OpenBSD

OpenBSD Compile Custom Kernel

Let’s Compile a Custom Kernel for OpenBSD … and let’s check if we can tune the Process it with multiple Processors. get Sources and prepare Custom Kernel cd /usr/src ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/sys.tar.gz tar xfz sys.tar.gz rm xfz sys.tar.gz cd /sys/arch/$(uname -m)/conf cp GENERIC.MP CUSTOM.MP config CUSTOM.MP cd ../compile/CUSTOM.MP -> with config CUSTOM.MP, you can enable disable Components which will be built into your Custom Kernel. Wlan Drives for a VirtualServer, as example, does not make sense.

OpenBGPD Looking Glass

BGP Looking Glass with OpenBSD something I’ve wanted to do for a long time and never got around to it … Just give a try, it’s public available: https://bgp.stoege.net/ Prerequisite OpenBSD VM (at least 2G RAM) Public IPv4 / IPv6 DNS Record / Static IP Full BGP Feed (don’t worry, you can get it for free) httpd config OpenBSD got their own HTTP Daemon in Base System. Let’s enable and configure it.

OpenBSD 7.1

OpenBSD 7.1 released ! … a while ago. I upgraded all my boxes since quite a while, but i didn’t write a short post about it. There is nothing really unexpected, a stable, easy, straigh-forward development of my favourite OS, except that there is a need for more than 1G Free Disk Space in /var. That was a bit a problem for smalled Boxes like the APU with 16G Disk …

OpenBSD 7.x Diskusage

Background It seems as OpenBSD (and the installed Software) is useing more and more Space in the /usr Partition. For Upgrading to 7.1, at least 1.1 GB Free Space is needed. So, i’m gooing to update my Default Partitioning Proposal like this: Example with 25 GB root@puffy# df -h Filesystem Size Used Avail Capacity Mounted on /dev/sd0a 3.9G 766M 2.9G 20% / /dev/sd0d 1.9G 20.0K 1.8G 0% /tmp /dev/sd0e 5.8G 36.

Python PIP3

Python PIP https://pip.pypa.io/en/stable/cli/pip_list/ https://blog.stoege.net/posts/pip/ OpenBSD 7.1 # python3 --version Python 3.9.12 # python3 -m pip --version pip 22.0.4 from /usr/local/lib/python3.9/site-packages/pip (python 3.9) List installed python3 -m pip list List Outated python3 -m pip list --outdated --format columns sha256: 6ada0942bc4d02ee477ab233571e893547049a379479b61910541e561d2f053a

AGE - Encrypt Files with SSH Keys

Stumbled upon something that I’ve missed for a long time: encrypting files with the ssh public key :) Source https://github.com/FiloSottile/age Install Package OpenBSD (and most others *nix systems) got a package for age. Just install it. doas pkg_add age Asymmetric Encryption Asymmetric Encryption encrypts and decrypts the data using two separate yet mathematically connected cryptographic keys. These keys are known as a ‘Public Key’ and a ‘Private Key’. Together, they’re called a ‘Public and Private Key Pair’

MAC Converter

MAC Address Converter We’re all dealing with MAC Addresses, some times … there are different formats on different systems. this little script convert it to all formats and you can choise the appropriate ones. Example $ maconvert aa:bb:cc:dd:ee:ff aabbccddeeff aa:bb:cc:dd:ee:ff aa-bb-cc-dd-ee-ff aabb.ccdd.eeff Script Copy/Paste will work on OpenBSD, Linux needs some small Modifications (as there is no doas for example …) doas su - cat << 'EOFSCRIPT' > /usr/local/bin/maconvert #!/usr/bin/env bash # v0.

OpenBSD 7.0

OpenBSD 7.0 released ! the 7.0 Release was released on 14. Oct 2021, two weeks before the official Launch Date (1. Nov). All the Changes are listed here: https://www.openbsd.org/70.html, or summarized: undeadly.org Things i have to consider for my Boxes: dhcpleased(8) was made the default program for configuring IPv4 addresses via DHCP resolvd(8) was activated to handle concurrent changes to resolv.conf(5) by both dhcpleased(8) and slaacd(8). Upgrade Guide Follow to official Upgrade Guide.

Aslo - AS Lookup

ASLO AS Lookup Helper Script. It’s written for OpenBSD and need’s some modification for Linux. It basically depends on Python, PIP Installer and Python Package “aslookup”. Have Fun ! Download wget https://blog.stoege.net/scripts/aslo chmod 755 aslo ./aslo 1.1.1.1 Script … and the Content himelf. It basically check’s if pip is installed, if as-lookup is installed, and then does the as lookup for the given IP Adress #!/usr/bin/env bash # AS Lookup for IP Address install_pip() { echo -e "\npip not found, install ?

Nextcloud on OpenBSD

Intro Wanna run your own Nextcloud Server on OpenBSD … ? Give a Try ! It’s quite trivial as you can see. Just fireup an empty machine, assign an Hostname / DNS Record, and follow the Examples below. This Setup is done on the current Version, 6.9. Have Fun ! Inspired by: https://dev.to/nabbisen/nextcloud-on-openbsd-installation-15d6 Packages install some packages. i use sqlite as db because i don’t expect a lot of users/traffic/files.

PowerDNS on OpenBSD

Run PowerDNS on OpenBSD I’m mostly happy with NSD as Authoritative Nameserver. But why not look over the fence and have a look at PowerDNS ? At least the API looks promising to me … Install Package doas pkg_add powerdns-- Create Folder, DB and set Permission doas mkdir /var/db/pdns doas sqlite3 /var/db/pdns/pdns.sql < /usr/local/share/doc/pdns/schema.sqlite3.sql doas chown -R _powerdns:wheel /var/db/pdns/ Update Config File /etc/pdns/pdns.conf # DB gsqlite3-database=/var/db/pdns/pdns.sql launch=gsqlite3 setuid=_powerdns # Tuning & Protection max-queue-length=5000 overload-queue-length=2500 # Webserver webserver=yes webserver-address=ip-of-your-nameserver webserver-allow-from=127.

Wireguard with Public IP behind NAT

… or how to host a Dualstacked Public Website behind a IPv4 NAT Box without Reverse Proxy, Portforwarding and other ugly stuff … inspired by the following Post, i started a little project and redesigned the connectifity for my Hamster’s Webserver :) i wrote a mail to the guys from tetaneutral.net and asked them for the wireguard vpn service with public ipv4/ipv6 adresses for my server. as i didn’t get any feedback, i had to implement the “Server” on my own.

Dog

Dog (echo dig |sed ’s/i/o/') you know nslookup, dig, hosts, getenv and all the commans for the cli. but have you ever tried dog ? Website: https://dns.lookup.dog/ and their Doku: https://dns.lookup.dog/dns-in-five-minutes dog is an open-source DNS client for the command-line. It has colourful output, supports the DoT and DoH protocols, and can emit JSON. Install Package $ doas pkg_add dog Examples DNS over TLS $ dog example.com --tls @dns.google DNS Request over HTTPS $ dog -H @https://dns.

OpenBSD 6.9

OpenBSD 6.9 released This is the 50th Release of OpenBSD ! As they release twice a Year, must be around 25y ago since the fork of NetBSD started. Wikipedia has got a Comparison of the Different BSD Operating Systems … Upgrade to 6.9 i upgrade my systems twice every years. there is no need to reinstall as the upgrade works fine over year. please read the official upgrade guide carefully and then you may wanna use this script below.

Honeypot

i like to run honeypots … ok, to be honest, it’s not a honeypot. It’s a productive maschine for me, but all the bots trying to get in get’s redirected to a Honeypot, the credentials were captured and last but not least, you can watch them live in your browser :) http://honeypot.nolink.ch btw. 100k failed login attempts in 10 Day … have fun ! sha256: 8ae49e2283f894d5ab59ec16309f4f1d4aa547c0fd90705f969bae0d20d3b6f2