Unbound - RemoteControl

How to Enable Remote Control for Unbound Setup Remote Control doas unbound-control-setup $ doas unbound-control-setup setup in directory /var/unbound/etc Generating RSA private key, 3072 bit long modulus ..................................++++ ..................................++++ e is 010001 (0x65537) Generating RSA private key, 3072 bit long modulus ........................................++++ ........................................++++ e is 010001 (0x65537) Signature ok subject=/CN=unbound-control Getting CA Private Key removing artifacts Setup success. Certificates created. Enable in unbound.conf file to use Enable in unbound.conf /var/unbound/etc/unbound.conf

OpenSSH 2FA Google Auth

Let’s give a try with Alpine Linux, OpenSSH and 2FA with Google Authenticator. add Packages apk add openssh openssh-server-pam google-authenticator openssh-doc google-authenticator-doc libqrencode Configure GoogleAuth touch /etc/pam.d/sshd ln /etc/pam.d/sshd /etc/pam.d/sshd.pam cat << 'EOF' >> /etc/pam.d/sshd.pam account include base-account auth required pam_env.so auth required pam_nologin.so successok auth required /lib/security/pam_google_authenticator.so echo_verification_code grace_period=57600 nullok auth required pam_unix.so md5 sha512 EOF update sshd_config cat << 'EOF' >> /etc/ssh/sshd_config PasswordAuthentication no AuthenticationMethods any UsePAM yes EOF Restart SSHD service sshd restart Setup User su - USERNAME google-authenticator Response

HTMLQ

stumpled upon some thing cool, htmlq! It’s like jq, but for HTML. Installation Rust htmlq need rust. so, let’s install rust first. doas pkg_add rust Add Link to Path cat << 'EOF' |doas tee -a /etc/profile # Rust/Cargo export PATH=$PATH:/root/.cargo/bin EOF . /etc/profile Install HTMLQ doas cargo install htmlq some Examples Extract Links curl -s https://www.openbsd.org | htmlq --attribute href a |head Example user@nixbox$ curl -s https://www.openbsd.org | htmlq --attribute href a |head goals.

Cisco Router, SSH, PubKey, ...

Intro I stumbled across an old Cisco box in the basement. I thought i might have some fun (or frust?) with the aging Device. The Hardware still works fine, right ? And what about the Software ? Let’s give a try ! Hardware show version Cisco 1841 (revision 7.0) with 352256K/40960K bytes of memory. Processor board ID FCZ1234757Y 6 FastEthernet interfaces 1 Virtual Private Network (VPN) Module DRAM configuration is 64 bits wide with parity disabled.

OpenBSD 7.2 - Compare

there are a few Weeks until OpenBSD 7.2 will get released. Anyhow, running current is a good way to get a “preview” what’s in the pipeline and will come soon. one of the painpoint was update packages on OpenBSD. Not because it was difficult, but it took quite a lot of time. Specially, when you run a bunch of machines in different networks. Version and Time consumption sysctl kern.version pkg_info |wc -l time pkg_add -Vu OpenBSD 7.

Smokeping on Docker

If you have Docker running somehwere … bring up your Smoke Instance within Seconds ;) Smokeping docker run --name smoke --restart always -d -p 80:80 linuxserver/smokeping Show Containers docker ps docker-test:~# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8f8b872ac1c3 linuxserver/smokeping "/init" 6 minutes ago Up 6 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp smoke Shell into Docker docker exec -it smoke /bin/sh Check Netstat root@8f8b872ac1c3:/# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.

Alpine - OpenVM Tools

Running Alpine on ESX ? Install the Open VM Tools … Install OpenVM Tools apk add open-vm-tools apk add open-vm-tools-guestinfo apk add open-vm-tools-deploypkg Start Service rc-service open-vm-tools start Autostart Service rc-update add open-vm-tools boot All in One apk add open-vm-tools open-vm-tools-guestinfo open-vm-tools-deploypkg rc-update add open-vm-tools boot rc-service open-vm-tools start Busybox Extras add some tools (arch, dnsd, dumpleases, fakeidentd, ftpd, ftpget, ftpput, httpd, inetd, readahead, telnet, telnetd, tftp, tftpd, udhcpd) apk add busybox-extras List Packages apk info -L busybox-extras docker# apk info -L busybox-extras busybox-extras-1.

Redis on OpenBSD

let’s play a bit with Redis. A In-Memory Data Store for Caching, Streaming, Message Broker https://redis.io/ Install doas rcctl add redis doas rcctl enable redis doas rcclt restart redis Package Summary what did we got installed ? doas pkg_info -L redis $ doas pkg_info -L redis Information for inst:redis-6.2.7 Files: /etc/rc.d/redis /usr/local/bin/redis-benchmark /usr/local/bin/redis-check-aof /usr/local/bin/redis-check-rdb /usr/local/bin/redis-cli /usr/local/bin/redis-sentinel /usr/local/bin/redis-server /usr/local/share/examples/redis/redis.conf /usr/local/share/examples/redis/sentinel.conf A Server, a Client, a configuration File, … Keep Alive send a ping …

Ruby on Rails

https://github.com/Bratela/openbsd Install Ruby Install Ruby and set Symlinks doas su - pkg_add ruby-3.1.2 ln -sf /usr/local/bin/ruby31 /usr/local/bin/ruby ln -sf /usr/local/bin/bundle31 /usr/local/bin/bundle ln -sf /usr/local/bin/bundler31 /usr/local/bin/bundler ln -sf /usr/local/bin/erb31 /usr/local/bin/erb ln -sf /usr/local/bin/gem31 /usr/local/bin/gem ln -sf /usr/local/bin/irb31 /usr/local/bin/irb ln -sf /usr/local/bin/rdoc31 /usr/local/bin/racc ln -sf /usr/local/bin/rake31 /usr/local/bin/rake ln -sf /usr/local/bin/rdoc31 /usr/local/bin/rbs ln -sf /usr/local/bin/rdoc31 /usr/local/bin/rdbg ln -sf /usr/local/bin/rdoc31 /usr/local/bin/rdoc ln -sf /usr/local/bin/ri31 /usr/local/bin/ri ln -sf /usr/local/bin/typeprof31 /usr/local/bin/typeprof Install Nokogiri pkg_add ruby31-nokogiri-1.13.1p0 Install Rails pkg_add ruby-3.

Ubuntu 20.04 LTS & Netplan

Assume you got a fresh Machine with DHCP … Ubuntu with DHCP Config cat /etc/netplan/01-netcfg.yaml # This is the network config written by 'subiquity' network: ethernets: ens192: dhcp4: true version: 2 and you’d like to switch to Static IP, ask google how todo it an give try: Static IP with Netplan # This is the network config written by 'subiquity' network: version: 2 ethernets: ens192: addresses: - 1.2.3.4/24 gateway4: 1.1.1.1 nameservers: addresses: - 8.

Kubernetes Multi-Juicer

If you ever wanna run a Multiplayer OWASP Juice Shop CTF on your own, here are some Notes and Info for bloody beginners References https://github.com/iteratec/multi-juicer/ https://www.digitalocean.com/ https://kubernetes.io/de/docs/concepts/overview/what-is-kubernetes/ Prerequisite you’ve got a Digital Ocean Account (or some other Cloud Provider) a spare domain and set the NS of DigitalOcean Digital Ocean CMD Line Tools installed and configured helm tools (kubernetes package manager -> brew install helm) some budget (~2 CHF/Day) 30min for Setup btw.

FreeBSD bhyve

bhyve, pronounced “beehive” is a hypervisor/virtual machine manager for FreeBSD that supports most Intel and AMD processors that report the “POPCNT” (POPulation Count) processor feature in dmesg(8). Download ISO and boot it … in a new Virtual Machine … cat << 'EOF' > run_bhyve.sh #!/usr/bin/env bash iso=FreeBSD-13.1-RELEASE-amd64-bootonly.iso vm=guest.img # Load Module if needed kldstat |grep vmm.ko || kldload vmm ifconfig tap0 create sysctl net.link.tap.up_on_open=1 ifconfig ifconfig bridge0 create ifconfig bridge0 addm vmx0 addm tap0 ifconfig bridge0 create ifconfig bridge0 up # Get ISO test -f $iso || fetch https://download.

OpenBSD Compile Custom Kernel

Let’s Compile a Custom Kernel for OpenBSD … and let’s check if we can tune the Process it with multiple Processors. get Sources and prepare Custom Kernel cd /usr/src ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/sys.tar.gz tar xfz sys.tar.gz rm xfz sys.tar.gz cd /sys/arch/$(uname -m)/conf cp GENERIC.MP CUSTOM.MP config CUSTOM.MP cd ../compile/CUSTOM.MP -> with config CUSTOM.MP, you can enable disable Components which will be built into your Custom Kernel. Wlan Drives for a VirtualServer, as example, does not make sense.

Git Tags

With Tags, we have the possibility to “Tag” a certain Point as important. Just give it a release Number (v0.1, v0.2, v1.0) or whatever you like. list tags list all tags for a certain repo git tag add Tag when you’re fine with a version, add a tag … git tag -a v1.0 -m "my Version 1.0" push Tags you have to push the Tags separatly. they do not get pushed with the common “git push” command

OpenBGPD Looking Glass

BGP Looking Glass with OpenBSD something I’ve wanted to do for a long time and never got around to it … Just give a try, it’s public available: https://bgp.stoege.net/ Prerequisite OpenBSD VM (at least 2G RAM) Public IPv4 / IPv6 DNS Record / Static IP Full BGP Feed (don’t worry, you can get it for free) httpd config OpenBSD got their own HTTP Daemon in Base System. Let’s enable and configure it.