INSTALASI DEBIAN LINUX 4.0 PADA MODE TEXT
1. Setting BIOS dengan first booting pada CD ROM .
2. Masukkan CD Installer Debian Linux 4.0. 3. Pilih bahasa. Memilih bahasa yang akan digunakan, pilih English 1) Choose country or region Memilih Negara, pilihlah Indonesia 2) Select a keyboard layout Memilih keyboard, pilih American English.
3) Detect and mount CD ROM Komputer akan mendeteksi hardware untuk pencarian driver CD ROM, pilih yes.
4) Load Installer components from CD Tunggulah selama computer sedang dalam proses.
5) Detect network hardware computer akan mencari hardware untuk jaringan.
6) Configure the network Untuk Configure network, kita lewati saja.
7) Detect disk Computer sedang dalam proses untuk mendeteksi disk.
8) Partition disk Pilih Manually edit partition table Buat 3 bagian untuk partisi pada harddisk 1. Root = 4 GB, filesystem = ext, type= primary 2. Home = 3,5 GB, filesystem = ext, type=logical 3. Swap area = 512 MB, filesystem = swap Setelah selesai, pilih Finish partition and write, pilih yes.
9) Configure time zone computer akan mengkonfigurasi untuk waktu yang digunakan menurut wilayah.
10) Configure the clock Konfigurasi untuk jam menurut wilayah, pilih NO.
11) Set up users and password Langkah pertama buatlah password untuk root Masukkan lagi password yang sama Kemudian buatlah user baru, masukkan nama user Buatlah nama untuk user account juga Masukkan password untuk user Masukkan lagi password yang sama untuk user.
12) Install the base system Komputer akan menginstal system dasar linux debian.
13) Configure the package manager Komputer mengkonfigurasi “package manager”.
14) Select and Install software Komputer akan menginstall software yang ada.
15) Install the GRUB boot loader on a harddisk Komputer menginstall GRUB boot loader, pilih yes.
16) Install the LILO boot loader on a harddisk.
17) Continue without boot loader.
18) Finish the Installation Setelah instalasi selesai dan akan muncul tampilan sebagai berikut, pilih continue dan computer akan reboot dengan sendirinya.
DNS Server
1. Instalasi : #apt-get install bind9
2. Setelah instalasi selesai, tambahkan perintah pada file : #pico /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include “/etc/bind/named.conf.options”;
// prime the server with knowledge of the root servers zone “.” { type hint; file “/etc/bind/db.root”; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone “localhost” { type master; file “/etc/bind/db.local”; }; zone “127.in-addr.arpa” { type master; file “/etc/bind/db.127″; }; zone “debian .com.” { < domain name/dns type master; file “/etc/bind/db.debian”; }; zone “192.in-addr.arpa” { type master; file “/etc/bind/db.192″; }; zone “0.in-addr.arpa” { type master; file “/etc/bind/db.0″; }; zone “255.in-addr.arpa” { type master; file “/etc/bind/db.255″; }; // zone “com” { type delegation-only; }; // zone “net” { type delegation-only; }; // From the release notes: // Because many of our users are uncomfortable receiving undelegated answers // from root or top level domains, other than a few for whom that behaviour // has been trusted and expected for quite some length of time, we have now // introduced the “root-delegations-only” feature which applies delegation-only // logic to all top level domains, and to the root domain. An exception list // should be specified, including “MUSEUM” and “DE”, and any other top level // domains from whom undelegated responses are expected and trusted. // root-delegation-only exclude { “DE”; “MUSEUM”; }; include “/etc/bind/named.conf.local”; 3. Copy file db.127 dan db.local pada directory yang sama, db.127 menjadi db.192 : #cp db.127 db.192 db.local menjadi db.debian : #cp db.local db.debian 4. Edit file db.192 : ; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA benny.com. root.benny.com. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS benny.com. 1.9.168 IN PTR benny .com. www IN PTR benny .com. 5. Edit juga file db.debian : ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA benny.com. root.benny.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS benny.com. @ IN A 192.168.9.1 www IN A 192.168.9.1 6. Restart DNS server : #/etc/init.d/bind9 restart 7. Pengecekan : – Pada computer server : #ping http://www.benny.com – Pada computer client : Start > Run > ketik ping http://www.benny.com – Jika ada jawaban reply, DNS server berhasil, bro . – Dan atau double klik Internet Explorer, pada address ketik : http://www.benny.com.
DHCP Server
1. Instalasi : #apt-get install dhcp3-server
2. Setelah instalasi edit file dhcp.conf : #pico /etc/dhcp3/dhcpd.conf # # Sample configuration file for ISC dhcpd for Debian # # $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $ # # The ddns-updates-style parameter controls whether or not the server will # attempt to do a DNS update when a lease is confirmed. We default to the # behavior of the version 2 packages (’none’, since DHCP v2 didn’t # have support for DDNS.) ddns-update-style none; # option definitions common to all supported networks… option domain-name “example.org”; option domain-name-servers ns1.example.org, ns2.example.org; default-lease-time 600; max-lease-time 7200; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. #authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; # No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology. #subnet 10.152.187.0 netmask 255.255.255.0 { #} # This is a very basic subnet declaration. #subnet 10.254.239.0 netmask 255.255.255.224 { # range 10.254.239.10 10.254.239.20; # option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; #} # This declaration allows BOOTP clients to get dynamic addresses, # which we don’t really recommend. #subnet 10.254.239.32 netmask 255.255.255.224 { # range dynamic-bootp 10.254.239.40 10.254.239.60; # option broadcast-address 10.254.239.31; # option routers rtr-239-32-1.example.org; #} # A slightly different configuration for an internal subnet. subnet 192.168.9.0 netmask 255.255.255.0 { range 192.168.9.2 192.168.9.10; # option domain-name-servers ns1.internal.example.org; # option domain-name “internal.example.org”; option routers 192.168.9.1; option broadcast-address 192.168.9.255; default-lease-time 600; max-lease-time 7200; } # Hosts which require special configuration options can be listed in # host statements. If no address is specified, the address will be # allocated dynamically (if possible), but the host-specific information # will still come from the host declaration. #host passacaglia { # hardware ethernet 0:0:c0:5d:bd:95; # filename “vmunix.passacaglia”; # server-name “toccata.fugue.com”; #} # Fixed IP addresses can also be specified for hosts. These addresses # should not also be listed as being available for dynamic assignment. # Hosts for which fixed IP addresses have been specified can boot using # BOOTP or DHCP. Hosts for which no fixed address is specified can only # be booted with DHCP, unless there is an address range on the subnet # to which a BOOTP client is connected which has the dynamic-bootp flag # set. #host fantasia { # hardware ethernet 08:00:07:26:c0:a5; # fixed-address fantasia.fugue.com; #} # You can declare a class of clients and then do address allocation # based on that. The example below shows a case where all clients # in a certain class get addresses on the 10.17.224/24 subnet, and all # other clients get addresses on the 10.0.29/24 subnet. #class “foo” { # match if substring (option vendor-class-identifier, 0, 4) = “SUNW”; #} #shared-network 224-29 { # subnet 10.17.224.0 netmask 255.255.255.0 { # option routers rtr-224.example.org; # } # subnet 10.0.29.0 netmask 255.255.255.0 { # option routers rtr-29.example.org; # } # pool { # allow members of “foo”; # range 10.17.224.10 10.17.224.250; # } # pool { # deny members of “foo”; # range 10.0.29.10 10.0.29.230; # } #} Catatan : Hilangkan tanda (#) pada file yang tertulis tebal. 3. Save file yang sudah edit. 4. Restart DHCP server : #/etc/initd/dhcp3-server restart 5. Pengecekan : – Pada computer server : #ping 192.168.9.1 – Pada computer client : Harus mengubah pengelamatan IP secara Automatically : Start > Control Panel > Network and Internet Connection > Network Connection > Klik kanan pada icon computer. Pilih properties > pilih Internet Protocol (TCP/IP) > klik Properties. Ubah IP dan DNS menjadi automatically. – Double klik icon computer pada toolbar bawah paling kanan > pilih support > klik repair. Secara otomatis IP akan keluar. – Untuk memastikan, ping IP server kita. Start > Run > ketik ping 192.168.1.1 – Jika muncul jawaban reply, DHCP server telah berhasil ok,capcus.
FTP Server
1. Instalasi : #apt-get install vsftpd.
2. Setelah instalasi, edit file vsftpd.conf : #pico /etc/vsftpd.conf # Example config file /etc/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd’s # capabilities. # # # Run standalone? vsftpd can run either from an inetd or as a standalone # daemon started from an initscript. listen=YES # # Run standalone with IPv6? # Like the listen parameter, except vsftpd will listen on an IPv6 socket # instead of an IPv4 one. This parameter and the listen parameter are mutually # exclusive. #listen_ipv6=YES # # Allow anonymous FTP? (Beware – allowed by default if you comment this out). anonymous_enable=YES # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd’s) #local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. anon_mkdir_write_enable=YES # # Activate directory messages – messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using “root” for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. #xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format #xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command “SIZE /big/file” in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: #ftpd_banner=Welcome to blah FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd.banned_emails # # You may restrict local users to their home directories. See the FAQ for # the possible risks in this before using chroot_local_user or # chroot_list_enable below. #chroot_local_user=YES # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd.chroot_list # # You may activate the “-R” option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as “ncftp” and “mirror” assume # the presence of the “-R” option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # # Debian customization # # Some of vsftpd’s settings don’t fit the Debian filesystem layout by # default. These settings are more Debian-friendly. # # This option should be the name of a directory which is empty. Also, the # directory should not be writable by the ftp user. This directory is used # as a secure chroot() jail at times vsftpd does not require filesystem # access. secure_chroot_dir=/var/run/vsftpd # # This string is the name of the PAM service vsftpd will use. pam_service_name=vsftpd # # This option specifies the location of the RSA certificate to use for SSL # encrypted connections. rsa_cert_file=/etc/ssl/certs/vsftpd.pem Note : Hilangkan tanda (#) yang bertulis tebal.
3. Restart FTP server : #/etc/init.d/vsftpd restart.
4. Buat directory/folder agar muncul pada computer client : #ftp 192.168.9.1 (IP server) Ketik password root >ftp mkdir coba (directory) > ftp quit.
5. Isi data yang kamu inginkan pada folder coba : #cd /etc/home/coba.
6. Buat folder pada directory ftp : #cd /home/ftp #mkdir benny #mkdir emily Dan isi juga data atau file-file yang kamu inginkan. 4. Pengecekan : – Pada computer client : Internet Explorer > pada address ketik : ftp://192.168.9.1/atau ftp://www.benny.com/ – Ada folder coba, tekaje dan emily. Coba buka satu persatu, jika ada file yang kita masukkan pada folder-folder tersebut dan bisa dibuka. Maka FTP server berhasil.
Samba Server
1. Instalasi : #apt-get install samba.
2. Setelah instalasi tambahkan file : #pico /etc/samba/smb.conf [global] workgroup = debian netbios name = benny security = share [benny] comment = benny path = /home/benny/ public = yes read only = no write list = yes valid users = nobody.
4. Restart Samba server : #/etc/init.d/samba restart.
5. Pengecekan : – Pada computer client : Start > search > computers or people > computer on network > ketik IP server – Double klik pada icon computer – Maka akan muncul folder dan file/data pada server.
6. Jika ingin computer client bisa sharing folder, tambahkan script pada file smb.conf : #================= Global Settings ==================# [global] workgroup = benny —-> nama workgroup yang muncul nantinya server string = %h server dns proxy = no interfaces = 127.0.0.0/8 eth0 —> eth0 merupakan LANcard,bisa diganti menurut medianya bind interfaces only = true log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ###### Authentication ####### security = user —> hanya untuk user yang terdaftar. encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes passwd program = /usr/bin/passwd %u passwd chat = *EntersnewsUNIXspassword:* %nn *RetypesnewsUNIXspassword:* %nn *passwordsupdatedssuccessfully* . #================== Share Definitions ==================# [data] —> menentukan nama filesharing path = /media/emily/ —> path tempat folder dishare guest ol = no —> akses guest ditolak, untuk menghidupkan ganti dengan yes browseable = yes —> bisa dibrowsing read-only = no —> read-only memiliki opsi yes atau no valid-users = benny, root —-> list user yang memiliki akses writeable = yes —> bisa ditulis. create mask = 700 —-> hak membuat file directory mask = 700 —-> hak membuat direktori [my data] path = /media/ guest ol = yes browsable = yes read-only = no writeable = yes valid users = benny.root [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes public = no writable = no create mode = 0700 # Sharing Printer Windows clients look for this share name as a source of downloadable [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes writable = yes guest ok = no —-> guest dilarang masuk write list = root, @ntadmin # Sharing CD-ROM with others. [cdrom] comment = Samba server’s CD-ROM writable = no locking = no path = /cdrom public = yes —-> public berarti bebas dipakai oleh siapa saja.
7. Pengecekan : – Pada computer client : Start > search > computers or people > computer on network > ketik IP server – Double klik pada icon computer – Maka akan muncul folder dan file/data pada server – Coba buat folder baru – Jika bisa membuat folder baru. Maka Samba server berhasil.
Mail Server
Langkah-langkah :
1. Install postfix : # apt-get install apache2.
2. Tambahkan perintah/script pada file default : #pico /etc/apache2/sites-available/default Alias /mail “/usr/share/squirrelmail/” Options Indexes Multiviews FollowSymLinks AllowOverride None Order deny, allow Deny from all Allow from all.
3. Nah, sekarang kita restart semua aplikasi : # /etc/init.d/apache2 restart.
Pengecekan :
1. Kirim mail ke user lain ( selain root, contoh user : benny ). Coba root mengirim mail ke user benny, dengan cara : · # telnet localhost 25 · Ketik HELO · Ketik MAIL FROM : ROOT · Ketik RCPT TO : benny@localhost · Ketik DATA · Tulis mailnya, terserah mau ngirim & nulis apa · Ketik (.) titik, untuk mengakhiri mail · Kalo sudah selesai, ketik BYE atau QUIT untuk keluar.
2. Nah, kalo sudah selesai kirim mail, sekarang login user benny.
3. Untuk mengetahui / cek mail, cukup ketik : mail Kalo mail yang kita kirim tadi ada, berarti mail server berhasil.
Squid Server
1. instalasi : #apt-get install squid
2. Setelah instalasi tambahkan perintah pada file : #pico /etc/squid/squid.conf acl all src 0.0.0.0/0.0.0.0 acl labl src 192.168.9.0/255.255.255.0 acl tidak dstdomain http://www.friendster.com acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901
# SWAT acl purge method PURGE acl CONNECT method CONNECT _DAN_ # INSERT YOUR OWN RULE (S) HERE TO ALLOE ACCESS FROM YOUR CLIENTS
# Example rule allowing access from your local networks. Adapt # to list your (internal) IP network from where browsing should # be allowed #acl our_networks src 192.168.9.0/24 192.168.10.0/24 #http_access allow localhost http_access allow localhost http_access deny tidak http_access allow labl _DAN_ # TAG: visible_hostname # If you want to present a special hostname in error messages, etc, # define this. Otherwise, the return value of gethostname() # will be used. If you have multiple caches in a cluster and # get errors about IP-forwarding you must set them to have individual # names with this setting. # #Default: visible_hostname http://www.benny.com 3. Restart Squid server : #/etc/init.d/squid restart 6. Pengecekan : – Pada computer client : Internet Explorer > tools > internet options > connections > LAN setting > centang use automatic configuration script > pada address ketik DNS server. Centang use a proxy server for your LAN > pada address ketik DNS server > pada port ketik port proxy server kita. – Kembali ke Internet Explorer, pada address ketik website yang kita block. Jika website yang kita block tidak bisa, maka Squid server berhasil. –
SquirrelMail Server
1. Pastikan web server, dns server dan mail server berhasil.
2. Sekarang kita konfigurasi postfix, dengan menambahkan perintah/script pada file main.cf : # pico /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA’s job. append_dot_mydomain = no # Uncomment the next line to generate “delayed mail” warnings #delay_warning_time = 4h # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = benny.com mydomain = benny.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = benny.com, benny, localhost.localdomain, localhost.localdomain, localhost myorigin = $mydomain home_mailbox = Maildir/ relayhost = mynetworks = 127.0.0.0/8 192.168.9.1/24 mailbox_command = procmail -a “$EXTENSION” mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all.
3. Konfigurasi squirrelmail · #squirrelmail-configure · Pilih Server setting, ketik 2 · Pilih imap, ketik A · Pilih server software, ganti dengan courier.
4. Membuat folder Maildir di user tertentu # cd /home/benny # maildirmake Maildir # chown benny.benny Maildir -Rf.
5. Membuat folder Maildir otomatis ketika membuat user baru # cd /etc/skel # maildirmake Maildir.
6. Nah, restart semua aplikasi : # /etc/init.d/postfix restart # /etc/init.d/courier-imap restart # /etc/init.d/courier-pop restart # /etc/init.d/courier-authdaemon restart Pengecekan : – Pada client, double klik IE ( Internet Explorer ) – Ketik alamat : http://your-squirrelmail-location/src/configtest.php http://www.benny.com/mail/src/configtest.php http://www.benny.com/mail/src/login.php http://www.benny.com/mail – Coba login dan mengirim mail – Jika kita bisa mengirim mail ke user lain dan jika di cek di user yang kita tuju ada mail yang kita kirim, maka squirrelmail berhasil. Demikian laporan makalah tentang server dari saya, mohon maaf jika ada kesalahan pada penulisan kata. Terima kasih atas perhatiannya semoga makalah ini bisa bermanfaat bagi teman-teman dan orang lain.Percayalah!Waspadalah!Dilarang Merokok!
Ttd.
Benny “AssTrall69ers” Septiawan