Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux:skoleni:firewall [2016/05/12 11:05]
admin 		linux:skoleni:firewall [2016/05/13 15:47] (current)
admin [OpenVPN a Easy RSA]
Line 101: Line 101:
 </​code>​ </​code>​
  
-Konfiguracni soubor snmpd.conf+Konfiguracni soubor ​''/​etc/​snmp/​snmpd.conf''​. Upozorneni - tento soubor zpristupnuje prilis mnoho informaci o systemu. Pro ostry provoz je treba vyexportovat jen jednotlive uzitecne informace a jeste omezit v iptables pristup. V pripade localhosta muzete nechat poslouchat snmp demona jen na localhostu.
 <​code>​ <​code>​
 #       ​sec.name ​ source ​     community #       ​sec.name ​ source ​     community
Line 117: Line 117:
 access MyROGroup "" ​     any       ​noauth ​   exact  all    none   none access MyROGroup "" ​     any       ​noauth ​   exact  all    none   none
 </​code>​ </​code>​
 +
 +Vytvorime konfiguraci pro mrtg pomoci utility cfgmaker public@localhost
 +a vystup presmeerujeme do ''/​etc/​mrtg/​mrtg.cfg''​
 +   ​cfgmaker public@localhost > /​etc/​mrtg/​mrtg.cfg
 +Zvolime spravne cesty a trochu lepsi options
 +<​file>​
 +#  for UNIX
 +WorkDir: /​var/​www/​mrtg/​
 +
 +#  to get bits instead of bytes and graphs growing to the right
 +Options[_]: growright, bits
 +</​file>​
 +
 +cron je obvykle (centos i debian) nastaveny spravne instalacnim balikem.
 +a nastavime apache.
 +''/​etc/​httpd/​conf.d/​mrtg.conf''​
 +staci jedina radka
 +   alias /mrtg /​var/​www/​mrtg
 +A vygenerujeme index.html podle configu
 +   ​indexmaker /​etc/​mrtg/​mrtg.cfg > /​var/​www/​mrtg/​index.html
 +   
 +
 +===== High Availability HA Router =====
 +VRRP nebo UCARP
 +Instalace
 +<​code>​
 +yum install http://​mirror.hosting90.cz/​epel/​6/​x86_64/​epel-release-6-8.noarch.rpm ​  
 +yum install ucarp
 +</​code>​
 +
 +skripty ''​up.sh''​ a ''​down.sh'',​ uvadim priklad jen pro UP
 +<​file>​
 +#!/bin/sh
 +
 +ip a a 192.168.5.166/​32 dev eth0
 +ip a a 10.0.1.166/​32 dev eth1
 +
 +#​nezapomenout na arping
 +</​file>​
 +
 +Dlouha prikazova radka 
 +<​code>​
 +   ucarp --interface eth0 --srcip 192.168.5.16 --vhid=16 ​ --pass=dalibor \
 +   ​--addr=192.168.5.166 --preempt --shutdown \
 +   ​--upscript=/​etc/​ucarp/​up.sh \
 +   ​--downscript=/​etc/​ucarp/​down.sh
 +</​code>  ​
 +
 +====== OpenVPN a Easy RSA ======
 +   yum install openvpn easy-rsa
 +
 +Nasledujici se bude odehravat v adresari ​
 +''/​usr/​share/​easy-rsa/​2.0''​
 +
 +<​code>​
 +[root@router-bck 2.0]# . ./vars
 +NOTE: If you run ./​clean-all,​ I will be doing a rm -rf on /​usr/​share/​easy-rsa/​2.0/​keys
 +[root@router-bck 2.0]# ./clean-all
 +[root@router-bck 2.0]# ./build-ca
 +</​code>​
 +
 +
 +Priklad konfigurace klienta '/​etc/​openvpn/​client.conf''​
 +<code bash>
 +client
 +dev tun
 +proto udp
 +
 +remote 192.168.5.38 1194
 +
 +; stoji za komentar
 +;​resolv-retry infinite
 +
 +nobind
 +
 +persist-key
 +persist-tun
 +
 +ca ca.crt
 +cert ten-vas.crt
 +key taky-ten-vas.key
 +
 +verb 3
 +</​code>​
 +Konfigurace serveru ''/​etc/​openvpn/​server.conf''​
 +<​code>​
 +port 1194
 +proto udp
 +dev tun0
 +
 +ca ca.crt
 +cert dalibor.crt
 +key dalibor.key
 +
 +dh dh2048.pem
 +server 10.88.88.0 255.255.255.0
 +# okomentovat ifconfig-pool-persist ipp.txt
 +
 +route 10.0.1.0 255.255.255.0
 +# Then create a file ccd/​Thelonious with this line:
 +
 +# okomentovat
 +#push "route 192.168.182.0 255.255.255.0"​
 +#push "​redirect-gateway"​
 +#push "​dhcp-option DNS 192.168.183.1"​
 +#push "​dhcp-option WINS 10.8.0.1"​
 +#​client-config-dir ccd
 +
 +
 +#​okomentovat client-to-client
 +keepalive 10 120
 +#tls-auth ta.key 0   # secret file
 +
 +#cipher BF-CBC ​        # Blowfish
 +#cipher AES-128-CBC ​  # AES
 +#cipher DES-EDE3-CBC ​ # Triple-DES
 +
 +# pozor na mikrotiky! :-D
 +#​comp-lzo ​  # compresion
 +;​max-clients 100
 +status openvpn-status.log
 +</​code>​
 +
 +====== Samba Server ======
 +Priklad jednoducheho konfiguracniho souboru ''/​etc/​samba/​smb.conf''​
 +<​code>​
 +[global]
 +
 +        workgroup = MYGROUP
 +        server string = Samba Server Version %v
 +
 +;       ​netbios name = MYSERVER
 +
 +        log file = /​var/​log/​samba/​log.%m
 +        max log size = 50
 +
 +        security = user
 +        passdb backend = tdbsam
 +
 +        # the login script name depends on the machine name
 +;       logon script = %m.bat
 +        # the login script name depends on the unix user used
 +;       logon script = %u.bat
 +;       logon path = \\%L\Profiles\%u
 +        # disables profiles support by specifing an empty path
 +;       logon path =
 +
 +[homes]
 +        comment = Home Directories
 +        browseable = no
 +        writable = yes
 +
 +[pub]
 +        path=/​srv/​samba-public
 +        writable = yes
 +        readonly = no
 +        browsable = yes
 +
 +</​code>​
 +
 +Pridejte uzivatele uziv
 +<​code>​
 +  adduser uziv
 +  pdbedit -a uziv
 +</​code>​
 +
 +Priklad vytvoreni slozky Kos (Trash)
 +<​code>​
 +  vfs object = recycle:​recycle
 +  recycle:​subdir_mode = 0777
 +  recycle:​repository = .recycle
 +  recycle:​keeptree = Yes
 +  recycle:​touch = Yes
 +  recycle:​versions = No
 +  recycle:​maxsize = 100000000 ; 100 metric million bytes
 +</​code>​
 +
 
linux/skoleni/firewall.1463043918.txt.gz · Last modified: 2016/05/12 11:05 by admin