Upload
edgar-enoc-jimenez-perez
View
225
Download
0
Embed Size (px)
Citation preview
8/6/2019 tcosproyec
1/9
Servidor tcosCaractersticasMemoria ram: 4gProcesador: intel core dos duoDisco duro: 160 g
Contrasea root: d3$&73k0010Contraseas de usuariosDesiteg:desistegUsuario01:usuario01Usuario02:usuario02Usuario03.usuario03Usuario04::usuario04
Usuario20:usuario20
Terminales ligeros tcosInstalacin1.-descargar las llaves publicas de la pagina de tcos o en un terminal escribir las siguientes lneas# wget http://www.tcosproject.org/mariodebian-pub.key# apt-key add mariodebian-pub.key
(in ubuntu you can use sudo apt-key)2.- sistemas/administracin/orgenes de software de ah en otro software en nuestro caso comotenemos el ubutu lucid 10.04 agregar lo sig.
Ubuntu Lucid 10.04
deb http://www.tcosproject.org/ lucid main#deb-src http://www.tcosproject.org/ lucid main3.- de ah en un terminal escribir
Sudo apt-get install tcosy seguir los pasos que dice la terminalde ahi segur los pasos de esta paguinahttp://mariodebian.com/post/1/692
Proxy de red squid
Objetivo
PasosInstalar squid3
Abrir u terminal y escribir lo sig:Sudo apt-get install squid3
8/6/2019 tcosproyec
2/9
Editar el archivosquid.conf asiganandopermisos a usuarios administradores sin restricciones depaginas,crear listas deacesos a paginas permitidas del grupopagos ydel grupodeventas darlesacesos alos puertos y paginas queocupael clientedemensajerainstantnea msnEl archivoseencuetrade la siuientemaneraEtc/squid3/sqid.conf
archivosquid.conf
http_port3128transparent
cache_mem 16 MB
cache_dir ufs /var/spool/squid3 700 16 256
ie_refresh on
offline_modeon
##### REGLAS PARA CREACION DEGRUPOS ######acl all src 0.0.0.0/0.0.0.0acl all src 0.0.0.0/255.255.255.0acl red_local src 192.168.3.0/24aclGrupoPagos src 192.168.3.102-192.168.3.150aclGrupoVentas src 192.168.3.121-192.168.3.130#acl privilegios url_regex "/etc/squid3/privilegios"
acl privilegiosrc 192.168.3.122acldiana src 192.168.3.123
aclisis src 192.168.3.101acl pedrosrc 192.168.3.130aclvenecia src 192.168.3.117acl arturosrc 192.168.3.124
acl htps port443acltaenetport442##### Reglas deaceso parael MSN #####
acl msn_portport1863acl msn_port2 port5223acl serv_msndst200.46.110.0/24
acl serv_msndst64.4.13.0/24acl app_msn req_mime_type-i^application/x-msn-messenger$acl msn_messenger url_regex -igateway.dllacl msn_domdstdomain loginnet.passport.comacl msn_domdstdomain messenger.msn.comacl msn_domdstdomain messenger.msn.caacl msn_domdstdomain messenger.msn.netacl msn_domdstdomainim.sapo.ptacl msn_domdstdomain webmessenger.msn.com
8/6/2019 tcosproyec
3/9
acl msn_domdstdomain c.msn.comacl msn_domdstdomain g.msn.comacl msn_domdstdomain config.messenger.msn.comacl msn_domdstdomain login.live.comacl msn_domdstdomain amsn-project.netacloperadstdomainopera.com
acl adminodstdomain 65.99.205.122/ADMacl admino1 dstdomain 65.99.205.122/PDVacl fop2dstdomain 192.168.3.130/fop2#### REGLAS DESITIOS PERMITIDOS Y DENEGADOS #####
acl permitidos url_regex "/etc/squid3/permitidos"acl PermitidosVentas url_regex "/etc/squid3/permitidosventas"acldenegados url_regex "/etc/squid3/denegados"acl localhostsrc 127.0.0.1/255.255.255.0
http_access allow privilegioallhttp_access allowdiana all
http_access allowisis allhttp_access allow pedroallhttp_access allow arturoallhttp_access allowvenecia all#http_access allowvenecia msn_port#http_access allowvenecia msn_port2#http_access allowvenecia serv_msn#http_access allowvenecia app_msn#http_access allowvenecia msn_dom#http_access allowvenecia msn_messenger#http_access allowvenecia admino#http_access allowvenecia admino1
#http_acc
ess all
owisis fop2
http_access allow htpshttp_access allowtaenet
##### CONFIGURACIONGRUPO PAGOS #######http_access allowGrupoPagos permitidos
##### CONFIGURACIONGRUPOVENTAS #######
http_access allowGrupoVentas PermitidosVentashttp_access allowGrupoVentas msn_porthttp_access allowGrupoVentas msn_port2http_access allowGrupoVentas serv_msnhttp_access allowGrupoVentas app_msnhttp_access allowGrupoVentas msn_domhttp_access allowGrupoVentas msn_messengerhttp_access allowGrupoVentas opera#http_access allow red_local all
8/6/2019 tcosproyec
4/9
http_access denydenegadoshttp_access deny all
#http_access allow all
Listas depermitidos parael areadepagosEtc/squid3/permitidos
kayako.comteamviewer.com/es/87.230.73.24opera.com
google.comgstatic.comgoogle.com.mxbancaempresarialazteca.com.mx
bancomer.com.mxbbvanet.com.mxbanamex.combanamex.com.mxsantander.com.mxsantander-serfin.comscotiabank.com.mxhsbc.com.mxbanorte.comsiprel.netsiprel.mxsiprel.com.mx
appspot
.co
mgoogleapis.com
#65.99.205.122/PDV#65.99.205.122/ADM
taetelcel.comtaenet.com.mxk-eex.com.mxmovistar.com.mx
pagatae.com.mxrecargaqui.com.mxsiprel.sytes.net
####fop2##192.168.3.130/fop2Listadepermitidos ventas
8/6/2019 tcosproyec
5/9
Etc/
siprel.netappspot.com
googleapis.comgoogle.com
siprel.com.mxsiprel.sytes.netopera.comtelcel.comiusacell.com.mxmovistar.com.mxunefon.com.mx
pronosticos.gob.mxg.msn.com
melatemovil.comcachitomovil.com
segujuegos.com
hotmail.comlogin.live.com
63.208.13.12664.4.12.20064.4.12.20165.54.131.24965.54.194.11865.54.211.61207.46.104.20
207.46.110.2207.46.110.254207.46.245.222207.46.245.214messenger.hotmail.commessenger.msn.commessenger.microsoft.comecho-v1.msgr.hotmail.comecho-v2.msgr.hotmail.comlogin.passport.netmessenger.t1msn.com.mx65.54.226.24665.54.226.25265.54.228.24365.54.228.25465.54.229.24665.54.229.25465.54.225.24465.54.225.252loginnet.passport.com65.54.225.241
8/6/2019 tcosproyec
6/9
65.54.225.25465.54.226.24765.54.226.25465.54.228.24465.54.228.25365.54.229.248
65.54.229.253login.passport.com65.54.231.24065.54.230.240207.68.173.24564.202.167.12963.241.128.250207.68.173.245config.messenger.msn.com
Comparticiondecarpetasenlaredconsamba
Instalar samba:Abrir unterminal yescribir losig. Sudoapt-get install sambaEditar el archivosmb.conf queseecuetraen la sigdireccin etc/samba/smb.conf
## Sampleconfiguration filefor theSamba suitefor DebianGNU/Linux.### This is themain Samba configuration file. You shouldreadthe# smb.conf(5) manual pageinorder tounderstandtheoptions listed# here. Samba has a hugenumber of configurableoptions mostof which# arenotshowninthis example
## Someoptions thatareoften worth tuning havebeenincludedas# commented-outexamples inthis file.# - When such options arecommentedwith ";", theproposedsetting# differs fromthedefaultSamba behaviour# - When commentedwith "#", theproposedsettingis thedefault# behaviour of Samba buttheoptionis consideredimportant# enough tobementionedhere## NOTE: Whenever you modifythis fileyou shouldrunthecommand# "testparm"tocheckthatyou havenotmadeany basic syntactic#errors.
# A well-establishedpracticeis tonametheoriginal file# "smb.conf.master" andcreatethe "real" config filewith#testparm -s smb.conf.master >smb.conf# This minimizes thesizeofthereally usedsmb.conf file# which, accordingtotheSamba Team, impacts performance# However, usethis with cautionif your smb.conf filecontains nested# "include" statements. SeeDebian bug #483187 for a case# whereusing a master fileis nota goodidea.#
8/6/2019 tcosproyec
7/9
#=======================Global Settings =======================
[global]workgroup = SIPRELserver string = %h server (Samba, Ubuntu)dns proxy = no
log file= /var/log/samba/log.%mmax log size= 997
syslog = 0panic action = /usr/share/samba/panic-action %d
security = adsobey pam restrictions = yesunix passwordsync = yes
passwdprogram = /usr/bin/passwd%upasswdchat= *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n*password\supdated\ssuccessfully* .
pam passwordchange= yesmaptoguest= baduser
usershareallow guests = yesusernamemap = /etc/samba/smbuserssecurity = ads
[printers]comment= All Printersbrowseable= no
path = /var/spool/sambaprintable= yes
; guestok = no; readonly = yes
createmask = 0700
# Windo
ws clie
nts loo
k fo
rthis shar
enam
eas a s
ourc
eo
fdo
wnload
able# printer drivers
[print$]comment= Printer Drivers
path = /var/lib/samba/printers; browseable= yes; readonly = yes; guestok = no# Uncommenttoallow remoteadministrationof Windows printdrivers.# You may needtoreplace 'lpadmin' with thenameofthegroup your# admin users aremembers of.# Pleasenotethatyou alsoneedtosetappropriateUnix permissions#tothedrivers directory for theseusers tohavewriterights init; writelist= root, @lpadmin# A samplesharefor sharing your CD-ROM with others.
;[cdrom]; comment= Samba server's CD-ROM; readonly = yes; locking = no
8/6/2019 tcosproyec
8/9
; path = /cdrom; guestok = yes# Thenexttwoparameters show howtoauto-mounta CD-ROM whenthe# cdrom shareis accesed. For this towork /etc/fstab mustcontain# anentry likethis:#
# /dev/scd0 /cdrom iso9660defaults,noauto,ro,user 0 0## TheCD-ROM gets unmountedautomatically after theconnectiontothe## If youdon'twanttouseauto-mounting/unmounting make suretheCD# is mountedon /cdrom#; preexec = /bin/mount/cdrom; postexec = /bin/umount/cdrom
[publica]path = /home/publica
writeable= yesbrowseable= yesguestok = yes
[publica]comment=carpeta Publica
path = /home/publica/gestok = yespublic = yeswritable= yes
[Maritza]
path = /h
ome/Mar
itzabrowseable= yes
guestok = yes
validusers = Maritzawrite list= Maritzaread list= Maritza
[Maritza]comment=carpeta Maritza
path = /home/Maritza/gestok = yespublic = yeswritable= yes
[Isis]path = /home/Isisbrowseable= yesguestok = yes
8/6/2019 tcosproyec
9/9
validusers = Isiswrite list= Isisread list= Isis
[Isis]comment=carpeta Isis
path = /home/Isis/gestok = yespublic = yeswritable= yes
[Rocio]path = /home/Rociobrowseable= yesguestok = yes
validusers = Rociowrite list= Rocio
read list= Rocio
[Rocio]comment=carpeta Rocio
path = /home/Rocio/gestok = yespublic = yeswritable= yes