Vuln IOS 15.0(2)SE8

Security

Security posture via Cisco PSIRT OpenVuln API

Platform: ios

Version: 15.0(2)SE8

Advisory-ID Impact CVSS CVE Fixed with First Published
cisco-sa-profinet-J9QMCHPB Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability 7.4 CVE-2020-3409 2020-09-24T16:00:00
cisco-sa-info-disclosure-V4BmJBNF Cisco IOS and IOS XE Software Information Disclosure Vulnerability 5.5 CVE-2020-3477 2020-09-24T16:00:00
cisco-sa-cipdos-hkfTZXEx Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities 8.6 CVE-2020-3225 2020-06-03T16:00:00
cisco-sa-ikev2-9p23Jj2a Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability 7.5 CVE-2020-3230 2020-06-03T16:00:00
cisco-sa-ssh-dos-Un22sd2A Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability 7.7 CVE-2020-3200 2020-06-03T16:00:00
cisco-sa-tcl-ace-C9KuVKmm Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability 6.7 CVE-2020-3204 2020-06-03T16:00:00
cisco-sa-20200108-ios-csrf Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability 8.8 CVE-2019-16009 2020-01-08T16:00:00
cisco-sa-20190925-http-client Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability 4.8 CVE-2019-12665 2019-09-25T16:00:00
cisco-sa-20160525-ipv6 Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability 5.8 CVE-2016-1409 2016-05-25T16:00:00
cisco-sa-20180926-ptp Cisco IOS Software Precision Time Protocol Denial of Service Vulnerability 7.5 CVE-2018-0473 2018-09-26T16:00:00
cisco-sa-20170629-snmp SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software 8.8 CVE-2017-6736 2017-06-29T16:00:00
cisco-sa-20170317-cmp Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability 9.8 CVE-2017-3881 2017-03-17T16:00:00
cisco-sa-20190327-ios-infoleak Cisco IOS and IOS XE Software Hot Standby Router Protocol Information Leak Vulnerability 4.3 CVE-2019-1761 2019-03-27T16:00:00
cisco-sa-20190327-cmp-dos Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability 7.4 CVE-2019-1746 2019-03-27T16:00:00
cisco-sa-20190327-ipsla-dos Cisco IOS and IOS XE Software IP Service Level Agreement Denial of Service Vulnerability 8.6 CVE-2019-1737 2019-03-27T16:00:00
cisco-sa-20180926-cdp-dos Cisco IOS and IOS XE Software Cisco Discovery Protocol Denial of Service Vulnerability 7.4 CVE-2018-15373 2018-09-26T16:00:00
cisco-sa-20180926-cmp Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability 7.4 CVE-2018-0475 2018-09-26T16:00:00
cisco-sa-20180926-tacplus Cisco IOS and IOS XE Software TACACS+ Client Denial of Service Vulnerability 6.8 CVE-2018-15369 2018-09-26T16:00:00
cisco-sa-20180926-vtp Cisco IOS and IOS XE Software VLAN Trunking Protocol Denial of Service Vulnerability 4.3 CVE-2018-0197 2018-09-26T16:00:00
cisco-sa-20180328-smi Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability 8.6 CVE-2018-0156 2018-03-28T16:00:00
cisco-sa-20180328-smi2 Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability 9.8 CVE-2018-0171 2018-03-28T16:00:00
cisco-sa-20180328-lldp Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities 8.8 CVE-2018-0167 2018-03-28T16:00:00
cisco-sa-20180328-dhcpr3 Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service Vulnerability 8.6 CVE-2018-0174 2018-03-28T16:00:00
cisco-sa-20180328-dhcpr1 Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability 8.6 CVE-2018-0172 2018-03-28T16:00:00
cisco-sa-20180328-dhcpr2 Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability 8.6 CVE-2018-0173 2018-03-28T16:00:00
cisco-sa-20180328-ike-dos Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability 8.6 CVE-2018-0159 2018-03-28T16:00:00
cisco-sa-20170419-energywise Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities 8.6 CVE-2017-3860 2017-04-19T16:00:00
cisco-sa-20170927-dhcp Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability 9.8 CVE-2017-12240 2017-09-27T16:00:00
cisco-sa-20170927-profinet Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial of Service Vulnerability 8.6 CVE-2017-12235 2017-09-27T16:00:00
cisco-sa-20170927-ike Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability 8.6 CVE-2017-12237 2017-09-27T16:00:00
cisco-sa-20170927-pnp Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability 8.7 CVE-2017-12228 2017-09-27T16:00:00
cisco-sa-20170927-cip Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerabilities 8.6 CVE-2017-12233 2017-09-27T16:00:00
cisco-sa-20170727-ospf Multiple Cisco Products OSPF LSA Manipulation Vulnerability 4.2 CVE-2017-6770 2017-07-27T16:00:00
cisco-sa-20170322-dhcpc Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability 8.6 CVE-2017-3864 2017-03-22T16:00:00
cisco-sa-20150923-fhs Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities 7.8 CVE-2015-6278 2015-09-23T16:00:00
cisco-sa-20160916-ikev1 IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products 7.8 CVE-2016-6415 2016-09-16T16:00:00
cisco-sa-20160928-aaados Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability 7.1 CVE-2016-6393 2016-09-28T16:00:00
cisco-sa-20160928-dns Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability 8.3 CVE-2016-6380 2016-09-28T16:00:00
cisco-sa-20160928-ios-ikev1 Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability 7.1 CVE-2016-6381 2016-09-28T16:00:00
cisco-sa-20160928-msdp Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities 7.8 CVE-2016-6382 2016-09-28T16:00:00
cisco-sa-20160928-smi Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability 7.8 CVE-2016-6385 2016-09-28T16:00:00
cisco-sa-20160928-cip Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability 7.8 CVE-2016-6391 2016-09-28T16:00:00
cisco-sa-20160323-ios-ikev2 Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability 7.1 CVE-2016-1344 2016-03-23T16:00:00
cisco-sa-20160323-smi Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability 7.8 CVE-2016-1349 2016-03-23T16:00:00
cisco-sa-20150325-tcpleak Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability 7.8 CVE-2015-0646 2015-03-25T16:00:00
cisco-sa-20150325-cip Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol 7.8 CVE-2015-0647 2015-03-25T16:00:00
cisco-sa-20150320-openssl Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products 2.6 CVE-2015-0207 2015-03-20T20:20:00
cisco-sa-20150408-ntpd Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products 5.0 CVE-2015-1798 2015-04-08T16:00:00
cisco-sa-20150310-ssl Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products 5.0 CVE-2014-3569 2015-03-10T16:00:00
Cisco-SA-20150113-CVE-2015-0204 OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability 5.0 CVE-2015-0204 2015-01-13T19:57:19
Any Comments ?

sha256: 79bf0448ec96592b255cae56173d8046be1d26090c12f05c8ec949a5e494e8f4

Vuln NXOS 6.2(8)

Security

Security posture via Cisco PSIRT OpenVuln API

Platform: nxos

Version: 6.2(8)

Advisory-ID Impact CVSS CVE Fixed with First Published
cisco-sa-fxos-nxos-cfs-dos-dAmnymbd Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability 8.6 CVE-2020-3517 7.3(6)D1(1) 2020-08-26T16:00:00
cisco-sa-callhome-cmdinj-zkxzSCY Cisco NX-OS Software Call Home Command Injection Vulnerability 7.2 CVE-2020-3454 6.2(22) 2020-08-26T16:00:00
cisco-sa-nxos-pim-memleak-dos-tC8eP7uw Cisco NX-OS Software IPv6 Protocol Independent Multicast Denial of Service Vulnerability 7.5 CVE-2020-3338 6.2(24) 2020-08-26T16:00:00
cisco-sa-nxos-ipip-dos-kCT9X4 Cisco NX-OS Software Unexpected IP in IP Packet Processing Vulnerability 8.6 CVE-2020-10136 6.2(24a) 2020-06-01T16:00:00
cisco-sa-20200226-fxos-nxos-cdp Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability 8.8 CVE-2020-3172 6.2(24) 2020-02-26T16:00:00
cisco-sa-20200205-fxnxos-iosxr-cdp-dos Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability 7.4 CVE-2020-3120 6.2(24) 2020-02-05T16:00:00
cisco-sa-20190828-nxos-fsip-dos Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability 8.6 CVE-2019-1962 6.2(22) 2019-08-28T16:00:00
cisco-sa-20190828-fxnxos-snmp-dos Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability 7.7 CVE-2019-1963 6.2(22) 2019-08-28T16:00:00
cisco-sa-20190828-nxos-memleak-dos Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability 7.7 CVE-2019-1965 6.2(22) 2019-08-28T16:00:00
cisco-sa-20190925-vman Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability 6.7 CVE-2019-12662 6.2(24) 2019-09-25T16:00:00
cisco-sa-20190925-nxos-vman-cmd-inj Cisco NX-OS Software Virtualization Manager Command Injection Vulnerability 6.7 CVE-2019-12717 6.2(24) 2019-09-25T16:00:00
Any Comments ?

sha256: dcc57a5fe985797f70625f446699af20967b380a718cd1d9a5b903aa5220b86a

Openbsd Root Password Recovery

OpenBSD

if you ever have to recover your root password …

Root PW Recovery

boot> boot -s

Enter pathname of shell or RETURN for sh: [ENTER]

fsck -p /
fsck -p /usr

mount -uw /
mount /usr

passwd

and finally: reboot

FSCK

need to run fsck ?

fsck /dev/sd1a
fsck -y /dev/sd1a

FSTAB

need do fix your fstab ?

boot -s
mount /usr
mount /
export TERM=vt100
/usr/bin/vi /etc/fstab
fix it !
Any Comments ?

sha256: 83b758be6c6353e12d4750d8df65d5531075e621a6918ec1c5688386f62e2ace

Smokeping Debian Nginx

Network, OpenBSD

Smokeping in 5min, with Dual Stack on Nginx

Smokeping

All in one Installer

Run it at your own risk …

wget https://blog.stoege.net/scripts/smokeping_debian3.sh
chmod 700 smokeping_debian3.sh
./smokeping_debian3.sh

or Setup by Hand

Install Packages

apt-get install borgbackup curl echoping fcgiwrap fping hping3 htop lynx mlocate mtr nginx rsync smokeping tmate tree tshark unzip vim vnstat wget zip

Configure Nginx

export MYSITENAME="smokeping.planet.world"
wget "https://github.com/vazhnov/smokeping_nginx/raw/master/best.conf"
sed -i -- s/smokeping\.example\.com/${MYSITENAME}/g best.conf
chown root: best.conf
mv best.conf /etc/nginx/sites-available/${MYSITENAME}.conf
ln -s "../sites-available/${MYSITENAME}.conf" "/etc/nginx/sites-enabled/${MYSITENAME}.conf"
nginx -t && systemctl restart nginx

Some Smokeping Fixes

mkdir -p /var/run/smokeping

Tune General

cat << 'EOF' > /etc/smokeping/config.d/General
*** General ***

owner    = Franz Musterer
contact  = nospam@nomail.ch
mailhost = smtp-relay-host

# NOTE: do not put the Image Cache below cgi-bin
# since all files under cgi-bin will be executed ... this is not
# good for images.
cgiurl   = http://somekping.planet/smokeping/smokeping.cgi

# specify this to get syslog logging
syslogfacility = local0
# each probe is now run in its own process
# disable this to revert to the old behaviour
# concurrentprobes = no

@include /etc/smokeping/config.d/pathnames
EOF

Tune Databases

cat << 'EOF' > /etc/smokeping/config.d/Database
*** Database ***

step     = 60
pings    = 59
#step     = 300
#pings    = 20

# consfn mrhb steps total

AVERAGE  0.5   1  1008
AVERAGE  0.5  12  4320
    MIN  0.5  12  4320
    MAX  0.5  12  4320
AVERAGE  0.5 144   720
    MAX  0.5 144   720
    MIN  0.5 144   720
EOF

Tune Probes

cat << 'EOF' > /etc/smokeping/config.d/Probes
*** Probes ***

+ FPing

binary = /usr/bin/fping


+ FPing6
binary = /usr/bin/fping
protocol = 6


+ EchoPingHttp

binary = /usr/bin/echoping
forks = 5
offset = 50%
step = 300

# The following variables can be overridden in each target section
accept_redirects = yes
extraopts =
ignore_cache = yes
ipversion = 4
pings = 5
port = 80
priority = 6
revalidate_data = no
timeout = 20
tos = 0xa0
url = /
waittime = 1


+EchoPingHttps

binary = /usr/bin/echoping
forks = 5
offset = 50%
step = 300

# The following variables can be overridden in each target section
accept_redirects = yes
extraopts =
ignore_cache = yes
ipversion = 4
pings = 5
port = 443
priority = 6
prot = 3443
revalidate_data = no
timeout = 20
tos = 0xa0
url = /
waittime = 1


+EchoPingDNS

binary = /usr/bin/echoping
forks = 5
offset = 50%
step = 300

# The following variables can be overridden in each target section
dns_request = google.com
dns_tcp = no
dns_type = A
extraopts =
ipversion = 4
pings = 5
plugin = /usr/lib/echoping/dns.so
pluginargs = -p
priority = 6
timeout = 1
tos = 0xa0
waittime = 1
EOF

Tune Targets

cat << 'EOF' > /etc/smokeping/config.d/Targets
*** Targets ***

probe = FPing

menu = Top
title = Network Latency Grapher
remark = Welcome to the SmokePing website of xxx Company.          Here you will learn all about the latency of our network.

+ Local
menu = Local
title = Local Network

++ LocalMachine

menu = Local Machine
title = This host
host = localhost



+ Inet
menu = Internet
title = some Hosts on the Net
probe = FPing

++ google
menu = google
title = google, 8.8.8.8
host = 8.8.8.8

++ switch
host = www.switch.ch

++ uzh
host = www.uzh.ch

++ blick
host = www.blick.ch


+ IPv4
menu = IPv4 Hosts
title = Hosts running IPv4
probe = FPing

++ multi
menu  = MultiTarget
title = Multiple Targets
host  = /IPv4/host1 \
        /IPv4/host2 \
        /IPv4/host3

++ host1
host = host1.planet

++ host2
host = host2.planet

++ host3
host = host3.planet


+ IPv6
menu = IPv6 Hosts
title = Hosts running IPv6
probe = FPing6

++ multi
menu  = MultiTarget
title = Multiple Targets
host  = /IPv6/host1 \
        /IPv6/host2 \
        /IPv6/host3

++ host1
host = host1.planet

++ host2
host = host2.planet

++ host3
host = host3.planet


+ HTTP
menu = HTTP
title = some HTTP Probes
probe = EchoPingHttp

++ google-com
host = www.google.com

++ uzh
host = www.uzh.ch
EOF

Restart Smokeping

systemctl restart smokeping

Browse

http://smokeping.planet/smokeping

Smokeping with IPv4 / IPv6

Network, OpenBSD

How to install Smokeping on Debian in 5 Minutes

with Dualstack, IPv4 and IPv6

Smokeping

All in one Installer

Run it at your own risk …

wget https://blog.stoege.net/scripts/smokeping_debian2.sh
chmod 700 smokeping_debian2.sh
./smokeping_debian2.sh

or Setup by Hand

Set Hostname

root@smokeping:~# cat /etc/hostname
smokeping.planet

Install Packages

apt-get install apache2 borgbackup curl echoping fping hping3 htop ipcalc jq lftp lynx mlocate mtr nmap pwgen rsync sipcalc smokeping tmate tree tshark unzip vim vnstat wget zip

Enable Smokeping in Apache

cd /etc/apache2/conf-enabled
ln -s ../conf-available/smokeping.conf .

Enable Module CGI

a2enmod cgid
systemctl restart apache2

Some Smokeping Fixes

mkdir -p /var/run/smokeping

Tune General

cat << 'EOF' > /etc/smokeping/config.d/General
*** General ***

owner    = Franz Musterer
contact  = nospam@nomail.ch
mailhost = smtp-relay-host

# NOTE: do not put the Image Cache below cgi-bin
# since all files under cgi-bin will be executed ... this is not
# good for images.
cgiurl   = http://somekping.planet/smokeping/smokeping.cgi

# specify this to get syslog logging
syslogfacility = local0
# each probe is now run in its own process
# disable this to revert to the old behaviour
# concurrentprobes = no

@include /etc/smokeping/config.d/pathnames
EOF

Tune Databases

cat << 'EOF' > /etc/smokeping/config.d/Database
*** Database ***

step     = 60
pings    = 59
#step     = 300
#pings    = 20

# consfn mrhb steps total

AVERAGE  0.5   1  1008
AVERAGE  0.5  12  4320
    MIN  0.5  12  4320
    MAX  0.5  12  4320
AVERAGE  0.5 144   720
    MAX  0.5 144   720
    MIN  0.5 144   720
EOF

Tune Probes

cat << EOF > /etc/smokeping/config.d/Probes
*** Probes ***

+ FPing

binary = /usr/bin/fping


+ FPing6
binary = /usr/bin/fping
protocol = 6


+ EchoPingHttp

binary = /usr/bin/echoping
forks = 5
offset = 50%
step = 300

# The following variables can be overridden in each target section
accept_redirects = yes
extraopts =
ignore_cache = yes
ipversion = 4
pings = 5
port = 80
priority = 6
revalidate_data = no
timeout = 20
tos = 0xa0
url = /
waittime = 1


+EchoPingHttps

binary = /usr/bin/echoping
forks = 5
offset = 50%
step = 300

# The following variables can be overridden in each target section
accept_redirects = yes
extraopts =
ignore_cache = yes
ipversion = 4
pings = 5
port = 443
priority = 6
prot = 3443
revalidate_data = no
timeout = 20
tos = 0xa0
url = /
waittime = 1


+EchoPingDNS

binary = /usr/bin/echoping
forks = 5
offset = 50%
step = 300

# The following variables can be overridden in each target section
dns_request = google.com
dns_tcp = no
dns_type = A
extraopts =
ipversion = 4
pings = 5
plugin = /usr/lib/echoping/dns.so
pluginargs = -p
priority = 6
timeout = 1
tos = 0xa0
waittime = 1
EOF

Tune Targets

cat << 'EOF' > /etc/smokeping/config.d/Targets
*** Targets ***

probe = FPing

menu = Top
title = Network Latency Grapher
remark = Welcome to the SmokePing website of xxx Company.          Here you will learn all about the latency of our network.

+ Local
menu = Local
title = Local Network

++ LocalMachine

menu = Local Machine
title = This host
host = localhost



+ Inet
menu = Internet
title = some Hosts on the Net
probe = FPing

++ google
menu = google
title = google, 8.8.8.8
host = 8.8.8.8

++ switch
host = www.switch.ch

++ uzh
host = www.uzh.ch

++ blick
host = www.blick.ch


+ IPv4
menu = IPv4 Hosts
title = Hosts running IPv4
probe = FPing

++ multi
menu  = MultiTarget
title = Multiple Targets
host  = /IPv4/host1 \
        /IPv4/host2 \
        /IPv4/host3

++ host1
host = host1.planet

++ host2
host = host2.planet

++ host3
host = host3.planet


+ IPv6
menu = IPv6 Hosts
title = Hosts running IPv6
probe = FPing6

++ multi
menu  = MultiTarget
title = Multiple Targets
host  = /IPv6/host1 \
        /IPv6/host2 \
        /IPv6/host3

++ host1
host = host1.planet

++ host2
host = host2.planet

++ host3
host = host3.planet


+ HTTP
menu = HTTP
title = some HTTP Probes
probe = EchoPingHttp

++ google-com
host = www.google.com

++ uzh
host = www.uzh.ch
EOF

Restart Smokeping

systemctl restart smokeping

Browse

http://smokeping.planet/smokeping

RC3

Security

some cool Movies/Audios from “Remote Chaos Experience” RC3

RC3 Video, ordered by ViewCount

Amateurfunk hacken

Spot the Surveillance

DevOps Disasters 3.1

Elektrogruselkabinet Indien-Edition

36C3 - Boeing 737MAX: Automated Crashes

36C3 - BahnMining - Pünktlichkeit ist eine Zier

36C3 - Finfisher verklagen

36C3 - Hirne Hacken

35C3 - Du kannst alles hacken – du darfst dich nur nicht erwischen lassen

35C3 - Hackerethik - eine Einführung

Any Comments ?

sha256: ec267b020ffdde11711eff23057df1a9b74a0fed1c262c0ab9dd28b5c08d512e

Checkmk 2.0 Beta

Monitoring

Install Notes

checkmk 2.0 (beta)

install debian 10.6
upgrade to 10.7
apt-get install dpkg-sig

scp check-mk-raw-2.0.0b1_0.buster_amd64.deb ip-of-host:/tmp/
wget https://checkmk.com/support/Check_MK-pubkey.gpg
gpg --keyserver keys.gnupg.net --recv-keys 434DAC48C4503261
gpg --armor --export 434DAC48C4503261 > Check_MK-pubkey.gpg
gpg --import Check_MK-pubkey.gpg

dpkg-sig --verify check-mk-raw-2.0.0b1_0.buster_amd64.deb

apt-get install gdebi-core
gdebi check-mk-raw-2.0.0b1_0.buster_amd64.deb

omd version
OMD - Open Monitoring Distribution Version 2.0.0b1.cre


omd create mysite
omd start mysite
http://ip-of-host/mysite/
cmkadmin


  The admin user for the web applications is cmkadmin with password: xXxXxXx
  For command line administration of the site, log in with 'omd su mysite'.
  After logging in, you can change the password for cmkadmin with 'htpasswd etc/htpasswd cmkadmin'.
Any Comments ?

sha256: 62f460939ccba74886d5b4c89ca6b9ab4afbd9e44c634b961c7b4d8dd572840b

Jq

OpenBSD

Json Query

some basics about JQ

RAW Data

cat history.shelly.0.SHEM-3#40F52000B661#1.Total.Current.json | jq '.[0:3]'
[
  {
    "val": 2.64,
    "ack": 1,
    "ts": 1607900404883,
    "q": 0,
    "user": "system.user.admin"
  },
  {
    "val": 2.61,
    "ack": 1,
    "ts": 1607900410483,
    "q": 0,
    "user": "system.user.admin"
  },
  {
    "val": 2.58,
    "ack": 1,
    "ts": 1607900416083,
    "q": 0,
    "user": "system.user.admin"
  }
]

Query First Record

cat history.shelly.0.SHEM-3#40F52000B661#1.Total.Current.json | jq '.[0]'
{
  "val": 2.64,
  "ack": 1,
  "ts": 1607900404883,
  "q": 0,
  "user": "system.user.admin"
}

Filter val and ts

cat history.shelly.0.SHEM-3#40F52000B661#1.Total.Current.json | jq '.[0] |.ts,.val'
1607900404883
2.64

Filter val and ts on one line

cat history.shelly.0.SHEM-3#40F52000B661#1.Total.Current.json | jq '.[0] | (.ts |tostring) + ";" + (.val |tostring)'
"1607900404883;2.64"

Filter first 10 val and ts on one line

cat history.shelly.0.SHEM-3#40F52000B661#1.Total.Current.json | jq '.[] | (.ts |tostring) + ";" + (.val |tostring)' |head -10
"1607900404883;2.64"
"1607900410483;2.61"
"1607900416083;2.58"
"1607900421739;2.62"
"1607900427335;2.62"
"1607900433003;2.57"
"1607900438543;2.72"
"1607900444131;2.67"
"1607900449791;2.6"
"1607900455383;2.55"

Filter first 10 val and ts on one line

cat history.shelly.0.SHEM-3#40F52000B661#1.Total.Current.json | jq '.[] |.ts,.val' |paste - - |head -10
1607900404883	2.64
1607900410483	2.61
1607900416083	2.58
1607900421739	2.62
1607900427335	2.62
1607900433003	2.57
1607900438543	2.72
1607900444131	2.67
1607900449791	2.6
1607900455383	2.55

Current over 50A

cat history.shelly.0.SHEM-3#40F52000B661#1.Total.Current.json | jq -c '.[] | select (.val >= '50')'
{"val":52.55,"ack":1,"ts":1607907152399,"q":0,"user":"system.user.admin"}
{"val":52.54,"ack":1,"ts":1607907157975,"q":0,"user":"system.user.admin"}
{"val":52.53,"ack":1,"ts":1607907163639,"q":0,"user":"system.user.admin"}
{"val":52.5,"ack":1,"ts":1607907169220,"q":0,"user":"system.user.admin"}
{"val":52.49,"ack":1,"ts":1607907174863,"q":0,"user":"system.user.admin"}
{"val":52.53,"ack":1,"ts":1607907180639,"q":0,"user":"system.user.admin"}
...

BGP Stuff

dump networks from AS 3303

Wireguard Puffy to OPNsense

OpenBSD

WG Tunnel between OpenBSD and OPNsense

How to Setup an WG Tunnel between OpenBSD and OPNSense ? That’s quite simple …

OpenBSD

Install Packages

pkg_add wireguard-tools--

Gen Key Onliner

wg genkey | tee privatekey | wg pubkey > publickey

Build Interface

r=$(openssl rand -base64 32)
remote_ip="1.2.3.4"
remote_net="192.168.0.0/24"

cat << 'EOF' > /etc/hostname.wg0
# WG Tunnel to OPNsense
wgkey   ${r}
wgport  51820
wgpeer  xxxxx - PUBLIC-KEY-OF-REMOTE-HOST - xxxxx= wgendpoint ${remote_ip} 51820 wgaip ${remote_net}
inet    10.0.0.1/24
!route add ${remote_net} 10.0.0.2
up
EOF

sh /etc/netstart wg0
ifconfig wg0

update pf.conf

# skip on wg Interface
set skip on { lo0 wg0 }

# Wireguard
pass in log quick inet proto udp from ${remote_ip}/32 to (self) port 51820

OPNsense

Install Wireguard

Menu System -> Firmware -> Plugins -> Install Wireguard

Keychain

OpenBSD, Linux

Need a small and smart utility to manage you ssh keys under linux ? got some scripts and cronjobs which requires an local ssh key ? have a look at keychain !

Install Software

depending on your OS …

macos$ brew install keychain
debian$ sudo apt-get install keychain
openbsd$ pkg_add keychain
freebsd$ pkg install keychain

edit startup Scripts

$HOME/.bashrc $HOME/.bash_profile /etc/profile $HOME/.profile

cat << 'EOF' >> $HOME/.bashrc
# Keychain Startup
eval `keychain --eval id_ed25519`
EOF

check service

$ keychain
$ ssh-add -L

add to .profile

cat << 'EOF' >> .profile

# Keychain Loaded ? Load and show Key ...
eval $(keychain --eval id_ed25519)
echo -e "loaded keys: `ssh-add -L |cut -c 1-12,77-`\n"
EOF

List Keys

keychain --list

List Finterprints (Public Key ?)

$ keychain --list-fp

Set Timeout

Timeout for SSH Agent