LKS TINGKAT PROVINSI PAPUA BARAT 2021

IT Network Systems Administration

Contents
This Test Project proposal consists of the following documentation/files:
1. LKS_Kalteng_ModulB_Integration Systems
2. LKS_Kalteng_ModulB_users.csv
3. Import-BulkUserFromCsv.ps1
4. Extra.html, Intra.html, Public.html
These files can be found in C:\ModuleB on DC.

Introduction
A small startup company’s production environment contains numerous services
within multiple Operating Systems. We will ask you to install, configure, and integrate the
different services. Attached below is the topology design and appendix of all our servers and
network devices.

Software
For testing purpose, all hosts have been installed with the following test tools: smbclient,
curl, lynx, dnsutils, ldap-utils, ftp, lftp, wget, ssh, nfs-common, rsync, telnet,
traceroute, tcptracerout.
Day 1 - Linux Environment

fw.indonesia.com

DHCP
● Configure DHCP-service for the indonesia network.
● Add all the necessary options to make all services work.
● Make sure that pod1.indonesia.com are always assigned the same address.

IPTABLES
● All traffic through the firewall should be blocked by default.
● Traffic originating from the indonesia network is always allowed.
● Traffic originating from the indonesia network should be translated to the external ip-
address when visiting the internet.
● Add all necessary rules for the services to work as intended.

LOAD BALANCER
● Install nginx and create HTTP load balancer for “www.indonesia.com”, which is hosted
by pod1.indonesia.com and pod2.indonesia.com.
● Connect to backends by using HTTP
● To external users the websites should only be accessible securely. Use a self-signed
certificate and make sure that no certificate warnings are shown when browsing from
budi-pc (user budi) using Firefox when not connected to the VPN.

pod1.indonesia.com

DNS
● Configure the DNS zone for indonesia.com and add all necessary entries.
● Configure reverse lookup zone for the indonesia network subnets.

Samba
● Create directory /data
● Share the folder /data/www-files with pod2.indonesia.com.
● Make the access read-only and that no other hosts can access the folder

pod2.indonesia.com

DNS
● Setup the DNS-server to be a secondary server for the zone indonesia.com.
● When adding entries to the primary server, they should automatically synchronize.

SAMBA
● Mount /data/www-files on pod1.indonesia.com to the local directory /data/www-files.
WEBSERVER - apache
The marking will be done on either of the two servers. Which one will be decided prior to the
making starts by the assessment team. So you have to configure both servers!
● Configure apache2
● Create website for “www.indonesia.com” domain on directory /data/www-files
○ The website page should display the following message:
■ “Welcome to the LKS kalteng on [HOSTNAME]”.
■ Add the hostname dynamically with php
○ Add the HTTP header “X-Server-By” with the server hostname as the value.
○ Make sure that PHP scripts can be run
■ Index.php should be first priority for index files
○ Create a password protected (basic authentication) subfolder “internal”
■ Use user skill39 with password Skill39 to authenticate

budi-pc
● User GNOME as the desktop environment.
● Create a local user budi with password Skills39 and login
● Make sure that server can access www.indonesia.com
DAY 2

Windows Environment

DC-Preconfigured
Verify server name and IP matches that in the configuration table and diagram at the end of
this document

ADDS
● This server is pre-configured as the domain controller of kalteng.net
● Configure Active Directory. Create User, Group, and OU recording below table
OU Group User Password

KALTENG LKS user1 Skills39

KALTENG LKS user2 Skills39

KALTENG SMK user3 Skills39

KALTENG SMK user4 Skills39

DNS
● Add the following records in addition to the domain joined servers.
● CNAME records of dc.kalteng.net:
○ www, intra, extra
● Create a reverse lookup zone creating PTR records for all servers.

DHCP
● Configure DHCP-service for the kalteng network.
● Add all the necessary options to make all services work.
● Total scope Range: 172.16.10.51 - 172.16.10.100
● Add DC as gateway

GPO
● Create a GPO called “banner” that will ensure that all users will be greeted with a login
banner that says “Welcome to Skill 39”.
● Create a GPO called “LKS” to disable access Network Setting (ncpa.cpl) for the "LKS"
group members.

Files Sharing
● Create a file share for local path C:\public and share it as \\DC\public read-only
Web
● Install and configure IIS and its websites using given HTML files. (from C:\ModuleB on
DC)
● Configure the "Default Web Site" as described below.
● Path for website root: "C:\inetpub\intranet\".
● Use the intranet.html web file for the default page.
● Create "http://extra.kalteng.net" website with the name "Extranet" using extranet.html
webfile.
● Path for website root: "C:\inetpub\extranet\".
● Create "http://www.kalteng.net" website with the name "Public" using the public.html
webfile.
● Path for website root: "C:\inetpub\internet\".

ANI-PC
Configure to match the following requirements
● Verify server name and IP configuration matches that found in the configuration table
and diagram at the end of this document.
● Join this client to the domain KALTENG.
● Set the power settings to “never sleep”.
APPENDIX
Configuration Table
Hostname Operating System Domain Preinstalled
DC Windows Server 2019 kalteng.net Yes - Configure
desktop as DC

ANI-PC Windows 10 kalteng.net yes

fw.indonesia.com Debian 10 Server indonesia.com yes

pod1.indonesia.com Debian 10 Server indonesia.com yes

pod2.indonesia.com Debian 10 Server indonesia.com yes

budi-pc Debian 10 Client indonesia.com yes

IP Address
Hostname IP Address networks

172.16.10.1 172.16.10.0/24
DC
222.165.228.254 222.165.228.0/24

ANI-PC DHCP 172.16.10.0/24

fw.indonesia.com 172.16.20.254 172.16.20.0/24

222.165.228.1 222.165.228.0/24

pod1.indonesia.com 172.16.20.10 172.16.20.0/24

pod2.indonesia.com 172.16.20.20 172.16.20.0/24

budi-pc 222.165.228.100 222.165.228.0/24