Category Archives: Information Technology

Information Technology

Segmentasi VLAN menggunakan router

Topology sederhana untuk menghubungkan VLAN yang berbeda dengan menggunakan 1 router dan 3 switch.

[1] Konfigurasi Router

interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 10.0.20.1 255.255.255.0
!
interface GigabitEthernet0/0.60
 encapsulation dot1Q 60
 ip address 10.0.60.1 255.255.255.0
!
interface GigabitEthernet0/0.90
 encapsulation dot1Q 90
 ip address 10.0.90.1 255.255.255.0
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown

# Setelah konfigurasi selesai lakukan no shutdown
Router(config)#interface GigabitEthernet0/0
Router(config-if)#no shutdown

[2] Konfigurasi switch lantai1
Tambahkan konfigurasi VLAN di masing – masing switch
VLAN : 20
VLAN : 60
VLAN : 90

!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 60
!
interface FastEthernet0/3
 switchport access vlan 90
!
interface FastEthernet0/10
 switchport mode trunk
!

# Konfigurasi VLAN
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
 Fa0/8, Fa0/9, Fa0/11, Fa0/12
 Fa0/13, Fa0/14, Fa0/15, Fa0/16
 Fa0/17, Fa0/18, Fa0/19, Fa0/20
 Fa0/21, Fa0/22, Fa0/23, Fa0/24
 Gig0/1, Gig0/2
20 server active 
60 manager active Fa0/2
90 staff active Fa0/3
1002 fddi-default active 
1003 token-ring-default active 
1004 fddinet-default active 
1005 trnet-default active

[3] Konfigurasi switch lantai2

!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 60
!
interface FastEthernet0/3
 switchport access vlan 90
!
interface FastEthernet0/4
 switchport mode trunk
!

# Konfigurasi VLAN
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
 Fa0/9, Fa0/10, Fa0/11, Fa0/12
 Fa0/13, Fa0/14, Fa0/15, Fa0/16
 Fa0/17, Fa0/18, Fa0/19, Fa0/20
 Fa0/21, Fa0/22, Fa0/23, Fa0/24
 Gig0/1, Gig0/2
20 server active 
60 staff active Fa0/2
90 manager active Fa0/3
1002 fddi-default active 
1003 token-ring-default active 
1004 fddinet-default active 
1005 trnet-default active

[3] Konfigurasi switch lantai3

!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 20
!

# Konfigurasi VLAN
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
 Fa0/7, Fa0/8, Fa0/9, Fa0/10
 Fa0/11, Fa0/12, Fa0/13, Fa0/14
 Fa0/15, Fa0/16, Fa0/17, Fa0/18
 Fa0/19, Fa0/20, Fa0/21, Fa0/22
 Fa0/23, Fa0/24, Gig0/1, Gig0/2
20 server active Fa0/2
60 staff active 
90 manager active 
1002 fddi-default active 
1003 token-ring-default active 
1004 fddinet-default active 
1005 trnet-default active

[4] Segmentasi IP per Lantai

Lantai 1 :
PC 1 : 10.0.60.10/24 gw 10.0.60.1
PC 2 : 10.0.90.10/24 gw 10.0.90.1

Lantai 2 :
PC 1 : 10.0.60.20/24 gw 10.0.60.1
PC 2 : 10.0.90.20/24 gw 10.0.90.1
Lantai 3 :
Server : 10.0.20.10/24 gw 10.0.20.

 

 

Advertisements

mod_security

Menggunakan mod_security module untuk konfigurasi Web Application Firewall (WAF).

[1] Install mod_security

yum -y install mod_security

[2] Setelah selesai installasi, konfigurasi file mod_security di direktori dan setting menjadi enabled. Setelah settingan selesai lalu tambahkan rules.

# cat /etc/httpd/conf.d/mod_security.conf 
<IfModule mod_security2.c>
 # ModSecurity Core Rules Set configuration
 IncludeOptional modsecurity.d/*.conf
 IncludeOptional modsecurity.d/activated_rules/*.conf
 
 # Default recommended configuration
 SecRuleEngine On
 SecRequestBodyAccess On
 SecRule REQUEST_HEADERS:Content-Type "text/xml" \
......................................................
.....................................................

[3] Di bawah ini contoh rules sederhana

# default action when matching rules
SecDefaultAction "phase:2,deny,log,status:406"

# "etc/passwd" is included in request URI
SecRule REQUEST_URI "etc/passwd" "id:'500001'"
SecRule REQUEST_URI "home" "id:'500005'"

# "../" is included in request URI
SecRule REQUEST_URI "\.\./" "id:'500002'"

# "<SCRIPT" is included in arguments
SecRule ARGS "<[Ss][Cc][Rr][Ii][Pp][Tt]" "id:'500003'"

# "SELECT FROM" is included in arguments
SecRule ARGS "[Ss][Ee][Ll][Ee][Cc][Tt][[:space:]]+[Ff][Rr][Oo][Mm]" "id:'500004'"

--------------------------------------------------------------------
# Restart httpd
systemctl restart httpd

[4] Akses web yang di block rule

[5] General rules disediakan dari official repository dan mudah untuk menerapkannya. Tapi mungkin anda perlu menyesuaikannya untuk situs web anda sendiri agar tidak memblokir permintaan yang diperlukan.

yum -y install mod_security_crs
cd /usr/lib/modsecurity.d/base_rules
ll
modsecurity_35_bad_robots.data
modsecurity_35_scanners.data
modsecurity_40_generic_attacks.data
modsecurity_41_sql_injection_attacks.data
modsecurity_50_outbound.data
modsecurity_50_outbound_malware.data
modsecurity_crs_20_protocol_violations.conf
modsecurity_crs_21_protocol_anomalies.conf
modsecurity_crs_23_request_limits.conf
modsecurity_crs_30_http_policy.conf
modsecurity_crs_35_bad_robots.conf
modsecurity_crs_40_generic_attacks.conf
modsecurity_crs_41_sql_injection_attacks.conf
modsecurity_crs_41_xss_attacks.conf
modsecurity_crs_42_tight_security.conf
modsecurity_crs_45_trojans.conf
modsecurity_crs_47_common_exceptions.conf
modsecurity_crs_48_local_exceptions.conf.example
modsecurity_crs_49_inbound_blocking.conf
modsecurity_crs_50_outbound.conf
modsecurity_crs_59_outbound_blocking.conf
modsecurity_crs_60_correlation.conf

Cheers.
Andito Yugo Wicaksono

 

 

Install Vmware Player 12 di Ubuntu 16.04

[1] Sebelum installasi Vmware dilakukan, sebaiknya update system ubuntu terlebih dahulu

sudo apt-get update

 

[2] Install packet – packet yang di butuhkan untuk installasi Vmware Player 12

sudo apt install build-essential gcc
sudo apt install libcanberra-gtk-modul

 

[3] Download Vmware Player 12 Package di Link ini

Ubah permission file nya

sudo chmod +x VMware-Player-12.5.7-5813279.x86_64.bundle

 

[4] Install Vmware Player 12

sudo ./VMware-Player-12.5.7-5813279.x86_64.bundle

Jika mengalami masalah seperti di bawah ini ” Vmware kernel module error ” setelah di install muncul seperti di bawah ini :Langkah yang harus di lakukan adalah

sudo apt-get install linux-headers-generic
sudo apt-get install build-essential
# Setelah proses selesai lalu lakukan restart system

 

[5] Buka Vmware Player

Masukkan email untuk aktivasi Vmware Player, setelah masukkan email pilih OK

Semoga bermanfaat.
Andito Yugo Wicaksono

Services ( CentOS )

[1] Melihat list service – service yang sedang running.

# systemctl -t service
UNIT LOAD ACTIVE SUB DESCRIPTION
auditd.service loaded active running Security Auditing Service
crond.service loaded active running Command Scheduler
dbus.service loaded active running D-Bus System Message Bus
firewalld.service loaded active running firewalld - dynamic firewall 
getty@tty1.service loaded active running Getty on tty1
httpd.service loaded active running The Apache HTTP Server
irqbalance.service loaded active running irqbalance daemon
mariadb.service loaded active running MariaDB database server
network.service loaded active exited LSB: Bring up/down networking
NetworkManager.service loaded active running Network Manager
polkit.service loaded active running Authorization Manager
postfix.service loaded active running Postfix Mail Transport Agent
........................................................................................................
........................................................................................................
rsyslog.service loaded active running System Logging Service
sshd.service loaded active running OpenSSH server daemon
systemd-update-utmp.service loaded active exited Update UTMP about System Boot
systemd-user-sessions.service loaded active exited Permit User Sessions
systemd-vconsole-setup.service loaded active exited Setup Virtual Console
tuned.service loaded active running Dynamic System Tuning Daemon
vsftpd.service loaded active running Vsftpd ftp daemon
wpa_supplicant.service loaded active running WPA Supplicant daemon
xinetd.service loaded active running Xinetd A Powerful Replacement

LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.

[2] List semua services

# systemctl list-unit-files -t service
UNIT FILE STATE 
arp-ethers.service disabled
auditd.service enabled 
autovt@.service disabled
blk-availability.service disabled
...
...
systemd-vconsole-setup.service static 
tcsd.service disabled
teamd@.service static 
tftp.service static 
tuned.service enabled 
vsftpd.service enabled 
vsftpd@.service disabled
wpa_supplicant.service disabled
xinetd.service enabled

148 unit files listed.

[3] Stop dan turn OFF auto-start setting service jika tidak diperlukan lagi. Contoh service yang akan di eksekusi

# systemctl stop firewalld
# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

[4] Start dan enbale auto-start service yang di perlukan.

# systemctl start firewalld
# systemctl enable firewalld
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/basic.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.

[5] Ada beberapa service SysV yang di kontrol oleh chkconfig, berikut contohnya

# chkconfig --list

Note: This output shows SysV services only and does not include native
 systemd services. SysV configuration data might be overridden by native
 systemd configuration.

If you want to list systemd services use 'systemctl list-unit-files'.
 To see services enabled on particular target use
 'systemctl list-dependencies [target]'.

netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off

xinetd based services:
 chargen-dgram: off
 chargen-stream: off
 daytime-dgram: off
 daytime-stream: off
 discard-dgram: off
 discard-stream: off
 echo-dgram: off
 echo-stream: off
 tcpmux-server: off
 tftp: off
 time-dgram: off
 time-stream: off


# Contoh untuk turn OFF auto-start setting untuk netconsole
chkconfig netconsole off

# Contoh untuk turn ON auto-start setting untuk netconsole
chkconfig netconsole on

Cheers…
Andito Yugo Wicaksono

 

Autopsy Forensic Browser

Autopsy Forensic Browser adalah tools investigasi dari The Sleuth Kit (TSK) digital forensik library . Tools ini dapat menganalisis disk Windows, UNIX dan sistem file (NTFS, FAT, UFS1 / 2, Ext2 / 3, dll.).

Autopsy 3 berbasis Java dan dirancang untuk menjadi platform end-to-end forensik digital. Rincian lengkap dapat ditemukan di situs sleuthkit.org.

Installasi Autopsy Forensic Browser di Ubuntu 16.04

$ sudo apt-get install autopsy
Reading package lists... Done
Building dependency tree 
Reading state information... Done
The following packages were automatically installed and are no longer required:
 libgles1-mesa libmircommon5 linux-image-4.4.0-63-generic linux-image-4.4.0-66-generic linux-image-4.4.0-75-generic linux-image-4.4.0-78-generic
 linux-image-4.4.0-79-generic linux-image-extra-4.4.0-63-generic linux-image-extra-4.4.0-66-generic linux-image-extra-4.4.0-75-generic
 linux-image-extra-4.4.0-78-generic linux-image-extra-4.4.0-79-generic linux-signed-image-4.4.0-63-generic linux-signed-image-4.4.0-66-generic
 linux-signed-image-4.4.0-75-generic linux-signed-image-4.4.0-78-generic linux-signed-image-4.4.0-79-generic snap-confine
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
 libafflib0v5 libbfio1 libdate-manip-perl libewf2 libtsk13 sleuthkit
Suggested packages:
 mac-robber
The following NEW packages will be installed:
 autopsy libafflib0v5 libbfio1 libdate-manip-perl libewf2 libtsk13 sleuthkit
0 upgraded, 7 newly installed, 0 to remove and 17 not upgraded.
Need to get 2.788 kB of archives.
After this operation, 17,2 MB of additional disk space will be used.
Do you want to continue? [Y/n] y

Cara untuk menjalankan autopsy browser

sudo autopsy

============================================================================

Autopsy Forensic Browser 
 http://www.sleuthkit.org/autopsy/
 ver 2.24

============================================================================
Evidence Locker: /var/lib/autopsy
Start Time: Fri Jul 7 16:30:37 2017
Remote Host: localhost
Local Port: 9999

Open an HTML browser on the remote host and paste this URL in it:

http://localhost:9999/autopsy

Keep this process running and use <ctrl-c> to exit

Tampilan di browser

 

HAProxy : HTTP Load Balancing

Pengertian Load Balance khususnya dalam jaringan komputer berarti teknik untuk membagi beban Traffic ke dalam beberapa link. Hal ini dilakukan jika di dalam jaringan terdapat beberapa Link. Untuk Load Balancer yang berbentuk Hardware sebagai perangkat fisik yang khusus di desain sebagai load balancer, tidak termasuk server yang terinstall aplikasi load balancer atau perangkat router yang memiliki fitur balancing, sebagai contoh adalah perangkat F5 Link Controller, ASM (WAF), dan Load Traffic Manager (LTM). Sedangkan dari open source ada beberapa pilihan yang bisa kita gunakan diantaranya seperti HAProxy yang didesain khusus sebagai load balancing, Pound, Pen, LVS, dan Nginx.

Disini saya akan membahas tentang HAProxy yang akan digunakan untuk fungsi http Load Balancing.

Contoh topologi untuk Load Balancer menggunakan HAProxy

Installasi dan konfigurasi HAProxy

[1] Install HAProxy

yum install epel-release -y
yum -y install haprox

[2] Konfigurasi HAProxy

# Backup konfigurasi
mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.org

# Buat Konfigurasi baru
global
 # for logging section
 log 127.0.0.1 local2 info
 chroot /var/lib/haproxy
 pidfile /var/run/haproxy.pid

# max per-process number of connections
 maxconn 256

# process' user and group
 user haproxy
 group haproxy

# makes the process fork into background
 daemon

defaults
 # running mode
 mode http

# use global settings
 log global

# get HTTP request log
 option httplog

# timeout if backends do not reply
 timeout connect 10s

# timeout on client side
 timeout client 30s

# timeout on server side
 timeout server 30s

# define frontend ( set any name for "http-in" section )

frontend http-in

# listen 80
 bind *:80

# set default backend
 default_backend backend_servers

# send X-Forwarded-For header
 option forwardfor

# define backend

backend backend_servers

# balance with roundrobin
 balance roundrobin

# define backend servers
 server server01 10.1.19.10:80 check
 server server02 10.1.19.20:80 check

--------------------------------------
# Start haproxy
systemctl start haproxy
systemctl enable haproxy

[3] Konfigurasi rsyslog untuk log HAProxy

vi /etc/rsyslog.conf
# Tambahkan seperti di bawah ini
$ModLoad imudp
$UDPServerRun 514
$AllowedSender UDP, 127.0.0.1

# Tambahkan di baris ke 56
*.info;mail.none;authpriv.none;cron.none,local2.none
 /var/log/messages

local2.* /var/log/haproxy.log

# Restart rsyslog
systemctl restart rsyslog

[4] Ubah httpd settings di Backend server untuk logging X-Forwarded-For header

vi /etc/httpd/conf/httpd.conf
# Di baris 196 ubah log format nya menjadi seperti di bawah ini

LogFormat "\"%{X-Forwarded-For}i\"
%l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[root@www ~]# systemctl restart httpd

[5] Test Load Balance server

Untuk server 1 menggunakan halaman Test Page, dan server 2 menggunakan format tanggal.

Membuat local user account di Windows Server 2016

Hal pertama yang harus di lakukan adalah dengan membuka tampilan windows server, pilih Computer Management.

Masuk ke menu Local Users and Groups, klik kanan di bagian user local dan pilih New User

Menambahkan user baru dan password, setelah selesai pilih create

Untuk menambahkan group ke administrator langkah – langkahnya adaah sebagai berikut, klik kanan Administrator pilih properties -> Klik Add -> Pilih Advanced -> Pilih Find Now -> Mencari user yang akan ditambahkan




Ok, untuk group Administrator sudah bisa menggunakan user susan

Cheers…