분류 전체보기

ROAD-DC2 ※ncpa.cpl 실행 ※road.com 도메인 가입 후, powershell 실행 Install-WindowsFeature ad-domain-services –IncludeManagementTools Install-ADDSDomainController -DomainName road.com –NoGlobalCatalog RIGHT-R1, RIGHT-R2, ROAD-CA, ROAD-CA2 ※road.com 도메인 가입 ROAD-DC ※dssite.msc 실행 ROAD-DC2 ※powershell 실행 repadmin /syncall /Aed ROAD-DC ※powershell 실행 repadmin /syncall /Aed Restart-Service dns -PassThru ※dnsmgmt..

LEFT-R1, RIGHT-R1, FW ※powershell 실행 Install-WindowsFeature routing -IncludeManagementTools ※rrasmgmt.msc 실행 ※services.msc 실행 LEFT-R1 ※powershell 실행 $proposal1 = New-NetIPsecAuthProposal -Machine -PreSharedKey "Skill39" $set1 = New-NetIPsecPhase1AuthSet -DisplayName set1 -proposal $proposal1 $proposal2 = New-NetIPsecMainModeCryptoProposal -Encryption DES3 –Hash SHA256 -KeyExchange DH14 $set2 = N..

ROAD-DC ※powershell 실행 Install-WindowsFeature ad-domain-services –IncludeManagementTools Install-ADDSForest -DomainName road.com ※도메인 구성 완료 후, powershell_ise를 실행해, 아래 스크립트 작성하고, 실행 New-ADOrganizationalUnit ROAD New-ADGroup -GroupScope Global ROADS -Path "ou=ROAD,dc=road,dc=com" New-ADGroup -GroupScope Global VISITORS -Path "ou=ROAD,dc=road,dc=com" for ($i=1; $i –lt 11; $i++) { $a=’{0:d2}’ –f $i ..

A-M #cd /etc/ssl/ #openssl req –new –out vpn.req –newkey rsa:2048 –nodes –keyout vpn.key ※cn은 vpn.alpha.com #openssl ca –in vpn.req –out vpn.crt A-S #apt –y install openvpn #cd /etc/openvpn/ #scp 192.168.0.1:/etc/ssl/vpn.* ./ #scp 192.168.0.1:/etc/ssl/alpha/cacert.pem ./ #openssl dhparam –out dh2048.pem 2048 #cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ #gu..

A-Proxy #apt –y install haproxy #scp –r 192.168.0.2:/etc/apache2/intra.* /etc/ssl/ #scp 192.168.0.2:/etc/apache2/cacert.pem /etc/ssl/ #cat /etc/ssl/intra.crt /etc/ssl/intra.key > /etc/ssl/intra.pem #vim /etc/haproxy/haproxy.cfg #systemctl restart haproxy A-CLI ※alpha-CA 인증서를 Firefox에 설치

A-S, A-S2 #apt –y install apache2 php7.0 libapache2-mod-php7.3 ldap-utils #scp 192.168.0.4:/etc/ldap/ldap.conf /etc/ldap/ A-M #cd /etc/ssl #openssl req –new –out intra.req –newkey rsa:2048 –nodes –keyout intra.key ※CN은 intra.alpha.com #openssl ca –in intra.req –out intra.crt A-S #cd /etc/apache2/ #scp 192.168.0.1:/etc/ssl/intra.* /etc/apache2/ #scp 192.168.0.1:/etc/ssl/alpha/cacert.pem /etc/apac..

A-M #cd /etc/ssl/ #openssl req –new –out mail.req –newkey rsa:2048 –nodes –keyout mail.key *CN=mail.alpha.com #openssl ca –in mail.req –out mail.crt A-S #scp 192.168.0.1:/etc/ssl/mail.* /etc/ssl/ #scp 192.168.0.1:/etc/ssl/alpha/cacert.pem /etc/ssl/ #apt-get –y install postfix dovecot-imapd #vim /etc/postfix/main.cf #vim /etc/postfix/master.cf #vim /etc/dovecot/conf.d/10-auth.conf #vim /etc/dovec..

A-S #apt –y install krb5-user libpam-krb5 ldap-utils #scp 192.168.0.4:/etc/krb5.conf /etc #kadmin -p admin :addprinc -randkey host/a-s.alpha.com :ktadd host/a-s.alpha.com #chmod 777 /etc/krb5.keytab #apt -y install libnss-ldapd #echo ‘session optional pam_mkhomedir.so’ >> /etc/pam.d/common-session #reboot A-CLI #apt –y install krb5-user libpam-krb5 ldap-utils #scp 192.168.0.4:/etc/krb5.conf /etc..

A-S, A-S2, A-D, A-CLI, B-N, B-CLI #scp 192.168.0.1:/etc/ssl/alpha/cacert.pem /usr/local/share/ca-certificates/ca.crt #update-ca-certificates A-M #cd /etc/ssl #vim exts #openssl req –new –out ldap.req –newkey rsa:2048 –nodes –keyout ldap.key ※CN은 LDAP #openssl ca –in ldap.req –out ldap.crt –extfile exts A-D #scp 192.168.0.1:/etc/ssl/ldap.* /etc/ssl/ #scp 192.168.0.1:/etc/ssl/alpha/cacert.pem /etc..

A-M #apt –y install isc-dhcp-server #vim /etc/default/isc-dhcp-server #vim /etc/dhcp/dhcpd.conf #systemctl restart isc-dhcp-server B-M #apt –y install isc-dhcp-relay #vim /etc/default/isc-dhcp-relay #systemctl restart isc-dhcp-relay ISP #apt –y install isc-dhcp-server #vim /etc/default/isc-dhcp-server #vim /etc/dhcp/dhcpd.conf #systemctl restart isc-dhcp-server