ISPConfig : Webhosting Control Panel

Artikel ini dibuat dengan menggunakan OS Centos 5.4 dengan ISPConfig versi 2.
Sebelumnya mohon maaf, saya tidak banyak menjelaskan masing-masing bagian dari proses instalasi ini seperti pada post entry sebelum-sebelumnya. Jadi hanya point-point yang penting saja yang saya sebutkan. Instalasi ini mencakup keseluruhan dari service-service yang dibutuhkan seperti dibawah ini :

  • Instalasi :
  • – OS : OS Centos 5.4 (disini tidak dibahas mengenai instalasi OS. Instalasi OS yg dibutuhkan standard package no GUI)
    – Web Server: Apache/2.2.3 with PHP 5.1.6
    – Web statistik : Webalizer V2.01-10
    – Database Server: MySQL 5.0.77
    – Mail Server: Postfix
    – DNS Server: BIND9 (chrooted)
    – FTP Server: Proftpd v1.3.2c
    – POP3/IMAP server: Dovecot 1.0.7

  • Setting Network dan hostname :
    – firewall dan SELINUX disabled
    – FQDN : jempol.wedus.us
    – IP Address : 192.168.2.67
    – Gateway : 192.168.2.1
    – DNS1 : 192.168.10.2
    – DNS2 : 192.168.2.67

    Notes :
    Sayangnya setting network diatas tidak berhasil dilakukan pada saat instalasi karena kernel CentOS belum support on board LAN Card yg saya punya (Attansic L2). So musti sedikit ngoprek terlebih dahulu :


    02:00.0 Ethernet controller: Attansic Technology Corp. L2 100 Mbit Ethernet Adapter (rev a0)

    Download terlebih dahulu drivernya di ftp://ftp.hogchain.net/pub/linux/attansic/l2-linux-v1.0.40.4.tar.gz

  • Setting network file :

  • # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1 localhost.localdomain localhost
    192.168.2.67 jempol.wedus.us jempol


    domain wedus.us
    nameserver 192.168.10.2
    nameserver 192.168.2.67


    NETWORKING=yes
    NETWORKING_IPV6=no
    HOSTNAME=jempol
    GATEWAY=192.168.2.1


    # Please read /usr/share/doc/initscripts-*/sysconfig.txt
    # for the documentation of these parameters.
    TYPE=Ethernet
    DEVICE=eth0
    HWADDR=00:1d:60:27:22:33
    BOOTPROTO=none
    IPADDR=192.168.2.65
    NETMASK=255.255.255.0
    NETWORK=192.168.2.0
    BROADCAST=192.168.2.255
    GATEWAY=192.168.2.1
    ONBOOT=yes
    USERCTL=no
    IPV6INIT=no
    PEERDNS=no


    Shutting down interface eth0: [ OK ]
    Shutting down loopback interface: [ OK ]
    Bringing up loopback interface: [ OK ]
    Bringing up interface eth0: [ OK ]


    eth0 Link encap:Ethernet HWaddr 00:1D:60:27:22:33
    inet addr:192.168.2.65 Bcast:192.168.2.255 Mask:255.255.255.0
    inet6 addr: fe80::21d:60ff:fe27:2233/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:118340 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1921 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:13132954 (12.5 MiB) TX bytes:197344 (192.7 KiB)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:955 errors:0 dropped:0 overruns:0 frame:0
    TX packets:955 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:8589855 (8.1 MiB) TX bytes:8589855 (8.1 MiB)

    Instalasi paket yang dibutuhkan :
    Remove paket yang tidak diinginkan (opsional) :

    Setting repository ke lokal repo kambing.ui.ac.id (opsional bergantung repo yang biasa anda pakai) :
    # mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.asli
    # vim /etc/yum.repos.d/kambing.repo

    # Repository dari server kambing.ui.ac.id
    [kambing-base]
    name=CentOS.kambing-$releasever – Base
    baseurl=http://kambing.ui.ac.id/centos/$releasever/os/$basearch/
    gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

    [kambing-updates]
    name=CentOS.kambing-$releasever – Updates
    baseurl=http://kambing.ui.ac.id/centos/$releasever/updates/$basearch/
    gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

    [kambing-addons]
    name=CentOS.kambing-$releasever – Addons
    baseurl=http://kambing.ui.ac.id/centos/$releasever/addons/$basearch/
    gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

    [kambing-extras]
    name=CentOS.kambing-$releasever – Extras
    baseurl=http://kambing.ui.ac.id/centos/$releasever/extras/$basearch/
    gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

    [kambing-centosplus]
    name=CentOS.kambing-$releasever – Centosplus
    baseurl=http://kambing.ui.ac.id/centos/$releasever/centosplus/$basearch/
    enable=1
    gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

    [kambing-contrib]
    name=CentOS.kambing-$releasever – Contrib
    baseurl=http://kambing.ui.ac.id/centos/$releasever/contrib/$basearch/
    enable=1
    gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

    [kambing-fasttrack]
    name=CentOS.kambing-$releasever – Fasttrack
    baseurl=http://kambing.ui.ac.id/centos/$releasever/fasttrack/$basearch/
    enable=1
    gpgkey=http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5

    import GPG key untuk authentikasi :
    # rpm –import http://kambing.ui.ac.id/centos/RPM-GPG-KEY-CentOS-5
    # yum clean all
    # yum makecache
    # yum update
    # reboot
    # uname -a

    Linux jempol 2.6.18-164.11.1.el5.centos.plusxen #1 SMP Wed Jan 20 20:14:28 EST 2010 i686 i686 i386 GNU/Linux

    Install paket yang diperlukan :

    # yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils gcc
    gcc-c++ quota bind bind-chroot mysql mysql-devel mysql-server cyrus-sasl cyrus-sasl-devel
    cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot php php-devel php-gd php-imap
    php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick
    libxml2 libxml2-devel httpd-devel ruby ruby-devel mod_python perl-HTML-Parser perl-DBI perl-Net-DNS
    perl-Digest-SHA1 webalizer ntp

    Setting quota :
    tambahkan usrquota,grpquota dibelakang defaults pada root :
    # vi /etc/fstab
    /dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1
    LABEL=/boot /boot ext3 defaults 1 2
    tmpfs /dev/shm tmpfs defaults 0 0
    devpts /dev/pts devpts gid=5,mode=620 0 0
    sysfs /sys sysfs defaults 0 0
    proc /proc proc defaults 0 0
    /dev/VolGroup00/LogVol01 swap swap defaults 0 0

    # touch /aquota.user /aquota.group
    # chmod 600 /aquota.*
    # mount -o remount /
    # quotacheck -avugm
    # quotaon -avug

    Setting Chrooted DNS Server (BIND9) :
    # chmod 755 /var/named/
    # chmod 775 /var/named/chroot/
    # chmod 775 /var/named/chroot/var/
    # chmod 775 /var/named/chroot/var/named/
    # chmod 775 /var/named/chroot/var/run/
    # chmod 777 /var/named/chroot/var/run/named/
    # cd /var/named/chroot/var/named/
    # ln -s ../../ chroot
    # cp /usr/share/doc/bind-9.3.6/sample/var/named/named.local /var/named/chroot/var/named/named.local
    # cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/named.root
    # touch /var/named/chroot/etc/named.conf
    # chkconfig –levels 235 named on
    # /etc/init.d/named start

    Setting MySQL Server :
    # vi /etc/my.cnf
    Hapus tanda # pada bagian skip-networking
    # chkconfig –levels 235 mysqld on
    # /etc/init.d/mysqld start
    # mysqladmin -u root password rootpasswordmysql
    # mysqladmin -h jempol.wedus.us -u root password rootpasswordmysql

    Setting SMTP-AUTH dan TLS pada Postfix :
    # postconf -e ‘smtpd_sasl_local_domain =’
    # postconf -e ‘smtpd_sasl_auth_enable = yes’
    # postconf -e ‘smtpd_sasl_security_options = noanonymous’
    # postconf -e ‘broken_sasl_auth_clients = yes’
    # postconf -e ‘smtpd_sasl_authenticated_header = yes’
    # postconf -e ‘smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination’
    # postconf -e ‘inet_interfaces = all’
    # postconf -e ‘mynetworks = 127.0.0.0/8′
    Aktifkan PLAIN dan LOGIN untuk login dengan melakukan editing file :
    # vi /usr/lib/sasl2/smtpd.conf

    pwcheck_method: saslauthd
    mech_list: plain login

    Notes : untuk CentOS 64 bit letak file smtpd.conf di /usr/lib64/sasl2/smtpd.conf

    Certificate untuk TLS :

    # mkdir /etc/postfix/ssl
    # cd /etc/postfix/ssl/
    # openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

    # chmod 600 smtpd.key
    # openssl req -new -key smtpd.key -out smtpd.csr

    # openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

    # openssl rsa -in smtpd.key -out smtpd.key.unencrypted

    # mv -f smtpd.key.unencrypted smtpd.key
    # openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

    Configure Postfix for TLS:

    # postconf -e ‘smtpd_tls_auth_only = no’
    # postconf -e ‘smtp_use_tls = yes’
    # postconf -e ‘smtpd_use_tls = yes’
    # postconf -e ‘smtp_tls_note_starttls_offer = yes’
    # postconf -e ‘smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key’
    # postconf -e ‘smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt’
    # postconf -e ‘smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem’
    # postconf -e ‘smtpd_tls_loglevel = 1′
    # postconf -e ‘smtpd_tls_received_header = yes’
    # postconf -e ‘smtpd_tls_session_cache_timeout = 3600s’
    # postconf -e ‘tls_random_source = dev:/dev/urandom’

    Set hostname untuk Postfix :
    postconf -e ‘myhostname = jempol.wedus.us’
    Konfigurasi Postfix selesai, silahkan cek hasil konfigurasinya :
    # cat /etc/postfix/main.cf (comments sudah dihilangkan)

    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    mail_owner = postfix
    inet_interfaces = all
    mydestination = $myhostname, localhost.$mydomain, localhost
    unknown_local_recipient_reject_code = 550
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    debug_peer_level = 2
    debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    xxgdb $daemon_directory/$process_name $process_id & sleep 5

    sendmail_path = /usr/sbin/sendmail.postfix
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/postfix-2.3.3/samples
    readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    mynetworks = 127.0.0.0/8
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    myhostname = jempol.wedus.us

    Aktivasi protokol imap, imaps, pop3, dan pop3s pada Dovecot :
    # vi /etc/dovecot.conf

    # Protocols we want to be serving: imap imaps pop3 pop3s
    # If you only want to use dovecot-auth, you can set this to “none”.
    protocols = imap imaps pop3 pop3s

    Start on boot Postfix, saslauthd, Dovecot dan disable sendmail :

    # chkconfig –levels 235 sendmail off
    # chkconfig –levels 235 postfix on
    # chkconfig –levels 235 saslauthd on
    # chkconfig –levels 235 dovecot on
    # /etc/init.d/sendmail stop
    # /etc/init.d/postfix start
    # /etc/init.d/saslauthd start
    # /etc/init.d/dovecot start

    ##############
    To see if SMTP-AUTH and TLS work properly now run the following command:

    telnet localhost 25

    After you have established the connection to your Postfix mail server type

    ehlo localhost

    If you see the lines

    250-STARTTLS

    and

    250-AUTH LOGIN PLAIN

    everything is fine.

    [root@server1 ssl]# telnet localhost 25
    Trying 127.0.0.1…
    Connected to localhost.localdomain (127.0.0.1).
    Escape character is ‘^]’.
    220 server1.example.com ESMTP Postfix
    ehlo localhost
    250-server1.example.com
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    quit
    221 2.0.0 Bye
    Connection closed by foreign host.
    [root@server1 ssl]#

    Type

    quit

    Setting Maildir Dovecot
    Format Dovecot tidak menggunakan mbox tetapi menggunakan Maildir, aktifkan Maildir ini dari menu ISPConfig di Management -> Server -> Settings -> Email.

    postconf -e ‘home_mailbox = Maildir/’
    postconf -e ‘mailbox_command =’
    /etc/init.d/postfix restart

    Setting Apache Webserver :
    # vi /etc/httpd/conf/httpd.conf

    DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl

    Instalasi ISPCpnfig :
    Download ISPConfig2 terlebih dahulu di sini
    # tar zxvf ISPConfig.tar.gz
    # cd ISPConfig
    # ./setup

    CentOS 5.4
    Neuinstallation eines ISPConfig-Systems. / Installation of a new ISPConfig system. / Installation d’ISPConfig sur un nouveau syst�me.
    W�hlen Sie Ihre Sprache (deutsch/englisch/spanisch/franz�sisch/italienisch/niederl�ndisch/polnisch/schwedisch): / Please choose your language (German/English/Spanish/French/Italian/Dutch/Polish/Swedish): / Merci de choisir votre langue (Allemand/Anglais/Espagnol/Fran�ais/Italien/N�erlandais/Polonais/Su�dois):
    1) de
    2) en
    3) es
    4) fr
    5) it
    6) nl
    7) pl
    8) se
    Ihre Wahl: / Your Choice: / Votre Choix:2
    With the system installation, some system files are replaced where adjustments were made. This can lead to loss of entries in httpd.conf, named.conf as well as in the Sendmail configuration.

    Do you want to continue with the installation? [y/n]y
    Please read through the licence carefully:

    Copyright (c) 2005, projektfarm GmbH, Till Brehm, Falko Timme
    All rights reserved.

    Redistribution and use in source and binary forms, with or without modification,
    are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
    this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
    this list of conditions and the following disclaimer in the documentation
    and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
    may be used to endorse or promote products derived from this software without
    specific prior written permission.

    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND
    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
    IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
    INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
    OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
    NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
    EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

    Do you accept the licence? [y/n]y

    Please select the installation mode. In expert mode you have to answer some additional questions. In standard mode standard values are assumed for these questions.
    1) standard
    2) expert
    Your Choice: 1

    ########## MAIL SERVER ##########

    Checking for MTA…
    /usr/sbin/postfix
    OK

    ISPConfig found the following MTA:
    postfix
    Is this correct? [y/n]y

    ########## FTP SERVER ##########

    Checking if an FTP server is installed…
    /usr/sbin/proftpd
    OK

    ISPConfig found the following FTP server:
    proftpd
    Is this correct? [y/n]y

    ########## PROCMAIL ##########

    Checking for package procmail…
    /usr/bin/procmail
    OK

    ########## QUOTA ##########

    Checking for package quota…
    /usr/bin/quota
    OK

    ########## MYSQL SERVER ##########

    Checking for package MySQL…
    /usr/bin/mysql
    OK

    ########## OPENSSL ##########

    Checking for package openssl…
    /usr/bin/openssl
    OK

    ########## DNS SERVER ##########

    Checking for package bind…
    /usr/sbin/named
    OK

    ########## IPTABLES/IPCHAINS/IPFW ##########

    Checking for program iptables/ipchains/ipfw…
    /sbin/iptables
    OK

    ########## WEB SERVER ##########

    Checking for program httpd…
    /usr/sbin/httpd
    OK
    Checking the syntax of the httpd.conf…
    Syntax OK
    The syntax is ok!

    ########## gcc ##########

    /usr/bin/gcc
    OK

    ########## make ##########

    /usr/bin/make
    OK

    ########## lex ##########

    /usr/bin/lex
    OK

    ########## g++ ##########

    /usr/bin/g++
    OK

    ########## INSTALLATION ##########

    proses instalasi……….
    ————
    Generating custom certificate signed by own CA [CUSTOM]
    ______________________________________________________________________

    STEP 0: Decide the signature algorithm used for certificates
    The generated X.509 certificates can contain either
    RSA or DSA based ingredients. Select the one you want to use.
    Signature Algorithm ((R)SA or (D)SA) [R]:R
    ______________________________________________________________________

    STEP 1: Generating RSA private key for CA (1024 bit) [ca.key]
    178805 semi-random bytes loaded
    Generating RSA private key, 1024 bit long modulus
    ………………….++++++
    ………………….++++++
    e is 65537 (0x10001)
    ______________________________________________________________________

    STEP 2: Generating X.509 certificate signing request for CA [ca.csr]
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter ‘.’, the field will be left blank.
    —–
    1. Country Name (2 letter code) [XY]:ID
    2. State or Province Name (full name) [Snake Desert]:East Java
    3. Locality Name (eg, city) [Snake Town]:Malang
    4. Organization Name (eg, company) [Snake Oil, Ltd]:PT. Wedus Gembel
    5. Organizational Unit Name (eg, section) [Certificate Authority]:Wedus Team
    6. Common Name (eg, CA name) [Snake Oil CA]:Wedus CA
    7. Email Address (eg, name@FQDN) [ca@snakeoil.dom]:ca@wedus.us
    8. Certificate Validity (days) [365]:365
    ______________________________________________________________________

    STEP 3: Generating X.509 certificate for CA signed by itself [ca.crt]
    Certificate Version (1 or 3) [3]:3
    Signature ok
    subject=/C=ID/ST=East Java/L=Malang/O=PT. Wedus Gembel/OU=Wedus Team/CN=Wedus CA/emailAddress=ca@wedus.us
    Getting Private key
    Verify: matching certificate & key modulus
    Verify: matching certificate signature
    ../conf/ssl.crt/ca.crt: /C=ID/ST=East Java/L=Malang/O=PT. Wedus Gembel/OU=Wedus Team/CN=Wedus CA/emailAddress=ca@wedus.us
    error 18 at 0 depth lookup:self signed certificate
    OK
    ______________________________________________________________________

    STEP 4: Generating RSA private key for SERVER (1024 bit) [server.key]
    178947 semi-random bytes loaded
    Generating RSA private key, 1024 bit long modulus
    ………++++++
    ……………++++++
    e is 65537 (0x10001)
    ______________________________________________________________________

    STEP 5: Generating X.509 certificate signing request for SERVER [server.csr]
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter ‘.’, the field will be left blank.
    —–
    1. Country Name (2 letter code) [XY]:ID
    2. State or Province Name (full name) [Snake Desert]:East Java
    3. Locality Name (eg, city) [Snake Town]:Malang
    4. Organization Name (eg, company) [Snake Oil, Ltd]:PT. Wedus Gembel
    5. Organizational Unit Name (eg, section) [Webserver Team]:Wedus Team
    6. Common Name (eg, FQDN) [www.snakeoil.dom]:www.wedus.us
    7. Email Address (eg, name@fqdn) [www@snakeoil.dom]:info@wedus.us
    8. Certificate Validity (days) [365]:365
    ______________________________________________________________________

    STEP 6: Generating X.509 certificate signed by own CA [server.crt]
    Certificate Version (1 or 3) [3]:3
    Signature ok
    subject=/C=ID/ST=East Java/L=Malang/O=PT. Wedus Gembel/OU=Wedus Team/CN=www.wedus.us/emailAddress=info@wedus.us
    Getting CA Private Key
    Verify: matching certificate & key modulus
    Verify: matching certificate signature
    ../conf/ssl.crt/server.crt: OK
    ______________________________________________________________________

    STEP 7: Enrypting RSA private key of CA with a pass phrase for security [ca.key]
    The contents of the ca.key file (the generated private key) has to be
    kept secret. So we strongly recommend you to encrypt the server.key file
    with a Triple-DES cipher and a Pass Phrase.
    Encrypt the private key now? [Y/n]: y
    writing RSA key
    Enter PEM pass phrase:
    Verifying – Enter PEM pass phrase:
    Fine, you’re using an encrypted private key.
    _______________________________________________________________________

    STEP 8: Enrypting RSA private key of SERVER with a pass phrase for security [server.key]
    The contents of the server.key file (the generated private key) has to be
    kept secret. So we strongly recommend you to encrypt the server.key file
    with a Triple-DES cipher and a Pass Phrase.
    Encrypt the private key now? [Y/n]: y
    writing RSA key
    Enter PEM pass phrase:
    Verifying – Enter PEM pass phrase:

    ————
    Connected successfully to MySQL server
    no crontab for root
    Restarting some services…
    Shutting down postfix: [ OK ]
    Starting postfix: [ OK ]
    Shutting down proftpd: [ OK ]
    Starting proftpd: [ OK ]
    Starting ISPConfig system…
    Apache/1.3.41 mod_ssl/2.8.31 (Pass Phrase Dialog)
    Some of your private key files are encrypted for security reasons.
    In order to read them you have to provide us with the pass phrases.

    Server jempol.wedus.us:81 (RSA)
    Enter pass phrase:

    Ok: Pass Phrase Dialog successful.
    /root/ispconfig/httpd/bin/apachectl startssl: httpd started
    ISPConfig system is now up and running!
    Congratulations! Your ISPConfig system is now installed. If you had to install quota, please take the steps described in the installation manual. Otherwise your system is now available without reboot.
    Please direct your browser to

    https://jempol.wedus.us:81

    and log in:
    Username: admin
    Password: admin

    [root@jempol install_ispconfig]#

    Reference : http://www.howtoforge.org

    Drivel : A journal client for gnome desktop

    Setelah sekian lama make ubuntu ternyata baru tahu kalau ada software untuk membuat atau mengedit entri blog / live journal tanpa kita perlu masuk ke journal/blog kita, namanya Drivel. Journal yang disupport ternyata juga cukup lengkap dari mulai wordpress (pastinya :D ), blogger, atom, livejournal, dan juga advogato. Post entry ini ditulis menggunakan drivel sekaligus nyoba :)
    Kalo berminat dan kebetulan seiman dengan saya (maksudnya sama-sama pake ubuntu) tinggal ketik :
    $ sudo aptitude install drivel
    Dann.. happy blogging…

    Install DataBase PostgreSQL 8.4 di Ubuntu 9.10

    Untuk menginstall Database PostgreSQL di Ubuntu OS tidaklah sulit, apalagi ubuntu udah menyediakan package-packagenya. Mungkin yang perlu diperhatikan hanyalah langkah-langkahnya, berikut adalah langkah-langkah menginstall Databas PostgreSQL:

    Langkah pertama adalah menginstall PostgreSQL Server disini saya menggunakan PostgreSQL Server 8.4, untuk mendapatkan packagenya bisa menggunakan Synaptic Package Manager

    → Quick Search with key “postgresql”

    maka akan muncul nama-nama package yang tersedia di ubuntu

    → postgresql-server-dev-8.4

    pilih mark for installation lalu Applay maka secara otomatis proses installasi akan berjalan dengan sendirinya.

    Langkah berikutnya adalah install PostgreSQL Client, PostgreSQL Contrib & Install PgAdmin3, pada intalasi berikut bisa dilakukan melalui Synaptic atau langsung melalui Continue reading

    First Time Install Ubuntu

    Apa yang anda lakukan ketika pertama kali melakukan fresh install ubuntu ?
    Setelah melakukan update ke repository terdekat biasanya ada beberapa package yang perlu diinstall untuk kenyamanan kita menggunakan ubuntu, diantaranya :
    1. Ubuntu extras

    2. Software Packager

    3. More fonts

    Continue reading

    Install Openbravo ERP di Ubuntu Jaunty

    Langkah-langkah instalasi Openbravo ERP dan dependensinya di Ubuntu. Langkah instalasi ini diinstall di environment Jaunty desktop dan disarankan menggunakan memory 1GB.
    a. PostgreSQL
    – Install paket postgreSQL :
    $ sudo aptitude install postgresql-8.3 postgresql-contrib-8.3
    – Ubah password root postgresql :
    $ sudo su – postgres -c psql
    postgres=# alter role postgres with password ‘new_password';
    postgres=# q

    b. Sun Java (JDK)
    – Install paket instalasi java JDK:
    $ sudo aptitude install sun-java6-jdk
    – Set Sun Java JDK sebagai default JDK:
    $ sudo update-java-alternatives -s java-6-sun
    – Buat variable JAVA_HOME:
    $ sudo echo ‘JAVA_HOME=”/usr/lib/jvm/java-6-sun”‘ | sudo tee -a /etc/environment
    – Supaya variabel ini bisa langsung digunakan tulis :
    $ source /etc/environment
    Continue reading

    Init level, boot order and root access ubuntu

    Untuk mengubah boot order di ubuntu, open file /boot/grub/menu.lst dan pada bagian default, ganti angka disitu dengan urutan boot menunya.
    Untuk mengubah run init level di linux biasanya tinggal mengubah init default di file /etc/inittab dan disesuaikan dengan run level yang diinginkan. Tapi di ubuntu agak berbeda, karena ubuntu berjalan di init level 2 dan semuanya berjalan di xwindow. Apabila menginginkan booting manual ke console (init level 3), buat file /etc/inittab (di jaunty server tidak ada file ini) dan tambahkan dengan :

      id:3:initdefault:

    Kemudian pindahkan atau rename file /etc/rc3.d/S*0gdm. Kemudian restart….
    Root access di ubuntu by default dilock, untuk aktifinnya (hanya apabila diperlukan saja) :

      $ sudo bash

    atau :

      $ sudo su

    kemudian ganti password dengan password yang diinginkan :

      # passwd root

    Root udah aktif..
    Dan untuk menonaktifkan lagi root access apabila tidak diperlukan :

      $ sudo passwd -l root

    Permission file

    Finally… Ubuntu 9.04 Jaunty Jackalope Muncul Juga

    Setelah nunggu sepagian nggak nongol-nongol, akhirnya release resmi Ubuntu 9.04 dengan code name Jaunty Jackalope diumumkan. Release ini sesuai dengan janji pihak Ubuntu yang akan mengeluarkan release terbaru setiap 6 bulan sekali. Ya tepatnya hari ini tanggal 23 April 2009, tentunya waktu US sono, bukan Indonesia hehehe. Tentunya bagi para ubuntuer, ini adalah saat-saat yang ditunggu-tunggu apalagi release ini menjanjikan banyak perubahan. Untuk change log release Jaunty Jackalope ini bisa dilihat di official website Ubuntu disini.
    Saya pribadi sebenarnya ndak nunggu download iso-nya glondongan, cukup pengen upgrade aja dari intrepid ke jaunty, tapi nunggu sampai ready di repository lokal telkom aja. Biar ndak kroyokan download/upgrade apalagi secara bandwidth disini juga pas-pasan.
    Setelah ngecek berkali-kali, akhirnya release yang ditunggu keluar juga :). Yukz langsung upgrade aja. Terserah mau pake cara yang mana. Kalau mau pake update manager :

      $ update-manager -d

    Sampai muncul gambar seperti dibawah ini :

    Continue reading

    Upgrade Oracle 10.2.0.1 ke 10.2.0.4 di Windows

    Upgrade database oracle sebaiknya dilakukan di mesin testing terlebih dahulu sebelum dilakukan upgrade yang sesungguhnya di mesin production, untuk meminimalisir kesalahan atau error di database production. Untuk list patch set terbaru oracle silahkan anda berkunjung ke website resmi oracle disini. Testing disini menggunakan OS Windows 2003 SP2 dengan oracle versi 10.2.0.1 dalam kondisi fresh install.

    Persiapan Sebelum Upgrade

    • Download patch set number 6810189 dari metalink oracle.
      tentunya anda juga harus mempunyai account suppot identifier oracle (CSI) yang valid.
    • Buat instan database
      Buat instan database dengan spesifikasi yang sama dengan database production. Dalam contoh ini saya menggunakan SID : ORCL
    • Import database
      Import database dari backup server production, dengan cara yang biasa anda lakukan di environment anda, dan pastikan telah bekerja dengan baik.
    • Matikan semua service oracle
      Continue reading

    Metasploit II : Mass Exploitation

    Artikel ini merupakan lanjutan dari artikel sebelumnya yaitu Metasploit I : Teknik Dasar. Dalam artikel yang kedua ini saya ingin membahas mengenai penggunaan metasploit untuk mass exploitation dengan menggunakan db_autopwn.
    Sebelumnya pastikan instalasi metasploit kita sudah terintegrasi terlebih dahulu dengan database (bisa menggunakan MySQL, postgre, ataupun SQLite3) dan nmap. Prosedur instalasinya silahkan anda lihat disini.
    Metode mass exploitation pertama yang akan saya gunakan dalam artikel ini menggunakan teknik mass exploit pada satu mesin dengan memanfaatkan vulnerability di seluruh layanan server/port yang terbuka, atau kita istilahkan pendekatan secara vertikal (istilah ini ndak akan ketemu kalo mbuka-mbuka kamus eksploitasi sistem, lha wong istilahnya made in indo hahaha.. ). Model pendekatan yang lain juga akan dicoba (secara singkat) di bawah artikel ini.

    Metode mass exploit secara vertikal
    Ya dah langsung kita coba aja ke satu mesin yang sudah kita siapkan sebelumnya.
    Continue reading