Mudanças entre as edições de "Projeto Integrador - 2012.1 - Equipe 1"
(72 revisões intermediárias pelo mesmo usuário não estão sendo mostradas) | |||
Linha 1: | Linha 1: | ||
− | == Dia 15/06/2012 | + | == Dia 15/06/2012 == |
− | Instalação do sistema operacional (Ubuntu Server) nas máquinas Matriz e Filial. | + | === Sistema Operacional === |
+ | * Instalação do sistema operacional (Ubuntu Server) nas máquinas Matriz e Filial. | ||
+ | == Dia 20/06/2012 == | ||
+ | |||
+ | === DNS === | ||
+ | ====Instalação==== | ||
+ | |||
+ | <code>apt-get install bind9 bind9utils</syntaxhighlight> | ||
+ | |||
+ | ==== Configuração ==== | ||
+ | |||
+ | =====-named.conf.local-===== | ||
+ | */etc/bind/named.conf.local | ||
+ | |||
+ | <code>zone "traveller.sj.ifsc.edu.br" { | ||
+ | type master; | ||
+ | file "/etc/bind/zones/matriz.zone"; | ||
+ | }; | ||
+ | |||
+ | # Zona reversa | ||
+ | zone "5.168.192.in-addr.arpa" { | ||
+ | type master; | ||
+ | file "/etc/bind/zones/rev.5.168.192.in-addr.arpa"; | ||
+ | };</syntaxhighlight> | ||
+ | |||
+ | Foi criado a pasta zones: | ||
+ | |||
+ | mkdir /etc/bind/zones | ||
+ | |||
+ | =====-matriz.zone-===== | ||
+ | */etc/bind/zones/matriz.zone | ||
+ | |||
+ | <code>@ IN SOA ns1.traveller.sj.ifsc.edu.br. admin.ns1.traveller.sj.ifsc.edu.br. ( | ||
+ | 2012062001 | ||
+ | 28800 | ||
+ | 3600 | ||
+ | 604800 | ||
+ | 38400 ) | ||
+ | NS ns1.traveller.sj.ifsc.edu.br. | ||
+ | MX 10 mail.traveller.sj.ifsc.edu.br. | ||
+ | IN A 192.168.5.1 | ||
+ | |||
+ | $ORIGIN traveller.sj.ifsc.edu.br. | ||
+ | ns1 IN A 192.168.5.1 | ||
+ | mail IN A 192.168.5.1 | ||
+ | www IN A 192.168.5.1</syntaxhighlight> | ||
+ | |||
+ | =====-rev.5.168.192.in-addr.arpa-===== | ||
+ | */etc/bind/zones/rev.5.168.192.in-addr.arpa | ||
+ | |||
+ | <code>$ORIGIN 5.168.192.in-addr.arpa. | ||
+ | @ IN SOA ns1.traveller.sj.ifsc.edu.br. admin.ns1.traveller.sj.ifsc.edu.br. ( | ||
+ | 2012062001; | ||
+ | 28800; | ||
+ | 604800; | ||
+ | 604800; | ||
+ | 86400 ) | ||
+ | |||
+ | IN NS ns1.traveller.sj.ifsc.edu.br. | ||
+ | 1 IN PTR ns1.traveller.sj.ifsc.edu.br. | ||
+ | 1 IN PTR mail.traveller.sj.ifsc.edu.br. | ||
+ | 1 IN PTR www.traveller.sj.ifsc.edu.br.</syntaxhighlight> | ||
+ | |||
+ | =====-resolv.conf-===== | ||
+ | */etc/resolv.conf | ||
+ | |||
+ | <code>nameserver 192.168.5.1 | ||
+ | nameserver 8.8.8.8 | ||
+ | domain traveller.sj.ifsc.edu.br | ||
+ | search traveller.sj.ifsc.edu.br</syntaxhighlight> | ||
+ | |||
+ | === DHCP === | ||
+ | ====Instalação==== | ||
+ | |||
+ | <code>apt-get install dhcp3-server</syntaxhighlight> | ||
+ | |||
+ | ==== Configuração ==== | ||
+ | |||
+ | =====-dhcpd.conf-===== | ||
+ | */etc/dhcp3/dhcpd.conf | ||
+ | |||
+ | <code>ddns-update-style none; | ||
+ | default-lease-time 600; | ||
+ | max-lease-time 7200; | ||
+ | log-facility local7; | ||
+ | vlan5; | ||
+ | subnet 192.168.1.0 netmask 255.255.255.192 { | ||
+ | option subnet-mask 255.255.255.192; | ||
+ | option broadcast-address 192.168.1.63; | ||
+ | option routers 192.168.1.2; | ||
+ | option domain-name-servers 192.168.1.2, 8.8.8.8, 8.8.4.4; | ||
+ | option domain-name "traveller.sj.ifsc.edu.br"; | ||
+ | option netbios-name-servers 192.168.1.2; | ||
+ | range 192.168.1.3 192.168.1.62; | ||
+ | } | ||
− | + | vlan10; | |
+ | subnet 192.168.2.0 netmask 255.255.255.192 { | ||
+ | option subnet-mask 255.255.255.192; | ||
+ | option broadcast-address 192.168.2.63; | ||
+ | option routers 192.168.2.2; | ||
+ | option domain-name-servers 192.168.2.2, 8.8.8.8, 8.8.4.4; | ||
+ | option domain-name "traveller.sj.ifsc.edu.br"; | ||
+ | option netbios-name-servers 192.168.2.2; | ||
+ | range 192.168.2.3 192.168.2.62; | ||
+ | } | ||
+ | |||
+ | vlan15; | ||
+ | subnet 192.168.3.0 netmask 255.255.255.192 { | ||
+ | option subnet-mask 255.255.255.192; | ||
+ | option broadcast-address 192.168.3.63; | ||
+ | option routers 192.168.3.2; | ||
+ | option domain-name-servers 192.168.3.2, 8.8.8.8, 8.8.4.4; | ||
+ | option domain-name "traveller.sj.ifsc.edu.br"; | ||
+ | option netbios-name-servers 192.168.3.2; | ||
+ | range 192.168.3.3 192.168.3.62; | ||
+ | } | ||
− | + | group { | |
+ | use-host-decl-names on; | ||
− | + | }</syntaxhighlight> | |
− | |||
− | Domínio:traveller.sj.ifsc.edu.br | + | <code>Domínio: traveller.sj.ifsc.edu.br |
IP: 200.135.37.95/26 | IP: 200.135.37.95/26 | ||
− | Rota Padrão: 200.135.37.126 | + | Rota Padrão: 200.135.37.126</syntaxhighlight> |
− | + | ||
+ | == Dia 22/06/2012 == | ||
+ | |||
+ | ===Samba=== | ||
+ | |||
+ | ====Instalação==== | ||
+ | |||
+ | <code>apt-get install samba | ||
+ | apt-get install smbfs</syntaxhighlight> | ||
+ | |||
+ | ====Configuração==== | ||
+ | =====-smb.conf-===== | ||
+ | */etc/samba/smb.conf | ||
+ | |||
+ | <code>[global] | ||
+ | workgroup = traveller | ||
+ | server string = SMB Server %v em %h | ||
+ | printcap name = cups | ||
+ | load printers = no | ||
+ | printcap cache time = 60 | ||
+ | printing = cups | ||
+ | log file = /var/log/samba/%m.log | ||
+ | max log size = 50 | ||
+ | hosts allow = 192.168.23. 127. 192.168.1. | ||
+ | map to guest = bad user | ||
+ | security = user | ||
+ | encrypt passwords = yes | ||
+ | smb passwd file = /etc/samba/smbpasswd | ||
+ | dns proxy = no | ||
+ | |||
+ | [homes] | ||
+ | comment = Arquivos do usuario %u em %h | ||
+ | browseable = no | ||
+ | writable = yes | ||
+ | public = no</syntaxhighlight> | ||
+ | |||
== Dia 26/06/2012 == | == Dia 26/06/2012 == | ||
− | Scripts para configuração no boot e teste da rede feitos. | + | Scripts para configuração no boot e teste da rede feitos; |
+ | |||
+ | * Configuração do roteador. | ||
+ | |||
+ | <code>#!/bin/bash | ||
− | + | # Testa a rede | |
+ | ping="8.8.8.8" | ||
+ | teste=$(ping -c 5 ${ping} | awk {'print $4 $5'} | tail -n 2 | head -n 1 | cut -d r -f 1) | ||
+ | if [ "${teste}" -gt "0" ] | ||
+ | then | ||
+ | ifconfig wlan0 down | ||
+ | else | ||
+ | ifconfig wlan0 up | ||
+ | ifconfig wlan0 192.168.5.1/24 | ||
+ | route add default gw 192.168.5.254 | ||
+ | fi</syntaxhighlight> | ||
== Dia 28/06/2012 == | == Dia 28/06/2012 == | ||
− | + | * Fixação da linha EXT. no patch panel; | |
− | + | ||
+ | * Instalada a central telefônia com uma linha tronco e 3 ramais (toda fiação que sai da central está fixada permanentemente no patch panel); | ||
+ | |||
+ | Foram instaladas 3 tomadas telecom (todas as portas do patch panel, que estão em uso, foram devidamente identificadas e testadas). | ||
+ | |||
+ | == Dia 29/06/2012 == | ||
+ | |||
+ | * Configuração AP para autenticar via RADIUS. | ||
+ | |||
+ | === FreeRadius === | ||
+ | |||
+ | ==== Instalação ==== | ||
+ | |||
+ | <code>apt-get install freeradius freeradius-mysql | ||
+ | apt-get install mysql-server</syntaxhighlight> | ||
+ | |||
+ | ==== Configuração ==== | ||
+ | |||
+ | =====-Users-===== | ||
+ | */etc/freeradius/users | ||
+ | |||
+ | <code>DEFAULT Framed-Protocol == PPP | ||
+ | Framed-Protocol = PPP, | ||
+ | Framed-Compression = Van-Jacobson-TCP-IP | ||
+ | DEFAULT Hint == "CSLIP" | ||
+ | Framed-Protocol = SLIP, | ||
+ | Framed-Compression = Van-Jacobson-TCP-IP | ||
+ | DEFAULT Hint == "SLIP" | ||
+ | Framed-Protocol = SLIP | ||
+ | fgenius Cleartext-Password := "fgenius"</syntaxhighlight> | ||
+ | |||
+ | =====-Hosts-===== | ||
+ | */etc/hosts | ||
+ | |||
+ | <code>127.0.0.1 localhost | ||
+ | 192.168.1.254 matriz | ||
+ | fe00::0 ip6-localnet | ||
+ | ff00::0 ip6-mcastprefix | ||
+ | ff02::1 ip6-allnodes | ||
+ | ff02::2 ip6-allrouters</syntaxhighlight> | ||
+ | |||
+ | *Configurar o Mysql para trabalhar com o FreeRadius | ||
+ | |||
+ | <code>Logar no servidor mysql: mysql -u root -p | ||
+ | Criar o banco de dados para autenticação com o | ||
+ | freeradius create database radius; | ||
+ | Verificar as tabelas que existem na base de dados | ||
+ | radius use radius; show tables; | ||
+ | Sair do mysql: exit | ||
+ | Importar o arquivo .sql de | ||
+ | /etc/freeradius/sql/mysql/schema.sql para o mysql: mysql -u | ||
+ | root -p radius < /etc/freeradius/sql/mysql/schema.sql | ||
+ | Logar no servidor mysql: mysql -u root -p | ||
+ | Verificar as tabelas que existem na base de dados | ||
+ | radius use radius; show tables;</syntaxhighlight> | ||
+ | |||
+ | =====-sql.conf-===== | ||
+ | */etc/freeradius/sql.conf | ||
+ | |||
+ | <code>sql { | ||
+ | database = "mysql" | ||
+ | driver = "rlm_sql_${database}" | ||
+ | server = "localhost" | ||
+ | login = "radius" | ||
+ | password = "radpass" | ||
+ | radius_db = "radius" | ||
+ | acct_table1 = "radacct" | ||
+ | acct_table2 = "radacct" | ||
+ | postauth_table = "radpostauth" | ||
+ | authcheck_table = "radcheck" | ||
+ | authreply_table = "radreply" | ||
+ | groupcheck_table = "radgroupcheck" | ||
+ | groupreply_table = "radgroupreply" | ||
+ | usergroup_table = "radusergroup" | ||
+ | deletestalesessions = yes | ||
+ | sqltrace = no | ||
+ | sqltracefile = ${logdir}/sqltrace.sql | ||
+ | num_sql_socks = 5 | ||
+ | connect_failure_retry_delay = 60 | ||
+ | lifetime = 0 | ||
+ | max_queries = 0 | ||
+ | nas_table = "nas" | ||
+ | $INCLUDE sql/${database}/dialup.conf</syntaxhighlight> | ||
+ | |||
+ | =====-radiusd.conf-===== | ||
+ | */etc/freeradius/radiusd.conf | ||
+ | |||
+ | <code>prefix = /usr | ||
+ | exec_prefix = /usr | ||
+ | sysconfdir = /etc | ||
+ | localstatedir = /var | ||
+ | sbindir = ${exec_prefix}/sbin | ||
+ | logdir = /var/log/freeradius | ||
+ | raddbdir = /etc/freeradius | ||
+ | radacctdir = ${logdir}/radacct | ||
+ | name = freeradius | ||
+ | confdir = ${raddbdir} | ||
+ | run_dir = ${localstatedir}/run/${name} | ||
+ | db_dir = ${raddbdir} | ||
+ | libdir = /usr/lib/freeradius | ||
+ | pidfile = ${run_dir}/${name}.pid | ||
+ | user = freerad | ||
+ | group = freerad | ||
+ | max_request_time = 30 | ||
+ | cleanup_delay = 5 | ||
+ | max_requests = 1024 | ||
+ | listen { | ||
+ | type = auth | ||
+ | ipaddr = * | ||
+ | port = 0 | ||
+ | } | ||
+ | listen { | ||
+ | ipaddr = * | ||
+ | port = 0 | ||
+ | type = acct | ||
+ | } | ||
+ | hostname_lookups = no | ||
+ | allow_core_dumps = no | ||
+ | regular_expressions = yes | ||
+ | extended_expressions = yes | ||
+ | log { | ||
+ | destination = files | ||
+ | file = ${logdir}/radius.log | ||
+ | syslog_facility = daemon | ||
+ | stripped_names = no | ||
+ | auth = no | ||
+ | auth_badpass = no | ||
+ | auth_goodpass = no | ||
+ | } | ||
+ | checkrad = ${sbindir}/checkrad | ||
+ | security { | ||
+ | max_attributes = 200 | ||
+ | reject_delay = 1 | ||
+ | status_server = yes | ||
+ | } | ||
+ | proxy_requests = yes | ||
+ | $INCLUDE proxy.conf | ||
+ | $INCLUDE clients.conf | ||
+ | thread pool { | ||
+ | start_servers = 5 | ||
+ | max_servers = 32 | ||
+ | min_spare_servers = 3 | ||
+ | max_spare_servers = 10 | ||
+ | max_requests_per_server = 0 | ||
+ | } | ||
+ | modules { | ||
+ | $INCLUDE ${confdir}/modules/ | ||
+ | $INCLUDE eap.conf | ||
+ | } | ||
+ | instantiate { | ||
+ | exec | ||
+ | expr | ||
+ | expiration | ||
+ | logintime | ||
+ | } | ||
+ | $INCLUDE policy.conf | ||
+ | $INCLUDE sites-enabled/</syntaxhighlight> | ||
+ | |||
+ | =====-default-===== | ||
+ | */etc/freeradius/sites-available/default | ||
+ | |||
+ | <code>authorize { | ||
+ | preprocess | ||
+ | chap | ||
+ | mschap | ||
+ | suffix | ||
+ | eap { | ||
+ | ok = return | ||
+ | } | ||
+ | unix | ||
+ | files | ||
+ | sql | ||
+ | expiration | ||
+ | logintime | ||
+ | pap | ||
+ | } | ||
+ | authenticate { | ||
+ | Auth-Type PAP { | ||
+ | pap | ||
+ | } | ||
+ | Auth-Type CHAP { | ||
+ | chap | ||
+ | } | ||
+ | Auth-Type MS-CHAP { | ||
+ | mschap | ||
+ | } | ||
+ | unix | ||
+ | eap | ||
+ | } | ||
+ | preacct { | ||
+ | preprocess | ||
+ | acct_unique | ||
+ | suffix | ||
+ | files | ||
+ | } | ||
+ | accounting { | ||
+ | detail | ||
+ | unix | ||
+ | radutmp | ||
+ | sql | ||
+ | attr_filter.accounting_response | ||
+ | } | ||
+ | session { | ||
+ | radutmp | ||
+ | sql | ||
+ | } | ||
+ | post-auth { | ||
+ | sql | ||
+ | exec | ||
+ | Post-Auth-Type REJECT { | ||
+ | attr_filter.access_reject | ||
+ | } | ||
+ | } | ||
+ | pre-proxy { | ||
+ | } | ||
+ | post-proxy { | ||
+ | eap | ||
+ | }</syntaxhighlight> | ||
+ | |||
+ | =====-inner-tunnel-===== | ||
+ | */etc/freeradius/sites-available/inner-tunnel | ||
+ | |||
+ | <code>server inner-tunnel { | ||
+ | authorize { | ||
+ | chap | ||
+ | mschap | ||
+ | unix | ||
+ | suffix | ||
+ | update control { | ||
+ | Proxy-To-Realm := LOCAL | ||
+ | } | ||
+ | eap { | ||
+ | ok = return | ||
+ | } | ||
+ | files | ||
+ | expiration | ||
+ | logintime | ||
+ | pap | ||
+ | } | ||
+ | st-proxy { | ||
+ | authenticate { | ||
+ | Auth-Type PAP { | ||
+ | pap | ||
+ | } | ||
+ | Auth-Type CHAP { | ||
+ | chap | ||
+ | } | ||
+ | Auth-Type MS-CHAP { | ||
+ | mschap | ||
+ | } | ||
+ | unix | ||
+ | eap | ||
+ | } | ||
+ | session { | ||
+ | radutmp | ||
+ | } | ||
+ | post-auth { | ||
+ | Post-Auth-Type REJECT { | ||
+ | attr_filter.access_reject | ||
+ | } | ||
+ | } | ||
+ | pre-proxy { | ||
+ | } | ||
+ | post-proxy { | ||
+ | eap | ||
+ | } | ||
+ | }</syntaxhighlight> | ||
+ | |||
+ | == Dia 03/07/2012 == | ||
+ | |||
+ | ===OpenVPN=== | ||
+ | |||
+ | ====Instalação==== | ||
+ | |||
+ | *apt-get install openvpn bridge-utils | ||
+ | ====Configuração==== | ||
+ | =====vars===== | ||
+ | */etc/openvpn/2.0/vars | ||
+ | |||
+ | <code>export EASY_RSA="`pwd`" | ||
+ | export OPENSSL="openssl" | ||
+ | export PKCS11TOOL="pkcs11-tool" | ||
+ | export GREP="grep" | ||
+ | export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` | ||
+ | export KEY_DIR="$EASY_RSA/keys" | ||
+ | echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR | ||
+ | export PKCS11_MODULE_PATH="dummy" | ||
+ | export PKCS11_PIN="dummy" | ||
+ | export KEY_SIZE=1024 | ||
+ | export CA_EXPIRE=3650 | ||
+ | export KEY_EXPIRE=3650 | ||
+ | export KEY_COUNTRY="BR" | ||
+ | export KEY_PROVINCE="SJ" | ||
+ | export KEY_CITY="SaoJose" | ||
+ | export KEY_ORG="IFSC" | ||
+ | export KEY_EMAIL="root@traveller.sj.edu.br"</syntaxhighlight> | ||
+ | |||
+ | =====server.conf===== | ||
+ | */etc/openvpn/server.conf | ||
+ | |||
+ | <code>local 192.168.5.1 | ||
+ | port 1194 | ||
+ | ;proto tcp | ||
+ | proto udp | ||
+ | dev tap0 | ||
+ | ;dev tun | ||
+ | up "/etc/openvpn/up.sh br0 tap0 1500" | ||
+ | down "/etc/openvpn/down.sh br0 tap0" | ||
+ | crl-verify crl.pem | ||
+ | ;dev-node MyTap | ||
+ | ca ca.crt | ||
+ | cert servidor.crt | ||
+ | key servidor.key # This file should be kept secret | ||
+ | dh dh1024.pem | ||
+ | ;server 192.168.5.0 255.255.255.0 | ||
+ | ifconfig-pool-persist ipp.txt | ||
+ | server-bridge 192.168.5.1 255.255.255.0 192.168.5.2 192.168.5.10 | ||
+ | ;server-bridge | ||
+ | push "route 192.168.0.254 255.255.255.0" | ||
+ | ;push "route 192.168.20.0 255.255.255.0" | ||
+ | ;client-config-dir ccd | ||
+ | ;route 192.168.40.128 255.255.255.248 | ||
+ | ;client-config-dir ccd | ||
+ | ;route 10.9.0.0 255.255.255.252 | ||
+ | ;learn-address ./script | ||
+ | push "redirect-gateway def1" | ||
+ | push "dhcp-option DNS 200.135.37.95" | ||
+ | ;push "dhcp-option DNS 208.67.220.220" | ||
+ | ;client-to-client | ||
+ | ;duplicate-cn | ||
+ | keepalive 10 120 | ||
+ | tls-auth ta.key 0 # This file is secret | ||
+ | ;cipher BF-CBC # Blowfish (default) | ||
+ | ;cipher AES-128-CBC # AES | ||
+ | ;cipher DES-EDE3-CBC # Triple-DES | ||
+ | comp-lzo | ||
+ | ;max-clients 100 | ||
+ | user nobody | ||
+ | group nogroup | ||
+ | persist-key | ||
+ | persist-tun | ||
+ | status openvpn-status.log | ||
+ | ;log openvpn.log | ||
+ | ;log-append openvpn.log | ||
+ | verb 3 | ||
+ | ;mute 20</syntaxhighlight> | ||
+ | |||
+ | =====up.sh===== | ||
+ | */etc/openvpn/up.sh | ||
+ | |||
+ | <code>#!/bin/sh | ||
+ | BR=$1 | ||
+ | DEV=$2 | ||
+ | MTU=$3 | ||
+ | /sbin/ip link set $DEV up promisc on mtu $MTU | ||
+ | /usr/sbin/brctl addif $BR $DEV</syntaxhighlight> | ||
+ | |||
+ | =====down.sh===== | ||
+ | */etc/openvpn/down.sh | ||
+ | |||
+ | <code>#!/bin/sh | ||
+ | BR=$1 | ||
+ | DEV=$2 | ||
+ | /usr/sbin/brctl delif $BR $DEV | ||
+ | /sbin/ip link set $DEV down</syntaxhighlight> | ||
+ | |||
+ | =====interfaces===== | ||
+ | */etc/network/interfaces | ||
+ | |||
+ | <code>auto lo eth1 br0 | ||
+ | iface lo inet loopback | ||
+ | iface br0 inet static | ||
+ | address 192.168.5.1 | ||
+ | netmask 255.255.255.0 | ||
+ | gateway 192.168.5.254 | ||
+ | bridge_ports eth0 | ||
+ | bridge_fd 9 | ||
+ | bridge_hello 2 | ||
+ | bridge_maxage 12 | ||
+ | bridge_stp off | ||
+ | iface eth0 inet manual | ||
+ | up ip link set $IFACE up promisc on | ||
+ | down ip link set $IFACE down promisc off | ||
+ | iface eth1 inet static | ||
+ | address 192.168.0.2 | ||
+ | netmask 255.255.255.0</syntaxhighlight> | ||
+ | |||
+ | =====cliente.conf===== | ||
+ | */usr/share/doc/openvpn/examples/sample-config-files/client.conf | ||
+ | |||
+ | <code>client | ||
+ | ;dev tap | ||
+ | dev tun | ||
+ | ;dev-node MyTap | ||
+ | ;proto tcp | ||
+ | proto udp | ||
+ | remote my-server-1 1194 | ||
+ | ;remote my-server-2 1194 | ||
+ | ;remote-random | ||
+ | resolv-retry infinite | ||
+ | nobind | ||
+ | ;user nobody | ||
+ | ;group nogroup | ||
+ | persist-key | ||
+ | persist-tun | ||
+ | ;http-proxy-retry # retry on connection failures | ||
+ | ;http-proxy [proxy server] [proxy port #] | ||
+ | ;mute-replay-warnings | ||
+ | ca ca.crt | ||
+ | cert client.crt | ||
+ | key client.key | ||
+ | ns-cert-type server | ||
+ | ;tls-auth ta.key 1 | ||
+ | ;cipher x | ||
+ | comp-lzo | ||
+ | verb 3 | ||
+ | ;mute 20</syntaxhighlight> | ||
+ | ==Postfix== | ||
+ | |||
+ | *apt-get install postfix mailutils | ||
+ | |||
+ | ===Configuração=== | ||
+ | ====main.cf==== | ||
+ | /etc/postfix/main.cf | ||
+ | |||
+ | <code>smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) | ||
+ | biff = no | ||
+ | append_dot_mydomain = no | ||
+ | readme_directory = no | ||
+ | smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem | ||
+ | smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key | ||
+ | smtpd_use_tls=yes | ||
+ | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | ||
+ | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | ||
+ | myhostname = matriz | ||
+ | alias_maps = hash:/etc/aliases | ||
+ | alias_database = hash:/etc/aliases | ||
+ | myorigin = /etc/mailname | ||
+ | mydestination = mail.traveller.sj.ifsc.edu.br, localhost | ||
+ | relayhost = | ||
+ | mynetworks = 127.0.0.0/8 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 192.168.0.0/24 | ||
+ | mailbox_size_limit = 0 | ||
+ | recipient_delimiter = + | ||
+ | inet_interfaces = all | ||
+ | inet_protocols = ipv4</syntaxhighlight> | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | * Configurando o OpenVPN no cliente (filial) encontramos um problema no disco rígido. Necessidade da troca do disco, formatação, instalação do GRUB e configuração; | ||
+ | |||
+ | == Dia 05/07/2012 == | ||
+ | |||
+ | * Configuração modem filial | ||
+ | |||
+ | ==Configurações da Filial== | ||
+ | |||
+ | ===OpenVPN=== | ||
+ | ====client.conf==== | ||
+ | |||
+ | /etc/openvpn/client.conf | ||
+ | |||
+ | <code>client | ||
+ | dev tap0 | ||
+ | ;dev tun | ||
+ | ;dev-node MyTap | ||
+ | ;proto tcp | ||
+ | proto udp | ||
+ | remote 200.135.37.95 1194 | ||
+ | ;remote my-server-2 1194 | ||
+ | ;remote-random | ||
+ | resolv-retry infinite | ||
+ | nobind | ||
+ | ;user nobody | ||
+ | ;group nogroup | ||
+ | persist-key | ||
+ | persist-tun | ||
+ | ;http-proxy-retry # retry on connection failures | ||
+ | ;http-proxy [proxy server] [proxy port #] | ||
+ | ;mute-replay-warnings | ||
+ | ca ca.crt | ||
+ | cert traveller.crt | ||
+ | key traveller.key | ||
+ | ns-cert-type server | ||
+ | tls-auth ta.key 1 | ||
+ | ;cipher x | ||
+ | comp-lzo | ||
+ | verb 3 | ||
+ | ;mute 20</syntaxhighlight> | ||
+ | |||
+ | ====update-resolv-conf==== | ||
+ | /etc/openvpn/update-resolv-conf | ||
+ | |||
+ | <code>[ -x /sbin/resolvconf ] || exit 0 | ||
+ | case $script_type in | ||
+ | up) | ||
+ | for optionname in ${!foreign_option_*} ; do | ||
+ | option="${!optionname}" | ||
+ | echo $option | ||
+ | part1=$(echo "$option" | cut -d " " -f 1) | ||
+ | if [ "$part1" == "dhcp-option" ] ; then | ||
+ | part2=$(echo "$option" | cut -d " " -f 2) | ||
+ | part3=$(echo "$option" | cut -d " " -f 3) | ||
+ | if [ "$part2" == "DNS" ] ; then | ||
+ | IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3" | ||
+ | fi | ||
+ | if [ "$part2" == "DOMAIN" ] ; then | ||
+ | IF_DNS_SEARCH="$part3" | ||
+ | fi | ||
+ | fi | ||
+ | done | ||
+ | R="" | ||
+ | if [ "$IF_DNS_SEARCH" ] ; then | ||
+ | R="${R}search $IF_DNS_SEARCH | ||
+ | " | ||
+ | fi | ||
+ | for NS in $IF_DNS_NAMESERVERS ; do | ||
+ | R="${R}nameserver $NS | ||
+ | " | ||
+ | done | ||
+ | echo -n "$R" | /sbin/resolvconf -a "${dev}.inet" | ||
+ | ;; | ||
+ | down) | ||
+ | /sbin/resolvconf -d "${dev}.inet" | ||
+ | ;; | ||
+ | esac</syntaxhighlight> | ||
+ | |||
+ | ===SSH=== | ||
+ | |||
+ | ====sshd_config==== | ||
+ | |||
+ | /etc/ssh/sshd_config | ||
+ | |||
+ | <code>Port 22 | ||
+ | Protocol 2 | ||
+ | HostKey /etc/ssh/ssh_host_rsa_key | ||
+ | HostKey /etc/ssh/ssh_host_dsa_key | ||
+ | UsePrivilegeSeparation yes | ||
+ | KeyRegenerationInterval 3600 | ||
+ | ServerKeyBits 768 | ||
+ | SyslogFacility AUTH | ||
+ | LogLevel INFO | ||
+ | LoginGraceTime 120 | ||
+ | PermitRootLogin yes | ||
+ | StrictModes yes | ||
+ | RSAAuthentication yes | ||
+ | PubkeyAuthentication yes | ||
+ | IgnoreRhosts yes | ||
+ | RhostsRSAAuthentication no | ||
+ | HostbasedAuthentication no | ||
+ | PermitEmptyPasswords no | ||
+ | ChallengeResponseAuthentication no | ||
+ | X11Forwarding yes | ||
+ | X11DisplayOffset 10 | ||
+ | PrintMotd no | ||
+ | PrintLastLog yes | ||
+ | TCPKeepAlive yes | ||
+ | AcceptEnv LANG LC_* | ||
+ | Subsystem sftp /usr/lib/openssh/sftp-server | ||
+ | UsePAM yes</syntaxhighlight> | ||
+ | |||
+ | ===DHCP=== | ||
+ | ====dhclient.conf==== | ||
+ | /etc/dhcp3/dhclient.conf | ||
+ | |||
+ | <code>option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; | ||
+ | send host-name "<hostname>"; | ||
+ | request subnet-mask, broadcast-address, time-offset, routers, | ||
+ | domain-name, domain-name-servers, domain-search, host-name, | ||
+ | netbios-name-servers, netbios-scope, interface-mtu, | ||
+ | rfc3442-classless-static-routes, ntp-servers;</syntaxhighlight> | ||
+ | |||
+ | =Diagrama da Rede= |
Edição atual tal como às 16h17min de 18 de julho de 2012
Dia 15/06/2012
Sistema Operacional
- Instalação do sistema operacional (Ubuntu Server) nas máquinas Matriz e Filial.
Dia 20/06/2012
DNS
Instalação
apt-get install bind9 bind9utils</syntaxhighlight>
Configuração
-named.conf.local-
- /etc/bind/named.conf.local
zone "traveller.sj.ifsc.edu.br" {
type master;
file "/etc/bind/zones/matriz.zone";
};
- Zona reversa
zone "5.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.5.168.192.in-addr.arpa";
};</syntaxhighlight>
Foi criado a pasta zones:
mkdir /etc/bind/zones
-matriz.zone-
- /etc/bind/zones/matriz.zone
@ IN SOA ns1.traveller.sj.ifsc.edu.br. admin.ns1.traveller.sj.ifsc.edu.br. (
2012062001
28800
3600
604800
38400 )
NS ns1.traveller.sj.ifsc.edu.br.
MX 10 mail.traveller.sj.ifsc.edu.br.
IN A 192.168.5.1
$ORIGIN traveller.sj.ifsc.edu.br.
ns1 IN A 192.168.5.1
mail IN A 192.168.5.1
www IN A 192.168.5.1</syntaxhighlight>
-rev.5.168.192.in-addr.arpa-
- /etc/bind/zones/rev.5.168.192.in-addr.arpa
$ORIGIN 5.168.192.in-addr.arpa.
@ IN SOA ns1.traveller.sj.ifsc.edu.br. admin.ns1.traveller.sj.ifsc.edu.br. (
2012062001;
28800;
604800;
604800;
86400 )
IN NS ns1.traveller.sj.ifsc.edu.br.
1 IN PTR ns1.traveller.sj.ifsc.edu.br.
1 IN PTR mail.traveller.sj.ifsc.edu.br.
1 IN PTR www.traveller.sj.ifsc.edu.br.</syntaxhighlight>
-resolv.conf-
- /etc/resolv.conf
nameserver 192.168.5.1
nameserver 8.8.8.8
domain traveller.sj.ifsc.edu.br
search traveller.sj.ifsc.edu.br</syntaxhighlight>
DHCP
Instalação
apt-get install dhcp3-server</syntaxhighlight>
Configuração
-dhcpd.conf-
- /etc/dhcp3/dhcpd.conf
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
vlan5;
subnet 192.168.1.0 netmask 255.255.255.192 {
option subnet-mask 255.255.255.192;
option broadcast-address 192.168.1.63;
option routers 192.168.1.2;
option domain-name-servers 192.168.1.2, 8.8.8.8, 8.8.4.4;
option domain-name "traveller.sj.ifsc.edu.br";
option netbios-name-servers 192.168.1.2;
range 192.168.1.3 192.168.1.62;
}
vlan10;
subnet 192.168.2.0 netmask 255.255.255.192 {
option subnet-mask 255.255.255.192;
option broadcast-address 192.168.2.63;
option routers 192.168.2.2;
option domain-name-servers 192.168.2.2, 8.8.8.8, 8.8.4.4;
option domain-name "traveller.sj.ifsc.edu.br";
option netbios-name-servers 192.168.2.2;
range 192.168.2.3 192.168.2.62;
}
vlan15;
subnet 192.168.3.0 netmask 255.255.255.192 {
option subnet-mask 255.255.255.192;
option broadcast-address 192.168.3.63;
option routers 192.168.3.2;
option domain-name-servers 192.168.3.2, 8.8.8.8, 8.8.4.4;
option domain-name "traveller.sj.ifsc.edu.br";
option netbios-name-servers 192.168.3.2;
range 192.168.3.3 192.168.3.62;
}
group {
use-host-decl-names on;
}</syntaxhighlight>
Domínio: traveller.sj.ifsc.edu.br
IP: 200.135.37.95/26
Rota Padrão: 200.135.37.126</syntaxhighlight>
Dia 22/06/2012
Samba
Instalação
apt-get install samba
apt-get install smbfs</syntaxhighlight>
Configuração
-smb.conf-
- /etc/samba/smb.conf
[global]
workgroup = traveller
server string = SMB Server %v em %h
printcap name = cups
load printers = no
printcap cache time = 60
printing = cups
log file = /var/log/samba/%m.log
max log size = 50
hosts allow = 192.168.23. 127. 192.168.1.
map to guest = bad user
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
dns proxy = no
[homes]
comment = Arquivos do usuario %u em %h
browseable = no
writable = yes
public = no</syntaxhighlight>
Dia 26/06/2012
Scripts para configuração no boot e teste da rede feitos;
- Configuração do roteador.
#!/bin/bash
- Testa a rede
ping="8.8.8.8"
teste=$(ping -c 5 ${ping} | awk {'print $4 $5'} | tail -n 2 | head -n 1 | cut -d r -f 1)
if [ "${teste}" -gt "0" ]
then
ifconfig wlan0 down
else
ifconfig wlan0 up
ifconfig wlan0 192.168.5.1/24
route add default gw 192.168.5.254
fi</syntaxhighlight>
Dia 28/06/2012
- Fixação da linha EXT. no patch panel;
- Instalada a central telefônia com uma linha tronco e 3 ramais (toda fiação que sai da central está fixada permanentemente no patch panel);
Foram instaladas 3 tomadas telecom (todas as portas do patch panel, que estão em uso, foram devidamente identificadas e testadas).
Dia 29/06/2012
- Configuração AP para autenticar via RADIUS.
FreeRadius
Instalação
apt-get install freeradius freeradius-mysql
apt-get install mysql-server</syntaxhighlight>
Configuração
-Users-
- /etc/freeradius/users
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
fgenius Cleartext-Password := "fgenius"</syntaxhighlight>
-Hosts-
- /etc/hosts
127.0.0.1 localhost
192.168.1.254 matriz
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters</syntaxhighlight>
- Configurar o Mysql para trabalhar com o FreeRadius
Logar no servidor mysql: mysql -u root -p
Criar o banco de dados para autenticação com o
freeradius create database radius;
Verificar as tabelas que existem na base de dados
radius use radius; show tables;
Sair do mysql: exit
Importar o arquivo .sql de
/etc/freeradius/sql/mysql/schema.sql para o mysql: mysql -u
root -p radius < /etc/freeradius/sql/mysql/schema.sql
Logar no servidor mysql: mysql -u root -p
Verificar as tabelas que existem na base de dados
radius use radius; show tables;</syntaxhighlight>
-sql.conf-
- /etc/freeradius/sql.conf
sql {
database = "mysql"
driver = "rlm_sql_${database}"
server = "localhost"
login = "radius"
password = "radpass"
radius_db = "radius"
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "radusergroup"
deletestalesessions = yes
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
lifetime = 0
max_queries = 0
nas_table = "nas"
$INCLUDE sql/${database}/dialup.conf</syntaxhighlight>
-radiusd.conf-
- /etc/freeradius/radiusd.conf
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
name = freeradius
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}
db_dir = ${raddbdir}
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/${name}.pid
user = freerad
group = freerad
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
listen {
type = auth
ipaddr = *
port = 0
}
listen {
ipaddr = *
port = 0
type = acct
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
}
instantiate {
exec
expr
expiration
logintime
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/</syntaxhighlight>
-default-
- /etc/freeradius/sites-available/default
authorize {
preprocess
chap
mschap
suffix
eap {
ok = return
}
unix
files
sql
expiration
logintime
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
eap
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
detail
unix
radutmp
sql
attr_filter.accounting_response
}
session {
radutmp
sql
}
post-auth {
sql
exec
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}</syntaxhighlight>
-inner-tunnel-
- /etc/freeradius/sites-available/inner-tunnel
server inner-tunnel {
authorize {
chap
mschap
unix
suffix
update control {
Proxy-To-Realm := LOCAL
}
eap {
ok = return
}
files
expiration
logintime
pap
}
st-proxy {
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
eap
}
session {
radutmp
}
post-auth {
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}
}</syntaxhighlight>
Dia 03/07/2012
OpenVPN
Instalação
- apt-get install openvpn bridge-utils
Configuração
vars
- /etc/openvpn/2.0/vars
export EASY_RSA="`pwd`"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
export KEY_DIR="$EASY_RSA/keys"
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
export KEY_SIZE=1024
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="BR"
export KEY_PROVINCE="SJ"
export KEY_CITY="SaoJose"
export KEY_ORG="IFSC"
export KEY_EMAIL="root@traveller.sj.edu.br"</syntaxhighlight>
server.conf
- /etc/openvpn/server.conf
local 192.168.5.1
port 1194
- proto tcp
proto udp
dev tap0
- dev tun
up "/etc/openvpn/up.sh br0 tap0 1500"
down "/etc/openvpn/down.sh br0 tap0"
crl-verify crl.pem
- dev-node MyTap
ca ca.crt
cert servidor.crt
key servidor.key # This file should be kept secret
dh dh1024.pem
- server 192.168.5.0 255.255.255.0
ifconfig-pool-persist ipp.txt
server-bridge 192.168.5.1 255.255.255.0 192.168.5.2 192.168.5.10
- server-bridge
push "route 192.168.0.254 255.255.255.0"
- push "route 192.168.20.0 255.255.255.0"
- client-config-dir ccd
- route 192.168.40.128 255.255.255.248
- client-config-dir ccd
- route 10.9.0.0 255.255.255.252
- learn-address ./script
push "redirect-gateway def1"
push "dhcp-option DNS 200.135.37.95"
- push "dhcp-option DNS 208.67.220.220"
- client-to-client
- duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
- cipher BF-CBC # Blowfish (default)
- cipher AES-128-CBC # AES
- cipher DES-EDE3-CBC # Triple-DES
comp-lzo
- max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
- log openvpn.log
- log-append openvpn.log
verb 3
- mute 20</syntaxhighlight>
up.sh
- /etc/openvpn/up.sh
#!/bin/sh
BR=$1
DEV=$2
MTU=$3
/sbin/ip link set $DEV up promisc on mtu $MTU
/usr/sbin/brctl addif $BR $DEV</syntaxhighlight>
down.sh
- /etc/openvpn/down.sh
#!/bin/sh
BR=$1
DEV=$2
/usr/sbin/brctl delif $BR $DEV
/sbin/ip link set $DEV down</syntaxhighlight>
interfaces
- /etc/network/interfaces
auto lo eth1 br0
iface lo inet loopback
iface br0 inet static
address 192.168.5.1
netmask 255.255.255.0
gateway 192.168.5.254
bridge_ports eth0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off
iface eth0 inet manual
up ip link set $IFACE up promisc on
down ip link set $IFACE down promisc off
iface eth1 inet static
address 192.168.0.2
netmask 255.255.255.0</syntaxhighlight>
cliente.conf
- /usr/share/doc/openvpn/examples/sample-config-files/client.conf
client
- dev tap
dev tun
- dev-node MyTap
- proto tcp
proto udp
remote my-server-1 1194
- remote my-server-2 1194
- remote-random
resolv-retry infinite
nobind
- user nobody
- group nogroup
persist-key
persist-tun
- http-proxy-retry # retry on connection failures
- http-proxy [proxy server] [proxy port #]
- mute-replay-warnings
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
- tls-auth ta.key 1
- cipher x
comp-lzo
verb 3
- mute 20</syntaxhighlight>
Postfix
- apt-get install postfix mailutils
Configuração
main.cf
/etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = matriz
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.traveller.sj.ifsc.edu.br, localhost
relayhost =
mynetworks = 127.0.0.0/8 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 192.168.0.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4</syntaxhighlight>
- Configurando o OpenVPN no cliente (filial) encontramos um problema no disco rígido. Necessidade da troca do disco, formatação, instalação do GRUB e configuração;
Dia 05/07/2012
- Configuração modem filial
Configurações da Filial
OpenVPN
client.conf
/etc/openvpn/client.conf
client
dev tap0
- dev tun
- dev-node MyTap
- proto tcp
proto udp
remote 200.135.37.95 1194
- remote my-server-2 1194
- remote-random
resolv-retry infinite
nobind
- user nobody
- group nogroup
persist-key
persist-tun
- http-proxy-retry # retry on connection failures
- http-proxy [proxy server] [proxy port #]
- mute-replay-warnings
ca ca.crt
cert traveller.crt
key traveller.key
ns-cert-type server
tls-auth ta.key 1
- cipher x
comp-lzo
verb 3
- mute 20</syntaxhighlight>
update-resolv-conf
/etc/openvpn/update-resolv-conf
[ -x /sbin/resolvconf ] || exit 0
case $script_type in
up)
for optionname in ${!foreign_option_*} ; do
option="${!optionname}"
echo $option
part1=$(echo "$option" | cut -d " " -f 1)
if [ "$part1" == "dhcp-option" ] ; then
part2=$(echo "$option" | cut -d " " -f 2)
part3=$(echo "$option" | cut -d " " -f 3)
if [ "$part2" == "DNS" ] ; then
IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
fi
if [ "$part2" == "DOMAIN" ] ; then
IF_DNS_SEARCH="$part3"
fi
fi
done
R=""
if [ "$IF_DNS_SEARCH" ] ; then
R="${R}search $IF_DNS_SEARCH
"
fi
for NS in $IF_DNS_NAMESERVERS ; do
R="${R}nameserver $NS
"
done
echo -n "$R" | /sbin/resolvconf -a "${dev}.inet"
down)
/sbin/resolvconf -d "${dev}.inet"
esac</syntaxhighlight>
SSH
sshd_config
/etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes</syntaxhighlight>
DHCP
dhclient.conf
/etc/dhcp3/dhclient.conf
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name "<hostname>";
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;</syntaxhighlight>
Diagrama da Rede