Branches

some basic commands for branches. you can read Branch Basics and Branch Management for more details

create branch

you wanna develope a feature, fix a bug, test some stuff … you need a branch !

git checkout -b feature1

push upstream

if you have a central repo, push the feature upstream (so others can checkout as well)

git push --set-upstream origin feature1

show branch

you may have multiple branches, list them all. and update pager so list will not open in VIM !

i like to run honeypots … ok, to be honest, it’s not a honeypot. It’s a productive maschine for me, but all the bots trying to get in get’s redirected to a Honeypot, the credentials were captured and last but not least, you can watch them live in your browser :)

http://honeypot.nolink.ch

btw. 100k failed login attempts in 10 Day …

have fun !

sha256: 8ae49e2283f894d5ab59ec16309f4f1d4aa547c0fd90705f969bae0d20d3b6f2

Bootstrapping VM

This is similar to the previous Post, but with a small difference.

Here, we add an other Partition /jail with 2GB Size. On this Partition, we remove the nodev & nosuid Flag, so we can use this Partition as Root for some Jailed Users. And last but not least, we fireup a new VM, configure a Jailed User and make it Public Available …

VM with 20G Disk

*** Bootstrap OpenBSD 6.8 ***

i just like this Page … Faces of OpenSource.

Thanks for all the fish, guys !

sha256: 511dfaf2c20685d4fb80884557bf2efaf1ac7f234d02d25be20687d92cb6ad11

Tshark Basic Commands

tbd

Capture DNS on wg0 Interface, v4 & v6

tshark -nn -i wg0 -e ip.src -e ip6.src -e dns.qry.name -E separator=";" -T fields port 53

Ringbuffer

Capture Files, Rotate every 10MB, keep last 25 files

doas tshark -n -i em0 -w sniff -b filesize:10000 -b files:25

Ringbuffer with Autostop -> Time

Capture Files, Rotate every 10MB, keep last 25 files, Stop after 1h

doas tshark -n -i em0 -w sniff -b filesize:10000 -b files:25 -a duration:3600

Ringbuffer with Autostop -> Packets

Capture Files, Rotate every 10MB, keep last 25 files, Stop after 100000 Packets

Managing VM’s on Hetzner Cloud with Terraform

you may want to manage some vm in the cloud. webgui is nice, but a real nerd needs cli ;)

some notes how to get terraform running with OpenBSD.

add Packages (3min)

$ time doas pkg_add git gmake go terraform

3m18.62s real     0m19.53s user     0m07.73s system

set GO PATH

echo "GOPATH=$HOME/go" >> ~/.profile
echo "export GOPATH" >> ~/.profile
. ./.profile
echo $GOPATH

build terraform provider for hcloud (2min)

As the hcloud is not available for OpenBSD, we have to build it on our own.

Bootstrapping VM

It’s always good to have Templates. Isn’t it ? Sometime, with a lot of stuff preconfigured and installed. Sometimes, a fresh install without anything (except syspatches). Here a little Helper, how to Build a OpenBSD Template with 20GB, resp. 40GB Disk Size.

This stuff was tested on www.hetzner.de, so you should be able to reproduce it in a few minutes.

Costs: CX11,  1 CPU, 2 GB RAM, 20 GB Disk, 20TB Traffic -> 2.68 Euro/Month
Costs: CPX11, 2 CPU, 2 GB RAM, 40 GB Disk, 20TB Traffic -> 3.76 Euro/Month

If you create an Account, you can use my sponsor link and we both get “a few bucks” to play with …

Resource Public Key Infrastructure

you may know what RPKI is …

It’s a PKI Framework for improving Security for the Internet Routing Infrastructure based on BGP.

As a HomeUser or Small/Medium Size Company, you normally don’t have a Full BGP Table and multipe Upstream Providers. You have one Internet Router or Firewall and you get a Default Route from your ISP.

With OpenBGPD and the current rpki extensions, you “just” need a Full BGP Feed and then, you can filter all invalid ROA’s and keep your Routing (and Internet Access) more Secure.

How to Dynamic Assign Vlans with Ruckus Unleashed and FreeRadius

Setup FreeRadius

pkg_add freeradius--%freeradius3

clients.conf

add your wlan ap

client ruckus {
	ipaddr		= 1.2.3.4/32
	secret		= das-sag-ich-dir-nicht
}

users.conf

add some users

# Admin to Admin Vlan (100)
admin Cleartext-Password := "das-sag-ich-dir-nicht"
  Tunnel-Type = 13,
  Tunnel-Medium-Type = 6,
  Tunnel-Private-Group-Id = "100"

# Guests to Guest Vlan (200)
guest Cleartext-Password := "das-sag-ich-nur-dem-gast"
  Tunnel-Type = 13,
  Tunnel-Medium-Type = 6,
  Tunnel-Private-Group-Id = "200"

/etc/raddb/sites-available/inner-tunnel

enable Vlan rewrite on line 336 (set to 1)

how to update checkmk

let’s assume you already have a running version of checkmk. You should install patches / updated every few month.

Main and Download URL’s

Main URL: https://checkmk.com/de/download?edition=cre&version=stable&dist=debian&os=bullseye

https://download.checkmk.com/checkmk/1.6.0p20/check-mk-raw-1.6.0p20_0.bullseye_amd64.deb

https://download.checkmk.com/checkmk/2.0.0p12/check-mk-raw-2.0.0p12_0.bullseye_amd64.deb

Download and Install Package

Login as Root

v="2.0.0p25"
cd /tmp
wget -O checkmk.deb "https://download.checkmk.com/checkmk/${v}/check-mk-raw-${v}_0.bullseye_amd64.deb"
gdebi checkmk.deb

Update Checkmk

Switch User …

su - mysite

.. Switch User and start Update

omd status
omd version
omd stop
omd update
omd start

Cleanup

exit
omd cleanup

Check Application

Open Browser, check News and Plugins