Con Figura C I On Debian

Download as pdf or txt
Download as pdf or txt
You are on page 1of 7

Configuración Básica de Servidor

<SSH -DNS - DHCP - PROXY>

1. Antes de iniciar la maquina virtual se deberá configurar en Oracle VirtualBox un


Administrador de Red de Anfitrión con la red que utilizaremos en el servidor, sin DHCP.
2. Luego deberá agregar en la configuración de la maquina virtual del servidor un segundo
Adaptador de Red configurándolo como “Adaptador sólo-anfitrion” e indicando la red creada
en el punto 1.

<< Acceder a la Terminal >>


Login como Root:
user@Servername:~$ su -

Ver la información de los dispositivos de red del equipo (NIC):


root@Servername:~# ip address show

Configurar IP estática para el servidor:


root@Servername:~# service network-manager stop
root@Servername:~# cp /etc/network/interfaces /etc/network/interfaces.bak
root@Servername:~# nano /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*

# The loopback network interface


auto lo
iface lo inet loopback

# Dinamic IP for NAT Access


auto enp0s3
iface enp0s3 inet dhcp

# Static IP address
auto enp0s8
iface enp0s8 inet static
address 192.168.101.100
netmask 255.255.255.0
network 192.168.101.0
broadcast 192.168.101.255
gateway 192.168.101.1
root@Servername:~# service network-manager start

Verificar configuración de DNS


root@Servername:~# nano /etc/resolv.conf

Cambiar o verificar el nombre al servidor


root@Servername:~# nano /etc/hostname
root@Servername:~# nano /etc/hosts

Cambiar o verificar la zona horaria y fecha del servidor


root@Servername:~# cat /etc/timezone
root@Servername:~# dpkg-reconfigure tzdata
root@Servername:~# date

Configurar acceso remoto con protocolo SSH


root@Servername:~# apt install openssh-server openssh-client
root@Servername:~# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
root@Servername:~# nano /etc/ssh/sshd_config
. . .
#Port 22
#AddressFamily any
ListenAddress 192.168.101.100
#ListenAddress ::
. . .
#LoginGraceTime 2m
PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
. . .
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords no

root@Servername:~# systemctl restart ssh

Crear usuarios y grupos


root@Servername:~# adduser matu
root@Servername:~# nano /etc/passwd
root@Servername:~# addgroup administracion
root@Servername:~# usermod -a -G administracion matu
root@Servername:~# nano /etc/group

Instalar y configurar un Servidor DNS


root@Servername:~# apt install bind9 bind9-doc resolvconf dnsutils
root@Servername:~# cp /etc/default/bind9 /etc/default/bind9.bak
root@Servername:~# nano /etc/default/bind9
. . .
# startup options for the server
OPTIONS="-u bind -4" (Agrega el -4 para indicar uso de IPv4)

root@Servername:~# systemctl restart bind9


root@Servername:~# cp /etc/bind/named.conf.options /etc/bind/named.conf.options.bak
root@Servername:~# nano /etc/bind/named.conf.options
. . .
forwarders {

// Google Public DNS (IPv4)


8.8.8.8;
8.8.4.4;

// Google Public DNS (IPv6)


2001:4860:4860::8888;
2001:4860:4860::8844;

// OpenDNS servers
208.67.222.222;
208.67.220.220;

// VBox NAT DNS


10.0.2.3;
};
. . .

root@Servername:~# named-checkconf
root@Servername:~# nano /etc/resolv.conf
nameserver 127.0.0.1
nameserver ::1

root@Servername:~# systemctl restart bind9


root@Servername:~# nslookup www.profmatiasgarcia.com.ar
root@Servername:~# cp /etc/bind/named.conf.local /etc/bind/named.conf.local.bak
root@Servername:~# nano /etc/bind/named.conf.local
//
// Do any local configuration here
//
//Zona de busqueda directa para profmatiasgarcia.com.ar
zone "profmatiasgarcia.com.ar" {
type master;
file "/etc/bind/db.ns1";
};

//Zona de busqueda inversa para la red 192.168.101.0/24


zone "101.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.101.168.192";
};
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

root@Servername:~# named-checkconf
root@Servername:~# cp /etc/bind/db.local /etc/bind/db.ns1
root@Servername:~# nano /etc/bind/db.ns1
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.profmatiasgarcia.com.ar. root.profmatiasgarcia.com.ar. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.profmatiasgarcia.com.ar.
ns1 IN A 192.168.101.100
profmatiasgarcia.com.ar. IN A 192.168.101.100

;---------- OPCIONALES ----------


;mail IN A 192.168.101.100

;server IN A 192.168.101.100

;router IN A 192.168.101.1

;proxy IN CNAME server


;www IN CNAME server
;ftp IN CNAME server
;gateway IN CNAME router
;gw IN CNAME router

root@Servername:~# named-checkzone profmatiasgarcia.com.ar /etc/bind/db.ns1


root@Servername:~# cp /etc/bind/db.127 /etc/bind/db.101.168.192
root@Servername:~# nano /etc/bind/db.101.168.192
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.profmatiasgarcia.com.ar. root.profmatiasgarcia.com.ar. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.profmatiasgarcia.com.ar.
100 IN PTR ns1.profmatiasgarcia.com.ar.

;---------- OPCIONALES ----------


;100 IN PTR mail.profmatiasgarcia.com.ar.
;100 IN PTR server.profmatiasgarcia.com.ar.
;100 IN PTR www.profmatiasgarcia.com.ar.
;100 IN PTR ftp.profmatiasgarcia.com.ar.

root@Servername:~# named-checkzone 101.168.192.in-addr.arpa /etc/bind/db.101.168.192


root@Servername:~# systemctl restart bind9
root@Servername:~# nano /etc/resolv.conf
domain profmatiasgarcia.com.ar
search profmatiasgarcia.com.ar
nameserver 127.0.0.1

root@Servername:~# dig ns1.profmatiasgarcia.com.ar


root@Servername:~# dig -x 192.168.101.100
Instalar y configurar un Servidor DHCP
root@Servername:~# apt install isc-dhcp-server isc-dhcp-server-ldap
root@Servername:~# nano /etc/default/isc-dhcp-server
. . .
INTERFACESv4="enp0s8"
#INTERFACESv6=""

root@Servername:~# cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.bak


root@Servername:~# nano /etc/dhcp/dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...


option domain-name "profmatiasgarcia.com.ar";
option domain-name-servers 192.168.101.100;

default-lease-time 600;
max-lease-time 7200;

# The ddns-updates-style parameter controls whether or not the server will


# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
. . .
# This is a very basic subnet declaration.

subnet 192.168.101.0 netmask 255.255.255.0 {


range 192.168.101.3 192.168.101.99;
option routers 192.168.101.1;
option broadcast-address 192.168.101.255;
}
. . .

root@Servername:~# systemctl restart isc-dhcp-server


Instalar y configurar un Servidor Proxy
root@Servername:~# apt install squid
root@Servername:~# cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
root@Servername:~# nano /etc/squid/squid.conf
. . .
# Squid normally listens to port 3128
http_port 3128
. . .
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
#acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
#acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
#acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged$
#acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
#acl localnet src 192.168.0.0/16 # RFC 1918 local private networ$
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged$

acl lan src 192.168.101.0/24


acl bloquear-sitios dstdomain "/etc/squid/bloquear-sitios.squid"
acl bloquear-palabras url_regex "/etc/squid/bloquear-palabras.squid"
. . .
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost

http_access deny bloquear-sitios


http_access deny bloquear-palabras
http_access allow lan

# And finally deny all other access to this proxy


http_access deny all
. . .
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
cache_dir ufs /var/spool/squid 2048 16 256
. . .
#Default:
# maximum_object_size 4 MB
maximum_object_size 16 MB
. . .

root@Servername:~# nano /etc/squid/bloquear-sitios.squid


.facebook.com
.twitter.com
.instagram.com
.youtube.com
root@Servername:~# nano /etc/squid/bloquear-palabras.squid
juegos
friv
netflix
cuevana
mercadolibre

root@Servername:~# systemctl restart squid


Este documento se encuentra bajo Licencia Creative Commons Attribution – NonCommercial -
ShareAlike 4.0 International (CC BY-NC-SA 4.0), por la cual se permite su exhibición, distribución,
copia y posibilita hacer obras derivadas a partir de la misma, siempre y cuando se cite la autoría del
Prof. Matías E. García y sólo podrá distribuir la obra derivada resultante bajo una licencia idéntica a
ésta.

You might also like