(*)설치 완료후에 Ubuntu2410.ova 파일로 저장하기
ip addr
ifconfig
ping 168.126.63.1
네트워크 환경은 NAT
10.0.2.15(가짜 IP) <-(NAT)-> 192.168.0.XXX (진짜 IP)
sudo apt update
sudo apt upgrade
sudo netstat -ant
sudo apt -y install net-tools
sudo netstat -ant
80번 포트 확인 안됨
sudo apt -y install openssh-server
sudo apt -y install lrzsz
sudo apt -y install unzip
0. 네트워크 환경 변경
sudo nano /etc/netplan/00[tab]
dhcp4: no
addresses: [XXX.XXX.XXX.XXX/24]
gateway4:
nameservers:
addresses: [XXX.XXX.XXX.XXX]
netplan apply
1. 텔넷 서버 구축
sudo apt-get install xinetd telnetd
sudo nano /etc/xinetd.d/telnet
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
sudo systemctl restart xinetd
ufw allow 23/tcp
2. 삼바 서버 구축
sudo apt-get install samba
sudo systemctl restart smbd
3. dhcp 서버 구축
sudo apt-get install isc-dhcp-server
sudo systemctl restart isc-dhcp-server
4. 프록시 서버 구축
sudo apt-get install squid
sudo systemctl restart squid
5. NFS 서버 구축
sudo apt-get install nfs-kernel-server
sudo systemctl restart nfs-server
6. 웹 서버 구축
#일반적인 설치
sudo apt -y install lamp-server^
dpkg -l apache2 php8.3-common mysql-server
cd /var/www/html
sudo wget https://ko.wordpress.org/wordpress-6.6.1-ko_KR.tar.gz
nano phpinfo.php
ufw allow 80
mysql
create database master;
create user master@localhost identified by '123456';
grant all on master.* to master@localhost;
exit
tar xfz word*
chmod 707 wordpress
chown -R www-data:www-data wordpress
cd wordpress
cp wp-config-sample.php wp-config.php
nano wp-config.php
nano /etc/apache2/sites-enabled/000-default.conf
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
sudo systemctl restart apache2
7. 네임서버구축
su : Au
sudo passwd root
su
cat /etc/hosts
nano /etc/hosts(수정)
10.0.2.15 st.kr
/ect/resolv.conf
10.0.2.15
sudo apt-get -y install bind9
cd /etc/bind
ls
nano named.conf.default-zones
systemctl restart named
cp db.local st.kr.zone
chown root.bind st.kr.zone
nano st.kr.zone
localhost 아래에 다음과 같이 본인의 도메인을 등록한다.
zone "st.kr"{
type master;
file "/etc/bind/st.kr.zone";
};
named.conf.options
named.conf.local
cp db.local st.kr.zone
chown root.bind st.kr.zone
recursion yes;
allow-query { any; };
sudo systemctl start bind9
sudo systemctl enable bind9
sudo systemctl status bind9
sudo ufw allow 53
dig @10.0.2.15 www.st.kr
nslookup st.kr
sudo nano /etc/resolv.conf
nameserver 10.0.2.15
sudo nano /etc/resolve.conf (시험용)
sudo nano /etc/bind/named.conf
include "/etc/bind/named.conf.default-zones";
sudo nano /etc/bind/named.conf.default-zones
zone "st.kr" IN {
type master;
file "/etc/bind/st.kr.zone"
}
named-checkconf
cd /etc/bind
sudo cp db.local st.kr.zone
sudo nano st.kr.zone
IN MX 10 mail.st.kr.
www IN A 192.168.0.XXX
ftp IN A 192.168.0.XXX
shop IN A 192.168.0.XXX
named-checkzone st.kr st.kr.zone
sudo systemctl restart bind9
sudo systemctl status bind9
ufw status
[용어정리]
;
$TTL
@
IN
SOA
NS
MX
A
CNAME: 호스트 이름에 별칭을 부여할 때 사용
[라운드로빈방식이해]
3. 메일 서버 구축
3.1 샌드메일 구축시
sudo apt -y install sendmail
sudo nano /etc/hostname
mail.st.kr
sudo nano /etc/hosts
192.168.0.23 mail.st.kr
sudo nano /etc/mail/local-host-names
mail.st.kr
sudo nano /etc/bind/st.kr.zone
IN MX 10 mail.st.kr.
mail IN A XXX.XXX.XXX.XXX
sudo named-checkconf
sudo systemctl restart bind9
sudo nano /etc/mail/sendmail.cf
98행 수정: Cwlocalhost ---> Cwst.kr
269행 수정: Addr=127.0.0.1 부분 삭제
270행 수정: Addr=127.0.0.1 부분 삭제
sudo systemctl restart sendmail
sudo nano /etc/mail/access
192.168.0 RELAY
10.0.2 RELAY
sudo makemap hash /etc/mail/access < /etc/mail/access
sudo passwd root
su makemap hash /etc/mail/access < /etc/mail/access
systemctl restart sendmail
sudo apt -y install dovecot-pop3d
sudo nano /etc/dovecot/dovecot.conf
30행 수정: listen = *
33행 수정: base_dir = /var/run/dovecot
34행 수정: disable_plaintext_auth = no
sudo nano /etc/dovecot/conf.d/10-mail.conf
121행 수정: mail_access_groups = mail
166행 수정: lock_method = fcntl
systemctl restart sendmail
systemctl restart dovecot
adduser lee
sudo ufw disable
[삭제]
sudo apt remove sendmail
[용어정리]
SMTP(Simple Mail Transfer Protocol): 클라이언트가 메일을 보내거나, 메일 서버끼리 메일을 주고 받을때 사용함
POP3(Post Office Protocol): 메일 서버에 도착되어 있는 메일을 클라이언트로 가져올때 사용함
IMAP(Internet Mail Access Protocol): POP3와 같은 용도
3.2 postfix 구축시
sudo apt -y install postfix sasl2-bin
sudo cp /usr/share/postfix/main.cf.dist /etc/postfix/main.cf
sudo nano /etc/postfix/main.cf
sudo vi /etc/postfix/main.cf
# line 78: uncomment
mail_owner = postfix
# line 94: uncomment and specify hostname
myhostname = mail.st.kr
# line 102: uncomment and specify domainname
mydomain = st.kr
# line 123: uncomment
myorigin = $mydomain
# line 137: uncomment
inet_interfaces = all
# line 185: uncomment
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
# line 228: uncomment
local_recipient_maps = unix:passwd.byname $alias_maps
# line 270: uncomment
mynetworks_style = subnet
# line 287: add your local network
mynetworks = 127.0.0.0/8, 192.168.0.0/24
# line 407: uncomment
alias_maps = hash:/etc/aliases
# line 418: uncomment
alias_database = hash:/etc/aliases
# line 440: uncomment
home_mailbox = Maildir/
# line 576: comment out and add
#smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_banner = $myhostname ESMTP
# line 650: add
sendmail_path = /usr/sbin/postfix
# line 655: add
newaliases_path = /usr/bin/newaliases
# line 660: add
mailq_path = /usr/bin/mailq
# line 666: add
setgid_group = postdrop
# line 670: comment out
#html_directory =
# line 674: comment out
#manpage_directory =
# line 679: comment out
#sample_directory =
# line 683: comment out
#readme_directory =
# line 684: if also listen IPv6, change to [all]
inet_protocols = ipv4
# add to the end
# for example, limit an email size to 10M
message_size_limit = 10485760
# for example, limit mailbox size to 1G
mailbox_size_limit = 1073741824
# SMTP-Auth settings
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject
:wq (저장하고 끝내라!)
sudo newaliases
sudo systemctl restart postfix
sudo systemctl status postfix
3.3 dovecot 설치
sudo vi /etc/dovecot/dovecot.conf
listen = *,::
sudo vi /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
# line 100: add
auth_mechanisms = plain login
sudo vi /etc/dovecot/conf.d/10-mail.conf
# line 30: change to Maildir
mail_location = maildir:~/Maildir
sudo vi /etc/dovecot/conf.d/10-master.conf
# line 107-109: uncomment and add
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
sudo systemctl restart dovecot
3.4 roundcube 설치
sudo apt -y install roundcube
sudo nano /etc/apache2/conf-enabled/roundcube.conf
Alias /webmail /var/lib/roundcube
'Directory'안에다가 설정할것
AddType application/x-httpd-php .php
sudo nano /etc/roundcube/config.inc.php
$config['default_host'] = 'localhost';
$config['smtp_port'] = 25;
-->설정 자세히 볼것
sudo systemctl restart apache2
http://st.kr/webmail
3.5 메일 사용자 추가
sudo apt -y install mailutils
sudo passwd root
루트 암호변경 : 123456
su
echo 'export MAIL=$HOME/Maildir/' >> /etc/profile.d/mail.sh
adduser lsw
mail lsw@localhost
# input Cc
Cc:
# input subject
Subject: Test Mail#1
# input messages
This is the first mail.
# to finish messages, push [Ctrl + D] key
# see received emails
ubuntu@mail:~$ mail
[R2]
config t
hostname ST
interface fastethernet0/0
ip address 125.246.95.254 255.255.255.0
no shutdown
exit
interface serial1/0
ip address 1.1.1.2 255.255.255.252
no shutdown
exit
router rip
version 2
network 125.246.95.0
network 1.1.1.0
안쪽에서 바깥쪽으로 ping
1.방화벽정책
InsideToAny
Inside의 네트워크는 어디든간다
2.마스커레이딩
마스커레이딩을 안걸면 0으로 나온다
#미션
1.네트워크(라우터)에서 22포트로 접근하는 100.100.100.1을 차단하라
>access-list 중 확장 ACL를 적용하라
-access-list 100 deny tcp host 100.100.100.1 host 125.246.95.152 eq 22
access-list 100 permit ip any any
interface serial1/0
ip access-group 100 in
exit
exit
show access-lists
2.서버에서 100.100.100.1 ip 차단
tcpwrapper로 검색
항상먼저 allow부터 설정할것
sudo nano /etc/hosts.allow
ALL : ALL
sudo nano /etc/hosts.deny
sshd : 100.100.100.1
미션2
칼리에서 웹서버에 접속
netstat -ant | grep 80
방화벽 nat 적용
미션3
도메인 : st
st.kr
53:dns
칼리에서 st.kr로 접속하라
netstat -ant | grep 53
nat 적용
각종 설정 파일 수정
미션4
sudo apt-get update
sudo apt-get -y install evolution