LOMBA KOMPETENSI SISWA

SEKOLAH MENENGAH KEJURUAN (SMK}

TINGKAT PROVINSI JAWA TENGAH

, TAHUN 201.8

lfr. 1
,.,'*-*v\ rililll
,H;i'
rmr.rl I lrrlrrr

5emarang,

LKS SMK XXVII

Provinsi Jawa Tengah 2Ol8

MODUL A LINUX ENVIRONMENT

BIDANG IT NETWORK SYSTEM ADMINISTRATION

 INTRODUCTION
The competition has a fixed start and finish time. You must decide how to best divide
your time.

Please carefully read the following instructions!

When the competition time ends, please leave your station in a running state.

LOGIN BANNER
Must be shown befoi.e the login prompt. Must appear for local and network logins.
"Welcome to [hosf,rame] - LKS PROVINSI2018"

WORK TASK SERVER LNXSRV-A

Configure the server with the hostname, domain and IP specified in the appendix.
l. DNS (bind9)
. Configure a forward zone called "semarang.nef'
v
- Create subdomain

Subdomain Host IP Address

monitor.semarang.net LN)GTR 10.10. i0. I

warta.semarang.net LNXSRV-B r0.20.20.100

data.semarang.net LNXSRV-B I0.20.20.100

ldap.semarang.net LNXSRV-B 10.20.20.100

wwr,v.semarang.net LNXSRV-C 10.24.20.200

ftp.semarang.net LNXSRV-V 10 2A 20 200

. Configure a reverse zone for network 10.30.30.0/24 and 10.10.10.4D4

2. CA V
. Configure as CA using OpenSSL
.IJse "/cert" as the CA root directory
. CA attributes should be set as follows I

- Country code is set to ID

- Organization is set to LKS PROVINSi
- The common name is set to "LKS PROVINSI2018 CA"

llPage
 . Create a root CA certificate
. All certificates required in the test project should be published by CA

3. Mail
.Install and configure Postfix and Dovecot/Courier
- Configure SMTPS (TCP 465) and IMAPS server for "semarang.net"

domain using certificates issued by LNXSRV-A.

- Configure mail directory in "/homel[user]/Maildir"
- Authentication has to be done through LDAP
4. SSH Server

" lnstall and configure SSH Server

- Allow root access
- Change SSH port default to 2018

- Create user remote have access same permission user root

WORK TASK SERYER LI{XSRV-B

Configure the server with the hostname, domain and IP specified in the appendix.
1. Create 50 user local, username userl user5O password ftpastijuara'
-
Userl - user25 not have home directory.

2. Web Server (Apache2)

. Create secure website for http://data.semarang.net and http:l/rvarta.semarang.net 7
. http l/data. semarang. net di splay website page
:

- "Welcome to DATA semarang net on [hostname]."

. http //warta.
: semaran g. net display webs ite page
- "Welcome to WARTA semarang net on [hostname]."

. Website http:lldata.semarang.net only can access by autentikasi for username with

password userl s.d. user25

' . Enable HTTPS only for both sites

- Use certificate signed by CA in LNXSRV-AI

- Make sure no certificate warning is shown
. Create virtual webpage for user26 - user5O

Example : http://warta.semarang.neV-user26 or https://warta.semarang.net/-user26

2[Page
 3. LDAP
.Install LDAP service
- Configure the directory service of ldap.semarang.net
- Create new OU name "usgrs"
- Create new Group on OU users name juara
- Create user name pastil - pastilO password "pastijuara"
- User name pastil- pastilO join group juara

4. DHCP

' Create DHCP for internal client with the following requirement below: \-.
- Range: 10.30.30.15 - 10.30.30.50
- Netmask: /25

- Gateway 10.30.30.1
- DNS: 10.10. 10.100
' The clients should automatically register their name with the DNS server after they
have been assigned with an IP address by the DHCP server
. LNXCLT-INT selalu mendapatkan IP 10.30.30.25 dari DHCP Server

WORK TASK SERVER LNXSRV-C

Configure the server with the hostname, domain and IP specified in the appendix.
1. Web Server (Nginx)
. Create secure website for www.semarang.net
. Display website page

- "Welcome to WEBSITE semarang net on [hostname]."

2. FTP Server
. Setup FTP with PToFTPD

- Enable FTPS (implicit)

. Make sure both FTP and FTPS are working

woRK TASK TNSTALLATTON (LNXRTR)

Configure the router with the hostname, domain and IP specified in the appendix.
1. Routing

3lPage
 . Enable routing to forward IPv4 packet

2. Firewall
. LNXCLT-EXT can't access 10. 10. 10. 100, 10.20.20.100, 10.20.20.200
. LNXCLT-EXT only can access 10 1 0. 1 0. 1 00, 10.20 .2A.100, 10.20. 20 .200 with VPN

3. DHCP Relay
. Configure DHCP Relay to LNXSRV-B for internal client

4. Monitoring (Cacti)
. Configure Cacti with url http://rnonitor.semarang.net
. Create gaph for interface traffic on LNXSRV-B and LNXSRV-C

5. Load balancer (HAProxy)

. Configure HTTP/HTTPS load balancer for wrvw.semarang.net, which is hosted by
LNXSRV-B and LNXSRV-C
. Use roundrobin as algorithm
6. OpenVPN
. Install OpenVPN service
. Use LDAP user for OpenVPN client login
. Use address range 88.88.88.1 to 88.88-88.1261or VPN clients

WORK TASK CLIENT LNXCLT-INT

Note: Please use the default configuration if you are not given details
o Configure the client with the hostname, domain and IP specified in the appendix.
o Make sure the client certiflcate is installed

o Install FileZilla FTP client

o Install lcedove mail client

WORK TASK CLIENT LNXCLT.EXT

.Note: Please use the default configuration if you are not given dstails
o Configure the client with the hostname, domain and IP specified in the appendix.
o Make sure the client certificate is installed

o Install FileZilla FTP client

o Install Icedove rnail client

4lPagc
*6'
&r
,tr IU
(14
J 6 x r\l
a
u, () c
(f ,J1 ry
tl cr
W
*r
E
EET
,.- }(
(5
r..l
PFB
ci ) ;acc .a =c>
L.qril
tr :E I,4r
.*,;,H E
J
orl
st(}
0-
ivttt
*>5L$B-
UJ -
i/t Ef; -J TQ ut',
X sqi4q "t
e9
+E
,
f*
E .(J
J 5 **
{*
ts>
F*
fix
EB
6L
FT
fix
F d2 EE oZ,
tJ
IJ
E
a!
x 6)
H
t)fi
rl k BE o
o
(: E*o s,t . s t, L
^ ftry
".iil-. 6 EHqfi
>,x j Yri
tfl EF- ry
(f
(3 q
e5;o6
*ErJd! E fi,Fft::
E;Eg lrl
UJ
".(}F()C)
u .- cj c.{ f?
v{<)C)(>()
tr-
3
{E ?EEE3
[E*{ d ..$
c)
0q
,P 8,fr,8 X
f* UJ o r'{
40 e(/)n o-
J
isees I
ctL:jic
LU
s!
6.,
so $ s$f J
X s x trY 4
I
Z 9rr
Fir
6
.q * .'to 5
J
hx
o2
J
Jq st
5(E
d rJ tr(,
J 1 ifx Z,
F {l
l'- oz
* fJ
C)
?
(B
(.)
ho
H
C
!+ o ES
f'r 14
a- ttc
n() ,i{
s€
t",,-
iH
t*l
0 3q
u-t
F dro
9r> so t^ FO
s
sJ
1)(]
1}o- g6' J rE
qcl
-Ufl &
{t V,', ?'6
48()
qYg ul &,
},(
w
,
LJ
x ffi tr=
3
J
{d tix
b2

'llj
0r
qF
Ed

xF
r.
l/,1
f:
n

B,E
EF
a.*
J
,.2F
a.r
CF
Ed
I-J :.,i ;l ux
b2 ()
H IJ I
& o
uo
{!
rJl
 Pfiysical View

rfiflptu0tlt$ l{*st tilAcHl}t{ {pcr} vini&]ows Host

VIRTUAL LINUX CUETJT VIRTU&I LIi{UX SERVER
HcstBme: LXXS&V€

FAdSsss:
F Addrasr - d$: 1020.28.10flr24
et$ : lCO.100,5S.18{24 Sy*em Fumf.on:
-!ryeb 5rr1€{ 1
Sl,rtern Ftrrrion. -I-OAP Smrer
- operfdFl"l Clert - Dl-6P $eruer

VIRTU.qL LII{ilX ft SL'TER fIRTUAL L1I,JU.{ $ERVE

-fl*saums: Hssfsme: LI{XSRV{
Llix*TR I
tr"id*,€d
fialineili
| - eflr1 - i+i 1Ci.5C 1i,l
I - tthl : t:.1! is.1ri4
I -e$3: tt.3D 30.1,:.{

$ptem Furxfan: l- eU"C r tO2O2t:mB+

- DHCP relay
- f,resllsfl bidE€*
iidaltesl
- lvtoritsnrg icadll {rffinef}
- Load BaAlEr
-@rlv?ll Seruer

!.IRTLIAL L9T$JX V! ftTUAL Li I'dLT{ CL'CI.,IT

liosfBme:
LIXSRVi

System F$'Edon:

- lvlailleruer
- ONS Srrner
- 55H S€e,Er

Physical View Modul A * Linux Environment

6lPage