Professional Documents
Culture Documents
----------------------------------------------------------------------
Belajar membuat banner:
----------------------------------------------------------------------
[edit system login]
root@cnc1#set message "\n\n!========================================================!\n\
n!Router cnc, maintened by:iwing !\n\
n!Access to this device is limited to authorized user only!\n\
n!WARNING!!!:ALL unathourized access is prohibited. !\n\
n!========================================================!\n\n"
----------------------------------------------------------------------
Hasil pengujian
----------------------------------------------------------------------
----------------------------------------------------------------------
Belajar mengkonfigurasi layanan telnet, ssh, ftp dan http
----------------------------------------------------------------------
[edit system services]
root@cnc1# set ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> finger Allow finger requests from remote systems
> ftp Allow FTP file transfers
> netconf Allow NETCONF connections
> outbound-ssh Initiate outbound SSH connection
> service-deployment Configuration for Service Deployment (SDXD) management application
> ssh Allow ssh access
> telnet Allow telnet login
> web-management Web management configuration
> xnm-clear-text Allow clear text-based JUNOScript connections
> xnm-ssl Allow SSL-based JUNOScript connections
[edit system services]
root@cnc1# set
----------------------------------------------------------------------
----------------------------------------------------------------------
[edit system services]
root@cnc1# set ftp
root@cnc1# set telnet
root@cnc1# set ssh
root@cnc1# set web-management http port 80
----------------------------------------------------------------------
Pengecekan
----------------------------------------------------------------------
root@cnc1# show
ftp;
ssh;
telnet;
web-management {
http {
port 80;
}
}
----------------------------------------------------------------------
Pengujian layanan telnet
----------------------------------------------------------------------
root@cnc1# run telnet 192.168.10.2
Trying 192.168.10.2...
Connected to 192.168.10.2.
Escape character is '^]'.
!========================================================!
!========================================================!
cnc2 (ttyp0)
login: iwing
Password:
!========================================================!
!========================================================!
iwing@192.168.10.2's password:
--- JUNOS 8.4R4.2 built 2008-05-21 08:47:52 UTC
iwing@cnc2>
----------------------------------------------------------------------
Pengujian layanan ftp
----------------------------------------------------------------------
[edit]
root@cnc1# run ftp 192.168.10.2
Connected to 192.168.10.2.
220 cnc2 FTP server (Version 6.00LS) ready.
Name (192.168.10.2:root): iwing
331 Password required for iwing.
Password:
230 User iwing logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> binary
200 Type set to I.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for '/bin/ls'.
total 4
drwxr-xr-x 2 iwing staff 512 Jun 24 09:24 .ssh
226 Transfer complete.
ftp> bye
221 Goodbye.
[edit]
root@cnc1#
----------------------------------------------------------------------
Pengujian layanan http
----------------------------------------------------------------------
----------------------------------------------------------------------
Customizing Account Privileges in Junos
----------------------------------------------------------------------
The JUNOS software has four built-in privilege levels:
----------------------------------------------------------------------
[edit system login]
root@cnc1# set user iwing class ?
Possible completions:
<class> Login class
operator permissions [ clear network reset trace view ]
read-only permissions [ view ]
super-user permissions [ all ]
unauthorized permissions [ none ]
[edit system login]
root@cnc1# set user iwing class super-user authentication plain-text-password
New password:
----------------------------------------------------------------------
[edit system login]
root@cnc1# show
message "\n\n!========================================================!\n\
n!Router cnc, maintened by:iwing !\n\
n!Access to this device is limited to authorized user only!\n\
n!WARNING!!!:ALL unathourized access is prohibited. !\n\
n!========================================================!\n\n"
user iwing {
class super-user;
authentication {
encrypted-password "$1$rQy0ZTV0$A1hVDjhzF2niCbd/4MI0K."; ## SECRET-DATA
}
}
user opera {
class operator;
authentication {
encrypted-password "$1$6DgOHvQJ$xNr3US1VTandQun3eo452."; ## SECRET-DATA
}
}
user read-only {
class read-only;
authentication {
encrypted-password "$1$VgO2OXwN$PNs8KzL.tKe1848Wo1Fw4/"; ## SECRET-DATA
}
}
user unauthorized {
class unauthorized;
authentication {
encrypted-password "$1$0hWrv0fl$yCjqi0n8XC4UxjqlZAA0m/"; ## SECRET-DATA
}
}
----------------------------------------------------------------------
iwing@cnc1> show cli authorization
Current user: 'iwing ' class 'super-user'
Permissions:
admin -- Can view user accounts
admin-control-- Can modify user accounts
clear -- Can clear learned network info
configure -- Can enter configuration mode
control -- Can modify any config
edit -- Can edit full files
field -- Can use field debug commands
floppy -- Can read and write the floppy
interface -- Can view interface configuration
interface-control-- Can modify interface configuration
network -- Can access the network
reset -- Can reset/restart interfaces and daemons
routing -- Can view routing configuration
routing-control-- Can modify routing configuration
shell -- Can start a local shell
snmp -- Can view SNMP configuration
snmp-control-- Can modify SNMP configuration
system -- Can view system configuration
system-control-- Can modify system configuration
trace -- Can view trace file settings
trace-control-- Can modify trace file settings
view -- Can view current values and statistics
maintenance -- Can become the super-user
firewall -- Can view firewall configuration
firewall-control-- Can modify firewall configuration
secret -- Can view secret statements
secret-control-- Can modify secret statements
rollback -- Can rollback to previous configurations
security -- Can view security configuration
security-control-- Can modify security configuration
access -- Can view access configuration
access-control-- Can modify access configuration
view-configuration-- Can view all configuration (not including secrets)
flow-tap -- Can view flow-tap configuration
flow-tap-control-- Can modify flow-tap configuration
all-control -- Can modify any configuration
Individual command authorization:
Allow regular expression: none
Deny regular expression: none
Allow configuration regular expression: none
Deny configuration regular expression: none
iwing@cnc1>
----------------------------------------------------------------------
login: opera
Password:
opera@cnc1>
cnc1 (ttyd0)
opera@cnc1>
----------------------------------------------------------------------
login: read-only
Password:
read-only@cnc1>
----------------------------------------------------------------------
login: unauthorized
Password:
----------------------------------------------------------------------
"sekian dulu mudah-mudahan bermanfaat dan salam sedogedoi"