ShareWiz

ShareWiz Ultra Secure Server Setup

DHCP Security

Synopsis

Obtain a list of all open ports, by issuing the following command:

sudo netstat -ntulp

To see which processes are running against these ports:

sudo netstat -tulp

Stop any processes that are not supposed to be running.

top

Install DHCP

issue the following command:

sudo aptitude install dhcp3-server

top

Configure Default DHCP

Edit the DHCP default configuration file, by issuing the following command:

sudo vi /etc/default/dhcp3-server

and modify as:

INTERFACES="eth1"

The DHCP server should only listen to the internal network interface in order to not interfere with the external's network DHCP server (e.g. your internet router).

top

Configure DHCP

Edit the DHCP configuration file, by issuing the following command:

sudo vi /etc/dhcp3/dhcpd.conf

and modify as:

# Do not attempt to do a DNS update when a lease is confirmed

ddns-update-style none;

# DNS server

#option domain-name-servers 192.168.1.1;

option domain-name-servers 192.168.1.1, 8.8.8.8, 8.8.4.4;

# Other global options

default-lease-time 42300;

max-lease-time 84600;

# This DHCP server is the official DHCP server for

# the local network

authoritative;

# Send DHCP log messages to a different log file

log-facility local7;

# Declare the subnets

subnet 192.168.1.0 netmask 255.255.255.0 {

# The Domain name

option domain-name "server1.local";

# The DHCP range

range 192.168.1.20 192.168.1.30;

# Subnet mask

option subnet-mask 255.255.255.0;

# The Gateway (i.e. internet router)

option routers 192.168.1.1;

# Broadcast address

option broadcast-address 192.168.1.255;

# NTP server option ntp-servers 192.168.1.1;

# TFTP-Server for PXE-Boot

next-server 192.168.1.1;

filename "pxelinux.0";

# Set the hostnames globally

use-host-decl-names on;

# Assign this client a specific IP

host sharewiz" {

# Define the MAC-Address of the client

hardware ethernet 11:22:33:44:55:66;

# Assign the static IP

fixed-address 192.168.1.10;

}

The lines next-server 192.168.1.1; and filename "pxelinux.0"; point to the Server which will get the IP 192.168.1.1. The option use-host-decl-names on; specifies that the host vm-ubuntu904 statement sets the hostname for your clients. Setting the correct hostnames is very important in your environment, because the classes depend on the hostname!

top

Restart the DHCP server

Issue the following command:

sudo /etc/init.d/dhcp3-server restart

top

Install DNS

Issue the following command:

sudo install bind9

In order for your clients to use DNS (e.g. resolving google.com), you need to install a DNS server.

top

ShareWiz Security

Complete coverage of everything that is required for system security

ShareWiz Ultra Secure Server Setup

DHCP Security

DHCP Security

Synopsis

Install DHCP

Configure Default DHCP

Configure DHCP

Restart the DHCP server

Install DNS

Continue to the Recovery Toolkit...