OpenBSD - Full Disk Encryption

Intro I never used the Fulldisk Encryption Feature as there was no need for. It doesn’t make sense for Hosted VM’s, as you have to enter the Passphrase at every boot at the Console. So, it’s a pain and still possible to intercept on the Hosters Infrastructure. Disk Encryption does not make sense at home, as all my Devices remains at home (and hopefully never got stolen). It would make sense on a Notebook, but i’m more the Apple Fanboy when it comes to portable Machines.

JC - JSON from CLI

how to build json from cli we all like json, do we ? https://kellyjonbrazil.github.io/jc/docs/parsers/ping add package doas pkg_add jc try ping openbsd-box # ping -c 3 1.1.1.1 |jc --ping -p 2>/dev/null { "destination_ip": "1.1.1.1", "data_bytes": 56, "pattern": null, "destination": "1.1.1.1", "packets_transmitted": 3, "packets_received": 3, "packet_loss_percent": 0.0, "duplicates": 0, "round_trip_ms_min": 9.219, "round_trip_ms_avg": 9.826, "round_trip_ms_max": 10.158, "round_trip_ms_stddev": 0.43, "responses": [ { "type": "reply", "bytes": 64, "response_ip": "1.1.1.1", "icmp_seq": 0, "ttl": 59, "time_ms": 10.

Unbound - Logging

Enable Logging for Unbound update unbound.conf /var/unbound/etc/unbound.conf server: logfile: /log/unbound.log verbosity: 1 log-queries: yes ... create folder/logfile log=/var/unbound/log/unbound.log doas mkdir /var/unbound/log/ touch $log chmod 660 $log chown _unbound:_unbound $log restart service doas rcctl restart unbound tail logfile tail -f /var/unbound/log/unbound.log # tail -f /var/unbound/log/unbound.log [1660208341] unbound[3279:0] notice: init module 0: validator [1660208341] unbound[3279:0] notice: init module 1: iterator [1660208341] unbound[3279:0] info: start of service (unbound 1.15.0). [1660208344] unbound[3279:0] info: xxx.xxx.xxx.xxx time.

Unbound - RemoteControl

How to Enable Remote Control for Unbound Setup Remote Control doas unbound-control-setup $ doas unbound-control-setup setup in directory /var/unbound/etc Generating RSA private key, 3072 bit long modulus ..................................++++ ..................................++++ e is 010001 (0x65537) Generating RSA private key, 3072 bit long modulus ........................................++++ ........................................++++ e is 010001 (0x65537) Signature ok subject=/CN=unbound-control Getting CA Private Key removing artifacts Setup success. Certificates created. Enable in unbound.conf file to use Enable in unbound.conf /var/unbound/etc/unbound.conf

OpenSSH 2FA Google Auth

Let’s give a try with Alpine Linux, OpenSSH and 2FA with Google Authenticator. add Packages apk add openssh openssh-server-pam google-authenticator openssh-doc google-authenticator-doc libqrencode Configure GoogleAuth touch /etc/pam.d/sshd ln /etc/pam.d/sshd /etc/pam.d/sshd.pam cat << 'EOF' >> /etc/pam.d/sshd.pam account include base-account auth required pam_env.so auth required pam_nologin.so successok auth required /lib/security/pam_google_authenticator.so echo_verification_code grace_period=57600 nullok auth required pam_unix.so md5 sha512 EOF update sshd_config cat << 'EOF' >> /etc/ssh/sshd_config PasswordAuthentication no AuthenticationMethods any UsePAM yes EOF Restart SSHD service sshd restart Setup User su - USERNAME google-authenticator Response

HTMLQ

stumpled upon some thing cool, htmlq! It’s like jq, but for HTML. Installation Rust htmlq need rust. so, let’s install rust first. doas pkg_add rust Add Link to Path cat << 'EOF' |doas tee -a /etc/profile # Rust/Cargo export PATH=$PATH:/root/.cargo/bin EOF . /etc/profile Install HTMLQ doas cargo install htmlq some Examples Extract Links curl -s https://www.openbsd.org | htmlq --attribute href a |head Example user@nixbox$ curl -s https://www.openbsd.org | htmlq --attribute href a |head goals.

Cisco Router, SSH, PubKey, ...

Intro I stumbled across an old Cisco box in the basement. I thought i might have some fun (or frust?) with the aging Device. The Hardware still works fine, right ? And what about the Software ? Let’s give a try ! Hardware show version Cisco 1841 (revision 7.0) with 352256K/40960K bytes of memory. Processor board ID FCZ1234757Y 6 FastEthernet interfaces 1 Virtual Private Network (VPN) Module DRAM configuration is 64 bits wide with parity disabled.

OpenBSD 7.2 - Compare

there are a few Weeks until OpenBSD 7.2 will get released. Anyhow, running current is a good way to get a “preview” what’s in the pipeline and will come soon. one of the painpoint was update packages on OpenBSD. Not because it was difficult, but it took quite a lot of time. Specially, when you run a bunch of machines in different networks. Version and Time consumption sysctl kern.version pkg_info |wc -l time pkg_add -Vu OpenBSD 7.

Smokeping on Docker

If you have Docker running somehwere … bring up your Smoke Instance within Seconds ;) Smokeping docker run --name smoke --restart always -d -p 80:80 linuxserver/smokeping Show Containers docker ps docker-test:~# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8f8b872ac1c3 linuxserver/smokeping "/init" 6 minutes ago Up 6 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp smoke Shell into Docker docker exec -it smoke /bin/sh Check Netstat root@8f8b872ac1c3:/# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.

Alpine - OpenVM Tools

Running Alpine on ESX ? Install the Open VM Tools … Install OpenVM Tools apk add open-vm-tools apk add open-vm-tools-guestinfo apk add open-vm-tools-deploypkg Start Service rc-service open-vm-tools start Autostart Service rc-update add open-vm-tools boot All in One apk add open-vm-tools open-vm-tools-guestinfo open-vm-tools-deploypkg rc-update add open-vm-tools boot rc-service open-vm-tools start Busybox Extras add some tools (arch, dnsd, dumpleases, fakeidentd, ftpd, ftpget, ftpput, httpd, inetd, readahead, telnet, telnetd, tftp, tftpd, udhcpd) apk add busybox-extras List Packages apk info -L busybox-extras docker# apk info -L busybox-extras busybox-extras-1.

Redis on OpenBSD

let’s play a bit with Redis. A In-Memory Data Store for Caching, Streaming, Message Broker https://redis.io/ Install doas rcctl add redis doas rcctl enable redis doas rcclt restart redis Package Summary what did we got installed ? doas pkg_info -L redis $ doas pkg_info -L redis Information for inst:redis-6.2.7 Files: /etc/rc.d/redis /usr/local/bin/redis-benchmark /usr/local/bin/redis-check-aof /usr/local/bin/redis-check-rdb /usr/local/bin/redis-cli /usr/local/bin/redis-sentinel /usr/local/bin/redis-server /usr/local/share/examples/redis/redis.conf /usr/local/share/examples/redis/sentinel.conf A Server, a Client, a configuration File, … Keep Alive send a ping …

Ruby on Rails

https://github.com/Bratela/openbsd Install Ruby Install Ruby and set Symlinks doas su - pkg_add ruby-3.1.2 ln -sf /usr/local/bin/ruby31 /usr/local/bin/ruby ln -sf /usr/local/bin/bundle31 /usr/local/bin/bundle ln -sf /usr/local/bin/bundler31 /usr/local/bin/bundler ln -sf /usr/local/bin/erb31 /usr/local/bin/erb ln -sf /usr/local/bin/gem31 /usr/local/bin/gem ln -sf /usr/local/bin/irb31 /usr/local/bin/irb ln -sf /usr/local/bin/rdoc31 /usr/local/bin/racc ln -sf /usr/local/bin/rake31 /usr/local/bin/rake ln -sf /usr/local/bin/rdoc31 /usr/local/bin/rbs ln -sf /usr/local/bin/rdoc31 /usr/local/bin/rdbg ln -sf /usr/local/bin/rdoc31 /usr/local/bin/rdoc ln -sf /usr/local/bin/ri31 /usr/local/bin/ri ln -sf /usr/local/bin/typeprof31 /usr/local/bin/typeprof Install Nokogiri pkg_add ruby31-nokogiri-1.13.1p0 Install Rails pkg_add ruby-3.

Ubuntu 20.04 LTS & Netplan

Assume you got a fresh Machine with DHCP … Ubuntu with DHCP Config cat /etc/netplan/01-netcfg.yaml # This is the network config written by 'subiquity' network: ethernets: ens192: dhcp4: true version: 2 and you’d like to switch to Static IP, ask google how todo it an give try: Static IP with Netplan # This is the network config written by 'subiquity' network: version: 2 ethernets: ens192: addresses: - 1.2.3.4/24 gateway4: 1.1.1.1 nameservers: addresses: - 8.

Kubernetes Multi-Juicer

If you ever wanna run a Multiplayer OWASP Juice Shop CTF on your own, here are some Notes and Info for bloody beginners References https://github.com/iteratec/multi-juicer/ https://www.digitalocean.com/ https://kubernetes.io/de/docs/concepts/overview/what-is-kubernetes/ Prerequisite you’ve got a Digital Ocean Account (or some other Cloud Provider) a spare domain and set the NS of DigitalOcean Digital Ocean CMD Line Tools installed and configured helm tools (kubernetes package manager -> brew install helm) some budget (~2 CHF/Day) 30min for Setup btw.

FreeBSD bhyve

bhyve, pronounced “beehive” is a hypervisor/virtual machine manager for FreeBSD that supports most Intel and AMD processors that report the “POPCNT” (POPulation Count) processor feature in dmesg(8). Download ISO and boot it … in a new Virtual Machine … cat << 'EOF' > run_bhyve.sh #!/usr/bin/env bash iso=FreeBSD-13.1-RELEASE-amd64-bootonly.iso vm=guest.img # Load Module if needed kldstat |grep vmm.ko || kldload vmm ifconfig tap0 create sysctl net.link.tap.up_on_open=1 ifconfig ifconfig bridge0 create ifconfig bridge0 addm vmx0 addm tap0 ifconfig bridge0 create ifconfig bridge0 up # Get ISO test -f $iso || fetch https://download.