Unbound - Logging

Enable Logging for Unbound update unbound.conf /var/unbound/etc/unbound.conf server: logfile: /log/unbound.log verbosity: 1 log-queries: yes ... create folder/logfile log=/var/unbound/log/unbound.log doas mkdir /var/unbound/log/ touch $log chmod 660 $log chown _unbound:_unbound $log restart service doas rcctl restart unbound tail logfile tail -f /var/unbound/log/unbound.log # tail -f /var/unbound/log/unbound.log [1660208341] unbound[3279:0] notice: init module 0: validator [1660208341] unbound[3279:0] notice: init module 1: iterator [1660208341] unbound[3279:0] info: start of service (unbound 1.15.0). [1660208344] unbound[3279:0] info: xxx.xxx.xxx.xxx time.

Unbound - RemoteControl

How to Enable Remote Control for Unbound Setup Remote Control doas unbound-control-setup $ doas unbound-control-setup setup in directory /var/unbound/etc Generating RSA private key, 3072 bit long modulus ..................................++++ ..................................++++ e is 010001 (0x65537) Generating RSA private key, 3072 bit long modulus ........................................++++ ........................................++++ e is 010001 (0x65537) Signature ok subject=/CN=unbound-control Getting CA Private Key removing artifacts Setup success. Certificates created. Enable in unbound.conf file to use Enable in unbound.conf /var/unbound/etc/unbound.conf

OpenSSH 2FA Google Auth

Let’s give a try with Alpine Linux, OpenSSH and 2FA with Google Authenticator. add Packages apk add openssh openssh-server-pam google-authenticator openssh-doc google-authenticator-doc libqrencode Configure GoogleAuth touch /etc/pam.d/sshd ln /etc/pam.d/sshd /etc/pam.d/sshd.pam cat << 'EOF' >> /etc/pam.d/sshd.pam account include base-account auth required pam_env.so auth required pam_nologin.so successok auth required /lib/security/pam_google_authenticator.so echo_verification_code grace_period=57600 nullok auth required pam_unix.so md5 sha512 EOF update sshd_config cat << 'EOF' >> /etc/ssh/sshd_config PasswordAuthentication no AuthenticationMethods any UsePAM yes EOF Restart SSHD service sshd restart Setup User su - USERNAME google-authenticator Response


stumpled upon some thing cool, htmlq! It’s like jq, but for HTML. Installation Rust htmlq need rust. so, let’s install rust first. doas pkg_add rust Add Link to Path cat << 'EOF' |doas tee -a /etc/profile # Rust/Cargo export PATH=$PATH:/root/.cargo/bin EOF . /etc/profile Install HTMLQ doas cargo install htmlq some Examples Extract Links curl -s https://www.openbsd.org | htmlq --attribute href a |head Example user@nixbox$ curl -s https://www.openbsd.org | htmlq --attribute href a |head goals.

Cisco Router, SSH, PubKey, ...

Intro I stumbled across an old Cisco box in the basement. I thought i might have some fun (or frust?) with the aging Device. The Hardware still works fine, right ? And what about the Software ? Let’s give a try ! Hardware show version Cisco 1841 (revision 7.0) with 352256K/40960K bytes of memory. Processor board ID FCZ1234757Y 6 FastEthernet interfaces 1 Virtual Private Network (VPN) Module DRAM configuration is 64 bits wide with parity disabled.

OpenBSD 7.2 - Compare

there are a few Weeks until OpenBSD 7.2 will get released. Anyhow, running current is a good way to get a “preview” what’s in the pipeline and will come soon. one of the painpoint was update packages on OpenBSD. Not because it was difficult, but it took quite a lot of time. Specially, when you run a bunch of machines in different networks. Version and Time consumption sysctl kern.version pkg_info |wc -l time pkg_add -Vu OpenBSD 7.

Smokeping on Docker

If you have Docker running somehwere … bring up your Smoke Instance within Seconds ;) Smokeping docker run --name smoke --restart always -d -p 80:80 linuxserver/smokeping Show Containers docker ps docker-test:~# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8f8b872ac1c3 linuxserver/smokeping "/init" 6 minutes ago Up 6 minutes>80/tcp, :::80->80/tcp smoke Shell into Docker docker exec -it smoke /bin/sh Check Netstat root@8f8b872ac1c3:/# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.

Alpine - OpenVM Tools

Running Alpine on ESX ? Install the Open VM Tools … Install OpenVM Tools apk add open-vm-tools apk add open-vm-tools-guestinfo apk add open-vm-tools-deploypkg Start Service rc-service open-vm-tools start Autostart Service rc-update add open-vm-tools boot All in One apk add open-vm-tools open-vm-tools-guestinfo open-vm-tools-deploypkg rc-update add open-vm-tools boot rc-service open-vm-tools start Busybox Extras add some tools (arch, dnsd, dumpleases, fakeidentd, ftpd, ftpget, ftpput, httpd, inetd, readahead, telnet, telnetd, tftp, tftpd, udhcpd) apk add busybox-extras List Packages apk info -L busybox-extras docker# apk info -L busybox-extras busybox-extras-1.

Redis on OpenBSD

let’s play a bit with Redis. A In-Memory Data Store for Caching, Streaming, Message Broker https://redis.io/ Install doas rcctl add redis doas rcctl enable redis doas rcclt restart redis Package Summary what did we got installed ? doas pkg_info -L redis $ doas pkg_info -L redis Information for inst:redis-6.2.7 Files: /etc/rc.d/redis /usr/local/bin/redis-benchmark /usr/local/bin/redis-check-aof /usr/local/bin/redis-check-rdb /usr/local/bin/redis-cli /usr/local/bin/redis-sentinel /usr/local/bin/redis-server /usr/local/share/examples/redis/redis.conf /usr/local/share/examples/redis/sentinel.conf A Server, a Client, a configuration File, … Keep Alive send a ping …

Ruby on Rails

https://github.com/Bratela/openbsd Install Ruby Install Ruby and set Symlinks doas su - pkg_add ruby-3.1.2 ln -sf /usr/local/bin/ruby31 /usr/local/bin/ruby ln -sf /usr/local/bin/bundle31 /usr/local/bin/bundle ln -sf /usr/local/bin/bundler31 /usr/local/bin/bundler ln -sf /usr/local/bin/erb31 /usr/local/bin/erb ln -sf /usr/local/bin/gem31 /usr/local/bin/gem ln -sf /usr/local/bin/irb31 /usr/local/bin/irb ln -sf /usr/local/bin/rdoc31 /usr/local/bin/racc ln -sf /usr/local/bin/rake31 /usr/local/bin/rake ln -sf /usr/local/bin/rdoc31 /usr/local/bin/rbs ln -sf /usr/local/bin/rdoc31 /usr/local/bin/rdbg ln -sf /usr/local/bin/rdoc31 /usr/local/bin/rdoc ln -sf /usr/local/bin/ri31 /usr/local/bin/ri ln -sf /usr/local/bin/typeprof31 /usr/local/bin/typeprof Install Nokogiri pkg_add ruby31-nokogiri-1.13.1p0 Install Rails pkg_add ruby-3.

Ubuntu 20.04 LTS & Netplan

Assume you got a fresh Machine with DHCP … Ubuntu with DHCP Config cat /etc/netplan/01-netcfg.yaml # This is the network config written by 'subiquity' network: ethernets: ens192: dhcp4: true version: 2 and you’d like to switch to Static IP, ask google how todo it an give try: Static IP with Netplan # This is the network config written by 'subiquity' network: version: 2 ethernets: ens192: addresses: - gateway4: nameservers: addresses: - 8.

Kubernetes Multi-Juicer

If you ever wanna run a Multiplayer OWASP Juice Shop CTF on your own, here are some Notes and Info for bloody beginners References https://github.com/iteratec/multi-juicer/ https://www.digitalocean.com/ https://kubernetes.io/de/docs/concepts/overview/what-is-kubernetes/ Prerequisite you’ve got a Digital Ocean Account (or some other Cloud Provider) a spare domain and set the NS of DigitalOcean Digital Ocean CMD Line Tools installed and configured helm tools (kubernetes package manager -> brew install helm) some budget (~2 CHF/Day) 30min for Setup btw.

FreeBSD bhyve

bhyve, pronounced “beehive” is a hypervisor/virtual machine manager for FreeBSD that supports most Intel and AMD processors that report the “POPCNT” (POPulation Count) processor feature in dmesg(8). Download ISO and boot it … in a new Virtual Machine … cat << 'EOF' > run_bhyve.sh #!/usr/bin/env bash iso=FreeBSD-13.1-RELEASE-amd64-bootonly.iso vm=guest.img # Load Module if needed kldstat |grep vmm.ko || kldload vmm ifconfig tap0 create sysctl net.link.tap.up_on_open=1 ifconfig ifconfig bridge0 create ifconfig bridge0 addm vmx0 addm tap0 ifconfig bridge0 create ifconfig bridge0 up # Get ISO test -f $iso || fetch https://download.

OpenBSD Compile Custom Kernel

Let’s Compile a Custom Kernel for OpenBSD … and let’s check if we can tune the Process it with multiple Processors. get Sources and prepare Custom Kernel cd /usr/src ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/sys.tar.gz tar xfz sys.tar.gz rm xfz sys.tar.gz cd /sys/arch/$(uname -m)/conf cp GENERIC.MP CUSTOM.MP config CUSTOM.MP cd ../compile/CUSTOM.MP -> with config CUSTOM.MP, you can enable disable Components which will be built into your Custom Kernel. Wlan Drives for a VirtualServer, as example, does not make sense.

Git Tags

With Tags, we have the possibility to “Tag” a certain Point as important. Just give it a release Number (v0.1, v0.2, v1.0) or whatever you like. list tags list all tags for a certain repo git tag add Tag when you’re fine with a version, add a tag … git tag -a v1.0 -m "my Version 1.0" push Tags you have to push the Tags separatly. they do not get pushed with the common “git push” command