Securing SWAT

Posted on Updated on


Secara Default SWAT di configure melalui webl ink yang tidak terencrypt, maka dari itu untuk alasan security, kita bisa malekukan securing dengan menggunakan openssl (https).

langkah-langkahnya adalah :

  • Create User stunnel
  • # useradd stunnel

  • Create The Certificates
  • # cd /usr/share/ssl/certs
    # make stunnel.pem
    # chmod 640 stunnel.pem
    # chgrp stunnel stunnel.pem

  • Create /etc/stunnel/stunnel.conf
  • Sebagai contoh, kita bisa gunakan /etc/stunnel/stunnel.conf seperti ini:

    # Configure stunnel to run as user “stunnel” placing temporary
    # files in the /home/stunnel/ directory
    chroot = /home/stunnel/
    pid = /stunnel.pid
    setuid = stunnel
    setgid = stunnel

    # Log all stunnel messages to /var/log/messages
    debug = 7
    output = /var/log/messages

    # Define where the SSL certificates can be found.
    client = no
    cert = /usr/share/ssl/certs/stunnel.pem
    key = /usr/share/ssl/certs/stunnel.pem

    # Accept SSL connections on port 901 and funnel it to
    # port 902 for swat.
    [swat]
    accept = 901
    connect = 902

  • Create file Secure SWAT baru di /etc/xinetd.d
  • Untuk memudahkan, kita bisa meng-copy dari file SWAT yang asli.

    # cd /etc/xinetd.d
    # cp swat swat-stunnel
    # vi swat-stunnel

    Kemudian edit file swat-stunnel menjadi seperti ini:

    service swat-stunnel
    {
    port = 902
    socket_type = stream
    wait = no
    only_from = 127.0.0.1
    user = root
    server = /usr/sbin/swat
    log_on_failure += USERID
    disable = no
    bind = 127.0.0.1
    }

    Agar tidak menjadikan conflict maka file swat di /etc/xinetd.d/swat harus di disable, dengan cara mengubah config “disable = no/yes” menjadi “disable = yes”

  • Kemudian edit /etc/services
  • # vi /etc/services

    swat-stunnel 902/tcp # Samba Web Administration Tool (Stunnel)

  • Actifkan swat-stunnel
  • # chkconfig swat on
    # chkconfig swat-stunnel on

  • Start stunnel
  • # stunnel

  • Test Secure SWAT
  • # netstat -tan | grep 90

    tcp 0 0 0.0.0.0:901 0.0.0.0:* LISTEN
    tcp 0 0 127.0.0.:902 0.0.0.0:* LISTEN

  • Test Secure SWAT Login

Arahkan web browser anda ke https://server-ip-address:901/ jika muncul halaman login, silahkan masukkan username dan password sesuai dengan settingan Anda.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s