Server Log Debian

1. Server Log Debian
2. Linux Server and router for WARNET - (another) HOWTO
3.  
4. Download Debian from http://cdimage.debian.org/debian-cd/current/i386/iso-cd/debian-6.0.4-i386-netinst.iso
5. Install just SSH and uncheck Standart System Utilities.
6.  
7. what i have done :
8. 1. a subdomain from afraid.org (hade.netgameonline.com)
9. 2. redirect port (80, 443) from modem to 192.168.1.2
10.  
11. MODEM (pppoe) >> eth1 >> DEBIAN BOX >> eth0
12. 192.168.1.1 192.168.1.2/24 192.168.1.2/24
13.  
14. host = hade domain = netgameonline.com
15.  
16. add repository :
17. echo deb http://kambing.ui.ac.id/debian/ squeeze main | tee -a /etc/apt/sources.list
18. echo deb-src http://kambing.ui.ac.id/debian/ squeeze main | tee -a /etc/apt/sources.list
19. echo deb http://kambing.ui.ac.id/debian/ squeeze-updates main | tee -a /etc/apt/sources.list
20. echo deb-src http://kambing.ui.ac.id/debian/ squeeze-updates main | tee -a /etc/apt/sources.list
21. echo deb http://download.webmin.com/download/repository sarge contrib | tee -a /etc/apt/sources.list
22. echo deb http://archive.canonical.com/ lucid partner | tee -a /etc/apt/sources.list | tee -a /etc/apt/sources.list
23. echo deb http://packages.dotdeb.org squeeze all | tee -a /etc/apt/sources.list
24. echo deb-src http://packages.dotdeb.org squeeze all | tee -a /etc/apt/sources.list
25. cd /root
26. wget http://www.dotdeb.org/dotdeb.gpg
27. cat dotdeb.gpg | apt-key add -
28. wget http://www.webmin.com/jcameron-key.asc
29. apt-key add jcameron-key.asc
30.  
31. apt-get update
32.  
33. apt-get -y install build-essential mc webmin bind9 bind9-doc dnsutils
34.  
35. /etc/init.d/bind9 stop
36. mkdir -p /var/chroot/bind9/{etc,dev,var/cache/bind,var/run/bind/run}
37. chown -R bind:bind /var/chroot/bind9/var/*
38. mknod /var/chroot/bind9/dev/null c 1 3
39. mknod /var/chroot/bind9/dev/random c 1 8
40. chmod 666 /var/chroot/bind9/dev/{null,random}
41. mv /etc/bind /var/chroot/bind9/etc
42. ln -s /var/chroot/bind9/etc/bind /etc/bind
43. chown -R bind:bind /etc/bind/*
44. echo "\$AddUnixListenSocket /var/chroot/bind9/dev/log" > /etc/rsyslog.d/bind-chroot.conf
45.  
46. edit bind9 to use the chroot (file /etc/default/bind9):
47. from OPTIONS="-u bind" to OPTIONS="-u bind -t /var/chroot/bind9"
48. nano /etc/default/bind9
49.  
50. restart rsyslogd and start bind9.
51.  
52. /etc/init.d/rsyslog restart ; /etc/init.d/bind9 start
53.  
54. 2. Let’s configure Bind. We need to touch 4 files.
55.  
56. We will edit 3 files.
57.  
58. * /etc/bind/named.conf.local
59. * /etc/bind/named.conf.options
60. * /etc/resolv.conf
61.  
62. We will create 1 files.
63.  
64. * /etc/master/hade.netgameonline.com.zone
65.  
66. A. First step. Lets add our domain zone – hade.netgameonline.com.
67.  
68. nano /etc/bind/named.conf.local
69.  
70. //
71. // Do any local configuration here
72. //
73. zone "hade.netgameonline.com" {
74. type master;
75. file "/etc/master/hade.netgameonline.com.zone";
76. allow-transfer {
77. 127.0.0.1; # localhost
78. 50.23.197.94; # ns1.afraid.org
79. 174.37.196.55; # ns2.afraid.org
80. 192.168.1.2; # local
81. };
82. notify yes;
83. };
84. // Consider adding the 1918 zones here, if they are not
85. // used in your organization
86. include "/etc/bind/zones.rfc1918";
87.  
88. Save file. Exit.
89.  
90. We just created a new domain. Please note: later we will create one files named hade.netgameonline.com.zone files.
91.  
92. B. Let’s add the DNS servers from your ISP. In my case, I’m using telkom.net.id DNS servers. You can place the primary and secondary DNS servers here separated by semicolons.
93.  
94. nano /etc/bind/named.conf.options
95.  
96. // forwarders {
97. // 0.0.0.0;
98. // };
99. forwarders {
100. 202.134.1.5;
101. 202.134.0.155;
102. 202.134.0.5;
103. 202.134.2.5;
104. 202.134.1.10;
105. 203.130.208.18;
106. 203.130.206.250;
107. 203.130.196.6;
108. 203.130.196.155;
109. 203.130.196.5;
110. 222.124.204.34;
111. 203.130.208.18;
112. };
113.  
114. Save file. Exit.
115.  
116. C. Now, let’s modify the resolv.conf file found in /etc and place the IP address of our DNS server which is set to 192.168.1.100.
117.  
118. cat > /etc/resolv.conf << "EOF"
119. # Begin /etc/resolv.conf
120. domain hade.netgameonline.com
121. nameserver 127.0.0.1
122. nameserver 192.168.1.1
123. nameserver 50.23.197.94
124. nameserver 174.37.196.55
125. nameserver 110.136.159.200
126. # End /etc/resolv.conf
127. EOF
128.  
129.  
130. D. Now, let’s define the zones.
131. " http://www.zonefile.org "
132.  
133. mkdir -p /etc/master
134. nano /etc/master/hade.netgameonline.com.zone
135.  
136. ; hade.netgameonline.com
137. $TTL 3600
138. hade.netgameonline.com. IN SOA a.root-servers.net. [email protected]. (
139. 2012031801 ; Serial
140. 3H ; refresh after 3 hours
141. 1H ; retry after 1 hour
142. 1W ; expire after 1 week
143. 1D) ; minimum TTL of 1 day
144.  
145. ; Name Server
146. IN NS ns1.afraid.org.
147. IN NS ns2.afraid.org.
148. IN NS hade.netgameonline.com.
149.  
150. ; Mail Exchanger
151.  
152. hade.netgameonline.com. IN A 110.136.159.200
153. www IN CNAME 110.136.159.200
154.  
155. ; Resource Record - veryfy the IP where your mails come from(disable if not needed)
156. ; @ IN TXT "v=spf1 ip4:85.214.123.0/24 -all"
157.  
158. ; EOF
159.  
160. 3. Let’s restart Bind to activate our latest changes.
161.  
162. /etc/init.d/bind9 restart
163.  
164. 4. Finally, let’s test our new domain and DNS entries.
165.  
166. dig localhost
167. dig hade.netgameonline.com
168. nslookup localhost
169. nslookup hade.netgameonline.com
170.  
171. apt-get -y install apache2
172.  
173. Generate A certificate
174.  
175. mkdir /etc/apache2/ssl
176. cd /etc/apache2/ssl
177. openssl req -x509 -days 365 -newkey rsa:1024 -keyout hostkey.key -nodes -out hostcert.pem
178.  
179. --------------
180. Generating a 1024 bit RSA private key
181. ...........++++++
182. ......++++++
183. writing new private key to '/etc/apache2/ssl/hostcert.pem'
184. -----
185. You are about to be asked to enter information that will be incorporated
186. into your certificate request.
187. What you are about to enter is what is called a Distinguished Name or a DN.
188. There are quite a few fields but you can leave some blank
189. For some fields there will be a default value,
190. If you enter '.', the field will be left blank.
191. -----
192. Country Name (2 letter code) [AU]:ID
193. State or Province Name (full name) [Some-State]:West Java
194. Locality Name (eg, city) []:Bandung
195. Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hade Network
196. Organizational Unit Name (eg, section) []:Hade Warnet
197. Common Name (eg, YOUR name) []:Wandi Budiana
198. Email Address []:[email protected]
199. root@debian:~#
200. ------------------------
201.  
202. chmod 700 *
203.  
204. nano /etc/apache2/sites-available/default-ssl
205. //update the following:
206.  
207. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
208. SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
209.  
210. with :
211.  
212. SSLCertificateFile /etc/apache2/ssl/hostcert.pem
213. SSLCertificateKeyFile /etc/apache2/ssl/hostkey.key
214.  
215. ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl
216. a2enmod ssl
217. /etc/init.d/apache2 restart or /etc/init.d/apache2/force-reload
218.  
219. wget http://download.avgfree.com/filedir/inst/avg2012flx-r1786-a4748.i386.deb
220. dpkg --install avg2012flx-r1786-a4748.i386.deb
221. avgctl
222. reboot
223. avgupdate