tcosproyec

Embed Size (px)

Citation preview

  • 8/6/2019 tcosproyec

    1/9

    Servidor tcosCaractersticasMemoria ram: 4gProcesador: intel core dos duoDisco duro: 160 g

    Contrasea root: d3$&73k0010Contraseas de usuariosDesiteg:desistegUsuario01:usuario01Usuario02:usuario02Usuario03.usuario03Usuario04::usuario04

    Usuario20:usuario20

    Terminales ligeros tcosInstalacin1.-descargar las llaves publicas de la pagina de tcos o en un terminal escribir las siguientes lneas# wget http://www.tcosproject.org/mariodebian-pub.key# apt-key add mariodebian-pub.key

    (in ubuntu you can use sudo apt-key)2.- sistemas/administracin/orgenes de software de ah en otro software en nuestro caso comotenemos el ubutu lucid 10.04 agregar lo sig.

    Ubuntu Lucid 10.04

    deb http://www.tcosproject.org/ lucid main#deb-src http://www.tcosproject.org/ lucid main3.- de ah en un terminal escribir

    Sudo apt-get install tcosy seguir los pasos que dice la terminalde ahi segur los pasos de esta paguinahttp://mariodebian.com/post/1/692

    Proxy de red squid

    Objetivo

    PasosInstalar squid3

    Abrir u terminal y escribir lo sig:Sudo apt-get install squid3

  • 8/6/2019 tcosproyec

    2/9

    Editar el archivosquid.conf asiganandopermisos a usuarios administradores sin restricciones depaginas,crear listas deacesos a paginas permitidas del grupopagos ydel grupodeventas darlesacesos alos puertos y paginas queocupael clientedemensajerainstantnea msnEl archivoseencuetrade la siuientemaneraEtc/squid3/sqid.conf

    archivosquid.conf

    http_port3128transparent

    cache_mem 16 MB

    cache_dir ufs /var/spool/squid3 700 16 256

    ie_refresh on

    offline_modeon

    ##### REGLAS PARA CREACION DEGRUPOS ######acl all src 0.0.0.0/0.0.0.0acl all src 0.0.0.0/255.255.255.0acl red_local src 192.168.3.0/24aclGrupoPagos src 192.168.3.102-192.168.3.150aclGrupoVentas src 192.168.3.121-192.168.3.130#acl privilegios url_regex "/etc/squid3/privilegios"

    acl privilegiosrc 192.168.3.122acldiana src 192.168.3.123

    aclisis src 192.168.3.101acl pedrosrc 192.168.3.130aclvenecia src 192.168.3.117acl arturosrc 192.168.3.124

    acl htps port443acltaenetport442##### Reglas deaceso parael MSN #####

    acl msn_portport1863acl msn_port2 port5223acl serv_msndst200.46.110.0/24

    acl serv_msndst64.4.13.0/24acl app_msn req_mime_type-i^application/x-msn-messenger$acl msn_messenger url_regex -igateway.dllacl msn_domdstdomain loginnet.passport.comacl msn_domdstdomain messenger.msn.comacl msn_domdstdomain messenger.msn.caacl msn_domdstdomain messenger.msn.netacl msn_domdstdomainim.sapo.ptacl msn_domdstdomain webmessenger.msn.com

  • 8/6/2019 tcosproyec

    3/9

    acl msn_domdstdomain c.msn.comacl msn_domdstdomain g.msn.comacl msn_domdstdomain config.messenger.msn.comacl msn_domdstdomain login.live.comacl msn_domdstdomain amsn-project.netacloperadstdomainopera.com

    acl adminodstdomain 65.99.205.122/ADMacl admino1 dstdomain 65.99.205.122/PDVacl fop2dstdomain 192.168.3.130/fop2#### REGLAS DESITIOS PERMITIDOS Y DENEGADOS #####

    acl permitidos url_regex "/etc/squid3/permitidos"acl PermitidosVentas url_regex "/etc/squid3/permitidosventas"acldenegados url_regex "/etc/squid3/denegados"acl localhostsrc 127.0.0.1/255.255.255.0

    http_access allow privilegioallhttp_access allowdiana all

    http_access allowisis allhttp_access allow pedroallhttp_access allow arturoallhttp_access allowvenecia all#http_access allowvenecia msn_port#http_access allowvenecia msn_port2#http_access allowvenecia serv_msn#http_access allowvenecia app_msn#http_access allowvenecia msn_dom#http_access allowvenecia msn_messenger#http_access allowvenecia admino#http_access allowvenecia admino1

    #http_acc

    ess all

    owisis fop2

    http_access allow htpshttp_access allowtaenet

    ##### CONFIGURACIONGRUPO PAGOS #######http_access allowGrupoPagos permitidos

    ##### CONFIGURACIONGRUPOVENTAS #######

    http_access allowGrupoVentas PermitidosVentashttp_access allowGrupoVentas msn_porthttp_access allowGrupoVentas msn_port2http_access allowGrupoVentas serv_msnhttp_access allowGrupoVentas app_msnhttp_access allowGrupoVentas msn_domhttp_access allowGrupoVentas msn_messengerhttp_access allowGrupoVentas opera#http_access allow red_local all

  • 8/6/2019 tcosproyec

    4/9

    http_access denydenegadoshttp_access deny all

    #http_access allow all

    Listas depermitidos parael areadepagosEtc/squid3/permitidos

    kayako.comteamviewer.com/es/87.230.73.24opera.com

    google.comgstatic.comgoogle.com.mxbancaempresarialazteca.com.mx

    bancomer.com.mxbbvanet.com.mxbanamex.combanamex.com.mxsantander.com.mxsantander-serfin.comscotiabank.com.mxhsbc.com.mxbanorte.comsiprel.netsiprel.mxsiprel.com.mx

    appspot

    .co

    mgoogleapis.com

    #65.99.205.122/PDV#65.99.205.122/ADM

    taetelcel.comtaenet.com.mxk-eex.com.mxmovistar.com.mx

    pagatae.com.mxrecargaqui.com.mxsiprel.sytes.net

    ####fop2##192.168.3.130/fop2Listadepermitidos ventas

  • 8/6/2019 tcosproyec

    5/9

    Etc/

    siprel.netappspot.com

    googleapis.comgoogle.com

    siprel.com.mxsiprel.sytes.netopera.comtelcel.comiusacell.com.mxmovistar.com.mxunefon.com.mx

    pronosticos.gob.mxg.msn.com

    melatemovil.comcachitomovil.com

    segujuegos.com

    hotmail.comlogin.live.com

    63.208.13.12664.4.12.20064.4.12.20165.54.131.24965.54.194.11865.54.211.61207.46.104.20

    207.46.110.2207.46.110.254207.46.245.222207.46.245.214messenger.hotmail.commessenger.msn.commessenger.microsoft.comecho-v1.msgr.hotmail.comecho-v2.msgr.hotmail.comlogin.passport.netmessenger.t1msn.com.mx65.54.226.24665.54.226.25265.54.228.24365.54.228.25465.54.229.24665.54.229.25465.54.225.24465.54.225.252loginnet.passport.com65.54.225.241

  • 8/6/2019 tcosproyec

    6/9

    65.54.225.25465.54.226.24765.54.226.25465.54.228.24465.54.228.25365.54.229.248

    65.54.229.253login.passport.com65.54.231.24065.54.230.240207.68.173.24564.202.167.12963.241.128.250207.68.173.245config.messenger.msn.com

    Comparticiondecarpetasenlaredconsamba

    Instalar samba:Abrir unterminal yescribir losig. Sudoapt-get install sambaEditar el archivosmb.conf queseecuetraen la sigdireccin etc/samba/smb.conf

    ## Sampleconfiguration filefor theSamba suitefor DebianGNU/Linux.### This is themain Samba configuration file. You shouldreadthe# smb.conf(5) manual pageinorder tounderstandtheoptions listed# here. Samba has a hugenumber of configurableoptions mostof which# arenotshowninthis example

    ## Someoptions thatareoften worth tuning havebeenincludedas# commented-outexamples inthis file.# - When such options arecommentedwith ";", theproposedsetting# differs fromthedefaultSamba behaviour# - When commentedwith "#", theproposedsettingis thedefault# behaviour of Samba buttheoptionis consideredimportant# enough tobementionedhere## NOTE: Whenever you modifythis fileyou shouldrunthecommand# "testparm"tocheckthatyou havenotmadeany basic syntactic#errors.

    # A well-establishedpracticeis tonametheoriginal file# "smb.conf.master" andcreatethe "real" config filewith#testparm -s smb.conf.master >smb.conf# This minimizes thesizeofthereally usedsmb.conf file# which, accordingtotheSamba Team, impacts performance# However, usethis with cautionif your smb.conf filecontains nested# "include" statements. SeeDebian bug #483187 for a case# whereusing a master fileis nota goodidea.#

  • 8/6/2019 tcosproyec

    7/9

    #=======================Global Settings =======================

    [global]workgroup = SIPRELserver string = %h server (Samba, Ubuntu)dns proxy = no

    log file= /var/log/samba/log.%mmax log size= 997

    syslog = 0panic action = /usr/share/samba/panic-action %d

    security = adsobey pam restrictions = yesunix passwordsync = yes

    passwdprogram = /usr/bin/passwd%upasswdchat= *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n*password\supdated\ssuccessfully* .

    pam passwordchange= yesmaptoguest= baduser

    usershareallow guests = yesusernamemap = /etc/samba/smbuserssecurity = ads

    [printers]comment= All Printersbrowseable= no

    path = /var/spool/sambaprintable= yes

    ; guestok = no; readonly = yes

    createmask = 0700

    # Windo

    ws clie

    nts loo

    k fo

    rthis shar

    enam

    eas a s

    ourc

    eo

    fdo

    wnload

    able# printer drivers

    [print$]comment= Printer Drivers

    path = /var/lib/samba/printers; browseable= yes; readonly = yes; guestok = no# Uncommenttoallow remoteadministrationof Windows printdrivers.# You may needtoreplace 'lpadmin' with thenameofthegroup your# admin users aremembers of.# Pleasenotethatyou alsoneedtosetappropriateUnix permissions#tothedrivers directory for theseusers tohavewriterights init; writelist= root, @lpadmin# A samplesharefor sharing your CD-ROM with others.

    ;[cdrom]; comment= Samba server's CD-ROM; readonly = yes; locking = no

  • 8/6/2019 tcosproyec

    8/9

    ; path = /cdrom; guestok = yes# Thenexttwoparameters show howtoauto-mounta CD-ROM whenthe# cdrom shareis accesed. For this towork /etc/fstab mustcontain# anentry likethis:#

    # /dev/scd0 /cdrom iso9660defaults,noauto,ro,user 0 0## TheCD-ROM gets unmountedautomatically after theconnectiontothe## If youdon'twanttouseauto-mounting/unmounting make suretheCD# is mountedon /cdrom#; preexec = /bin/mount/cdrom; postexec = /bin/umount/cdrom

    [publica]path = /home/publica

    writeable= yesbrowseable= yesguestok = yes

    [publica]comment=carpeta Publica

    path = /home/publica/gestok = yespublic = yeswritable= yes

    [Maritza]

    path = /h

    ome/Mar

    itzabrowseable= yes

    guestok = yes

    validusers = Maritzawrite list= Maritzaread list= Maritza

    [Maritza]comment=carpeta Maritza

    path = /home/Maritza/gestok = yespublic = yeswritable= yes

    [Isis]path = /home/Isisbrowseable= yesguestok = yes

  • 8/6/2019 tcosproyec

    9/9

    validusers = Isiswrite list= Isisread list= Isis

    [Isis]comment=carpeta Isis

    path = /home/Isis/gestok = yespublic = yeswritable= yes

    [Rocio]path = /home/Rociobrowseable= yesguestok = yes

    validusers = Rociowrite list= Rocio

    read list= Rocio

    [Rocio]comment=carpeta Rocio

    path = /home/Rocio/gestok = yespublic = yeswritable= yes