Title here
Summary here
Keamanan
Untuk keamanan akses aplikasi simgos2, maka hal yang harus dilakukan:
SSH SERVER
- Ubah password user root
passwd rootFTP SERVER
- Ubah password user
simgos
passwd simgosTOMCAT
- Ubah password user
simgos
# Ubah kalimat ganti_dgn_password_baru
find /opt/tomcat/conf -name "tomcat-users.xml" -exec sh -c 'x={}; sed -i -e "s/password=\"5!MG052\"/password=\"ganti_dgn_password_baru\"/g" "$x"' \;
# Restart tomcat
systemctl restart tomcatMYSQL
- Buka aplikasi
HeidiSQL - Pilih menu
Perkakas -> Manajer Pengguna - Pilih username
admin - Masukan password baru pada kolom
Sandi p:danUlangi Password: - Tekan tombol
Simpan
APACHE
Konfigurasi
Setting ServerName
nano /etc/httpd/conf/httpd.conf- Tekan
Ctrl+Wuntuk melakukan pencarian - Ketik
ServerNameTekanEnter - Hapus tanda
#(uncomment) - Ubah
www.example.com:80menjadisimgos2 - Tekan
Ctrl+X+Y+Enteruntuk menyimpan perubahan
- Tekan
Disable Document Root
nano /etc/httpd/conf/httpd.conf- Beri tanda
#(comment) diawal scipt dibawah ini DocumentRoot "/var/www/html"menjadi#DocumentRoot "/var/www/html"- Ubah script dibawah ini:
<Directory "/var/www"> AllowOverride None # Allow open access: Require all granted </Directory>menjadi
#<Directory "/var/www"> # AllowOverride None # # Allow open access: # Require all granted #</Directory>- Ubah script dibawah ini:
<Directory "/var/www/html"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # Options FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # Require all granted </Directory>menjadi
#<Directory "/var/www/html"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # # Options FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # # AllowOverride None # # Controls who can get stuff from this server. # # Require all granted #</Directory>- Tekan
Ctrl+X+Y+Enteruntuk menyimpan perubahan
- Beri tanda
Remove File
welcome.confrm -rf /etc/httpd/conf.d/welcome.confRemove Indexing
find /etc/httpd/conf.d -name "*.conf" -exec sh -c 'x={}; sed -i -e "s/Indexes //g" "$x"' \;Add Header
nano /etc/httpd/conf.d/headers.conf # Tambahkan script dibawah ini ke dalam file headers.conf Header set X-Frame-Options: "SAMEORIGIN" Header set Strict-Transport-Security: "max-age=31536000; includeSubDomains" Header set Content-Security-Policy: "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:" Header set X-Content-Type-Options: "nosniff" Header set Referrer-Policy: "strict-origin-when-cross-origin" Header set X-Xss-Protection: "1; mode=block" Header set Permissions-Policy: "camera=(), microphone=(), geolocation=()"Restart service
# Cek jika konfigurasi OK httpd -t # Jika Ok lakukan restart service systemctl restart httpd
Aktifkan Akses SSL
- Install open ssl
Generate Local Self Certificate
cd /home/simgos mkdir certs cd certs # Download genssc wget http://simgos2.simpel.web.id/repos/scripts/genssc.sh chmod +x genssc.sh # Generate file config kemudian edit file config.cnf dan sesuaikan pengisian fieldnya ./genssc.sh configSetelah generate config lakukan edit file
config.cnf- Ketik perintah:
nano config.cnf - Ubah
nama propinsisesuai dengan nama propinsi faskes - Ubah
kota/kabsesuai dengan kota/kab faskes - Ubah
kodersmenjadi kode faskes kemenkes - Ubah
nama rsmenjadi nama faskes masing - masing - Ubah
Instalasi SIRSmenjadi nama unit kerja sistem informasi - Ubah
[email protected]sesuai dengan email rs - Ubah
nama serversesuai dengan nama server simgos2 - Ubah
ip addresssesuai dengan ip server simgos2
Selanjutnya simpan perubahan tersebut dengan menekan tombol
Ctrl+X+Y+Enter. Setelah disimpan lakukan generate certificate seperti perintah dibawah ini:# Generate Certificate ./genssc.sh certificate- Ketik perintah:
Melakukan konfigurasi pada web server apache
- Edit file
ssl.conf
Ketik perintah dibawah ini:
# Edit file ss.conf nano /etc/httpd/conf.d/ssl.conf- Ubah
SSLCertificateFile /etc/pki/tls/certs/ca.crtmenjadiSSLCertificateFile /home/simgos/certs/server.crt - Ubah
SSLCertificateKeyFile /etc/pki/tls/private/ca.keymenjadiSSLCertificateKeyFile /home/simgos/certs/server.key - Restart service httpd
systemctl restart httpd
- Edit file
Allow Firewall to Access Https
firewall-cmd --permanent --add-service=https firewall-cmd --reloadImport certificate di komputer client
- Copy file
server.certdari server ke client - Tutup semua browser
- Tekan tombol
Windows+R - Ketik
certmgr.msc
Pilih
Trusted Root Certification Authorities, klik kanan diCertificatedpilih menuAll Tasks -> import
Klik
Browsercari fileserver.crt, selanjutnya tekan tombolNext
Tekan tombol
Nextkemudian tekan tombolFinish- Buka browser
chromeatauMicrosoft Edgeuntuk mengakses aplikasi simgos2
- Copy file
Sebelumnya
AplikasiBerikutnya
Media Penyimpanan Dokumen