Posted in Linux Foundation (LFCE & LFCS), LinuxPlus

LFCE Catatan 3

Network security

  1. Configure Apache log files
  2. Configure the firewall with iptables
  3. Install and configure SSL with Apache
  4. Configuring SSH-based remote access using public/private key pairs
Customize Log Apache 
#cd /etc/httpd/conf 
#vim httpd.conf 
    /LogFormat -> search LogFormat
#cd /etc/httpd/logs; ll 
#cat access_log 
#cd /etc/httpd/conf 
#vim httpd.conf 
    LogFormat "Host: %h - Connecting User: %u - Date and Time: %t - What Requested: %r" mycombined 
    CustomLog "logs/access_log" mycombined 
#systemctl restart httpd 

- Buka browser 192.168.1.4 -> dimana httpd diinstall 

#cd /logs/; ll 
#tail -f access_log 

Firewall with IPTables 
#systemctl status firewalld.service 
#iptables -L 
#ping 192.168.65.130 
#netstat -rn 
#ping google.com 
#cd /etc/sysconfig
#vim iptables-config -> File konfigurasi IPTables
#iptables -L 
#iptables -L | grep INPUT 
#iptables -F INPUT -> Flush INPUT
#iptables -L | grep INPUT 
#iptables --flush; iptables -L 

Membuat rule REJECT ICMP
#iptables -A INPUT --protocol icmp --in-interface eth0 -j REJECT
#iptables -L | grep INPUT 
#iptables -L | grep REJECT 

client#ping ke firewall -> Destination Port Unreachable 

Membuat rule DROP ICMP
#iptables --flush 
#iptables -A INPUT --protocol icmp --in-interface eth0 -j DROP
#iptables -L | grep INPUT 
#iptables -L | grep DROP

client#ping ke firewall -> No Response

#iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 0/0 --dport 80 -j REJECT
 0/0 = Any Source 
#iptables -A OUTPUT -p tcp --dport 80 --sport 1024:65535 -j REJECT 
#telnet localhost 80 -> Connection refused 
#lynx http://www.google.com -> Not connected 
#lynx http://localhost -> Not connected 
#iptables -F 

#iptables -A INPUT --protocol icmp --in-interface eth0 -j REJECT
#iptables -L | grep REJECT 
#systemctl restart firewalld 
#iptables -L | grep REJECT -> reject with icmp-host-prohibited 
#iptables -F 
#iptables -L | grep REJECT-> reject with icmp-port-unreachable 

Save Iptables 
 Jika pada Centos 6 cara menyimpan iptables adalah dengan service iptables save, maka pada 
 Centos 7 adalah dengan perintah iptables-save untuk menyimpan dan iptables-restore untuk merestore 
 konfigurasi.
#iptables-save > /etc/sysconfig/iptables
#cat /etc/sysconfig/iptables

#iptables -F -> konfigurasi hilang 
#iptables -L | grep REJECT -> > konfigurasi hilang 
#iptables-restore < /etc/sysconfig/iptables -> mengembalikan konfigurasi 
#iptables -L | grep REJECT 

#/sbin/service iptables save
 iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

#systemctl stop firewalld
#systemctl mask firewalld
#yum install iptables-services
#systemctl enable iptables
#service iptables save 
#/usr/libexec/iptables/iptables.init save

Insya Allah bersambung .....

 

Author:

Teman yang baik, teman yang memaksa anda untuk terus berkembang...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s