, instalasi akan meminta memasukkan lokasi software & komponen apa saja yang dipilih.
3. Lalu setelah menentukan folder untuk start menu, instalasi akan meminta kita untuk memilih beberapa opsi tambahan berupa pembuatan icon di desktop & mendaftarkan sebagai system service.

4. Setelah tampilan review, instalasi akan berjalan sampai selesai. Setelah itu VNC akan meminta kita memasukkan password untuk dapat menjalankan service-nya dan memberi check pada bagian Accept Socket Connections. Enable Java Viewer akan mengaktifkan kemampuan akses VNC menggunakan Java aplet. Sedangkan beberapa opsi lain adalah untuk disconnect & tampilan secara remote. Setelah click Apply & OK maka instalasi VNC server & client di Windows XP telah selesai dan dapat langsung digunakan.

5. Sampai di sini service VNC di Windows telah dapat digunakan baik sebagai server maupun client.

Instalasi VNC di Linux

Untuk platform Linux di sini kita menggunakan software TightVNC yang merupakan pengembangan dari VNC standard yg juga dapat digunakan secara gratis. Versi VNC ini dirancang untuk penggunaan remote control untuk media jaringan yang lambat seperti koneksi dial-up modem. Karena itu akses dari VNC versi ini sangat cepat sesuai sifatnya yang memang dirancang untuk penggunaan jaringan dengan koneksi terbatas. Software ini sudah include dalam distro Linux Mandriva 2007.1 yang kita pakai di sini. Tinggal melakukan instalasi saja. Software-software tersebut adalah :
- tightvnc-server-1.2.9-16mdv2007.1
- tightvnc-doc-1.2.9-16mdv2007.1
- x11-server-xvnc-1.2.9-16mdv2007.1
- tightvnc-1.2.9-16mdv2007.1

Instalasi VNC di Linux secara basic adalah menggunakan command text yang diketikkan dalam shell. Misalnya untuk distro-distro Linux turunan Red Hat dapat menggunakan metode instalasi RPM (RedHat Package Manager).

Satu masalah yang sangat menyulitkan pengguna Linux dalam hal instalasi adalah masalah dependensi atau ketergantungan suatu software dengan software lain. Jadi kalau instalasi tidak mau berjalan karena software membutuhkan sebuah software lain yang jadi syaratnya, kita harus menginstalkan dulu software dependensi-nya itu yang mungkin juga masih membutuhkan software lain lagi untuk berjalan.

Karena di sini kita menggunakan Linux distro Mandriva 2007.1, sebuah distro yg juga merupakan turunan dari distro RedHat, jadi dalam penginstalan aplikasinya dapat menggunakan metode instalasi RPM yg lebih mudah daripada melakukan penginstalan dari source code. Bahkan dalam keluarga distro Mandrake/Mandriva seperti pada Mandriva 2007.1 ini sudah dilengkapi dengan tool tambahan untuk kemudahan penginstalan suatu paket software di dalam shell, yaitu “urpmi”. Bahkan keluarga distro ini juga sudah menyediakan suatu tool installer software berbasis grafis yg sangat bagus yg terdapat pada semacam control panel yg bernama MCC (Mandriva Control Centre). Instalasi via shell untuk software tightvnc seperti berikut (sebagi root) :

# urpmi vnc

maka software tightvnc akan terinstall lengkap dengan semua dependensinya.

Sedangkan instalasi dengan tampilan grafis menggunakan MCC adalah sebagai berikut :
1. Buka (double click) menu Configure Your Desktop di Linux Mandriva 2007.1 sehingga muncul window MCC Kemudian pilih tab sebelah kiri pada bagian Software Management
2. Buka bagian Install Software Packages, search dengan kata “vnc”, maka software2x yang berhubungan dengan vnc akan muncul. Kemudian pilih yang akan diinstall.

vnc_mdv5.jpg

3. Klik Apply, maka proses instalasi akan berjalan menginstalkan software yang dipilih berikut semua dependensi yang dibutuhkan olehnya.
4. Setelah semua software yang dibutuhkan terinstall, dapat dilakukan pengecekan dengan menggunakan RPM untuk memastikan semua software yang dibutuhkan sudah terinstall.

# rpm -qa |grep vnc

maka sistem akan menampilkan software2x yg berhubungan dg vnc yg telah terinstall.

5. Langkah berikutnya adalah melakukan setting terhadap aplikasi vncserver agar komputer Linux dapat di remote dari komputer lain melalui jaringan. Caranya adalah dengan mengetikkan :

# vncserver :1

Maksudnya adalah menyuruh vncserver untuk membuka koneksi remote dari luar untuk virtual desktop 1 (hal ini karena tidak seperti Windows, Linux mempunyai banyak virtual desktop). Kemudian sistem akan meminta untuk memasukkan password. Setelah password dimasukkan, maka vncserver sudah aktif dan siap untuk di remote dari komputer lain. VNC server juga akan membuat sebuah script yaitu .vnc/xstartup yang akan diletakkan di home direktori user yang digunakan waktu melakukan setting vncserver. Jadi letak dan isi dari file script ini akan berbeda tergantung dari siapa user yang sedang aktif saat melakukan setting, dan sistem Linux (distro) apa yang digunakan.

6. Kemudian terakhir adalah memastikan service vncserver berjalan dengan baik dengan melakukan perintah :
# /etc/init.d/vncserver start
# /etc/init.d/vncserver restart

Menggunakan VNC di komputer Windows
Cara menggunakan VNC di desktop Windows sangat mudah, karena dapat langsung diakses dari menu Start ataupun dengan klik dua kali pada icon yang ada di desktop (kalau fasilitas ini diinstall pada saat instalasi program). Kemudian akan muncul sebuah window untuk memulai koneksi dengan memasukkan IP address atau nama komputer tujuan yang akan diakses.

Sebelum mulai membuka koneksi, kita masih bisa memilih beberapa opsi yang mungkin akan digunakan dengan mengklik tombol Options.. maka akan muncul window Connection Options… yang bisa digunakan untuk melakukan setting penggunaan mouse, kemudian untuk Display bisa dipilih hanya untuk view saja atau Full-screen mode. Sedang pada bagian Misc terdapat opsi-opsi untuk menshare koneksi dengan user lain dan mendisable clipboard transfer.

Menggunakan VNC di komputer Linux

Menggunakan VNC di komputer Linux sedikit lebih sulit karena biasanya VNC tidak langsung membuatkan menu atau sebuah icon shortcut di desktop, tapi kita harus mengetikkan perintahnya langsung dari shell atau membuat icon shortcut sendiri secara manual. Cara menjalankan VNC dari shell adalah dengan mengetikkan perintah sbb :

> vncviewer (Tekan Enter)

maka akan muncul menu untuk menuliskan IP address atau nama komputer dan password seperti ini :

Atau bisa juga dengan langsung menuliskan command-nya di shell secara lengkap dengan opsi-opsi yang diinginkan. Perintah-perintah VNC dapat dilihat dengan mengetikkan kata “vnc” diikuti dengan menekan tombol tab, sedangkan opsi-opsi tambahan untuk perintah-perintah VNC dapat dilihat di manualnya dengan menggunakan perintah man atau –help.

# man vncserver

atau

# vncviewer –help

Setelah address tujuan dan password dimasukkan akan terbuka sebuah window yang akan berisi tampilan desktop dari komputer yang sedang kita akses secara remote. Hasil tampilan dari komputer remote dengan menggunakan VNC di Linux tidak ada perbedaan dengan di Windows. Hanya saja pada tampilan VNC di Windows mempunyai beberapa fasilitas yang sulit dilakukan di Linux. Misalnya saja fasilitas untuk mengirimkan perintah Ctrl-Alt-Del yang lazim digunakan di komputer Windows, pada VNC di Windows hal ini dapat dilakukan dengan klik kanan di bagian atas konsol aksesnya, tapi di Linux tidak dapat dilakukan. Tapi kekurangan itu dapat diatasi dengan adanya kemampuan VNC untuk diakses melalui browser yang menyediakan fasilitas sama baiknya untuk Windows ataupun Linux.

Menggunakan VNC secara lintas platform

Satu hal yang sangat menarik dari VNC adalah kemampuannya yang dapat dioperasikan secara lintas platform. Suatu VNC viewer yang dijalankan dari komputer platform apapun (Linux, Windows, Mac, dll.) dapat juga digunakan untuk mengakses komputer yang telah diinstall VNC server juga dalam platform apapun (Linux, Windows, Mac, dll.). Saya telah menggunakan VNC pada sesama komputer Windows, pada sesama komputer Linux, dari komputer Windows ke komputer Linux, dan dari komputer Linux ke komputer Windows, yang telah dicoba aksesnya menggunakan file vncviewer di Linux & Windows dan juga melalui browser Mozilla Firefox & Internet Explorer dari masing-masing platform, dan berjalan dengan baik. Gambar berikut adalah contoh penggunaan VNC viewer dari komputer Linux openSUSE 10.2 untuk mengakses secara remote komputer Windows XP Professional menggunakan port HTTP 5800 melalui browser Firefox.

Read On

[Tutorial] Remote desktop murmer via VNC di VPS berbasis CentOS

0 komentar

bahan2:
- low end VPS
- putty
- RealVNC client for WinXP

langkah2:
1. pilih & beli VPS murah meriah, untuk referensi bisa ke http://www.lowendbox.com atau ke forum WHT.
dan kalo bisa pilih yg minim RAMnya 512mb atau burstable 1gb

3. setelah dpt VPS rebuild OSnya ke centos 5.3 x86 64bit

2. buka putty, login via ssh ke root vps

3. install vnc dan x dg command:
yum -y install vnc vnc-server x11-xorg
yum groupinstall "X Window System"

4. install rpmforge:
yum install yum-priorities
rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
wget
rpm -i rpmforge-release-0.3.6-1.el5.rf.i386.rpm

5. install fluxbox buat desktopnya, knp fluxbox? krn dia cuman makan 5mb RAM
yum install fluxbox

6. eksekusi VNC-nya pake command vcnserver trus masukin password buat akses VNCnya nanti

7. bunuh VNCnya, pake perintah:
pkill -9 vnc
rm -rf /tmp/.X1*

8. edit xstartup dg nano:
nano /root/.vnc/xstartup
hapus baris terakhir (twm &) ganti dengan: fluxbox &
trus save n tutup nano-nya

9. start lagi command vncserver

10. buka realvnc client, masukin ip address vps dg format:
ipaddress:1
klik ok, masukin passwod dan voilaaa...

Read On

Enjoy Backtrack 4 even more...with Fluxbox!!!

0 komentar

If your here you obviously want to get your Flux on in Backtrack 4. When the developers didn't incorporate Fluxbox into Backtrack 4 I was bummed, but understood their reasoning. While most everyone is just fine using KDE as a window manager in Backtrack 4, I prefer a more light weight and fast window manager like Fluxbox to do my auditing and testing in. With all that being said, I'll now show you how to install Fluxbox in just a few easy steps.

Step 1.
Well the first thing your going to have to do is install Fluxbox, but first lets make sure your system is up to date. Open a shell and type:

apt-get update && apt-get upgrade

Once the updates finish downloading and installing (if any) in the same shell type:

apt-get install fluxbox

This will install everything we need to start using Fluxbox.

Step 2.
Now, log out of your KDE session and in your tty1 session type:

echo "exec startfluxbox" > ~/.xinitrc

What this command does is add the line "exec startfluxbox" to your ~/.xinitrc file. This determines what window manager loads when you type "startx".

Step 3.
Now for the fun part, in your tty1 session type:

startx

Fluxbox, right? If you ever used Fluxbox before you know to access the menu you need to right click the desktop....but whats this!?! All your menu items....they're gone!?! Not to fear my fellow minimalists, I had a good couple weeks to type you guys up a whole custom Fluxbox menu especially for Backtrack 4. You can download the custom menu file here. When you are prompted to choose a location for the file to download to, download it to:

~/.fluxbox/

You will then be prompted again that a file named "menu" already exists, click replace to replace to old menu file with the new one. If it downloads to another location you need to move it to the ~/.fluxbox/ directory or it will not work! Alright, did you notice when you right click the desktop your menu is different? Everything from the KDE version of the menu is included and in the same spots, so you wont have to do any searching for tools.

Step 4.
But wait, nothing automatically starts up in Fluxbox like it did in KDE? There is a simple fix for that problem. Open a shell and type:

cd .fluxbox/ && nano startup

This will start a nano session. The Fluxbox startup script has lots of options you can mess around with, but we need to scroll down to the bottom until you see:

# Applications you want to start with fluxbox.
# MAKE SURE THAT APPS THAT KEEP RUNNING HAVE AN "&" AT THE END.
#
# unclutter -idle 2 &
# wmnd &
# wmsmixer -w &
# idesk &

What we want to do here is erase the four commented out entries and add our own, for instance:

# Applications you want to start with fluxbox.
# MAKE SURE THAT APPS THAT KEEP RUNNING HAVE AN "&" AT THE END.
#
wicd-client &
/opt/kde3/bin/kmix &
/opt/kde3/bin/kpowersave &

This will start three things when Fluxbox starts, Wicd Network Manager, Kmix, and Kpowersave.

And that's it! Aside from configuring Fluxbox how you like, your set. Pretty easy, right? You can now enjoy Backtrack 4 through a different, more light weight window manger.

Please post any feedback or questions you may have, thanks for reading!

Read On

How to Start Networking in Backtrack

0 komentar Minggu, 31 Oktober 2010

How to Start Networking in Backtrack

This is always a huge topic and it seems simple to many of us but the fact of the matter is we have a lot of "new" people so we need to be clear about this sort of thing. (Note all commands should be run as root or with sudo)

1. To start networking in Backtrack 4 final issue the following command.

/etc/init.d/networking start

This will attempt to start all the interfaces in the /etc/network/interfaces file.

root@bt:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet dhcp

auto eth2
iface eth2 inet dhcp

auto ath0
iface ath0 inet dhcp

auto wlan0
iface wlan0 inet dhcp

If you don't have or don't want some of these interfaces then simply remove the from this file and they will not start.

If you need to set a static IP just set the variables in the /etc/network/interfaces file

auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1

You will also need to make sure you set a nameserver in /etc/resolv.conf

root@bt:~# cat /etc/resolv.conf
nameserver 192.168.0.1

So for example if all you have is eth0 and wlan0 on your system and you want them both to get a adress via DHCP then remove every thing else for the file with the exception of the lo interface. Here is a example.

root@bt:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto wlan0
iface wlan0 inet dhcp

Now if are lazy and want all this to start at boot you can simply issue this command as root

update-rc.d networking defaults

This will create all the proper sym-links

What about ssh?

So while I am on the subject I may as well go over ssh. In order to use ssh on backtrack 4 final you need to generate the keys first.

sshd-generate

after that you can start ssh like this:

/etc/init.d/ssh start

or you can add it to the boot sequence like this:

update-rc.d ssh defaults

Well thats enough to get up and running. I hope this was somewhat helpful to any one just getting started with backtrack.,

Read On

Basic MS-DOS commands

0 komentar

ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
ASSOC Change file extension associations
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes

BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info

CACLS Change file permissions
CALL Call one batch program from another
CD Change Directory - move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk - check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
COPY Copy one or more files to another location
CSVDE Import or Export Active Directory data

DATE Display or set the date
Dcomcnfg DCOM Configuration Utility
DEFRAG Defragment hard drive
DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directory
DSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory

ECHO Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE Delete one or more files
EXIT Quit the CMD shell
EXPAND Uncompress files
EXTRACT Uncompress CAB files

FC Compare two files
FDISK Disk Format and partition
FIND Search for a text string in a file
FINDSTR Search for strings in files
FOR /F Loop command: against a set of files
FOR /F Loop command: against the results of another command
FOR Loop command: all options Files, Directory, List
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
FTYPE Display or modify file types used in file extension associations

GLOBAL Display membership of global groups
GOTO Direct a batch program to jump to a labelled line

HELP Online Help
HFNETCHK Network Security Hotfix Checker

IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure IP

KILL Remove a program from memory

LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF Log a user off
LOGTIME Log the date and time in a file

MAPISEND Send email from the command line
MEM Display memory usage
MD Create new folders
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files

NET Manage network resources
NETDOM Domain Manager
NETSH Configure network protocols
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights

PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
POPD Restore the previous value of the current directory saved by PUSHD
PORTQRY Display the status of ports and services
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who's logged on (locally or via resource sharing)
PsLogList Event log records
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
PUSHD Save and then change the current directory

QGREP Search file(s) for lines that match a given pattern.

RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Read, Set or Delete registry keys
and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
REM Record comments (remarks) in a batch file
REN Rename a file or files.
REPLACE Replace or update one file with another
RD Delete folder(s)
RDISK Create a Recovery Disk
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)

SC Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST Display NT Services
ScriptIt Control GUI applications
SET Display, set, or remove environment variables
SETLOCAL Control the visibility of environment variables
SETX Set environment variables permanently
SHARE List or edit a file share or print share
SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SOON Schedule a command to run in the near future
SORT Sort input
START Start a separate window to run a specified program or command
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration

TASKLIST List running applications and services
TIME Display or set the system time
TIMEOUT Delay processing of a batch file
TITLE Set the window title for a CMD.EXE session
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
TYPE Display the contents of a text file

USRSTAT List domain usernames and last login

VER Display version information
VERIFY Verify that files have been saved
VOL Display a disk label

WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnostics II
WMIC WMI Commands

XCACLS Change file permissions
XCOPY Copy files and folders

Read On

Backtrack 4 Final Persistent USB Easiest Way

0 komentar

Well, this is a small shell script I have written to make just any USB flash drive to a fully working persistent install of phenomenal BT. Well, the obvious question that may arise in your mind that why again another tutorial for the same persistent "thing". Well, I too don't favor re-inventing the old wheel. But IMHO this method has some advantages like:

- As easy as 1-2-3
- No need to format, partition the USB drive.

- No need to install grub. We can use the easy UnetBootin as we did earlier
- Interestingly we can share our pre-created BT4 "persistence" with our friends, even from Windows.
- Restore your persistence, incase of accidental or emergency USB disk format.
Now if any of the above points interests you, you can continue reading this thread. For this method you need to 1 bootable BT4 media (may be a DVD or bootable USB) and another with USB disk.
Now follow these steps:
1. Use UnetBootin tool to copy the BT4 ISO to your target USB drive.
2. Reboot your PC, with the second BT4 bootable media (e.g. DVD)
3. Connect your USB disk and mount it in Konqueror, in other words simply double click it.
4. Run the following script:

Code:

#!/bin/bash
USB_PATH=none
RW_SIZE=none
clear
echo "WARNING: Before running this script, confirm that the target USB"
echo "drive has WRITE permission and it has been mounted. If you are"
echo "unsure press Ctrl+C and check before running this script again."
echo " "
sleep 3
echo "Enter the path to your mounted USB disk: (e.g. /media/disk-0):"
read USB_PATH
echo " "
echo "Enter the amount of space you want to allocate, in MB (e.g. 1024 = 1GB or 4096 = 4GB):"
read RW_SIZE
echo " "
echo "Stop all operations on target disk,"
echo "sleeping for 5 seconds before processing..."
sleep 5
echo " "
echo "Task starting, this may take several minutes..."
dd if=/dev/zero of/$USB_PATH/casper-rw bs=1M count=$RW_SIZE
mkfs.ext3 -F /$USB_PATH/casper-rw
echo "Task completed successfully. Reboot PC in persistent mode! :)"

5. In your target USB drive, open the file /syslinux.cfg in your favorite editor e.g. Kate and change the line

Code:

initrd=/boot/initrd.gz BOOT=casper boot=casper persistent rw quiet

to

Code:

initrd=/boot/initrd.gz BOOT=casper boot=casper persistent rw quiet vga=0x317

6. Reboot and enjoy persistence.

Now if you want to share your persistence with others or just want to keep a back-up so that you need to restore it later, for any reasons then plug in the USB disk and copy the casper-rw file to a safe location of your hard-disk. You can distribute this file with all your changes saved there in.

Thats all for now. Please be kind, if I made any mistakes.

from >>http://www.backtrack-linux.org/forums/backtrack-howtos/819-backtrack-4-final-persistent-usb-***easiest-way***.html

Read On

HowTo Install Immunity Debugger by Wine

0 komentar

Lightbulb HowTo Install Immunity Debugger by Wine

link for download:
IMMUNITY : Knowing You're Secure

News
IMMUNITY : Knowing You're Secure

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

* A debugger with functionality designed specifically for the security industry
* Cuts exploit development time by 50%
* Simple, understandable interfaces
* Robust and powerful scripting language for automating intelligent debugging
* Lightweight and fast debugging to prevent corruption during complex analysis
* Connectivity to fuzzers and exploit development tools

The Best of Both Worlds
Immunity Debugger's interfaces include the GUI and a command line. The command line is always available at the bottom of the GUI. It allows the user to type shortcuts as if they were in a typical text-based debugger, such as WinDBG or GDB. Immunity has implemented aliases to ensure that your WinDBG users do not have to be retrained and will get the full productivity boost that comes from the best debugger interface on the market.

Commands can be extended in Python as well, or run from the menu-bar.

HowTo Install Immunity Debugger by Wine

Step 1
Create folders in:

/pentest/re/immunity_debugger

Step 2a
Click in file:
ImmunityDebugger_1_73_setup.exe

Step 2b
Click in "I Agree"

Step 3
Click in "Install" and use Path C:\Program Files\Immunity Inc\Immunity Debugger

Step 4
Download Python 2.7 Release

Step 5
Execute shell:
#wine msiexec /i python-2.7.msi

Step 6
Option "Install for all users"

C:\Python27\
next, next, next and Finish

Step 7
Delete desktop icon "Immunity Debugger"

Step 8
- Click "Dragon Icon" right click and click "Menu Editor"
- Move Menu "Wine->Programs->Immunity Inc->" to "Backtrack"->Reverse Engineering""

Step 9
Save "menu editor" File->Save

Step 10
Click "Dragon Icon"->"Backtrack"->"Reverse Engineering"->"Immunity Inc"->"Immunity Debugger"->"Immunity Debugger"

Happy Exploits, Shellcodes, Nops:)

@firebitsbr

Read On

ssh command

0 komentar Minggu, 28 Maret 2010

Common SSH Commands or Linux Shell Commands,
ls : list files/directories in a directory, comparable to dir in windows/dos.
ls -al : shows all files (including ones that start with a period), directories, and details attributes for each file.

cd : change directory � � cd /usr/local/apache : go to /usr/local/apache/ directory
cd ~ : go to your home directory
cd - : go to the last directory you were in
cd .. : go up a directory cat : print file contents to the screen

cat filename.txt : cat the contents of filename.txt to your screen

chmod: changes file access permissions
The set of 3 go in this order from left to right:
USER - GROUP - EVERONE

Article provided by WebHostGear.com

0 = --- No permission
1 = --X Execute only
2 = -W- Write only
3 = -WX Write and execute
4 = R-- Read only
5 = R-X Read and execute
6 = RW- Read and write
7 = RWX Read, write and execute

Usage:
chmod numberpermissions filename

chmod 000 : No one can access
chmod 644: Usually for HTML pages
chmod 755: Usually for CGI scripts

chown: changes file ownership permissions
The set of 2 go in this order from left to right:
USER - GROUP

chown root myfile.txt : Changes the owner of the file to root
chown root.root myfile.txt : Changes the owner and group of the file to root

tail : like cat, but only reads the end of the file
tail /var/log/messages : see the last 20 (by default) lines of /var/log/messages
tail -f /var/log/messages : watch the file continuously, while it's being updated
tail -200 /var/log/messages : print the last 200 lines of the file to the screen

more : like cat, but opens the file one screen at a time rather than all at once
more /etc/userdomains : browse through the userdomains file. hit Spaceto go to the next page, q to quit

pico : friendly, easy to use file editor
pico /home/burst/public_html/index.html : edit the index page for the user's website.

File Editing with VI ssh commands
vi : another editor, tons of features, harder to use at first than pico
vi /home/burst/public_html/index.html : edit the index page for the user's website.
Whie in the vi program you can use the following useful commands, you will need to hit SHIFT + : to go into command mode

:q! : This force quits the file without saving and exits vi
:w : This writes the file to disk, saves it
:wq : This saves the file to disk and exists vi
:LINENUMBER : EG :25 : Takes you to line 25 within the file
:$ : Takes you to the last line of the file
:0 : Takes you to the first line of the file

grep : looks for patterns in files
grep root /etc/passwd : shows all matches of root in /etc/passwd
grep -v root /etc/passwd : shows all lines that do not match root

ln : create's "links" between files and directories
ln -s /usr/local/apache/conf/httpd.conf /etc/httpd.conf : Now you can edit /etc/httpd.conf rather than the original. changes will affect the orginal, however you can delete the link and it will not delete the original.

last : shows who logged in and when
last -20 : shows only the last 20 logins
last -20 -a : shows last 20 logins, with the hostname in the last field

w : shows who is currently logged in and where they are logged in from.
who : This also shows who is on the server in an shell.

netstat : shows all current network connections.
netstat -an : shows all connections to the server, the source and destination ips and ports.
netstat -rn : shows routing table for all ips bound to the server.

top : shows live system processes in a nice table, memory information, uptime and other useful info. This is excellent for managing your system processes, resources and ensure everything is working fine and your server isn't bogged down.
top then type Shift + M to sort by memory usage or Shift + P to sort by CPU usage

ps: ps is short for process status, which is similar to the top command. It's used to show currently running processes and their PID.
A process ID is a unique number that identifies a process, with that you can kill or terminate a running program on your server (see kill command).
ps U username : shows processes for a certain user
ps aux : shows all system processes
ps aux --forest : shows all system processes like the above but organizes in a hierarchy that's very useful!

touch : create an empty file
touch /home/burst/public_html/404.html : create an empty file called 404.html in the directory /home/burst/public_html/

file : attempts to guess what type of file a file is by looking at it's content.
file * : prints out a list of all files/directories in a directory

du : shows disk usage.
du -sh : shows a summary, in human-readble form, of total disk space used in the current directory, including subdirectories.
du -sh * : same thing, but for each file and directory. helpful when finding large files taking up space.

wc : word count
wc -l filename.txt : tells how many lines are in filename.txt

cp : copy a file
cp filename filename.backup : copies filename to filename.backup
cp -a /home/burst/new_design/* /home/burst/public_html/ : copies all files, retaining permissions form one directory to another.
cp -av * ../newdir : Copies all files and directories recurrsively in the current directory INTO newdir

mv : Move a file command
mv oldfilename newfilename : Move a file or directory from oldfilename to newfilename

rm : delete a file
rm filename.txt : deletes filename.txt, will more than likely ask if you really want to delete it
rm -f filename.txt : deletes filename.txt, will not ask for confirmation before deleting.
rm -rf tmp/ : recursively deletes the directory tmp, and all files in it, including subdirectories. BE VERY CAREFULL WITH THIS COMMAND!!!

TAR: Creating and Extracting .tar.gz and .tar files
tar -zxvf file.tar.gz : Extracts the file
tar -xvf file.tar : Extracts the file
tar -cf archive.tar contents/ : Takes everything from contents/ and puts it into archive.tar
gzip -d filename.gz : Decompress the file, extract it

ZIP Files: Extracting .zip files shell command
unzip file.zip

Firewall - iptables commands
iptables -I INPUT -s IPADDRESSHERE -j DROP : This command stops any connections from the IP address
iptables -L : List all rules in iptables
iptables -F : Flushes all iptables rules (clears the firewall)
iptables --save : Saves the currenty ruleset in memory to disk
service iptables restart : Restarts iptables

Apache Shell Commands
httpd -v : Outputs the build date and version of the Apache server.
httpd -l : Lists compiled in Apache modules
httpd status : Only works if mod_status is enabled and shows a page of active connections
service httpd restart : Restarted Apache web server

MySQL Shell Commands
mysqladmin processlist : Shows active mysql connections and queries
mysqladmin drop databasenamehere : Drops/deletes the selected database
mysqladmin create databasenamehere : Creates a mysql database

Restore MySQL Database Shell Command
mysql -u username -p password databasename < databasefile.sql : Restores a MySQL database from databasefile.sql

Backup MySQL Database Shell Command
mysqldump -u username -p password databasename > databasefile.sql : Backup MySQL database to databasefile.sql

kill: terminate a system process
kill -9 PID EG: kill -9 431
kill PID EG: kill 10550
Use top or ps ux to get system PIDs (Process IDs)

EG:

PID TTY TIME COMMAND
10550 pts/3 0:01 /bin/csh
10574 pts/4 0:02 /bin/csh
10590 pts/4 0:09 APP

Each line represents one process, with a process being loosely defined as a running instance of a program. The column headed PID (process ID) shows the assigned process numbers of the processes. The heading COMMAND shows the location of the executed process.

Putting commands together
Often you will find you need to use different commands on the same line. Here are some examples. Note that the | character is called a pipe, it takes date from one program and pipes it to another.
> means create a new file, overwriting any content already there.
>> means tp append data to a file, creating a newone if it doesn not already exist.
< send input from a file back into a command.

grep User /usr/local/apache/conf/httpd.conf |more
This will dump all lines that match User from the httpd.conf, then print the results to your screen one page at a time.

last -a > /root/lastlogins.tmp
This will print all the current login history to a file called lastlogins.tmp in /root/

tail -10000 /var/log/exim_mainlog |grep domain.com |more
This will grab the last 10,000 lines from /var/log/exim_mainlog, find all occurances of domain.com (the period represents 'anything',
-- comment it out with a so it will be interpretted literally), then send it to your screen page by page.

netstat -an |grep :80 |wc -l
Show how many active connections there are to apache (httpd runs on port 80)

mysqladmin processlist |wc -l
Show how many current open connections there are to mysql

Read On

menghapus hak akses vps

0 komentar Rabu, 17 Maret 2010

Sistem operasi Linux dari awalnya memang sudah dirancang untuk bekerja dengan banyak user, artinya adalah di Linux Kita bisa melakukan login dengan berbagai nama user, dan tentu saja dengan hak yang berbeda-beda dan h

ak akses yang berbeda pula untuk file dan direktori.

Tidak hanya membuat user saja, tetapi semua user yang ada dapat dikelompokkan. Contohnya, Kita dapat mengelompokkan user berdasarkan departemen yang ada di perusahaan, contohnya group Marketing, Purchasing, Finance, Accounting, dsb.

Sekarang bagaimana caranya kita membuat user dan group di Linux? Caranya cukup mudah, dan seperti Saya beritahukan di awal thread, Kita akan melakukan semuanya melalui command line atau biasa disebut text based.

* Membuat user, gunakan perintah # useradd NamaUser
Perintah tersebut akan membuat user baru sesuai dengan nama user yang kita masukan. Perhatikan juga bahwa pembuatan user tersebut akan membuatkan 1 direktori sesuai dengan nama user tersebut pada direktori /home. Selain itu, default group user ini adalah nama user itu juga.
* Melihat daftar user yang ada, perintahnya # cat /etc/passwd
* Daftar user tersebut, nantinya akan berbentuk seperti ini

Quote:
guest:x:500:500:guest:/home/guest:/bin/bash

Dari daftar tersebut, terlihat kalau daftar tersebut terbagi menjadi 7 kolom/bagian yang dipisahkan oleh tanda : (titik dua).
o Kolom 1 berisi username
o Kolom 2 berisi password (hanya ditandi dengan tanda ‘x’ yang berarti mempunyai password)
o Kolom 3 berisi UID (user ID), UID ini selalu dimulai dari 500
o Kolom 4 berisi GID (Group ID), GUID ini juga selalu dimulai dari 500
o Kolom 5 berisi Full name user
o Kolom 6 berisi home direktori user
o Kolom 7 berisi shell user tersebut
* Melihat password user dalam bentuk terekripsi, perintahnya # cat /etc/shadow
* Menghapus user, gunakan perintah # userdel namauser
Perintah ini akan menghapus user yang kita masukan, tetapi tidak menghapus direktori user di folder /home.
* Menghapus user dan folder home-nya, gunakan perintah # userdel -r namauser
* Membuat Group, gunakan perintah # groupadd NamaGroup
Perintah tersebut akan membuat suatu group baru. Saat baru dibuat group ini akan kosong, artinya tidak ada anggota pada group ini. Seperti penjelasan di atas, bahwa setiap pembuatan GID ini akan dimulai dari 500. Sekarang bagaimana jika kita ingin memberikan GID ini dengan 700? Gunakan perintah # groupadd -g 700 NamaGroup.
* Melihat daftar group yang ada, gunakan perintah # cat /etc/group
* Menambahkan user ke group tertentu, perintahnya # usermod -G NamaGroup NamaUser
* Menghapus Group, gunakan perintah # groupdel NamaGroup

Read On

menghapus hak akses client vpn

0 komentar Selasa, 16 Maret 2010

edit openssl.cnf di folder easy-rsa/2.0 pada bagian berikut, (beri tanda comment '#'):

#[ pkcs11_section ]
#engine_id = pkcs11
#dynamic_path = /usr/lib/engines/engine_pkcs11.so
#MODULE_PATH = $ENV::PKCS11_MODULE_PATH
#PIN = $ENV::PKCS11_PIN
#init = 0

klo udah, lakukan:
source ./vars
./vars
./revoke-full namaklien

setelah itu, kopi file keys/crl.pem ke folder mana suka, misalnnya /etc/openvpn

lalu edit file server.conf, tambahkan baris berikut:
crl-verify /etc/openvpn/crl.pem

Read On

Install Squid Proxy Server on CentOS / Redhat enterprise Linux 5

0 komentar Senin, 15 Maret 2010

sumber : http://www.cyberciti.biz/tips/howto-rhel-centos-fedora-squid-installation-configuration.html

# yum install squid

Squid Basic Configuration

# vi /etc/squid/squid.conf

At least you need to define ACL (access control list) to work with squid. The defaults port is TCP 3128. Following example ACL allowing access from your local networks 192.168.1.0/24 and 192.168.2.0/24. Make sure you adapt to list your internal IP networks from where browsing should be allowed:

acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks

# chkconfig squid on
# /etc/init.d/squid start

# netstat -tulpn | grep 3128

tcp        0      0 0.0.0.0:3128                0.0.0.0:*                   LISTEN      20653/(squid)

Open TCP port 3128

Finally make sure iptables is allowing to access squid proxy server. Just open /etc/sysconfig/iptables file:
# vi /etc/sysconfig/iptables
Append configuration:
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 3128 -j ACCEPT
Restart iptables based firewall:
# /etc/init.d/iptables restart
Output:

Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] Applying iptables firewall rules: [ OK ] Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]

Client configuration

Open a webbrowser > Tools > Internet option > Network settings > and setup Squid server IP address and port # 3128.

Read On

perintah perintah di command prompt

0 komentar Rabu, 24 Februari 2010

ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
ASSOC Change file extension associations
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes
BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info
CACLS Change file permissions
CALL Call one batch program from another
CD Change Directory – move to a specific Folder

CHANGE Change Terminal Server Session properties
CHKDSK Check Disk – check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
COPY Copy one or more files to another location
CSVDE Import or Export Active Directory data
DATE Display or set the date
Dcomcnfg DCOM Configuration Utility
DEFRAG Defragment hard drive
DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directory
DSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory
ECHO Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE Delete one or more files
EXIT Quit the CMD shell
EXPAND Uncompress files
EXTRACT Uncompress CAB files
FC Compare two files
FDISK Disk Format and partition
FIND Search for a text string in a file
FINDSTR Search for strings in files
FOR /F Loop command: against a set of files
FOR /F Loop command: against the results of another command
FOR Loop command: all options Files, Directory, List
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
FTYPE Display or modify file types used in file extension associations
GLOBAL Display membership of global groups
GOTO Direct a batch program to jump to a labelled line
HELP Online Help
HFNETCHK Network Security Hotfix Checker
IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure IP
KILL Remove a program from memory
LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF Log a user off
LOGTIME Log the date and time in a file
MAPISEND Send email from the command line
MEM Display memory usage
MD Create new folders
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files
NET Manage network resources
NETDOM Domain Manager
NETSH Configure network protocols
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights
PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
POPD Restore the previous value of the current directory saved by PUSHD
PORTQRY Display the status of ports and services
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who’s logged on (locally or via resource sharing)
PsLogList Event log records
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
PUSHD Save and then change the current directory
QGREP Search file(s) for lines that match a given pattern.
RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Read, Set or Delete registry keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
REM Record comments (remarks) in a batch file
REN Rename a file or files.
REPLACE Replace or update one file with another
RD Delete folder(s)
RDISK Create a Recovery Disk
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)
SC Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST Display NT Services
ScriptIt Control GUI applications
SET Display, set, or remove environment variables
SETLOCAL Control the visibility of environment variables
SETX Set environment variables permanently
SHARE List or edit a file share or print share
SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SOON Schedule a command to run in the near future
SORT Sort input
START Start a separate window to run a specified program or command
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration
TASKLIST List running applications and services
TIME Display or set the system time
TIMEOUT Delay processing of a batch file
TITLE Set the window title for a CMD.EXE session
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
TYPE Display the contents of a text file
USRSTAT List domain usernames and last login
VER Display version information
VERIFY Verify that files have been saved
VOL Display a disk label
WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnostics II
WMIC WMI Commands
XCACLS Change file permissions
XCOPY Copy files and folders

Read On

all about iptables

0 komentar Jumat, 19 Februari 2010

terus terang masih bingung banget nih..seumur umur lum pernah mainan linux.. giliran pegang server problem yang terjadi sering banget karena ip tablesnya.. dr pada bingung skalian belajar dan sebagai dokumentasi terus terang aku copas dari

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/s1-fireall-ipt-act.html

buat bahan bacaan .. moga moga cepet paham lah..

The first step in using iptables is to start the iptables service. Use the following command to start the iptables service:

[root@myServer ~] # service iptables start
The ip6tables service can be turned off if you intend to use the iptables service only. If you deactivate the ip6tables service, remember to deactivate the IPv6 network also. Never leave a network device active without the matching firewall.
To force iptables to start by default when the system is booted, use the following command:

[root@myServer ~] # chkconfig --level 345 iptables on

The following sample iptables command illustrates the basic command syntax:

[root@myServer ~ ] # iptables -A -j

The -A option specifies that the rule be appended to . Each chain is comprised of one or more rules, and is therefore also known as a ruleset.

The three built-in chains are INPUT, OUTPUT, and FORWARD. These chains are permanent and cannot be deleted. The chain specifies the point at which a packet is manipulated.

The -j option specifies the target of the rule; i.e., what to do if the packet matches the rule. Examples of built-in targets are ACCEPT, DROP, and REJECT.

Refer to the iptables man page for more information on the available chains, options, and targets.

Establishing basic firewall policies creates a foundation for building more detailed, user-defined rules.

Each iptables chain is comprised of a default policy, and zero or more rules which work in concert with the default policy to define the overall ruleset for the firewall.

The default policy for a chain can be either DROP or ACCEPT. Security-minded administrators typically implement a default policy of DROP, and only allow specific packets on a case-by-case basis. For example, the following policies block all incoming and outgoing packets on a network gateway:

[root@myServer ~ ] # iptables -P INPUT DROP

Changes to iptables are transitory; if the system is rebooted or if the iptables service is restarted, the rules are automatically flushed and reset. To save the rules so that they are loaded when the iptables service is started, use the following command:

[root@myServer ~ ] # service iptables save

The rules are stored in the file /etc/sysconfig/iptables and are applied whenever the service is started or the machine is rebooted.

Common IPTables Filtering

Preventing remote attackers from accessing a LAN is one of the most important aspects of network security. The integrity of a LAN should be protected from malicious remote users through the use of stringent firewall rules.

However, with a default policy set to block all incoming, outgoing, and forwarded packets, it is impossible for the firewall/gateway and internal LAN users to communicate with each other or with external resources.

To allow users to perform network-related functions and to use networking applications, administrators must open certain ports for communication.

For example, to allow access to port 80 on the firewall, append the following rule:

[root@myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

This allows users to browse websites that communicate using the standard port 80. To allow access to secure websites (for example, https://www.example.com/), you also need to provide access to port 443, as follows:

[root@myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

Important

When creating an iptables ruleset, order is important.

If a rule specifies that any packets from the 192.168.100.0/24 subnet be dropped, and this is followed by a rule that allows packets from 192.168.100.13 (which is within the dropped subnet), then the second rule is ignored.

The rule to allow packets from 192.168.100.13 must precede the rule that drops the remainder of the subnet.

To insert a rule in a specific location in an existing chain, use the -I option. For example:

[root@myServer ~ ] # iptables -I INPUT 1 -i lo -p all -j ACCEPT

This rule is inserted as the first rule in the INPUT chain to allow local loopback device traffic.

There may be times when you require remote access to the LAN. Secure services, for example SSH, can be used for encrypted remote connection to LAN services.

Administrators with PPP-based resources (such as modem banks or bulk ISP accounts), dial-up access can be used to securely circumvent firewall barriers. Because they are direct connections, modem connections are typically behind a firewall/gateway.

For remote users with broadband connections, however, special cases can be made. You can configure iptables to accept connections from remote SSH clients. For example, the following rules allow remote SSH access:

[root@myServer ~ ] # iptables -A INPUT -p tcp --dport 22 -j ACCEPT

`FORWARD` and NAT Rules

Most ISPs provide only a limited number of publicly routable IP addresses to the organizations they serve.

Administrators must, therefore, find alternative ways to share access to Internet services without giving public IP addresses to every node on the LAN. Using private IP addresses is the most common way of allowing all nodes on a LAN to properly access internal and external network services.

Edge routers (such as firewalls) can receive incoming transmissions from the Internet and route the packets to the intended LAN node. At the same time, firewalls/gateways can also route outgoing requests from a LAN node to the remote Internet service.

This forwarding of network traffic can become dangerous at times, especially with the availability of modern cracking tools that can spoof internal IP addresses and make the remote attacker's machine act as a node on your LAN.

To prevent this, iptables provides routing and forwarding policies that can be implemented to prevent abnormal usage of network resources.

The FORWARD chain allows an administrator to control where packets can be routed within a LAN. For example, to allow forwarding for the entire LAN (assuming the firewall/gateway is assigned an internal IP address on eth1), use the following rules:

[root@myServer ~ ] # iptables -A FORWARD -i eth1 -j ACCEPT [root@myServer ~ ] # iptables -A FORWARD -o eth1 -j ACCEPT

This rule gives systems behind the firewall/gateway access to the internal network. The gateway routes packets from one LAN node to its intended destination node, passing all packets through its eth1 device.

Note

By default, the IPv4 policy in Red Hat Enterprise Linux kernels disables support for IP forwarding. This prevents machines that run Red Hat Enterprise Linux from functioning as dedicated edge routers. To enable IP forwarding, use the following command:

[root@myServer ~ ] # sysctl -w net.ipv4.ip_forward=1

This configuration change is only valid for the current session; it does not persist beyond a reboot or network service restart. To permanently set IP forwarding, edit the /etc/sysctl.conf file as follows:

Locate the following line:

net.ipv4.ip_forward = 0

Edit it to read as follows:

net.ipv4.ip_forward = 1

Use the following command to enable the change to the sysctl.conf file:

[root@myServer ~ ] # sysctl -p /etc/sysctl.conf

Postrouting and IP Masquerading

Accepting forwarded packets via the firewall's internal IP device allows LAN nodes to communicate with each other; however they still cannot communicate externally to the Internet.

To allow LAN nodes with private IP addresses to communicate with external public networks, configure the firewall for IP masquerading, which masks requests from LAN nodes with the IP address of the firewall's external device (in this case, eth0):

[root@myServer ~ ] # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

This rule uses the NAT packet matching table (-t nat) and specifies the built-in POSTROUTING chain for NAT (-A POSTROUTING) on the firewall's external networking device (-o eth0).

POSTROUTING allows packets to be altered as they are leaving the firewall's external device.

The -j MASQUERADE target is specified to mask the private IP address of a node with the external IP address of the firewall/gateway.

Prerouting

If you have a server on your internal network that you want make available externally, you can use the -j DNAT target of the PREROUTING chain in NAT to specify a destination IP address and port where incoming packets requesting a connection to your internal service can be forwarded.

For example, if you want to forward incoming HTTP requests to your dedicated Apache HTTP Server at 172.31.0.23, use the following command:

[root@myServer ~ ] # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.31.0.23:80

This rule specifies that the nat table use the built-in PREROUTING chain to forward incoming HTTP requests exclusively to the listed destination IP address of 172.31.0.23.


[root@myServer ~ ] # iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT

These rules allow incoming and outbound access for an individual system, such as a single PC directly connected to the Internet or a firewall/gateway. However, they do not allow nodes behind the firewall/gateway to access these services. To allow LAN access to these services, you can use Network Address Translation (NAT) with iptables filtering rules.


[root@myServer ~ ] # iptables -P OUTPUT DROP

It is also recommended that any forwarded packets — network traffic that is to be routed from the firewall to its destination node — be denied as well, to restrict internal clients from inadvertent exposure to the Internet. To do this, use the following rule:

[root@myServer ~ ] # iptables -P FORWARD DROP

When you have established the default policies for each chain, you can create and save further rules for your particular network and security requirements.

The following sections describe how to save iptables rules and outline some of the rules you might implement in the course of building your iptables firewall.

Malicious Software and Spoofed IP Addresses

More elaborate rules can be created that control access to specific subnets, or even specific nodes, within a LAN. You can also restrict certain dubious applications or programs such as trojans, worms, and other client/server viruses from contacting their server.

For example, some trojans scan networks for services on ports from 31337 to 31340 (called the elite ports in cracking terminology).

Since there are no legitimate services that communicate via these non-standard ports, blocking them can effectively diminish the chances that potentially infected nodes on your network independently communicate with their remote master servers.

The following rules drop all TCP traffic that attempts to use port 31337:

[root@myServer ~ ] # iptables -A OUTPUT -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP [root@myServer ~ ] # iptables -A FORWARD -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP

You can also block outside connections that attempt to spoof private IP address ranges to infiltrate your LAN.

For example, if your LAN uses the 192.168.1.0/24 range, you can design a rule that instructs the Internet-facing network device (for example, eth0) to drop any packets to that device with an address in your LAN IP range.

Because it is recommended to reject forwarded packets as a default policy, any other spoofed IP address to the external-facing device (eth0) is rejected automatically.

[root@myServer ~ ] # iptables -A FORWARD -s 192.168.1.0/24 -i eth0 -j DROP

Note

There is a distinction between the DROP and REJECT targets when dealing with appended rules.

The REJECT target denies access and returns a connection refused error to users who attempt to connect to the service. The DROP target, as the name implies, drops the packet without any warning.

Administrators can use their own discretion when using these targets. However, to avoid user confusion and attempts to continue connecting, the REJECT target is recommended

IPTables and Connection Tracking

You can inspect and restrict connections to services based on their connection state. A module within iptables uses a method called connection tracking to store information about incoming connections. You can allow or deny access based on the following connection states:

NEW — A packet requesting a new connection, such as an HTTP request.
ESTABLISHED — A packet that is part of an existing connection.
RELATED — A packet that is requesting a new connection but is part of an existing connection. For example, FTP uses port 21 to establish a connection, but data is transferred on a different port (typically port 20).
INVALID — A packet that is not part of any connections in the connection tracking table.

You can use the stateful functionality of iptables connection tracking with any network protocol, even if the protocol itself is stateless (such as UDP). The following example shows a rule that uses connection tracking to forward only the packets that are associated with an established connection:

[root@myServer ~ ] # iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

IPv6

The introduction of the next-generation Internet Protocol, called IPv6, expands beyond the 32-bit address limit of IPv4 (or IP). IPv6 supports 128-bit addresses, and carrier networks that are IPv6 aware are therefore able to address a larger number of routable addresses than IPv4.

Red Hat Enterprise Linux supports IPv6 firewall rules using the Netfilter 6 subsystem and the ip6tables command. In Red Hat Enterprise Linux 5, both IPv4 and IPv6 services are enabled by default.

The ip6tables command syntax is identical to iptables in every aspect except that it supports 128-bit addresses. For example, use the following command to enable SSH connections on an IPv6-aware network server:

[root@myServer ~ ] # ip6tables -A INPUT -i eth0 -p tcp -s 3ffe:ffff:100::1/128 --dport 22 -j ACCEPT

For more information about IPv6 networking, refer to the IPv6 Information Page at http://www.ipv6.org/.

tetep aja belum paham nih...

*#@???... hah.. :pusing:

Read On

Reehan's Blog

Google Operating System (2010)

DHCP Server di Linux dg client Linux & Windows

Remote Control VNC untuk Linux dan Windows

[Tutorial] Remote desktop murmer via VNC di VPS berbasis CentOS

Enjoy Backtrack 4 even more...with Fluxbox!!!

How to Start Networking in Backtrack

Basic MS-DOS commands

Backtrack 4 Final Persistent USB Easiest Way

HowTo Install Immunity Debugger by Wine

ssh command

menghapus hak akses vps

menghapus hak akses client vpn

Install Squid Proxy Server on CentOS / Redhat enterprise Linux 5

Squid Basic Configuration

Open TCP port 3128

Client configuration

perintah perintah di command prompt

all about iptables

Common IPTables Filtering

Important

`FORWARD` and NAT Rules

Note

Postrouting and IP Masquerading

Prerouting

Malicious Software and Spoofed IP Addresses

Note

IPTables and Connection Tracking

IPv6

Blog Archive

Labels

Squid Basic Configuration

Open TCP port 3128

Client configuration

Common IPTables Filtering

Important

FORWARD and NAT Rules

Note

Postrouting and IP Masquerading

Prerouting

Malicious Software and Spoofed IP Addresses

Note

IPTables and Connection Tracking

IPv6

Blog Archive

Labels

`FORWARD` and NAT Rules