Projeto Integrador - 2009.2 - Equipe MLW Networks
Revisão de 19h13min de 3 de dezembro de 2009 por Mlw networks (discussão | contribs)
Documentação da Equipe MLW Networks.
Dados importantes
Nome da quipe: MLW Networks;
Usuário do Wiki: mlw networks;
Nome da maquina servidor: Maverick;
Usuário do servidor: mlw.
- Acessar via ssh: ssh mlw@200.135.37.112
Faixa de IPs internos da nossa equipe: 172.12.0.0
Serviços prontos
NTP; DHCP; Backup; DNS; IPs; Vlans; Cabeamento;
Primeiras configurações do servidor
Configuração da BIOS:
Power Power UP Control AC Power Loss Restart [enable] Main All, but keybord
Especificações do servidor:
1 Gb de memória RAM; 40 Gb de HD;
Instalação do servidor:
Ubuntu Servidor 9.04; Partições: / - 5 Gb - Primária Swap - 3,5 Gb - Primária /tmp - 5Gb - Lógica /var - 10Gb - Lógica /backup - 10Gb - Lógica /home - 6,5Gb - Lógica
Interligação de disciplinas
<graphviz> digraph PI { CAB -> IER IER -> GAR GAR -> PRC IER -> PRC } </graphviz>
Cabeamento Estruturado
Escolha da cor dos cabos na nossa equipe: VERDE
Interligação do servidor com os switchs
<graphviz> digraph PI { "ETH3 200.135.37.112" -> SERVIDOR "ETH2 192.168.1.118" -> SERVIDOR "ETH3 200.135.37.112" -> "Porta EC3 do patch panel" "Porta EC3 do patch panel" -> "Porta 1 Switch 3COM" "ETH2 192.168.1.118" -> "Porta ED1 do patch panel" "Porta ED1 do patch panel" -> "Porta 6 Switch DLINK Redes1" "Porta 6 Switch DLINK Redes1" -> "Switch Meios" "Switch Meios" -> "Porta 6 Switch DLINK Meios" "Switch Meios" -> "Porta 7 Switch DLINK Meios" "Switch Meios" -> "Porta 8 Switch DLINK Meios" "Porta 6 Switch DLINK Meios" -> "Porta 5 do patch panel" "Porta 7 Switch DLINK Meios" -> "Porta 6 do patch panel" "Porta 8 Switch DLINK Meios" -> "Porta 7 do patch panel" "Porta 5 do patch panel" -> "Porta 1 do patch panel" "Porta 6 do patch panel" -> "Porta 2 do patch panel" "Porta 7 do patch panel" -> "Porta 4 do patch panel" "Porta 1 do patch panel" -> "Tomada 11" "Porta 2 do patch panel" -> "Tomada 21" "Porta 4 do patch panel" -> "AP" } </graphviz>
Instalação de Equipamentos de Rede
Configuração dos switchs via telnet:
telnet 192.168.1.240/241 usuario: **** senha: **** create vlan mlwouro tag 201 create vlan mlwprata tag 202 create vlan mlwbronze tag 203 create vlan mlwwifi tag 204 config vlan mlwouro add tagged 1:6-10 config vlan mlwouro add tagged 1:26 config vlan mlwprata add tagged 1:6-10 config vlan mlwprata add tagged 1:26 config vlan mlwbronze add tagged 1:6-10 config vlan mlwbronze add tagged 1:26 config vlan mlwwifi add tagged 1:6-10 config vlan mlwwifi add tagged 1:26
Gerencia de Redes
Configuração dos IPs e das Vlans:
- vi /etc/network/interfaces
auto lo
iface lo inet loopback
#Placa de rede onboard (Roteador)
auto eth3
iface eth3 inet static
address 200.135.37.112
netmask 255.255.255.192
network 200.135.37.64
broadcast 200.135.37.127
gateway 200.135.37.126
#Placa de rede offboard
auto eth2
iface eth2 inet static
address 192.168.1.118
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
auto vlan202
iface vlan202 inet static
address 172.22.3.1
netmask 255.255.255.0
network 172.22.3.0
broadcast 172.22.3.255
vlan_raw_device eth2
auto vlan203
iface vlan203 inet static
address 172.22.4.1
netmask 255.255.255.0
network 172.22.4.0
broadcast 172.22.4.255
vlan_raw_device eth2
auto vlan204
iface vlan204 inet static
address 172.22.5.1
netmask 255.255.255.0
network 172.22.5.0
broadcast 172.22.5.255
vlan_raw_device eth2
- vi /etc/resolv.conf
nameserver 127.0.0.1 nameserver 200.135.37.65
/etc/init.d/networking restart
Instalação de programas:
apt-get install apache2 apt-get install php5 apt-get install libapache2-mod-php5 apt-get install mysql-server apt-get install php5-mysql apt-get install unzip apt-get install dhcp3-server apt-get install bind9 apt-get install postfix apt-get install ntpdate apt-get install uw-imapd apt-get install snmp apt-get install snmpd apt-get install cacti apt-get install dovecot-imapd apt-get install openssl apt-get install ssl-cert
Criação de script NTP:
- vi /etc/crontab
* */1 * * * root ntpdate -s ntp.cais.rnp.br
Liberar o roteamento:
- vi /etc/sysctl.conf
net.ipv4.ip_forward=1
Configurando o DNS:
vi /etc/bind/mlwnetworks.sj.ifsc.edu.br
$TTL 86400 ; @ IN SOA dns1.mlwnetworks.sj.ifsc.edu.br. mlwnetworks.mlwnetworks.sj.ifsc.edu.br. ( 2009120200 ; Serial 1d ; Refresh 4h ; Retry 1w ; Expire 1d ) ; Negative Cache TTL ; ; Name Server: servidores DNS @ IN NS dns1 @ IN MX 0 mail @ IN A 200.135.37.112 ; ; Address: endereço dns1 IN A 200.135.37.112 mail IN A 200.135.37.112 www IN CNAME dns1 web IN CNAME dns1 ftp IN CNAME dns1
vi /etc/bind/named.conf.local
zone "mlwnetworks.sj.ifsc.edu.br" {
type master;
file "/etc/bind/mlwnetworks.sj.ifsc.edu.br";
};
/etc/init.d/bind9 restart
Configurando o DHCP:
- vi /etc/dhcp3/dhcpd.conf
default-lease-time 14400;
max-lease-time 86400;
# vlan estande 1 172.22.3.0
subnet 172.22.3.0 netmask 255.255.255.0 {
range 172.22.3.3 172.22.3.254;
ooption domain-name "estande1.redes";
ooption domain-name-servers 200.135.37.112;
option routers 200.135.37.112;
}
# vlan estande 2 172.22.4.0
subnet 172.22.4.0 netmask 255.255.255.0 {
range 172.22.4.3 172.22.4.254;
option domain-name "estande2.redes";
option domain-name-servers 200.135.37.112;
option routers 200.135.37.112;
}
# vlan WIFI 172.2254.0
subnet 172.22.5.0 netmask 255.255.255.0 {
range 172.22.5.3 172.22.5.254;
option domain-name "wifi.redes";
option domain-name-servers 200.135.37.112;
option routers 200.135.37.112;
}
/etc/init.d/dhcp3-server restart
Script de backup:
#!/bin/bash
data=`date +%d%m%y`
mkdir /backup/etc
mkdir /backup/www
scp -rp /etc/* /backup/etc > /dev/null
scp -rp /var/www/* /backup/www > /dev/null
echo -n "Compactando diretório /etc:"
tar czf /backup/compactados/etc$data /backup/etc/* 2> /dev/null && \
echo " OK."
echo -n "Compactando diretório /var/www:"
tar czf /backup/compactados/www$data /backup/www/* 2> /dev/null && \
echo " OK."
rm /backup/etc -rf
rm /backup/www -rf
cp /backup.sh /etc/init.d/
Programando o backup no crontab:
00 22 * * * root /etc/init.d/backup.sh
- vi /etc/aliases
postmaster: root root: *****@gmail.com
newaliases
/etc/init.d/postfix restart
Configurando as funções de roteamento e firewall:
vi /etc/init.d/nat.sh
#!/bin/bash # Limpar o nat iptables -t nat -F # Ativar o roteamento sysctl -w net.ipv4.ip_forward=1 # Ativar o nat iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE iptables -t nat -A POSTROUTING -o vlan201 -j MASQUERADE iptables -t nat -A POSTROUTING -o vlan202 -j MASQUERADE iptables -t nat -A POSTROUTING -o vlan203 -j MASQUERADE iptables -t nat -A POSTROUTING -o vlan204 -j MASQUERADE # Limpando as regras do iptables iptables -F # Política padrão, portas de entrada bloqueadas e saída liberada. iptables -P INPUT DROP iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT # Liberar interface Loopback iptables -A INPUT -i lo -j ACCEPT # Liberar solitações do servidor local iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # Liberando portas necessárias # Liberar porta para SSH iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Liberar porta para Telnet iptables -A INPUT -p tcp --dport 23 -j ACCEPT # Liberar porta para HTTP iptables -A INPUT -p tcp --dport 80 -j ACCEPT # Liberar porta HTTPS iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Liberar porta POP3 iptables -A INPUT -p tcp --dport 110 -j ACCEPT # Liberar porta SMTP iptables -A INPUT -p tcp --dport 25 -j ACCEPT # Liberar porta IMAP iptables -A INPUT -p tcp --dport 143 -j ACCEPT # Liberar porta mysql iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
chmod 755 nat.sh
/etc/init.d/nat.sh
Configurando para rodar o script nat.sh na inicialização da máquina:
ln -s /etc/init.d/nat.sh S90 nat.sh
Configuração do serviço CACTI:
vi /etc/snmp/snmpd.conf
rocommunity mlwnetworks syscontact mlwnetworks@mlwnetworks.sj.ifsc.edu.br syslocation "laboratório de redes 1 ifsc"
vi /etc/default/snmpd
# snmpd options (use syslog, close stdin/out/err). SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 200.135.37.112'
Instalação do WebMail Roundcube:
wget Roundcube mkdir /var/www/webmail mv roundcubemail-0.3.1 /var/www/webmail tar -zxvf roundcubemail-0.3.1.tar.gz
Configuração do Postfix:
vi /etc/postfix/main.cf
myhostname = mail.mlwnetworks.sj.ifsc.edu.br alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = mlwnetworks.sj.ifsc.edu.br mydestination = mail, mail.mlwnetworks.sj.ifsc.edu.br, mlwnetworks.sj.ifsc.edu.br, , localhost
Configurando HTTPS via SSL:
Criando o certificado:
openssl req -new -x509 -nodes -keyout /etc/apache2/apache2.pem -out /etc/apache2/apache2.pem -days 1000 Contry: BR State: Santa Catarina Locality: Sao Jose Organization: IFSC Organizational: Tecnico de Tele Commom: mlwnetworks email: mlwnetworks@mlwnetworks.sj.ifsc.edu.br
Criando Arquivo SSL:
vi /etc/apache2/conf.d/ssl
NameVirtualHost *:443 <VirtualHost *:443 >
ServerName mlwnetworks.sj.ifsc.edu.br
ServerAdmin webmaster@localhost
CustomLog /var/log/apache2/access.log combined
SSLEngine on
ServerSignature On
SSLCertificateFile /etc/apache2/apache2.pem
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
a2enmod ssl
/etc/init.d/apache2 restart