OpenBSD

OpenBSD 7.0

OpenBSD 7.0 released ! the 7.0 Release was released on 14. Oct 2021, two weeks before the official Launch Date (1. Nov). All the Changes are listed here: https://www.openbsd.org/70.html, or summarized: undeadly.org Things i have to consider for my Boxes: dhcpleased(8) was made the default program for configuring IPv4 addresses via DHCP resolvd(8) was activated to handle concurrent changes to resolv.conf(5) by both dhcpleased(8) and slaacd(8). Upgrade Guide Follow to official Upgrade Guide.

Aslo - AS Lookup

ASLO AS Lookup Helper Script. It’s written for OpenBSD and need’s some modification for Linux. It basically depends on Python, PIP Installer and Python Package “aslookup”. Have Fun ! Download wget https://blog.stoege.net/scripts/aslo chmod 755 aslo ./aslo 1.1.1.1 Script … and the Content himelf. It basically check’s if pip is installed, if as-lookup is installed, and then does the as lookup for the given IP Adress #!/usr/bin/env bash # AS Lookup for IP Address install_pip() { echo -e "\npip not found, install ?

Nextcloud on OpenBSD

Intro Wanna run your own Nextcloud Server on OpenBSD … ? Give a Try ! It’s quite trivial as you can see. Just fireup an empty machine, assign an Hostname / DNS Record, and follow the Examples below. This Setup is done on the current Version, 6.9. Have Fun ! Inspired by: https://dev.to/nabbisen/nextcloud-on-openbsd-installation-15d6 Packages install some packages. i use sqlite as db because i don’t expect a lot of users/traffic/files.

PowerDNS on OpenBSD

Run PowerDNS on OpenBSD I’m mostly happy with NSD as Authoritative Nameserver. But why not look over the fence and have a look at PowerDNS ? At least the API looks promising to me … Install Package doas pkg_add powerdns-- Create Folder, DB and set Permission doas mkdir /var/db/pdns doas sqlite3 /var/db/pdns/pdns.sql < /usr/local/share/doc/pdns/schema.sqlite3.sql doas chown -R _powerdns:wheel /var/db/pdns/ Update Config File /etc/pdns/pdns.conf # DB gsqlite3-database=/var/db/pdns/pdns.sql launch=gsqlite3 setuid=_powerdns # Tuning & Protection max-queue-length=5000 overload-queue-length=2500 # Webserver webserver=yes webserver-address=ip-of-your-nameserver webserver-allow-from=127.

Wireguard with Public IP behind NAT

… or how to host a Dualstacked Public Website behind a IPv4 NAT Box without Reverse Proxy, Portforwarding and other ugly stuff … inspired by the following Post, i started a little project and redesigned the connectifity for my Hamster’s Webserver :) i wrote a mail to the guys from tetaneutral.net and asked them for the wireguard vpn service with public ipv4/ipv6 adresses for my server. as i didn’t get any feedback, i had to implement the “Server” on my own.

Dog

Dog (echo dig |sed ’s/i/o/') you know nslookup, dig, hosts, getenv and all the commans for the cli. but have you ever tried dog ? Website: https://dns.lookup.dog/ and their Doku: https://dns.lookup.dog/dns-in-five-minutes dog is an open-source DNS client for the command-line. It has colourful output, supports the DoT and DoH protocols, and can emit JSON. Install Package $ doas pkg_add dog Examples DNS over TLS $ dog example.com --tls @dns.google DNS Request over HTTPS $ dog -H @https://dns.

OpenBSD 6.9

OpenBSD 6.9 released This is the 50th Release of OpenBSD ! As they release twice a Year, must be around 25y ago since the fork of NetBSD started. Wikipedia has got a Comparison of the Different BSD Operating Systems … Upgrade to 6.9 i upgrade my systems twice every years. there is no need to reinstall as the upgrade works fine over year. please read the official upgrade guide carefully and then you may wanna use this script below.

Honeypot

i like to run honeypots … ok, to be honest, it’s not a honeypot. It’s a productive maschine for me, but all the bots trying to get in get’s redirected to a Honeypot, the credentials were captured and last but not least, you can watch them live in your browser :) http://honeypot.nolink.ch btw. 100k failed login attempts in 10 Day … have fun ! sha256: 9d42ea2e3328469699053a8ccbc0bf1e6c5e3a62d7b9d07b18afc95fbb655762

Bootstrap OpenBSD with Jail Partition

Bootstrapping VM This is similar to the previous Post, but with a small difference. Here, we add an other Partition /jail with 2GB Size. On this Partition, we remove the nodev & nosuid Flag, so we can use this Partition as Root for some Jailed Users. And last but not least, we fireup a new VM, configure a Jailed User and make it Public Available … VM with 20G Disk *** Bootstrap OpenBSD 6.

Bootstrap OpenBSD

Bootstrapping VM It’s always good to have Templates. Isn’t it ? Sometime, with a lot of stuff preconfigured and installed. Sometimes, a fresh install without anything (except syspatches). Here a little Helper, how to Build a OpenBSD Template with 20GB, resp. 40GB Disk Size. This stuff was tested on www.hetzner.de, so you should be able to reproduce it in a few minutes. Costs: CX11, 1 CPU, 2 GB RAM, 20 GB Disk, 20TB Traffic -> 2.

RPKI for Home Usage

Resource Public Key Infrastructure you may know what RPKI is … It’s a PKI Framework for improving Security for the Internet Routing Infrastructure based on BGP. As a HomeUser or Small/Medium Size Company, you normally don’t have a Full BGP Table and multipe Upstream Providers. You have one Internet Router or Firewall and you get a Default Route from your ISP. With OpenBGPD and the current rpki extensions, you “just” need a Full BGP Feed and then, you can filter all invalid ROA’s and keep your Routing (and Internet Access) more Secure.

Openbsd Root Password Recovery

if you ever have to recover your root password … Root PW Recovery boot> boot -s Enter pathname of shell or RETURN for sh: [ENTER] fsck -p / fsck -p /usr mount -uw / mount /usr passwd and finally: reboot FSCK need to run fsck ? fsck /dev/sd1a fsck -y /dev/sd1a FSTAB need do fix your fstab ? boot -s mount /usr mount / export TERM=vt100 /usr/bin/vi /etc/fstab sha256: b95b600be5f4f8c76448bc80699fdf39660be04dd3c92169bbfa16cf61d4f1a8

Wireguard Puffy to OPNsense

WG Tunnel between OpenBSD and OPNsense How to Setup an WG Tunnel between OpenBSD and OPNSense ? That’s quite simple … OpenBSD Install Packages pkg_add wireguard-tools-- Gen Key Onliner wg genkey | tee privatekey | wg pubkey > publickey Build Interface r=$(openssl rand -base64 32) remote_ip="1.2.3.4" remote_net="192.168.0.0/24" cat << 'EOF' > /etc/hostname.wg0 # WG Tunnel to OPNsense wgkey ${r} wgport 51820 wgpeer xxxxx - PUBLIC-KEY-OF-REMOTE-HOST - xxxxx= wgendpoint ${remote_ip} 51820 wgaip ${remote_net} inet 10.

Keychain

Need a small and smart utility to manage you ssh keys under linux ? got some scripts and cronjobs which requires an local ssh key ? have a look at keychain ! Install Software depending on your OS … macos$ brew install keychain debian$ sudo apt-get install keychain openbsd$ pkg_add keychain freebsd$ pkg install keychain edit startup Scripts $HOME/.bashrc $HOME/.bash_profile /etc/profile $HOME/.profile cat << 'EOF' >> $HOME/.bashrc # Keychain Startup eval `keychain --eval id_ed25519` EOF check service $ keychain $ ssh-add -L add to .

OpenBSD 6.8

OpenBSD 6.8 released OpenBSD has two new releases every year. historically, on 1. Mai and 1. November. With a few small execptions in the past Check Wikipedia so, then latest OS appeared today: OpenBSD 6.8 Perform a Full Upgrade (incl. X Stuff) sysupgrade -r Run the Script (on your own risk !) doas su - mkdir /root/bin ftp -o /root/bin/upgrade_to_68.sh https://blog.stoege.net/scripts/upgrade_to_68.sh chmod 740 /root/bin/upgrade_to_68.sh # /root/bin/upgrade_to_68.sh # *** reboot *** # /root/bin/upgrade_to_68.