Blog

sha256: 2b87a252a3d912530dd8c20df6bee7f6cbc4ede0074fdf217e318aab39d9736c

Aslo - AS Lookup

OpenBSD

ASLO

AS Lookup Helper Script. It’s written for OpenBSD and need’s some modification for Linux. It basically depends on Python, PIP Installer and Python Package “aslookup”. Have Fun !

Download

wget https://blog.stoege.net/scripts/aslo
chmod 755 aslo
./aslo 1.1.1.1

Script

… and the Content himelf. It basically check’s if pip is installed, if as-lookup is installed, and then does the as lookup for the given IP Adress

#!/usr/bin/env bash

# AS Lookup for IP Address

install_pip() {
  echo -e "\npip not found, install ?\n"
  read -rsp $'Press any key to continue...\n' -n1 key
  pkg_add py3-pip--
  ln -sf /usr/local/bin/pip3.9 /usr/local/bin/pip
  echo -e "\npip installed ...\n"
}

install_aslookup() {
  echo -e "\nas-lookup not found, install ?\n"
  read -rsp $'Press any key to continue...\n' -n1 key
  pip install aslookup
  echo -e "\naslookup installed ...\n"
}

aslo() {
  as-lookup -s cymru `getent hosts $1 |awk '!/:/{ print $1}'`
}

which pip &>/dev/null || install_pip
which as-lookup &>/dev/null || install_aslookup
aslo $1

exit 0

Usage

you can simply ask one ip …

Nextcloud on OpenBSD

OpenBSD

Intro

Wanna run your own Nextcloud Server on OpenBSD … ? Give a Try ! It’s quite trivial as you can see. Just fireup an empty machine, assign an Hostname / DNS Record, and follow the Examples below. This Setup is done on the current Version, 6.9. Have Fun !

Inspired by: https://dev.to/nabbisen/nextcloud-on-openbsd-installation-15d6

Packages

install some packages. i use sqlite as db because i don’t expect a lot of users/traffic/files.

$ doas pkg_add nextcloud
quirks-3.633 signed on 2021-09-27T19:58:00Z
Ambiguous: choose package for nextcloud
a 0: <None>
  1: nextcloud-20.0.12
  2: nextcloud-21.0.4
Your choice: 2
Ambiguous: choose dependency for nextcloud-21.0.4:
a 0: php-pdo_mysql-7.4.23
  1: php-pdo_pgsql-7.4.23
  2: php-pdo_sqlite-7.4.23
Your choice: 2
nextcloud-21.0.4:argon2-20190702: ok
nextcloud-21.0.4:libsodium-1.0.18p1: ok
nextcloud-21.0.4:libxml-2.9.10p3: ok
nextcloud-21.0.4:oniguruma-6.9.6: ok
...
nextcloud-21.0.4: ok
Running tags: ok
The following new rcscripts were installed: /etc/rc.d/php74_fpm
See rcctl(8) for details.
New and changed readme(s):
  /usr/local/share/doc/pkg-readmes/femail-chroot
  /usr/local/share/doc/pkg-readmes/nextcloud
  /usr/local/share/doc/pkg-readmes/php-7.4

Preare Chroot

Create some Folders and stuff in the Chrooted Environment

Git aliases

Linux

we all do like aliases, right ?

https://git-scm.com/book/en/v2/Git-Basics-Git-Aliases

Some Aliases

git config --global alias.co checkout
git config --global alias.br branch
git config --global alias.ci commit
git config --global alias.st status
git config --global alias.bra "branch -a"

and then, you just type:

git co
git br
git ci
git st
git bra

.gitconfig

all this stuff is saved in ~/.gitconfig

$ cat ~/gitconfig
# This is Git's per-user configuration file.
...
[alias]
  co = checkout
  br = branch
  ci = commit
  st = status
  bra = branch -a
Any Comments ?

sha256: 1175e6dde38a2eaed638973cbcd44b5d877ef48acc4e42127dbed167ec15cd1c

CAS@OST

Security

it’s time for some education and i decided to do a CAS CyberSecurity @OST (prev. HSR Rapperswil).

I expect to learn a lot in Attacking, Defense, Reverse Engineering and so on. Think i have already a “good basic” in many of these Topics. So, i expect the have an intersting Time in the next few Month. You can expect some posts here, or may i do another blog ?

-> started a new blog for the CAS

Blog renamed

… just renamed the blog from “puffy.nolink.ch” to “blog.stoege.net” !

hope all the links are still working. redirection from old location should be in place

Any Comments ?

sha256: 7b4e2517426b596dcba03360c7f9e01b19c8a13218ca3e0ee666ffa9cff824e6

PowerDNS on OpenBSD

OpenBSD

Run PowerDNS on OpenBSD

I’m mostly happy with NSD as Authoritative Nameserver. But why not look over the fence and have a look at PowerDNS ? At least the API looks promising to me …

Install Package

doas pkg_add powerdns--

Create Folder, DB and set Permission

doas mkdir /var/db/pdns
doas sqlite3 /var/db/pdns/pdns.sql < /usr/local/share/doc/pdns/schema.sqlite3.sql
doas chown -R _powerdns:wheel /var/db/pdns/

Update Config File /etc/pdns/pdns.conf

# DB
gsqlite3-database=/var/db/pdns/pdns.sql
launch=gsqlite3
setuid=_powerdns

# Tuning & Protection
max-queue-length=5000
overload-queue-length=2500

# Webserver
webserver=yes
webserver-address=ip-of-your-nameserver
webserver-allow-from=127.0.0.1,::1,my-remote-ip-address

Enable and Start Service

doas rcctl enable pdns_server
doas rcctl restart pdns_server

Import Data from NSD

If you have an existing NSD Setup, you can easily import the zones into the sqlite db.

Wireguard with Public IP behind NAT

OpenBSD, Wireguard

… or how to host a Dualstacked Public Website behind a IPv4 NAT Box without Reverse Proxy, Portforwarding and other ugly stuff …

inspired by the following Post, i started a little project and redesigned the connectifity for my Hamster’s Webserver :)

i wrote a mail to the guys from tetaneutral.net and asked them for the wireguard vpn service with public ipv4/ipv6 adresses for my server. as i didn’t get any feedback, i had to implement the “Server” on my own.

Bootstrap Debian

Linux

Bootstrapping Debian

a little helper how to generate a Debian Template. This time, it’s a VM Hosted on Vultr

New VM

1 CPU, 1GB RAM, 25GB Disk

upload debian-10.9.0-amd64-netinst.iso
boot from iso
install:      (text based)
lang:         english
country:      switzerland
locale:       US (en_US.UTF-8)
keymap:       Swiss German
nic:          ens3
hostname:     template-25G
domain:       your.domain.de
passwd:       xxxxxxxx
user:         firstname lastname / loginame
passwd:       xxxxxxxx
disk:         Guided - entire disk with LVM - (one partition | separate /home | separate /home, /var and /tmp)
              separate partition for large disks
              one partition for smaller disks
write:        yes
disk:         20GB (for guided partitioning), 5GB for Spare
write:        yes
another dvd:  no
mirror:       switzerland, debian.ethz.ch
survey:       no
software:     SSH Server, standard system utilities
grub:         yes, /dev/sda3

remove iso and reboot

login as user, su to root

mkdir /root/.ssh && chmod 600 /root/.ssh
echo "ssh-ed25519 AAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys

halt -p
-> snapshot template-debian-25G
Any Comments ?

sha256: 5b87992169bc05b44db33f9e79fa557f81844b871c8a7566d94b8bf11841ad32

Dog

OpenBSD

Dog (echo dig |sed ’s/i/o/')

you know nslookup, dig, hosts, getenv and all the commans for the cli. but have you ever tried dog ?

Website: https://dns.lookup.dog/

and their Doku: https://dns.lookup.dog/dns-in-five-minutes

dog is an open-source DNS client for the command-line. It has colourful output, supports the DoT and DoH protocols, and can emit JSON.

Install Package

$ doas pkg_add dog

Examples

DNS over TLS

$ dog example.com --tls @dns.google

DNS Request over HTTPS

$ dog -H @https://dns.google/dns-query lookup.dog
A lookup.dog. 18m08s   51.159.26.255

Json Support

$ dog bsago.me --json | jq .responses[0].answers[0]
{
  "address": "138.68.117.94",
  "class": "IN",
  "name": "bsago.me.",
  "ttl": 7111,
  "type": "A"
}

Full Help File

$ dog --help
dog ● command-line DNS client

Usage:
  dog [OPTIONS] [--] <arguments>

Examples:
  dog example.net                          Query a domain using default settings
  dog example.net MX                       ...looking up MX records instead
  dog example.net MX @1.1.1.1              ...using a specific nameserver instead
  dog example.net MX @1.1.1.1 -T           ...using TCP rather than UDP
  dog -q example.net -t MX -n 1.1.1.1 -T   As above, but using explicit arguments

Query options:
  <arguments>              Human-readable host names, nameservers, types, or classes
  -q, --query=HOST         Host name or IP address to query
  -t, --type=TYPE          Type of the DNS record being queried (A, MX, NS...)
  -n, --nameserver=ADDR    Address of the nameserver to send packets to
  --class=CLASS            Network class of the DNS record being queried (IN, CH, HS)

Sending options:
  --edns=SETTING           Whether to OPT in to EDNS (disable, hide, show)
  --txid=NUMBER            Set the transaction ID to a specific value
  -Z=TWEAKS                Set uncommon protocol-level tweaks

Protocol options:
  -U, --udp                Use the DNS protocol over UDP
  -T, --tcp                Use the DNS protocol over TCP
  -S, --tls                Use the DNS-over-TLS protocol
  -H, --https              Use the DNS-over-HTTPS protocol

Output options:
  -1, --short              Short mode: display nothing but the first result
  -J, --json               Display the output as JSON
  --color, --colour=WHEN   When to colourise the output (always, automatic, never)
  --seconds                Do not format durations, display them as seconds
  --time                   Print how long the response took to arrive

Meta options:
  -?, --help               Print list of command-line options
  -v, --version            Print version information

Happy Dog !

PHP 8.0 on OpenBSD 6.9

OpenBSD

OpenBSD 6.9 and PHP 8 is out … Why not give a try ?

list packages

what PHP Packages are available with Version 6.9 ?

root@host # pkg_info -Q php |grep '\-8'
php-8.0.3
php-apache-8.0.3
php-bz2-8.0.3
php-cgi-8.0.3
php-curl-8.0.3
php-dba-8.0.3
php-dbg-8.0.3
php-enchant-8.0.3
php-gd-8.0.3
php-gmp-8.0.3
php-imap-8.0.3
php-intl-8.0.3
php-ldap-8.0.3
php-mysqli-8.0.3
php-odbc-8.0.3
php-pcntl-8.0.3
php-pdo_dblib-8.0.3
php-pdo_mysql-8.0.3
php-pdo_odbc-8.0.3
php-pdo_pgsql-8.0.3
php-pdo_sqlite-8.0.3
php-pgsql-8.0.3
php-pspell-8.0.3
php-shmop-8.0.3
php-snmp-8.0.3
php-soap-8.0.3
php-sqlite3-8.0.3
php-tidy-8.0.3
php-xsl-8.0.3
php-zip-8.0.3

Install and Configure Nginx

add nginx, php8

add webserver, php8 and enable the services