Teknik blocking URL menggunakan Mikrotik

Saya mencoba untuk memanfaatkan fitur Layer 7 Protocol pada Mikrotik Ver. 3.x

Fitur “Layer 7 Protocol” sangat menarik karena dapat melakukan Regexp sehingga mekanisme blocking bukan berdasarkan alamat IP server tetapi dapat dilakukan menggunakan format URL yang terdiri dari protocol,hostname,domain,path, dan file.

Sehingga pemblokiran pada URL http://www.youtube.com/watch?v=_LyeviTOh2w

Tidak berakibat http://www.youtube.com ter-blocking secara keseluruhan tetapi hanya pada URL itu saja.

Umumnya pemblokiran URL dilakukan oleh Proxy Server yang merupakan salah satu application firewall tetapi mungkin tidak semua pihak memiliki Proxy Server atau tidak mengizinkan menggunakan Proxy Server oleh karena itu fitur “Layer 7 Protocol” pada Mikrotik Ver. 3.x dapat membantu kita untuk melakukan pemblokiran tsb

Melalui artikel ini saya akan mencoba memanfaatkan fitur tersebut untuk memblokir URL yang menurut Depkominfo ILLEGAL.

Contents

[hide]

[edit]Langkah pertama

Pastikan Mikrotik yang anda gunakan adalah Versi 3.x , karena di versi 2.9.x fitur ini tidak saya temukan, aktifkan winbox dan buka router Mikrotik yang akan digunakan.

[edit]Langkah kedua

Buat daftar pada Layer 7 Protocol dengan cara: klik IP->Firewall lalu pilih tab “Layer 7 Protocols” Lalu masukkan daftar URL diatas satu persatu di “Layer 7 Protocols” dengan cara: Klik tanda + dan isi kotak Name dan Regexp lalu OK

[edit]Langkah ketiga

Klik tab “Mangle” lalu klik tanda + lalu pilih Chain “Prerouting” untuk jaringan yang menggunakan Masquerade/NAT atau pilih Chain “Forward” untuk jarigan yang tidak menggunakan Masquerade/NAT

Kemudian klik tab “Advanced” dan pilih Layer 7 Protocol yang telah dibuat sebelumnya dengan mengklik drop-down atau segitiga hitam disamping kanan baris Layer 7 Protocol.

Kemudian klik tab “Action” dan pilih Action = mark connection, dan isi New Connection Mark = ilegal-url-connection dengan Passthrough terceklist (biasa pasti sudah terceklist) lalu klik OK.

Lakukan langkah ketiga ini utk setiap baris yang ada di Layer 7 Protocols

[edit]Langkah keempat

Masih di tab Mangle klik tanda + lalu pilih Chain ”Prerouting” untuk jaringan Masquerade atau pilih ”Forward”: untuk jaringan non Masqureade, dan pilih Connection Mark dengan ”ilegal-url-connection” dengan mengklik drop-down atau segitiga hitam di samping kanan field/baris Connection Mark.

Kemudian pilih tab Action dan pilih Action = mark packet dan isi New Packet Mark dengan “ilegal-url-packet” dengan Passthroug ter-ceklist. Dan klik OK

Hasilnya bisa dilihat seperti berikut ini

[edit]Langkah kelima

Pilih tab “Filter Rules” , jika mikrotik sebagai hotspot gateway pilih Filter Rules = hs-input , jika hanya sebagai router biasa pilih Filter Rules = Forwrad yang berada di kanan atas. Kemudian klik tanda + untuk membuat aturan baru.

Pada field/baris Packet Mark pilih “ilegal-url-packet” kemudian klik tab Action

Pilih Action = jump , dengan jump target = “ilegal-url” kemudian klik OK.

Pastikan rule yang baru dibuat berada paling atas dari rule-rule yang ada. Caranya dengan men-drag baris rule yang baru dibuat ke baris paling atas dari rule-rule yang lainnya.

[edit]Langkah keenam

Masih di Filter Rules klik lagi tanda + untuk membuat chain ilegal-url

Isi kotak Chain dengan “ilegal-url” kemudia klik tab Action

Pilih Action dengan “log” dan isi Log Prefix dengan “ILEGAL-URL” lalu OK, dengan action log maka kita dapat melihat di log mikrotik jika ada user yang mencoba mengakses URL tersebut dengan tanda “ILEGAL-URL”

Ulangi lagi langkah keenam diatas dengan mengklik tanda + tetapi pada tab Action diisi dengan “drop” untuk mendrop semua packet yang menuju ke URL yang didefinsikan sebagai “ilegal-url” lalu klik OK.

Hasilnya jika ada user yang mencoba mengakses URL tersebut akan di drop dan pada log dapat dilihat sbb:

Teknik seperti ini dapat digunakan juga untuk memfilter situs porno tetapi tentunya jumlah list yang harus dimasukkan akan sangat banyak “CAPEDEH”

Semoga artikel ini bermanfaat bagi yang membacanya

Mikrotik–>User Manager

Introduction

To make this setup, you should have running DHCP server on the router. Let’s consider configuration steps for DHCP and User Manager routers, in order to use User Manager for DHCP server users.

DHCP router configuration

  • Set DHCP to use User Manager for DHCP server leases,
/ ip dhcp-server set dhcp1 use-radius=yes
  • Add radius client to consult User Manager for DHCP service.
/ radius add service=dhcp address=y.y.y.y secret=123456

‘secret’ is equal to User Manager router secret. ‘y.y.y.y’ is the User Manager router address.

  • Note, first local router database is consulted, then User Manager database. User will be unable to obtain DHCP lease, if DHCP router and User Manager server will not contain any information about user’s data.

User Manager configuration

  • Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called ‘admin’ is created automatically – you can skip the following stage and change ‘MikroTik’ to ‘admin’ in subsequent steps;
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
  • Add DHCP router information to router list,

In version 3:

/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456

In version 4:

/ tool user-manager router add customer=MikroTik ip-address=x.x.x.x shared-secret=123456

‘x.x.x.x’ is the address of the DHCP router, ‘shared-secret’ should match on both User Manager and DHCP routers.

  • Add DHCP user information, that client with MAC address 00:01:29:27:81:95 will always receive 192.168.100.2 address. User will receive dynamic address from the DHCP ip pool, if ip-address is not specified.

In version 3:

/ tool user-manager user add add subscriber=MikroTik username="00:01:29:27:81:95" ip-address=192.168.100.2

In version 4:

/ tool user-manager user add add customer=MikroTik username="00:01:29:27:81:95" ip-address=192.168.100.2

We discuss only basic configuration example, detailed information about user menu configuration.

  • To make sure, that user is receiving lease from User Manager,
 / ip dhcp-server lease> print
 Flags: X - disabled, R - radius, D - dynamic, B - blocked
 #   ADDRESS         MAC-ADDRESS       HOST-NAME    SERVER RATE-LIMIT   STATUS
 0 R 192.168.100.2   00:01:29:27:81:95              dhcp1               bound

‘R’ means that lease has been received from User Manager server.

Briker: Instalasi

[edit] Instalasi Briker

tampilan CD briker pada saat pertama kali booting

tampilan CD briker pada saat pertama kali booting

Install Briker IPPBX ke harddisk, ketik install lalu tekan enter.

Dalam gambar diatas ada beberapa opsi lain yang tersedia, contohnya jika ada keperluan untuk memperbaiki sistem, maka ketik rescue lalu tekan enter.

Instalasi Briker IPPBX relatif mudah, setelah proses instalasi selesai, sistem akan membuat password default untuk console login dan web login, serta mengkonfigurasi alamat IP default.

Default console login (SSH port 22):
Username           : support
Password           : Briker
Default web login (HTTP port 80):
Username           : administrator
Password           : Briker
Alamat IP default:
IP address         : 192.168.2.2
Subnet mask        : 255.255.255.0

[edit] Proses Instalasi

Briker otomatis memeriksa hardware yang terpasang dengan pertama kali memeriksa CDROM.

Briker otomatis memeriksa perangkat keras jaringan, lalu mengkonfigurasi alamat IP secara otomatis.

Briker otomatis menghapus (format) hardisk dan menggunakan semua isi hardisk.

Briker otomatis install base system dan software lainnya.

Terakhir, Briker akan install GRUB boot loader.

Instalasi sistem selesai, CD Briker akan otomatis keluar dari CDROM dan komputer akan restart.

[edit] Console Login

Setelah instalasi selesai, kita dapat memulai melakukan konfigurasi dari console seperti mengganti alamat IP, konfigurasi tanggal dan jam dan lainnya

Perintah-perintah pada console login hanya dapat dilakukan setelah anda melakukan otentikasi sebagai user root. Tanpa melakukan hal berikut perintah-perintah untuk konfigurasi melalui console login akan gagal. Jalankan perintah berikut untuk otentikasi sebagai user root:

$ sudo su -

Password yang dimasukkan setelah perintah diatas adalah password yang sama dengan user support (password default). Demi keamanan, anda sebaiknya mengganti password default console login anda dengan cara menjalankan perintah sebagai berikut:

# passwd

[edit] Alamat IP

Alamat IP default Briker adalah 192.168.2.2, pada banyak kondisi sudah dipastikan kita perlu merubahnya, misal untuk menyesuaikan dengan topologi jaringan dan pengalamatan IP yang ada.

Berikut adalah langkah-langkah untuk mengganti alamat IP dan informasi lainnya berkenaan dengan network address :

  • Edit file /etc/network/interfaces.
# mcedit /etc/network/interfaces

Gambar di atas menunjukan alamat IP adalah 192.168.2.2. Lakukan perubahan bila diperlukan dan simpan konfigurasi dengan cara menekan tombol F2 lalu keluar dari editor dengan menekan tombol F10.

Pada versi Briker yang baru, mcedit diganti menggunakan vi.

  • Restart layanan networking untuk mengaktifkan konfigurasi.
# /etc/init.d/networking restart

[edit] Tanggal dan Jam

Setelah melakukan instalasi Briker pastikan tanggal dan jam mesin Briker sudah benar. Jika belum ikuti langkah-langkah berikut :

  • Periksa tanggal dan jam
# date
  • Sesuaikan tanggal dan jam, misal untuk mengatur waktu pada jam 08.00, tanggal 01 Juli 2008.
# date -s "2008-07-01 08:00:00"

Tanggal dan jam yang benar diperlukan untuk ketepatan pencatatan billing, untuk itu pastikan tanggal dan jam yang dikonfigurasi pada Briker sudah benar.

ReInstall OS Blackberry on PC

How to Reload the Operating System on a Nuked BlackBerry

Step #1: Make sure your BlackBerry IS NOT connected to your computer. Locate and Open the App Loader application. You won’t have a shortcut to this program on your start menu. You need to locate it manually. Open your file browser, go to your C Drive (operating system drive) and navigate your way through the folders to Program Files > Common Files >Research In Motion > AppLoader.  Once you are in the AppLoader directory, double click on the Loader application shortcut. Once Loader opens, you can click Next  and then proceed to Step #2. As you may have noticed, we skip Desktop Manager altogether.

AppLoader Directory
Step 1: Browse your way into the AppLoader Directory, and Open the Loader Application

Loader Homescreen
The Loader Homescreen. You can Click Next to Continue

Loader Screen - Com 1
After you click next, Loader Waits for you to Connect the Device.
Proceed to Step #2


Step #2:
We need to connect the BlackBerry to the Computer via USB cable. But here’s where the tricky part comes in with the Nuked BlackBerry. Do you see in the image above where it says COM1? What we want to do is plug in the BlackBerry, and when COM1 switches to say USB-PIN:UNKNOWN we immediately click Next. This catches the BlackBerry and takes it out of the constant reboot cycle and allows you to then reload the Operating System.

Tip: The USB-PIN:UNKNOWN option will display for a few seconds when the BlackBerry is first connected/flashing its LED in red. With a Nuked BlackBerry,  That occurs when the device is in the initial start-up part of it’s reboot sequence. The easiest way to get that to happen (vs. waiting for that step in the reboot sequence where you have a tenth of a second to hit Next before you lose your chance) is to simply pull the battery from the BlackBerry. With the battery pulled, connect the BlackBerry to the USB connector and as SOON as you see USB-PIN:UNKNOWN hit Next. You have to be quick still, but using this method you are in control of the timing. From there you can put the battery back in and battery cover back on (Make Sure you install the battery or else when the OS update is completing and the device disconnects from the computer to reboot, it will lose the power provided by the USB connection and you will get an error and have to do it all over again!).

** If you don’t get it right the first time, try again (unplug from USB, pull battery, connect and hit Next while USB-PIN:Unknown is showing). You have to be fast and the timing is key, so it may take you three or four tries.

USB:UNKNOWN
Connect Your BlackBerry via USB. Click NEXT as Soon as USB:UNKNOWN Appears

Battery Out
Tip: With Battery Out, Connect BlackBerry to USB.
This will give you more control in nailing the timing of
connecting Next while USB:UNKOWN displays

Step #3: With your BlackBerry now out of the permanent reboot sequence, you are essentially in the clear and well on your way to having your BlackBerry up and running again. Choose the options you want to install on your BlackBerry (BrickBreaker, BlackBerry Messenger, BlackBerry Maps, etc.), click next, then approve the installation by clicking “Finish.” Sit back and relax while the BlackBerry does its thing. It’ll take some time and go through a number of screens but eventually you will reach my favorite “The loading operation was successful” screen. Your BlackBerry will reboot itself at this point and it will take a LONG time to reboot (10 – 15 minutes or so). You can unplug it from the USB (it’s not connected while rebooting) and just continue to sit back and wait. Get scared, but not too scared…it will eventually boot up.

OS Installation Options
Select the OS options you want to install

Approve OS install
Approve the Operating System Installalation Options

Sit Back and Relax
Sit back and relax and let the installer do its thing

Installation Complete!
Installation Complete! Just sit back and let your BlackBerry Reboot

Step #4: That’s it! You are done. Brand New BlackBerry. With your BlackBerry no longer Nuked, you can run through the Set Up Wizard (set the date/time/fonts, etc.) and from there you WILL NOW BE ABLE TO connect to the BlackBerry Desktop Manager software. Hopefully you occasionally back up your data and can now use Desktop Manager’s restore function to load up your backed up data. If not, hopefully you have your contacts all synced to Outlook so you can reload your Address book from there. Once that’s done, it’s time to install all your favorite apps again! I’d recommend starting with the CrackBerry.com Launcher (visit http://wap.crackberry.com on your BlackBerry’s browser to download it!). Happy BlackBerrying!

Desktop Manager Reload
At least in this case I KNEW I was putting some risky software onto my BlackBerry
so before installing did a backup of my data. Once I un-nuked my BlackBerry
I was able to relatively quickly get back to where I was before.

Until Next Time

That’s all folks! This is one of those lessons that I hope you don’t need to use, but if you ever do find yourself with a Nuked BlackBerry I hope this lesson gets you back up and running quickly. And if you’re still stuck, the CrackBerry Forums are only a click away!

Article Tags: blackberry hardware loop, blackberry reboot loop, hard reset, blackberry, pearl, curve, 8100, 8110, 8120, 8130, 8700, 8703, 8300, 8310, 8320, 8330, 8800, 8820, 8830, reload operating system

Cara Mudah Membersihkan Virus Nadia Saphira

Berikut adalah delapan langkah mudah membersihkan virus ‘Nadia Saphira’ alias ‘W32/VBTroj.AOQB’ pada komputer seperti dikemukakan analis antivirus Vaksincom, Adi Saputra, dalam keterangan yang diterima detikINET, Selasa (26/5/2009):

  1. Sebaiknya putuskan komputer yang akan dibersihkan dari jaringan
  2. Matikan ‘System Restore’ selama proses pembersihan virus (untuk Windows XP / Vista).
  3. Matikan proses virus yang aktif di memory. Gunakan tools pengganti task manager, seperti CProcess (dapat anda download di situs Nirsoft)
  4. Lakukan kill process, pada beberapa file virus yang aktif yaitu :
    • C:\Documents and Settings\All User\Start Menu\Programs\Startup\lan.exe
    • C:\WINDOWS\system32\misconfig.exe
    • C:\WINDOWS\taskmgr.exe
  5. Hapus string registry yang telah dibuat oleh virus. Untuk mempermudah dapat menggunakan script registry dibawah ini.
      [Version]
      Signature=”$Chicago$”
      Provider=Vaksincom Oyee
      [DefaultInstall]
      AddReg=UnhookRegKey
      DelReg=del
      [UnhookRegKey]
      HKCR, batfile\shell\open\command,,,”””%1″” %*”
      HKCR, comfile\shell\open\command,,,”””%1″” %*”
      HKCR, exefile\shell\open\command,,,”””%1″” %*”
      HKCR, piffile\shell\open\command,,,”””%1″” %*”
      HKCR, lnkfile\shell\open\command,,,”””%1″” %*”
      HKCR, scrfile\shell\open\command,,,”””%1″” %*”
      HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,
      HKLM, SOFTWARE\Classes\exefile\DefaultIcon,,,””%1″”
      HKLM, SOFTWARE\Classes\exefile,,,”Application”
      HKLM, SOFTWARE\Classes\exefile,infotip,0, “prop:FileDescription;Company;FileVersion;Create;Size”
      HKLM, SOFTWARE\Classes\exefile,TileInfo,0, “prop:FileDescription;Company;FileVersion”
      HKCU, Software\Microsoft\Command Processor, AutoRun,0,
      HKLM, SOFTWARE\Microsoft\Command Processor, AutoRun,0,
      HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, CheckedValue, 0×00010001,1
      HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL, DefaultValue, 0×00010001,2
      [del]
      HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegistryTools
      HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, NoFolderOptions
      HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, nofind
      HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, nofind
      HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exe
      HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sessmgr.exe
      HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPYXX.exe

    • Gunakan notepad, kemudian simpan dengan nama “*repair.inf*” (gunakan pilihan Save As Type menjadi All Files agar tidak terjadi kesalahan).
    • Jalankan repair.inf dengan klik kanan, kemudian pilih install.
    • Sebaiknya membuat file repair.inf di komputer yang clean, agar virus tidak aktif kembali.
  6. Hapus file virus yang mempunyai ciri-ciri sebagai berikut :
    • Icon application/folder
    • Ext. exe
    • Ukuran 69 kb & 17 kb
    • Catatan:
    • Sebaiknya tampilkan file yang tersembunyi agar mempermudah dalam proses pencarian file virus.
    • Untuk mempermudah proses pencarian sebaiknya gunakan “Search Windows” dengan filter file **.exe* & **.ini* yang mempunyai ukuran 69 KB & 17 KB.
    • Hapus file virus yang biasanya mempunyai date modified yang sama.
  7. Tampilkan kembali folder yang disembunyikan pada drive atau flashdisk. Gunakan perintah ‘ATTRIB’ pada command prompt.
    • Klik ‘Start’
    • Klik ‘Run’
    • Ketik ‘CMD’, kemudian tekan tombol Enter
    • Pindahkan posisi kursor ke drive Flash Disk
    • Kemudian ketik perintah *ATTRIB –s –h –r /s /d* kemudian tekan tombol enter
  8. Untuk pembersihan yang optimal dan mencegah infeksi ulang, sebaiknya menggunakan antivirus yang ter-update dan mengenali virus ini dengan baik.

sumber : detikinet.com

Instalasi SARG (Squid Analysis Report Generator) pada Centos 5.3

1. Pengantar

Setelah proxy berjalan dengan lancar dengan menggunakan squid, maka kita perlu untuk memonitoring proxy tersebut. Hal-hal yang bisa kita monitoring adalah aktifitas setiap user baik itu berupa alamat web site yang dituju , jumlah bandwidth yang digunakan. Dengan adanya report dalam bentuk web base maka akan memudahkan seorang administrator untuk memantau jaringan internal.

2. Instalasi sarg
Pastikan paket gcc sudah terinstal supaya bisa melakukan kompilasi:

[root@ftp html]# wgethttp://biznetnetworks.dl.sourceforge.net/
sourceforge/sarg/sarg-2.2.5.tar.gz
[root@ftp html]# tar -zxvf sarg-2.2.5.tar.gz
[root@ftp html]# cd sarg-2.2.5
[root@ftp sarg-2.2.5]# ./configure
[root@ftp sarg-2.2.5]# make
[root@ftp sarg-2.2.5]# make install

3. konfigurasi sarg:
[root@ftp html]# vim /usr/local/sarg/sarg.conf
Yang di hilangkan tanda pagarnya (uncomment) adalah :
language English
access_log /var/log/squid/acces.log
graphs yes
graph_days_bytes_bar_color orange
title "Squid User Access Reports"
output_dir /var/www/html/sarg-php
resolve_ip no
topuser_sort_field BYTES reverse
user_sort_field BYTES reverse
lastlog 3
remove_temp_files yes
index yes
index_tree file
overwrite_report yes
topsites_num 200
topsites_sort_order CONNECT D
index_sort_order D
report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
show_successful_message yes
show_read_statistics yes
topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
topuser_num 0

4. Jalankan sarg untuk menyimpan log ke folder /var/www/html/sarg-php, dimana sekaligus akan membuat folder sarg-php:
[root@ftp html]# /usr/bin/sarg -l /var/log/squid/access.log

Supaya perintah diatas berjalan secara otomatis maka sintaks tersebut kita eksekusi lewat cron. Supaya reportnya lebih menarik maka kita bagi bersasarkan hari, minggu, dan bulan. Caranya adalah sebagai berikut :

Report harian:
[root@ftp ~]# vim /usr/sbin/sarg-report-harian
Isinya :
#harian:
#======
#!/bin/bash
#Get current date
TODAY=$(date +%d/%m/%Y)
#Get one week ago today
YESTERDAY=$(date --date "1 day ago" +%d/%m/%Y)
/usr/bin/sarg -l /var/log/squid/access.log -o /var/www/html/sarg-php/harian -z -d $YESTERDAY-$TODAY
/usr/sbin/squid -k rotate
exit 0

Report Mingguan:
[root@ftp ~]# vim /usr/sbin/sarg-report-mingguan
Isinya :
#Mingguan:
#========
#!/bin/bash
#Get current date
TODAY=$(date +%d/%m/%Y)
#Get one week ago today
YESTERDAY=$(date --date "1 week ago" +%d/%m/%Y)
/usr/bin/sarg -l /var/log/squid/access.log -o /var/www/html/sarg-php/mingguan -z -d $YESTERDAY-$TODAY
/usr/sbin/squid -k rotate
exit 0

Report bulanan:
[root@ftp ~]# vim /usr/sbin/sarg-report-bulanan
Isinya :
#Bulanan:
#========
#!/bin/bash
#Get current date
TODAY=$(date +%d/%m/%Y)
#Get one week ago today
YESTERDAY=$(date --date "1 month ago" +%d/%m/%Y)
/usr/bin/sarg -l /var/log/squid/access.log -o /var/www/html/sarg-php/bulanan -z -d $YESTERDAY-$TODAY
/usr/sbin/squid -k rotate
exit 0

Mengubah permission file report :
[root@ftp sarg-php]# chmod 755 /usr/sbin/sarg-report-harian
[root@ftp sarg-php]# chmod 755 /usr/sbin/sarg-report-mingguan
[root@ftp sarg-php]# chmod 755 /usr/sbin/sarg-report-bulanan

Eksekusi report secara manual :
[root@ftp sarg-php]# /usr/sbin/sarg-report-harian
[root@ftp sarg-php]# /usr/sbin/sarg-report-mingguan
[root@ftp sarg-php]# /usr/sbin/sarg-report-bulanan

Perintah ini akan menghasilan report sesuai dengan output yang ada pada masing-masing sintaks.

Error yang sering terjadi :
Pada saat perintah diatas dieksekusi sering terjadi error seperti dibawah, hal ini disebabkan oleh sintaks yang salah pada tanggal dan tanda “, dimana biasanya ditulis –date padahal seharusnya –date atau saat kopi paste tanda “ berubah jadi tanda titik .

SARG: No records found
SARG: End

Setting contab:
[root@ftp sarg-php]# crontab –e
Supaya report di generate secara otomatis oleh sistem maka di crintab dibuat settingan berikut :
00 00 * * * /usr/sbin/sarg-report-harian
00 01 * * 1 /usr/sbin/sarg-report-minggu
03 02 1 * * /usr/sbin/sarg-report-bulanan

5. Hasil
Untuk melihat hasil bisa dilihat di :
http://ip-server/sarg-php/ untuk kasus ini saya menggunakan IP Address : http://10.200.16.17/sarg-php/

Tampilan menu utama :

picture1

Report harian :
http://10.200.16.17/sarg-php/harian/

picture2

Untuk mingguan dan bulanan tinggal menyesuaikan alamat saja.

Aktifiatas salah satu host:

picture31

Sampai disini sarg sudah berfungsi dengan baik.

6. Referensi
http://masrifqi.web.id/wp/?p=35
http://fxekobudi.net/linux/mengamati-statistik-akses-url-situs-pada-proxy-server-dengan-squid-analysis-report-generator-sarg/

This entry was posted on Saturday, June 20th, 2009 at 9:48 am and is filed under Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

VNC ( Virtual Network Computing ) For Centos

1. Installing the required packages

The server package is called ‘vnc-server’. Run the command rpm -q vnc-server.

The result will be either package vnc-server is not installed or something like vnc-server-4.0-11.el4.

If the server is not installed, install it with the command: yum install vnc-server.

The client program is ‘vnc’. You can use the command yum install vnc to install the client if rpm -q vnc shows that it is not already installed.

Make sure to install a window manager in order to get a normal GUI desktop. You can use the command yum groupinstall “GNOME Desktop Environment” to install the Gnome Desktop and requirements, for example. Other popular desktop environments are “KDE” and “XFCE-4.4”. XFCE is more light-weight than Gnome or KDE and available from the “extras” repository.

<!> If you are running CentOS 5, yum groupinstall "GNOME Desktop Environment" may complain about a missing libgaim.so.0. This is a known bug. Please see CentOS-5 FAQ for details.

2. Configuring un-encrypted VNC

We will be setting up VNC for 3 users. These will be ‘larry’, ‘moe’, and ‘curly’.

You will perform the following steps to configure your VNC server:

  1. Create your VNC users.
  2. Set your users’ VNC passwords.
  3. Edit the server configuration.
  4. Create and customize xstartup scripts.
  5. Start the VNC service.
  6. Test each VNC user.
  7. Setup the VNC service to start on reboot.
  8. Additional optional enhancements

2.1. Create your VNC users

As root:

$ su -
 # useradd larry
 # useradd moe
 # useradd curly
 # passwd larry
 # passwd moe
 # passwd curly
 

2.2. Set your users’ VNC passwords

Login to each user, and run vncpasswd . This will create a .vnc directory.

[~]$ cd .vnc
 [.vnc]$ ls
 passwd
 

2.3. Edit the server configuration

Edit /etc/sysconfig/vncservers, and add the following to the end of the file.

VNCSERVERS="1:larry 2:moe 3:curly"
 VNCSERVERARGS[1]="-geometry 640x480"
 VNCSERVERARGS[2]="-geometry 640x480"
 VNCSERVERARGS[3]="-geometry 800x600"
 

Larry will have a 640 by 480 screen, as will Moe. Curly will have an 800 by 600 screen.

2.4. Create xstartup scripts

We will create the xstartup scripts by starting and stopping the vncserver as root.

# /sbin/service vncserver start
 # /sbin/service vncserver stop
 

Login to each user and edit the xstartup script. To use Larry as an example, first login as larry

[~]$ cd .vnc
 [.vnc] ls
 mymachine.localnet:1.log  passwd  xstartup
 

Edit xstartup. The original should look like:

#!/bin/sh
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

Add the line indicated below to assure that an xterm is always present, and uncomment the two lines as directed if you wish to run the user’s normal desktop window manager in the VNC. Note that in the likely reduced resolution and color depth of a VNC window the full desktop will be rather cramped and a look bit odd. If you do not uncomment the two lines you will get a gray speckled background to the VNC window.

#!/bin/sh
# Add the following line to ensure you always have an xterm available.
( while true ; do xterm ; done ) &
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

2.5. Start the VNC server

Start the vncserver as root.

# /sbin/service vncserver start

2.6. Test each VNC user

2.6.1. Testing with a java enabled browser

Let us assume that mymachine has an IP address of 192.168.0.10. The URL to connect to each of the users will be:

Larry is http://192.168.0.10:5801
Moe   is http://192.168.0.10:5802
Curly is http://192.168.0.10:5803

Connect to http://192.168.0.10:5801. A java applet window will pop-up showing a connection to your machine at port 1. Click the [ok] button. Enter larry’s VNC password, and a 640×480 window should open using the default window manager selected for larry . The above ports 5801, 5802 and 5803 must be open in the firewall {iptables) for the source IP addresses or subnets of a given client.

2.6.2. Testing with a vnc client

For Larry: vncviewer 192.168.0.10:1
For   Moe: vncviewer 192.168.0.10:2
For Curly: vncviewer 192.168.0.10:3

To test larry using vncviewer, vncviewer 192.168.0.10:1. Enter Larry’s VNC password, and a 640×480 window should open using Larry’s default window manager. The vncviewer client will connect to port 590X where X is an offset of 1,2,3 for Larry, Moe, and Curly respectively, so these ports must be open in the firewall for the IP addresses or subnets of the clients.

2.6.3. Starting vncserver at boot

To start vncserver at boot, enter the command /sbin/chkconfig vncserver on.

For basic VNC configuration the procedure is now complete. The following sections are optional refinements to enhance security and functionality.

3. VNC encrypted through an ssh tunnel

You will be connecting through an ssh tunnel. You will need to be able to ssh to a user on the machine. For this example, the user on the vncserver machine is Larry.

  1. Edit /etc/sysconfig/vncservers, and add the option -localhost.
    VNCSERVERS="1:larry 2:moe 3:curly"
    VNCSERVERARGS[1]="-geometry 640x480 -localhost"
    VNCSERVERARGS[2]="-geometry 640x480 -localhost"
    VNCSERVERARGS[1]="-geometry 800x600 -localhost"
  2. /sbin/service vncserver restart

  3. Go to another machine with vncserver and test the VNC.
    1. vncviewer -via larry@192.168.0.10 localhost:1

    2. vncviewer -via moe@192.168.0.10 localhost:2

    3. vncviewer -via curly@192.168.0.10 localhost:3

By default, many vncviewers will disable compression options for what it thinks is a “local” connection. Make sure to check with the vncviewer man page to enable/force compression. If not, performance may be very poor!

4. Recovery from a logout

If you logout of your desktop manager, it is gone!

  • We added a line to xstartup to give us an xterm where we can restart our window manager.
    • For gnome, enter gnome-session.

    • For kde, enter startkde.

5. Remote login with vnc-ltsp-config

To allow remote login access via a vnc-client to the Centos system, the RPM packages named vnc-ltsp-config and xinetd can be installed. When a vnc-client connects to one of the configured ports, the user will be given a login screen. The sessions will *not* be persistent. When a user logs out, the session is gone.

The rpm package vnc-ltsp-config is easily installed via the EPEL repository noted in Available Repositories

Note: There are no major dependencies for the package so the vnc-ltsp-config*.rpm could easily be downloaded and installed without the need for enabling the EPEL repository.

Install, as root via:

# yum install xinetd vnc-ltsp-config
# /sbin/chkconfig xinetd on
# /sbin/chkconfig vncts on
# /sbin/service xinetd restart

Next, as root edit the file “/etc/gdm/custom.conf”.

  • To the next blank line below the “[security]” section add “DisallowTCP=false”
  • To the next blank line below the “[xdmcp]” section add “Enable=true”
  • Make sure you are in a position to either run “gdm-restart” for default Gnome installs or just reboot the CentOS box.

This will add the ability to get the following default vnc-client based session connections:

resolution

color-depth

port

1024×768

16

5900/tcp

800×600

16

5901/tcp

640×480

16

5902/tcp

1024×768

8

5903/tcp

800×600

8

5904/tcp

640×480

8

5905/tcp

A major advantage of using the vnc-ltsp-config setup is the reduction of system resource utilization compared to the standard “per-user setup”. No user processes will be started or memory consumed until a user actually logs into the system. Also, no pre-thought for user setup is needed (eg skip all of the manual individual user setup for vnc-server). The downside to the vnc-ltsp-config setup is that *any* user with the ability to login will likely have the ability to log into the system via a vnc-client with full gui unless steps are taken to limit that type of access. Also, there is no session persistance! Once the vnc-client closes, the vnc-ltsp-config session will terminate (by default) and all running processes will be killed.

This option can be combined with ssh tunnelling using a slightly modified version of the “vncviewer -via” command noted above:

vncviewer -via remoteUser@remoteHost localhost:vncSinglePortNumber

For the default vnc-ltsp-config install, the “vncSinglePortNumber” is the last digit only of the port number. Port 5900 (1024×768 16bit) would just be “0”, for example.

Note: you will need to be aware of possible interaction issues if you enable either selinux or iptables.

6. VNC-Server for an already logged in GUI console session – 2 options

Often you will need remote access to an already logged in GUI session on a “real” console. Or you will need to help another user remotely with an GUI or visual issue. You will need either “vnc-server” or “x11vnc”. The vnc-server option will be a module added to X11 for “allways on” vnc support, while x11vnc will allow for adhoc vnc support.

vnc-server install will require no third party repos or source building.

x11vnc is a way to view remotely and interact with real X displays (i.e. a display corresponding to a physical monitor, keyboard, and mouse) with any VNC viewer. In this way it plays the role for Unix/X11 that WinVNC plays for Windows.

6.1. x11vnc adhoc option

Karl Runge has generously provide a exceptional amount of information at http://www.karlrunge.com/x11vnc/ for x11vnc. There is info on securing the connection and also an “Enhanced TightVNC Viewer (ssvnc)”. To make it easy, follow these steps:

1. Download the latest rpm install from http://dag.wieers.com/rpm/packages/x11vnc/ to the host you want the vnc-client to connect to:

wget http://dag.wieers.com/rpm/packages/x11vnc/x11vnc-0.9.3-1.el5.rf.i386.rpm

2. Install, as root, via the yum or rpm programs on the host you want the vnc-client to connect to:

yum install x11vnc-0.9.3-1.el5.rf.i386.rpm

3. Start the x11vnc process on the host you want the vnc-client to connect to. Please take a long look at the possible options from the x11vnc website. A very simple/insecure example for a trusted network setup (local network or VPN) is to have the user with the GUI console issue the command:

[user@helpme_host ~$] x11vnc -nopw -display :0.0

Then connect (without password) via a vnc-client to the IP/hostname and port noted by the x11vnc command. By default, x11vnc will allow connections from all interfaces. Host based firewall settings may need to be modified.

You can combine this with ssh tunneling:

ssh -C -t -L 5900:localhost:5900 [remote ip] 'x11vnc -usepw -localhost -display :0'

Note that the -C flag is for compression, so may not be required

6.2. vnc-server X11 “always on” option

1. On the the system you want to run vnc-server, install vnc-server as noted above.

2. Edit /etc/X11/xorg.conf, as root, and add/create a ‘Module’ Section and add ‘Load “vnc”‘:

Section "Module"
  Load "vnc"
EndSection

3. For standard vnc authentication, edit /etc/X11/xorg.conf, as root, and add to the ‘Screen’ Section:

 Option "SecurityTypes" "VncAuth"
  Option "UserPasswdVerifier" "VncAuth"
  Option "PasswordFile" "/root/.vnc/passwd"

4. As root, run ‘vncpasswd” to create the password noted above.

5. Restart X11 (<Ctrl>+<Alt>+<BS> will work if on the console already)

6. You should be able to connect with a vncviewer client as normal.

7. To trouble shoot, check for errors in the /var/log/Xorg.0.log or verify that iptables or selinux is not interfering with remote connections. Additional information is at http://www.realvnc.com/products/free/4.1/x0.html


Create or Delete A Service in Windows XP

Services are added from the Command Prompt. You need to know the actual service name as opposed to what Microsoft calls the Display Name. For example, if you wanted to create or delete the Help and Support service, the name used at the Command Prompt would be “helpsvc” rather than the Display Name of “Help and Support”. The actual service name can be obtained by typing services.msc in Run on the Start Menu and then double clicking the Display Name of the service. Once you know the name;
To Create A Service
  • Start | Run and type cmd in the Open: line. Click OK.
  • Type: sc create <service name>
  • Reboot the system


Fig. 01

To Delete A Service
  • Start | Run and type cmd in the Open: line. Click OK.
  • Type: sc delete <service name>
  • Reboot the system


Fig. 02


If you prefer to work in the registry rather than through the command prompt to delete services;

  • Click Start | Run and type regedit in the Open: line. Click OK.
  • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
  • Scroll down the left pane, locate the service name, right click it and select Delete.
  • Reboot the system

Kumpulan Aplikasi Blackberry

Please check your memory space before installing :

Touschreen Only Apps

Sumber: jeruknipis.com


  • 9500_AMEA_PBr5.0.0_rel638_PL4.2.0.171_A5.0.0.402.exe
  • 9500_omadrmM_PBr5_1_.0.0_rel508_PL4.2.0.128_A5.0.0.328.exe
  • 9500_omadrmjEastAsia_PBr5.0.0_rel355_PL4.2.0.61_A5.0.0.230.exe
  • 9520AllLang_PBr5.0.0_rel475_PL4.2.0.113_A5.0.0.306.exe
  • 9530AMEA_PBr5_1_.0.0_rel508_PL4.2.0.128_A5.0.0.328.exe
  • 9530_AMEA_5.0.0.230.exe
  • 9550AMEA_PBr5.0.0_rel497_PL4.2.0.124_A5.0.0.320.exe
  • 9550AMEA_PBr5.0.0_rel689_PL4.2.0.182_A5.0.0.428.exe
  • 9500_omadrmM_PBr5.0.0_rel683_PL4.2.0.179_A5.0.0.425.exe
  • 9530AMEA_PBr5.0.0_rel674_PL4.2.0.179_A5.0.0.419_MTS_Mobility.exe
  • 9520_omanodrmjAllLang_PBr5.0.0_rel689_PL4.2.0.182_A5.0.0.428.exe
  • 9550 428/425/423/411/405/402 v2 by boboho88
  • 9550 Hybrid 428 423 425 by 7thSign v1.2
  • 9520M_PBr5.0.0_rel706_PL4.2.0.189_A5.0.0.436.exe
  • 9630-5.0.0.303.exe
  • 9630AMEA_PBr4.7.1_rel117_PL4.1.0.75_A4.7.1.61_Bluegrass_Cellular.exe
  • 9630AMEA_PBr4.7.1_rel121_PL4.1.0.78_A4.7.1.65_CBeyond.exe
  • 9630AMEA_v5.0.0.230_P4.2.0.61.exe
  • TourHybrid50v8.0.exe
  • (Sumber: http://www.jeruknipis.com)

    Link lainnya: