Setup Proxy Menggunakan Squid 3 squid3

Posted on by
Reply

Assalamualaikum,

pastikan mesin linux anda telah diinstall ubuntu 12 13 atau 14

dapat juga menggunakan OS centos 6.5 new diatasnya

jalankan perintah apt-get install squid3

pada file /etc/squid/squid.conf ini sebagai berikut:

#STAR CONFIG=========================================
# ACCESS CONTROLS OPTIONS
# ====================
#
acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost
acl all src
acl LAB src 10.237.0.0/16 # NETWORK LABOR
#acl to_localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81 2087 10000
#acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com
acl ym dstdomain .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com
acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com
acl ym dstdomain .voice.yahoo.com
acl ymregex url_regex yupdater.yim ymsgr myspaceim

acl porno url_regex -i “/etc/squid3/blok-situs”
acl YT dstdomain .youtube.com

#
http_access deny ym
http_access deny ymregex
#http_access allow to_locallhost
#http_access deny manager Continue reading

Menambahkan Hard Disk Pada Sistem Operasi Linux

Posted on by
Reply

Assalamualaikum,

Cara menambahkan HDD pada linux:

1 pasang HDD SATA/SCSI/ATA pada mesin linux

2 deteksi dengan perintah lshw -C disk

*-disk
description: SCSI Disk
physical id: 0.0.0
bus info: scsi@4:0.0.0
logical name: /dev/sdb
size: 279GiB (300GB)
capabilities: gpt-1.00 partitioned partitioned:gpt
configuration: guid=948a39bb-7397-44cd-96fe-6d473ce46212 sectorsize=512
*-cdrom
description: DVD reader
product: DVD-ROM TS-H353C
vendor: TSSTcorp
physical id: 0.0.0
bus info: scsi@0:0.0.0
logical name: /dev/cdrom
logical name: /dev/sr0
version: LE01 Continue reading

NETWORK FORENSIC Investigasi bruteforce password pada mail server ZIMBRA ZCS

Posted on by
Reply

DOWNLOAD Investigasi bruteforce password pada mail server ZIMBRA ZCS

Investigasi bruteforce password pada mail server ZIMBRA ZCS

Baca do’a

  1. Masuk ke console server zimbra /opt/zimbra/log
  2. Dengan perintah ls perhatikan file audit.log
  3. Jalankan perintah grep invalid password audit.log

Contoh hasil dari perintah:

 

[root@mail log]# grep invalid password audit.log

grep: password: No such file or directory

audit.log:2015-06-13 01:17:42,596 WARN  [Pop3Server-170] [ip=211.94.189.55;] security – cmd=Auth; account=akun_saya@binadarma.ac.id; protocol=pop3; error=authentication failed for [akun_saya], invalid password;

 

audit.log:2015-06-13 07:18:04,713 WARN  [Pop3Server-7] [ip=211.94.189.55;] security – cmd=Auth; account=akun_saya@binadarma.ac.id; protocol=pop3; error=authentication failed for [akun_saya], invalid password;

 

audit.log:2015-06-13 07:56:19,828 WARN  [btpool0-5://localhost/service/soap/AuthRequest] [name=akun_saya@binadarma.ac.id;oip=211.94.189.55;ua=zclient/7.2.5_GA_2906;] security – cmd=Auth; account=akun_saya@binadarma.ac.id; protocol=soap; error=authentication failed for [akun_saya], invalid password;

 

audit.log:2015-06-13 07:56:36,180 WARN  [btpool0-16://localhost/service/soap/AuthRequest] [name=akun_saya@binadarma.ac.id;oip=211.94.189.55;ua=zclient/7.2.5_GA_2906;] security – cmd=Auth; account=akun_saya@binadarma.ac.id; protocol=soap; error=authentication failed for [akun_saya], invalid password;

 

audit.log:2015-06-13 07:18:04,713 WARN  [Pop3Server-7] [ip=211.94.189.55;] security – cmd=Auth; account=akun_saya@binadarma.ac.id; protocol=pop3; error=authentication failed for [akun_saya], invalid password;

 

audit.log:2015-06-13 07:56:19,828 WARN  [btpool0-5://localhost/service/soap/AuthRequest] [name=akun_saya@binadarma.ac.id;oip=211.94.189.55;ua=zclient/7.2.5_GA_2906;] security – cmd=Auth; account=akun_saya@binadarma.ac.id; protocol=soap; error=authentication failed for [akun_saya], invalid password;

 

audit.log:2015-06-13 07:56:36,180 WARN  [btpool0-16://localhost/service/soap/AuthRequest] [name=akun_saya@binadarma.ac.id;oip=211.94.189.55;ua=zclient/7.2.5_GA_2906;] security – cmd=Auth; account=akun_saya@binadarma.ac.id; protocol=soap; error=authentication failed for [akun_saya], invalid password;

======dan seterusnya, baris record log ada sekitar 100 lebih…

 

 

  1. Perhatikan pada bagian oip da ip, disitu terlihat ip penyerang. Mengapa IP tersebut menjadi tersangka ?

Jawab: karena pada komentar “error=authentication failed for [akun_saya], invalid password;” audit.log menunjukkan berulang kali bahkan sampai ratusan baris record yang mengindikasi kegagalan login akibat bruteforce

  1. Jika hal ini dibiarkan, maka akun yang di bruteforce akan terkunci bahkan server akan mengalami down dan membesarnya log, karena tidak ada system yang mengatur blokir IP bruteforce pada zimbra
  2. Langkah sederhana untuk menghindari serangan pada bruteforce akun email, dengan melakukan investigasi IP penyerang yaitu mempelajari audit.log
  3. Kemudian memblokir IP penyerang dengan iptables:
    iptables -I INPUT -s 211.94.189.55 -j DROP

iptables -I INPUT -s 211.94.189.55 -p tcp –dport 7071 -j DROP

iptables -I INPUT -s 211.94.189.55 -p tcp –dport 80 -j DROP

  1. Seorang sysadmin harus selalu memantau