Category Archives: Information Technology

Information Technology

Membuat Bootable USB di ubuntu menggunakan Disk Image Writer

[1] Buka direktori file iso yang akan di eksekusi, klik kanan dan pilih menu “Open With Other Application”, pilih Disk Image Writer

[2] Pilih Destination USB, lalu klik “Start Restoring”

Done

Cheers

Advertisements

Fix Error Cannot add PPA: ‘ppa:~gns3/ubuntu/ppa’.

Saat ingin menambahkan repository untuk install gns3 saya menemukan masalah seperti di bawah ini :

sudo add-apt-repository ppa:gns3/ppa
Cannot add PPA: 'ppa:~gns3/ubuntu/ppa'.
ERROR: '~gns3' user or team does not exist.

Setelah di telusuri akhirnya bisa menggunakan cara seperti ini, masukkan proxy server di sisi ubuntu :

export http_proxy="http://username:password@server_proxy:port/"
export https_proxy="https://username:password@server_proxy:port/"

Ok next masukkan command seperti di bawah ini :

sudo -E add-apt-repository ppa:gns3/ppa
 PPA for GNS3 and Supporting Packages. Please see http://www.gns3.com for more details
 More info: https://launchpad.net/~gns3/+archive/ubuntu/ppa
Press [ENTER] to continue or Ctrl-c to cancel adding it.

Hit:1 http://security.ubuntu.com/ubuntu bionic-security InRelease
Get:2 http://ppa.launchpad.net/gns3/ppa/ubuntu bionic InRelease [15,3 kB]
Hit:3 http://archive.canonical.com/ubuntu bionic InRelease                     
Hit:4 http://id.archive.ubuntu.com/ubuntu bionic InRelease                     
Hit:5 http://id.archive.ubuntu.com/ubuntu bionic-updates InRelease             
Hit:6 http://id.archive.ubuntu.com/ubuntu bionic-backports InRelease
Get:7 http://ppa.launchpad.net/gns3/ppa/ubuntu bionic/main amd64 Packages [1.736 B]
Get:8 http://ppa.launchpad.net/gns3/ppa/ubuntu bionic/main i386 Packages [1.236 B]
Get:9 http://ppa.launchpad.net/gns3/ppa/ubuntu bionic/main Translation-en [836 B]
Fetched 19,2 kB in 2s (10,5 kB/s)       
Reading package lists... Done

Cheers

Disable Secure Boot Ubuntu 18.04

[1] Untuk merubah konfigurasi Secure Boot bisa menggunakan cara seperti di bawah ini

Buka terminal (Ctrl+alt+t), lalu masukkan command 
sudo mokutil --disable-validation
[sudo] password for space: 
password length: 8~16
input password: 123qwe123

Setelah selesai input password lakukan reboot system

[2] Setelah reboot system maka akan muncul tampilan blue screen (MOK management) press any key for perform MOK management (masukkan password yang tadi sudah diinput)

[3] Setelah itu pilih Change Secure Boot state

[4] Nah di step ini agak sedikit unik karena harus memasukkan character password, semisal meminta character password 2 maka harus menginputkan password urut no 2 dari password 123qwe123 maka yang diinput adalah 2.

[5] Setelah proses diatas selesai maka akan muncul tampilan pilihan yes/no Secure Boot, pilih yang No jika ingin disable secure boot.

Cheers

Export Ldap Users

[1] Langkah pertama adalah dengan mendownload tools ldap admin untuk proses export ataupun import user ldap, langsung saja masuk ke web yang ada di bawah ini.

[2] Setelah selesai download, lalu install.

[3] Buka aplikasi LDAPSoft Admin Tool

Pilih New Connection
– Connection Name : Beri nama koneksinya
– Hostname : Diisi berdasarkan hostname ataupun IP Address
– Port dan Protocol : Diisi berdasarkan settingan LDAP
– Base DN : Masukkan DN LDAP
Setelah semua diisi pastikan Test Connection sampai muncul Succes, Lalu klik Next




Klik Finish

Berikut terlampir usernya

[4] Untuk export bisa langsung klik kanan user – Export – CSV ( Optional )


– Pastikan untuk Direktori penyimpanan File nya di tentukan
– Klik Finish untuk mengeksekusi

Semoga bermanfaat, Cheers

Konfigurasi encapsulation dot1Q Router

Topology sederhana untuk menghubungkan VLAN yang berbeda dengan menggunakan 1 router dan 3 switch.

[1] Konfigurasi Router

interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 10.0.20.1 255.255.255.0
!
interface GigabitEthernet0/0.60
 encapsulation dot1Q 60
 ip address 10.0.60.1 255.255.255.0
!
interface GigabitEthernet0/0.90
 encapsulation dot1Q 90
 ip address 10.0.90.1 255.255.255.0
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown

# Setelah konfigurasi selesai lakukan no shutdown
Router(config)#interface GigabitEthernet0/0
Router(config-if)#no shutdown

[2] Konfigurasi switch lantai1
Tambahkan konfigurasi VLAN di masing – masing switch
VLAN : 20
VLAN : 60
VLAN : 90

!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 60
!
interface FastEthernet0/3
 switchport access vlan 90
!
interface FastEthernet0/10
 switchport mode trunk
!

# Konfigurasi VLAN
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
 Fa0/8, Fa0/9, Fa0/11, Fa0/12
 Fa0/13, Fa0/14, Fa0/15, Fa0/16
 Fa0/17, Fa0/18, Fa0/19, Fa0/20
 Fa0/21, Fa0/22, Fa0/23, Fa0/24
 Gig0/1, Gig0/2
20 server active 
60 manager active Fa0/2
90 staff active Fa0/3
1002 fddi-default active 
1003 token-ring-default active 
1004 fddinet-default active 
1005 trnet-default active

[3] Konfigurasi switch lantai2

!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 60
!
interface FastEthernet0/3
 switchport access vlan 90
!
interface FastEthernet0/4
 switchport mode trunk
!

# Konfigurasi VLAN
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
 Fa0/9, Fa0/10, Fa0/11, Fa0/12
 Fa0/13, Fa0/14, Fa0/15, Fa0/16
 Fa0/17, Fa0/18, Fa0/19, Fa0/20
 Fa0/21, Fa0/22, Fa0/23, Fa0/24
 Gig0/1, Gig0/2
20 server active 
60 staff active Fa0/2
90 manager active Fa0/3
1002 fddi-default active 
1003 token-ring-default active 
1004 fddinet-default active 
1005 trnet-default active

[3] Konfigurasi switch lantai3

!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 20
!

# Konfigurasi VLAN
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
 Fa0/7, Fa0/8, Fa0/9, Fa0/10
 Fa0/11, Fa0/12, Fa0/13, Fa0/14
 Fa0/15, Fa0/16, Fa0/17, Fa0/18
 Fa0/19, Fa0/20, Fa0/21, Fa0/22
 Fa0/23, Fa0/24, Gig0/1, Gig0/2
20 server active Fa0/2
60 staff active 
90 manager active 
1002 fddi-default active 
1003 token-ring-default active 
1004 fddinet-default active 
1005 trnet-default active

[4] Segmentasi IP per Lantai

Lantai 1 :
PC 1 : 10.0.60.10/24 gw 10.0.60.1
PC 2 : 10.0.90.10/24 gw 10.0.90.1

Lantai 2 :
PC 1 : 10.0.60.20/24 gw 10.0.60.1
PC 2 : 10.0.90.20/24 gw 10.0.90.1
Lantai 3 :
Server : 10.0.20.10/24 gw 10.0.20.

 

 

mod_security

Menggunakan mod_security module untuk konfigurasi Web Application Firewall (WAF).

[1] Install mod_security

yum -y install mod_security

[2] Setelah selesai installasi, konfigurasi file mod_security di direktori dan setting menjadi enabled. Setelah settingan selesai lalu tambahkan rules.

# cat /etc/httpd/conf.d/mod_security.conf 
<IfModule mod_security2.c>
 # ModSecurity Core Rules Set configuration
 IncludeOptional modsecurity.d/*.conf
 IncludeOptional modsecurity.d/activated_rules/*.conf
 
 # Default recommended configuration
 SecRuleEngine On
 SecRequestBodyAccess On
 SecRule REQUEST_HEADERS:Content-Type "text/xml" \
......................................................
.....................................................

[3] Di bawah ini contoh rules sederhana

# default action when matching rules
SecDefaultAction "phase:2,deny,log,status:406"

# "etc/passwd" is included in request URI
SecRule REQUEST_URI "etc/passwd" "id:'500001'"
SecRule REQUEST_URI "home" "id:'500005'"

# "../" is included in request URI
SecRule REQUEST_URI "\.\./" "id:'500002'"

# "<SCRIPT" is included in arguments
SecRule ARGS "<[Ss][Cc][Rr][Ii][Pp][Tt]" "id:'500003'"

# "SELECT FROM" is included in arguments
SecRule ARGS "[Ss][Ee][Ll][Ee][Cc][Tt][[:space:]]+[Ff][Rr][Oo][Mm]" "id:'500004'"

--------------------------------------------------------------------
# Restart httpd
systemctl restart httpd

[4] Akses web yang di block rule

[5] General rules disediakan dari official repository dan mudah untuk menerapkannya. Tapi mungkin anda perlu menyesuaikannya untuk situs web anda sendiri agar tidak memblokir permintaan yang diperlukan.

yum -y install mod_security_crs
cd /usr/lib/modsecurity.d/base_rules
ll
modsecurity_35_bad_robots.data
modsecurity_35_scanners.data
modsecurity_40_generic_attacks.data
modsecurity_41_sql_injection_attacks.data
modsecurity_50_outbound.data
modsecurity_50_outbound_malware.data
modsecurity_crs_20_protocol_violations.conf
modsecurity_crs_21_protocol_anomalies.conf
modsecurity_crs_23_request_limits.conf
modsecurity_crs_30_http_policy.conf
modsecurity_crs_35_bad_robots.conf
modsecurity_crs_40_generic_attacks.conf
modsecurity_crs_41_sql_injection_attacks.conf
modsecurity_crs_41_xss_attacks.conf
modsecurity_crs_42_tight_security.conf
modsecurity_crs_45_trojans.conf
modsecurity_crs_47_common_exceptions.conf
modsecurity_crs_48_local_exceptions.conf.example
modsecurity_crs_49_inbound_blocking.conf
modsecurity_crs_50_outbound.conf
modsecurity_crs_59_outbound_blocking.conf
modsecurity_crs_60_correlation.conf

Cheers.
Andito Yugo Wicaksono