KENDALA
CORE
Perbarui Catatan
Sesuaikan rincian informasi data kendala atau perbaiki instruksi pemecahan masalah.
Jenis Kategori
Server
Database
Aplikasi
Jaringan
Hardware
Recording
cloud
Security
Tugas-pagi
Nama / Judul Kendala
Uraian Masalah / Kode Error
Tujuan: Panduan standar melakukan pengerasan keamanan (hardening) server dengan mengubah IP Address, Port default SSH, dan Password user root pada Linux.
Langkah Pemecahan Masalah (Problem Solving)
<div><span style="font-size: 15.2px;">#ganti ip server</span></div><div><span style="font-size: 15.2px;">sudo nano /etc/netplan/50-cloud-init.yaml</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">Ganti isinya jadi ini (PASTE FULL)</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">network:</span></div><div><span style="font-size: 15.2px;"> version: 2</span></div><div><span style="font-size: 15.2px;"> ethernets:</span></div><div><span style="font-size: 15.2px;"> ens18:</span></div><div><span style="font-size: 15.2px;"> dhcp4: no</span></div><div><span style="font-size: 15.2px;"> addresses:</span></div><div><span style="font-size: 15.2px;"> - 172.16.70.81/16</span></div><div><span style="font-size: 15.2px;"> gateway4: 172.16.70.1</span></div><div><span style="font-size: 15.2px;"> nameservers:</span></div><div><span style="font-size: 15.2px;"> addresses:</span></div><div><span style="font-size: 15.2px;"> - 8.8.8.8</span></div><div><span style="font-size: 15.2px;"> - 1.1.1.1</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">lalu jalankan: sudo netplan apply</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">cek hasil:</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">ip a</span></div><div><span style="font-size: 15.2px;">ip route</span></div><div><span style="font-size: 15.2px;">ping -c 3 8.8.8.8</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">#ganti password root</span></div><div><span style="font-size: 15.2px;">sudo passwd root</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">#agar root bisa di akses dan dipakai</span></div><div><span style="font-size: 15.2px;">sudo nano /etc/ssh/sshd_config</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">Edit SSH config:</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">sudo nano /etc/ssh/sshd_config</span></div><div><span style="font-size: 15.2px;">Cari:</span></div><div><span style="font-size: 15.2px;">#PermitRootLogin, diubah jadi PermitRootLogin yes</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">jika sudah Restart SSH socket:</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">sudo systemctl restart ssh.socket</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">#cara ganti port ssh:</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">Buka config SSH</span></div><div><span style="font-size: 15.2px;">sudo vim /etc/ssh/sshd_config</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">cari</span></div><div><span style="font-size: 15.2px;">#Port 22</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">ganti</span></div><div><span style="font-size: 15.2px;">Port 35827</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">HARUS ADA SATU BARIS SAJA, contoh:</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">Port 35827</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">Jangan ada Port lain, jangan pakai #</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">Test & restart</span></div><div><span style="font-size: 15.2px;">sudo sshd -t</span></div><div><span style="font-size: 15.2px;">sudo systemctl restart ssh</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">Cek lagi</span></div><div><span style="font-size: 15.2px;">sudo ss -tlnp | grep ssh</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">Targetnya:</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">0.0.0.0:35827</span></div><div><span style="font-size: 15.2px;">[::]:35827</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">Restart SSH socket:</span></div><div><span style="font-size: 15.2px;"><br></span></div><div><span style="font-size: 15.2px;">sudo systemctl restart ssh.socket</span></div><div><br></div>
Batal
Update Catatan