################################################################################################
### SRV-FIREW-1 ################################################################################
################################################################################################
/etc/selinux/config
SELINUX=disabled
/etc/hosts.allow
sshd: 192.168.10.10 192.168.10.2
/etc/resolv.conf
search i-forma.local
nameserver 192.168.10.2
/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=srv-firew-1.i-forma.local
GATEWAY=192.168.0.1
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
IPADDR=192.168.0.2
NETMASK=255.255.255.0
ONBOOT="yes"
/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE="eth1"
IPADDR=192.168.10.1
NETMASK=255.255.255.0
ONBOOT="yes"
/etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE="eth2"
IPADDR=192.168.11.1
NETMASK=255.255.255.0
ONBOOT="yes"
/etc/sysconfig/network-scripts/ifcfg-eth3
DEVICE="eth3"
IPADDR=192.168.12.1
NETMASK=255.255.255.0
ONBOOT="yes"
/etc/sysctl.conf
net.ipv4.ip_forward = 1
/etc/ntp.conf
server hora.roa.es
################################################################################################
### SRV-WEB-1 ##################################################################################
################################################################################################
/etc/selinux/config
SELINUX=disabled
/etc/hosts.allow (srv-web-1)
sshd: 192.168.10.10 192.168.10.2
/etc/hosts.allow (srv-web-2)
sshd: 192.168.10.10 192.168.10.2 192.168.11.2 (en srv-web-2)
# cat /etc/resolv.conf
search i-forma.local
nameserver 192.168.10.2
# cat /etc/sysconfig/network (srv-web-1)
NETWORKING=yes
HOSTNAME=srv-web-1.i-forma.local
GATEWAY=192.168.11.1
# cat /etc/sysconfig/network (srv-web-2)
NETWORKING=yes
HOSTNAME=srv-web-2.i-forma.local
GATEWAY=192.168.11.1
# cat /etc/sysconfig/network-scripts/ifcfg-eth0 (srv-web-1)
DEVICE="eth0"
IPADDR=192.168.11.2
NETMASK=255.255.255.0
ONBOOT="yes"
# cat /etc/sysconfig/network-scripts/ifcfg-eth0 (srv-web-2)
DEVICE="eth0"
IPADDR=192.168.11.3
NETMASK=255.255.255.0
ONBOOT="yes"
/etc/ntp.conf
server 192.168.11.1
/etc/drbd.d/global_common.conf
global { usage-count no; }
common {
syncer { rate 10M; }
}
/etc/drbd.d/main.res
resource main {
protocol C;
startup { wfc-timeout 0; degr-wfc-timeout 120; }
disk { on-io-error detach; }
on srv-web-1.i-forma.local {
device /dev/drbd0;
disk /dev/sdb1;
meta-disk internal;
address 192.168.11.2:7788;
}
on srv-web-2.i-forma.local {
device /dev/drbd0;
disk /dev/sdb1;
meta-disk internal;
address 192.168.11.3:7788;
}
}
/etc/httpd/conf/httpd.conf
NameVirtualHost *:80
Include sites.d/*.conf
/etc/my.cnf
Datadir=/drbd/mysql
/etc/ha.d/ha.cf
keepalive 2
deadtime 30
bcast eth0
node srv-web-1.i-forma.local srv-web-2.i-forma.local
/etc/ha.d/haresources
srv-web-1.i-forma.local IPaddr::192.168.11.10 drbddisk::main Filesystem::/dev/drbd0::/drbd::ext4 mysql
/etc/ha.d/authkeys
auth 3
3 md5 password
/etc/ha.d/resource.d/mysql
#!/bin/bash
#
# This script is inteded to be used as resource script by heartbeat
#
# Mar 2006 by Monty Taylor
#
###
. /etc/ha.d/shellfuncs
case "$1" in
start)
res=`/etc/init.d/mysqld start`
ret=$?
ha_log $res
exit $ret
;;
stop)
res=`/etc/init.d/mysqld stop`
ret=$?
ha_log $res
exit $ret
;;
status)
if [[ `ps -ef | grep '[m]ysqld'` > 1 ]] ; then
echo "running"
else
echo "stopped"
fi
;;
*)
echo "Usage: mysql {start|stop|status}"
exit 1
;;
esac
exit 0
/etc/httpd/sites.d/moodle.conf
ServerAdmin webmaster@i-forma.com
DocumentRoot /var/www/html/moodle
ServerName cursos.i-forma.com
ErrorLog logs/moodle-error_log
CustomLog logs/moodle-access_log combined
/etc/php.ini
session.save_handler = user
session.cache_limiter =
/var/www/html/drupal/sites/default/settings.php
$base_url = 'http://www.i-forma.com';
$databases['default']['default'] = array(
'driver' => 'mysql',
'database' => 'drupal',
'username' => 'drupaluser',
'password' => 'password',
'host' => 'localhost',
'prefix' => 'main_',
'collation' => 'utf8_general_ci',
);
/etc/httpd/sites.d/drupal.conf
ServerAdmin webmaster@i-forma.com
DocumentRoot /var/www/html/drupal
ServerName www.i-forma.com
ErrorLog logs/moodle-error_log
CustomLog logs/moodle-access_log combined
AllowOverride All
/etc/awstats/awstats.www.i-forma.com.conf
SiteDomain="www.i-forma.com"
LogFile="/usr/local/awstats/tools/logresolvemerge.pl /var/log/httpd/drupal-access_log* |"
/etc/awstats/awstats.cursos.i-forma.com.conf
LogFile="/usr/local/awstats/tools/logresolvemerge.pl /var/log/httpd/moodle-access_log* |"
SiteDomain="cursos.i-forma.com"
/etc/httpd/sites.d/awstats.conf
ServerAdmin webmaster@i-forma.com
DocumentRoot /var/www/html/estadisticas
ServerName estadisticas.i-forma.com
ErrorLog logs/estadisticas-error_log
CustomLog logs/estadisticas-access_log combined
Order deny,allow
Allow from 192.168.10.0/24
Deny from all
RedirectPermanent /www http://estadisticas.i-forma.com/awstats/awstats.pl?config=www.i-forma.com
RedirectPermanent /cursos http://estadisticas.i-forma.com/awstats/awstats.pl?config=cursos.i-forma.com
#
# Directives to allow use of AWStats as a CGI
#
Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"
ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
#
# This is to permit URL access to scripts/files in AWStats directory.
#
Options None
AllowOverride None
Order allow,deny
Allow from all
/etc/cron.daily/awstats
/usr/local/awstats/tools/awstats_updateall.pl now
################################################################################################
### SRV-DMZ-1 ##################################################################################
################################################################################################
/etc/selinux/config
SELINUX=disabled
/etc/hosts.allow
sshd: 192.168.10.10 192.168.10.2
# cat /etc/resolv.conf
search i-forma.local
nameserver 192.168.10.2
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=srv-dmz-1.i-forma.local
GATEWAY=192.168.12.1
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
IPADDR=192.168.12.2
NETMASK=255.255.255.0
ONBOOT="yes"
/etc/ntp.conf
server 192.168.12.1
/etc/postfix/main.cf
mydomain = i-forma.com
mydestination = localhost
inet_interfaces = all
content_filter = smtp-amavis:127.0.0.1:10024
transport_maps = hash:/etc/postfix/mailertable
relay_domains = hash:/etc/postfix/relay_domains
undisclosed_recipients_header = To:;
smtpd_client_restrictions = reject_rbl_client bl.spamcop.net
reject_rbl_client zen.spamhaus.org
smtpd_recipient_restrictions = check_recipient_access $relay_domains
reject
/etc/postfix/master.cf
smtp-amavis unix - - y - 10 smtp -o smtp_data_done_timeout=500
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
/etc/postfix/mailertable
i-forma.com smtp:[192.168.10.2]
/etc/postfix/relay_domains
i-forma.com OK
/etc/clamd.conf
#TCPSocket 3310 (comentarla)
/etc/amavis/amavisd.conf
$mydomain = ‘i-forma.com’;
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;
$sa_tag_level_deflt = -1000; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 10; # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 15; # spam level beyond which a DSN is not sent
/etc/httpd/conf/httpd.conf
# Listen 80
/etc/httpd/conf.d/ssl.conf
Listen 443
DocumentRoot "/var/www/html/roundcube"
ServerName webmail.i-forma.com:443
SSLCertificateFile /cert.crt
SSLCertificateKeyFile /cert.key
AllowOverride all
SSLCACertificateFile /cacert.pem
SSLVerifyClient require
/etc/php.ini
date.timezone = “Europe/Madrid”
################################################################################################
### SRV-CORP-1 #################################################################################
################################################################################################
/etc/selinux/config
SELINUX=disabled
/etc/hosts.allow
sshd: 192.168.10.10 192.168.10.2
/etc/resolv.conf
search i-forma.local
nameserver 127.0.0.1
/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=srv-corp-1.i-forma.local
GATEWAY=192.168.10.1
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
IPADDR=192.168.10.2
NETMASK=255.255.255.0
ONBOOT="yes"
/etc/ntp.conf
server 192.168.10.1
/etc/named.conf
zone "i-forma.local" IN {
type master;
file "i-forma.local.zone";
allow-transfer { none; };
};
zone "i-forma.com" IN {
type master;
file "i-forma.com.zone";
allow-transfer { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "0.168.192.in-addr.arpa.zone";
allow-transfer { none; };
};
zone "10.168.192.in-addr.arpa” IN {
type master;
file "10.168.192.in-addr.arpa.zone";
allow-transfer { none; };
};
zone "11.168.192.in-addr.arpa" IN {
type master;
file "11.168.192.in-addr.arpa.zone";
allow-transfer { none; };
};
zone "12.168.192.in-addr.arpa" IN {
type master;
file "12.168.192.in-addr.arpa.zone";
allow-transfer { none; };
};
listen-on port 53 { any; };
allow-query { any; };
/var/named/i-forma.local.zone
$TTL 1D
@ IN SOA srv-corp-1.i-forma.local. admin.i-forma.com. (
2011111101 ; Serial
1D ; Refresco
1D ; Reintento
1D ; Expira
1D) ; TTL
NS srv-corp-1.i-forma.local.
; Nombres de host
router IN A 192.168.0.1
srv-firew-1 IN A 192.168.10.1
srv-dmz-1 IN A 192.168.12.2
srv-web-1 IN A 192.168.11.2
srv-web-2 IN A 192.168.11.3
srv-corp-1 IN A 192.168.10.2
pc-inf-1 IN A 192.168.10.10
pc-coor-1 IN A 192.168.10.20
pc-adm-1 IN A 192.168.10.30
pc-adm-2 IN A 192.168.10.31
pc-adm-3 IN A 192.168.10.32
pc-adm-4 IN A 192.168.10.33
pc-adm-5 IN A 192.168.10.34
; Servicios
impresion IN CNAME pc-coor-1
ldap IN CNAME srv-corp-1
proxy IN CNAME srv-corp-1
fichero IN CNAME srv-corp-1
mail IN CNAME srv-corp-1
/var/named/i-forma.com.zone
$TTL 1D
@ IN SOA srv-corp-1.i-forma.local. admin.i-forma.com. (
2011111101 ; Serial
1D ; Refresco
1D ; Reintento
1D ; Expira
1D) ; TTL
NS srv-corp-1.i-forma.local.
; Nombres de host
@ IN A 192.168.11.10
www IN A 192.168.11.10
webmail IN A 192.168.12.2
cursos IN A 192.168.11.10
estadísticas IN A 192.168.11.10
@ IN MX 10 192.168.10.2
/var/named/0.168.192.in-addr.arpa.zone
$TTL 1D
@ IN SOA srv-corp-1.i-forma.local. admin.i-forma.com. (
2011111101 ; Serial
1D ; Refresco
1D ; Reintento
1D ; Expira
1D) ; TTL
NS srv-corp-1.i-forma.local.
; Resolucion inversa
1 IN PTR router.i-forma.local.
2 IN PTR srv-firew-1.i-forma.local.
/var/named/10.168.192.in-addr.arpa.zone
$TTL 1D
@ IN SOA srv-corp-1.i-forma.local. admin.i-forma.com. (
2011111101 ; Serial
1D ; Refresco
1D ; Reintento
1D ; Expira
1D) ; TTL
NS srv-corp-1.i-forma.local.
; Resolucion inversa
1 IN PTR srv-firew-1.i-forma.local.
2 IN PTR srv-corp-1.i-forma.local.
10 IN PTR pc-inf-1.i-forma.local.
20 IN PTR pc-coor-1.i-forma.local.
30 IN PTR pc-adm-1.i-forma.local.
31 IN PTR pc-adm-2.i-forma.local.
32 IN PTR pc-adm-3.i-forma.local.
33 IN PTR pc-adm-4.i-forma.local.
34 IN PTR pc-adm-5.i-forma.local.
/var/named/11.168.192.in-addr.arpa.zone
$TTL 1D
@ IN SOA srv-corp-1.i-forma.local. admin.i-forma.com. (
2011111101 ; Serial
1D ; Refresco
1D ; Reintento
1D ; Expira
1D) ; TTL
NS srv-corp-1.i-forma.local.
; Resolucion inversa
1 IN PTR srv-firew-1.i-forma.local.
2 IN PTR srv-web-1.i-forma.local.
3 IN PTR srv-web-2.i-forma.local.
/var/named/12.168.192.in-addr.arpa.zone
$TTL 1D
@ IN SOA srv-corp-1.i-forma.local. admin.i-forma.com. (
2011111101 ; Serial
1D ; Refresco
1D ; Reintento
1D ; Expira
1D) ; TTL
NS srv-corp-1.i-forma.local.
; Resolucion inversa
1 IN PTR srv-firew-1.i-forma.local.
2 IN PTR srv-dmz-1.i-forma.local.
/etc/openldap/slapd.conf
suffix "dc=i-forma,dc=local"
rootdn "cn=Manager,dc=i-forma,dc=local"
rootpw XXXXXXXXXXXXXXXXXXXX
/usr/share/migrationtools/mígrate_common.ph
$DEFAULT_MAIL_DOMAIN = "i-forma.local";
$DEFAULT_BASE = "dc=i-forma,dc=local";
# Las siguientes variables es por si queremos evitar
# la exportación de usuarios y grupos de sistema que
# no interesan...
$IGNORE_UID_BELOW = 500;
$IGNORE_GID_BELOW = 100;
$IGNORE_UID_ABOVE = 9999;
$IGNORE_GID_ABOVE = 9999;
# vi /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
# vi /etc/openldap/ldap.conf
BASE dc=i-forma,dc=local
URI ldap://localhost:389/
# vi /etc/nslcd.conf
BASE dc=i-forma,dc=local
URI ldap://localhost:389/
# vi /etc/sysconfig/authconfig
FORCELEGACY=yes
/etc/pam.d/system-auth
session optional pam_mkhomedir.so skel=/etc/skel umask=0022
/etc/pam.d/password-auth
session optional pam_mkhomedir.so skel=/etc/skel umask=0022
/etc/exports
/ALMACENAMIENTO/publico 192.168.10.0/24(rw,root_squash,sync,no_all_squash)
/ALMACENAMIENTO/privado 192.168.10.0/24(rw,root_squash,sync,no_all_squash)
/etc/squid/squid.conf
acl redlocal src 192.168.10.0/24
auth_param basic program /usr/lib64/squid/squid_ldap_auth -b ou=People,dc=i-forma,dc=local -h localhost -f (uid=%s)
auth_param basic children 10
auth_param basic credentialsttl 24 hours
auth_param basic realm Web-Proxy
acl ldap_auth proxy_auth REQUIRED
external_acl_type ldapgroup %LOGIN /usr/lib64/squid/squid_ldap_group -b ou=People,dc=i-forma,dc=local -f (&(uid=%u)(gidNumber=%g)) -h localhost
acl sitiospermitidos dstdomain www.i-forma.com estadísticas.i-forma.com cursos.i-forma.com
acl administrativos external ldapgroup 501
http_access allow redlocal sitiospermitidos
http_access allow redlocal ldap_auth !administrativos
http_access deny all
/root/CA/constraint
/etc/postfix/master.cf
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
/etc/postfix/main.cf
mydomain = i-forma.com
inet_interfaces = all
mydestination = $mydomain, localhost
mynetworks = 192.168.10.0/24, 192.168.11.0/24, 192.168.12.0/24, 127.0.0.0/8
mailbox_command = /usr/bin/procmail
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
/etc/dovecot/dovecot.conf
protocols = imap pop3
/etc/dovecot/conf.d/10-mail.conf
mail_location = mbox:~/mail:INBOX=/var/mail/%u
/etc/dovecot/conf.d/10-ssl.conf
ssl = no
/etc/saslauthd.conf
ldap_servers: ldap://localhost/
ldap_search_base: dc=i-forma,dc=local
/etc/sysconfig/saslauthd
MECH=ldap
/etc/dovecot/dovecot-ldap.conf.ext
uris = ldap://localhost/
auth_bind = yes
base = dc=i-forma,dc=local
/etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
################################################################################################
### PC-COOR-1 ##################################################################################
################################################################################################
/etc/selinux/config
SELINUX=disabled
/etc/hosts.allow
sshd: 192.168.10.10 192.168.10.2
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=pc-coor-1.i-forma.local
GATEWAY=192.168.10.1
# cat /etc/sysconfig/network-scripts/ifcfg-p3p1
DEVICE="p3p1"
IPADDR=192.168.10.20
NETMASK=255.255.255.0
ONBOOT="yes"
DNS1=192.168.10.2
/etc/ntp.conf
server 192.168.10.1
# vi /etc/fstab
fichero.i-forma.local:/ALMACENAMIENTO/publico /home/publico nfs defaults,soft,intr 0 0
fichero.i-forma.local:/ALMACENAMIENTO/privado /home/privado nfs defaults,soft,intr 0 0
# vi /etc/cups/cupsd.conf
ServerName impresión.i-forma.local
Listen 631
Browsing On
BrowseInterval 30
BrowseAllow all
################################################################################################
### PC-INF-1 ###################################################################################
################################################################################################
/etc/selinux/config
SELINUX=disabled
/etc/hosts.allow
sshd: 192.168.10.10 192.168.10.2
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=pc-inf-1.i-forma.local
GATEWAY=192.168.10.1
# cat /etc/sysconfig/network-scripts/ifcfg-p3p1
DEVICE="p3p1"
IPADDR=192.168.10.10
NETMASK=255.255.255.0
ONBOOT="yes"
DNS1=192.168.10.2
/etc/ntp.conf
server 192.168.10.1
# vi /etc/fstab
fichero.i-forma.local:/ALMACENAMIENTO/publico /home/publico nfs defaults,soft,intr 0 0
fichero.i-forma.local:/ALMACENAMIENTO/privado /home/privado nfs defaults,soft,intr 0 0
################################################################################################
### PC-ADM-{1..5} ##############################################################################
################################################################################################
/etc/selinux/config
SELINUX=disabled
/etc/hosts.allow
sshd: 192.168.10.10 192.168.10.2
# cat /etc/sysconfig/network (pc-adm-1)
NETWORKING=yes
HOSTNAME=pc-adm-1.i-forma.local
GATEWAY=192.168.10.1
# cat /etc/sysconfig/network-scripts/ifcfg-p3p1 (pc-adm-1)
DEVICE="p3p1"
IPADDR=192.168.10.30
NETMASK=255.255.255.0
ONBOOT="yes"
DNS1=192.168.10.2
# cat /etc/sysconfig/network (pc-adm-2)
NETWORKING=yes
HOSTNAME=pc-adm-2.i-forma.local
GATEWAY=192.168.10.1
# cat /etc/sysconfig/network-scripts/ifcfg-p3p1 (pc-adm-2)
DEVICE="p3p1"
IPADDR=192.168.10.31
NETMASK=255.255.255.0
ONBOOT="yes"
DNS1=192.168.10.2
# cat /etc/sysconfig/network (pc-adm-3)
NETWORKING=yes
HOSTNAME=pc-adm-3.i-forma.local
GATEWAY=192.168.10.1
# cat /etc/sysconfig/network-scripts/ifcfg-p3p1 (pc-adm-3)
DEVICE="p3p1"
IPADDR=192.168.10.32
NETMASK=255.255.255.0
ONBOOT="yes"
DNS1=192.168.10.2
# cat /etc/sysconfig/network (pc-adm-4)
NETWORKING=yes
HOSTNAME=pc-adm-4.i-forma.local
GATEWAY=192.168.10.1
# cat /etc/sysconfig/network-scripts/ifcfg-p3p1 (pc-adm-4)
DEVICE="p3p1"
IPADDR=192.168.10.33
NETMASK=255.255.255.0
ONBOOT="yes"
DNS1=192.168.10.2
# cat /etc/sysconfig/network (pc-adm-5)
NETWORKING=yes
HOSTNAME=pc-adm-5.i-forma.local
GATEWAY=192.168.10.1
# cat /etc/sysconfig/network-scripts/ifcfg-p3p1 (pc-adm-5)
DEVICE="p3p1"
IPADDR=192.168.10.34
NETMASK=255.255.255.0
ONBOOT="yes"
DNS1=192.168.10.2
/etc/ntp.conf
server 192.168.10.1
# vi /etc/fstab
fichero.i-forma.local:/ALMACENAMIENTO/publico /home/publico nfs defaults,soft,intr 0 0
fichero.i-forma.local:/ALMACENAMIENTO/privado /home/privado nfs defaults,soft,intr 0 0