A-EDGE, B-EDGE #apt –y install strongswan A-M #cd /etc/ssl #openssl req –new –out a.req –newkey rsa:2048 –nodes –keyout a.key ※CN은 100.0.0.1 #openssl ca –in a.req –out a.crt #openssl req –new –out b.req –newkey rsa:2048 –nodes –keyout b.key ※CN은 100.0.1.1 #openssl ca –in b.req –out b.crt A-EDGE #scp 192.168.0.1:/etc/ssl/alpha/cacert.pem /etc/ipsec.d/cacerts/ #scp 192.168.0.1:/etc/ssl/*.crt /etc/..
분류 전체보기
A-M #cd /etc/ssl #vim /etc/ssl/openssl.cnf #vim /usr/lib/ssl/misc/CA.pl #/usr/lib/ssl/misc/CA.pl –newca ※암호는 korea2020!, CN은 alpha-CA로 지정 #apt –y install apache2 #cd /etc/ssl/ #openssl req –new –out crl.req –newkey rsa:2048 –keyout crl.key –nodes ※CN은 crl.alpha.com #openssl ca –in crl.req –out crl.crt #openssl ca –gencrl –out /var/www/html/alpha-CA.crl #a2enmod ssl #a2ensite default-ssl.conf #vi..
A-M #apt –y install bind9 #vim /etc/bind/named.conf.options #vim /etc/bind/named.conf #cp /etc/bind/db.empty /var/cache/bind/alpha.zone #cp /etc/bind/db.127 /var/cache/bind/192.rev #vim /var/cache/bind/alpha.zone :%s:localhost:ns.alpha.com:g #vim /var/cache/bind/192.rev :%s:localhost:ns.alpha.com:g #chmod 777 –R /var/cache/bind #systemctl restart bind9 #vim /etc/resolv.conf scp /etc/resolv.conf ..
Root로 로그인 커넥트 클릭 Apt install smbclient cur, lynx dnsutils ldap-utils ftp lftp wget ssh nfs-common rsync, telnet traceroute tcptraceroute Y로 한다 설치중 Apt intall vim net-tools dnsutils ssh telnet open-vm-tools 엔터 후 설치…. Vim /etc/vim/vimrc 요렇게 수정 ^^; Vim/etc/apt/sources.list 7 8번 주석 처리 Vim/etc/ssh/sshd-config Tap 이용 ^^
·가상서버
파일 new virtual machine 클릭 Next 자신이 설치할 os와 버전 선택 후 next name은 자율적으로 next 멀티 싱글 과제지대로 하던지 없으면 원하는대로 한다 커스텀 하드웨어 클릭 Usb 사운드카드 프린터 네트워크 어댑터 를 remove 그다음 Finish 를 눌러준다 END
file #apt install bind9 –y (dns 설치) Vim /etc/bind/named.conf.options 옵션파일을 수정해준다. Vim /etc/bind/named.conf.default-zones Wq 저장 Cd /etc/bind cp db.127 skill39.zone cp db.127 skill39.zone.ext cp db.127 1.rev cp db.127 2.rev Wq 저장 Cd /etc/bind cp db.127 skill39.zone cp db.127 skill39.zone.ext cp db.127 1.rev cp db.127 2.rev Vi skill39.zone.ext Vi 1.rev Vi 2.rev #systemctl restart bind9 Vi /etc/reso..
fw(skill39.net) #iptables -t nat -A PREROUTING -s 10.8.0.0/24 -d 10.10.10.1 -p tcp --dport 443 -j DNAT --to 200.220.55.2 #iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -d 200.220.55.2 -p tcp --dport 443 -j SNAT --to 200.220.55.1 #dpkg-reconfigure iptables-persistent #cd /etc/openvpn/ #openssl req -new -out vpn.req -newkey rsa:2048 -keyout vpn.key -nodes ※ CN = 200.220.55.1 #openssl ca -in vpn.re..
fw(skill39.net) #openssl req -new -out mail1.req -newkey rsa:2048 -keyout mail1.key –nodes ※ CN = mail.skill39.net #openssl ca -in mail1.req -out mail1.crt #openssl req -new -out mail2.req -newkey rsa:2048 -keyout mail2.key –nodes ※ CN = mail.worldskills.org #openssl ca -in mail2.req -out mail2.crt private #cd /etc/ssl #scp 192.168.2.1:/etc/ssl/mail1.* ./ #scp 192.168.2.1:/etc/ssl/CA/cacert.pem ..
public #apt install proftpd fail2ban -y #cd /etc/ssl/ #scp 200.220.55.1:/etc/ssl/ftp.* ./ #chmod 777 -R /var/www/ #vi /etc/proftpd/proftpd.conf #vi /etc/proftpd/proftpd.conf #cd /etc/proftpd/ #touch ftpd.passwd #touch ftpd.group #chown proftpd:nogroup ftpd.* #chmod 400 ftpd.* #ftpasswd -file /etc/proftpd/ftpd.passwd -uid 33 -gid 33 -name webmaster -shell /bin/false -home /home/webmaster -passwd ..