OpenBSD 6.9

OpenBSD 6.9 released This is the 50th Release of OpenBSD ! As they release twice a Year, must be around 25y ago since the fork of NetBSD started. Wikipedia has got a Comparison of the Different BSD Operating Systems … Upgrade to 6.9 i upgrade my systems twice every years. there is no need to reinstall as the upgrade works fine over year. please read the official upgrade guide carefully and then you may wanna use this script below.

Comments

just trying a new feature for leaving comments … it’s selfhosted, done with isso and quite painfull to install :( some people may like to provide feedback, ask questions, … sha256: 77e8157a850143fbc6ec418ef10c9a9e53040091604df1c9dbdd6e2d476d3c0e

Projects

as many of you, i’ve got different kind of stuff running, mostly internally, but also some public things. my Server is your Honeypot watch some live bruteforce attacks which happens to any public ip address on the internet … i get attacked with 10k/attemps per Day Hamsterwheel Counter my Daughter got a Hamster and he’s running every night in his Weel.. I built a small Wheel-Counter so we can see the Daily Stats an Performance of Cookie :).

Git Branches

Branches some basic commands for branches. you can read the official page for more details create branch you wanna develope a feature, fix a bug, test some stuff … you need a branch ! git checkout -b feature1 push upstream if you have a central repo, push the feature upstream (so others can checkout as well) git push --set-upstream origin feature1 show branch you may have multiple branches, list them all.

Honeypot

i like to run honeypots … ok, to be honest, it’s not a honeypot. It’s a productive maschine for me, but all the bots trying to get in get’s redirected to a Honeypot, the credentials were captured and last but not least, you can watch them live in your browser :) http://honeypot.nolink.ch btw. 100k failed login attempts in 10 Day … have fun ! sha256: 9d42ea2e3328469699053a8ccbc0bf1e6c5e3a62d7b9d07b18afc95fbb655762

Bootstrap OpenBSD with Jail Partition

Bootstrapping VM This is similar to the previous Post, but with a small difference. Here, we add an other Partition /jail with 2GB Size. On this Partition, we remove the nodev & nosuid Flag, so we can use this Partition as Root for some Jailed Users. And last but not least, we fireup a new VM, configure a Jailed User and make it Public Available … VM with 20G Disk *** Bootstrap OpenBSD 6.

Faces of OpenSource

i just like this Page … Faces of OpenSource. Thanks for all the fish, guys ! sha256: df162290d9004e5881b856b1efb2d2f91037837d6ba52a5b7059919a547a160e

Tshark

Tshark Basic Commands tbd Ringbuffer Capture Files, Rotate every 10MB, keep last 25 files doas tshark -n -i em0 -w sniff -b filesize:10000 -b files:25 Ringbuffer with Autostop -> Time Capture Files, Rotate every 10MB, keep last 25 files, Stop after 1h doas tshark -n -i em0 -w sniff -b filesize:10000 -b files:25 -a duration:3600 Ringbuffer with Autostop -> Packets Capture Files, Rotate every 10MB, keep last 25 files, Stop after 100000 Packets

Deploy VM's with Terraform in 10min

Managing VM’s on Hetzner Cloud with Terraform you may want to manage some vm in the cloud. webgui is nice, but a real nerd needs cli ;) some notes how to get terraform running with OpenBSD. add Packages (3min) $ time doas pkg_add git gmake go terraform 3m18.62s real 0m19.53s user 0m07.73s system set GO PATH echo "GOPATH=$HOME/go" >> ~/.profile echo "export GOPATH" >> ~/.profile . ./.profile echo $GOPATH build terraform provider for hcloud (2min) As the hcloud is not available for OpenBSD, we have to build it on our own.

Bootstrap OpenBSD

Bootstrapping VM It’s always good to have Templates. Isn’t it ? Sometime, with a lot of stuff preconfigured and installed. Sometimes, a fresh install without anything (except syspatches). Here a little Helper, how to Build a OpenBSD Template with 20GB, resp. 40GB Disk Size. This stuff was tested on www.hetzner.de, so you should be able to reproduce it in a few minutes. Costs: CX11, 1 CPU, 2 GB RAM, 20 GB Disk, 20TB Traffic -> 2.

RPKI for Home Usage

Resource Public Key Infrastructure you may know what RPKI is … It’s a PKI Framework for improving Security for the Internet Routing Infrastructure based on BGP. As a HomeUser or Small/Medium Size Company, you normally don’t have a Full BGP Table and multipe Upstream Providers. You have one Internet Router or Firewall and you get a Default Route from your ISP. With OpenBGPD and the current rpki extensions, you “just” need a Full BGP Feed and then, you can filter all invalid ROA’s and keep your Routing (and Internet Access) more Secure.

Ruckus, Radius, Dynamic Vlan Assignment

How to Dynamic Assign Vlans with Ruckus Unleashed and FreeRadius Setup FreeRadius pkg_add freeradius--%freeradius3 clients.conf add your wlan ap client ruckus { ipaddr = 1.2.3.4/32 secret = das-sag-ich-dir-nicht } users.conf add some users # Admin to Admin Vlan (100) admin Cleartext-Password := "das-sag-ich-dir-nicht" Tunnel-Type = 13, Tunnel-Medium-Type = 6, Tunnel-Private-Group-Id = "100" # Guests to Guest Vlan (200) guest Cleartext-Password := "das-sag-ich-nur-dem-gast" Tunnel-Type = 13, Tunnel-Medium-Type = 6, Tunnel-Private-Group-Id = "200" /etc/raddb/sites-available/inner-tunnel enable Vlan rewrite on line 336 (set to 1)

Update Checkmk

how to update checkmk let’s assume you already have a running version of checkmk. You should install patches / updated every few month. Main and Download URL’s Main URL: https://checkmk.com/de/download?edition=cre&version=stable&dist=debian&os=bullseye https://download.checkmk.com/checkmk/1.6.0p20/check-mk-raw-1.6.0p20_0.bullseye_amd64.deb https://download.checkmk.com/checkmk/2.0.0p12/check-mk-raw-2.0.0p12_0.bullseye_amd64.deb Download and Install Package Login as Root v="2.0.0p15" cd /tmp wget -O checkmk.deb "https://download.checkmk.com/checkmk/${v}/check-mk-raw-${v}_0.bullseye_amd64.deb" gdebi checkmk.deb Update Checkmk Switch User and start Update su - mysite omd status omd version omd stop omd update omd start Cleanup exit omd cleanup Check Application Open Browser, check News and Plugins

Vuln IOS XE 03.06.04

Security posture via Cisco PSIRT OpenVuln API Platform: iosxe Version: 03.06.04.E Advisory-ID Impact CVSS CVE Fixed with First Published cisco-sa-info-disclosure-V4BmJBNF Cisco IOS and IOS XE Software Information Disclosure Vulnerability 5.5 CVE-2020-3477 2020-09-24T16:00:00 cisco-sa-ikev2-9p23Jj2a Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability 7.5 CVE-2020-3230 2020-06-03T16:00:00 cisco-sa-ssh-dos-Un22sd2A Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability 7.

Vuln IOS XE 03.08.06

Security posture via Cisco PSIRT OpenVuln API Platform: iosxe Version: 03.08.06.E Advisory-ID Impact CVSS CVE Fixed with First Published cisco-sa-info-disclosure-V4BmJBNF Cisco IOS and IOS XE Software Information Disclosure Vulnerability 5.5 CVE-2020-3477 2020-09-24T16:00:00 cisco-sa-ikev2-9p23Jj2a Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability 7.5 CVE-2020-3230 2020-06-03T16:00:00 cisco-sa-ssh-dos-Un22sd2A Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability 7.