as many of you, i’ve got different kind of stuff running, mostly internally, but also some public things.
my Daughter got a Hamster and he’s running every night in his Weel.. I built a small Wheel-Counter so we can see the Daily Stats an Performance of Cookie :). Website is in German and reachable via IPv6 only …
the Hamster died just before XMAS 2022 :( RIP Cookie !
some basic commands for branches. you can read Branch Basics and Branch Management for more details
you wanna develope a feature, fix a bug, test some stuff … you need a branch !
git checkout -b feature1
if you have a central repo, push the feature upstream (so others can checkout as well)
git push --set-upstream origin feature1
you may have multiple branches, list them all. and update pager so list will not open in VIM !
i like to run honeypots … ok, to be honest, it’s not a honeypot. It’s a productive maschine for me, but all the bots trying to get in get’s redirected to a Honeypot, the credentials were captured and last but not least, you can watch them live in your browser :)
btw. 100k failed login attempts in 10 Day …
have fun !
sha256: 8ae49e2283f894d5ab59ec16309f4f1d4aa547c0fd90705f969bae0d20d3b6f2
This is similar to the previous Post, but with a small difference.
Here, we add an other Partition /jail with 2GB Size. On this Partition, we remove the nodev & nosuid Flag, so we can use this Partition as Root for some Jailed Users. And last but not least, we fireup a new VM, configure a Jailed User and make it Public Available …
*** Bootstrap OpenBSD 6.8 ***
i just like this Page … Faces of OpenSource.
Thanks for all the fish, guys !
sha256: 511dfaf2c20685d4fb80884557bf2efaf1ac7f234d02d25be20687d92cb6ad11
tbd
tshark -nn -i wg0 -e ip.src -e ip6.src -e dns.qry.name -E separator=";" -T fields port 53
Capture Files, Rotate every 10MB, keep last 25 files
doas tshark -n -i em0 -w sniff -b filesize:10000 -b files:25
Capture Files, Rotate every 10MB, keep last 25 files, Stop after 1h
doas tshark -n -i em0 -w sniff -b filesize:10000 -b files:25 -a duration:3600
Capture Files, Rotate every 10MB, keep last 25 files, Stop after 100000 Packets
you may want to manage some vm in the cloud. webgui is nice, but a real nerd needs cli ;)
some notes how to get terraform running with OpenBSD.
$ time doas pkg_add git gmake go terraform
3m18.62s real 0m19.53s user 0m07.73s system
echo "GOPATH=$HOME/go" >> ~/.profile
echo "export GOPATH" >> ~/.profile
. ./.profile
echo $GOPATH
As the hcloud is not available for OpenBSD, we have to build it on our own.
It’s always good to have Templates. Isn’t it ? Sometime, with a lot of stuff preconfigured and installed. Sometimes, a fresh install without anything (except syspatches). Here a little Helper, how to Build a OpenBSD Template with 20GB, resp. 40GB Disk Size.
This stuff was tested on www.hetzner.de, so you should be able to reproduce it in a few minutes.
Costs: CX11, 1 CPU, 2 GB RAM, 20 GB Disk, 20TB Traffic -> 2.68 Euro/Month
Costs: CPX11, 2 CPU, 2 GB RAM, 40 GB Disk, 20TB Traffic -> 3.76 Euro/Month
If you create an Account, you can use my sponsor link and we both get “a few bucks” to play with …
you may know what RPKI is …
It’s a PKI Framework for improving Security for the Internet Routing Infrastructure based on BGP.
As a HomeUser or Small/Medium Size Company, you normally don’t have a Full BGP Table and multipe Upstream Providers. You have one Internet Router or Firewall and you get a Default Route from your ISP.
With OpenBGPD and the current rpki extensions, you “just” need a Full BGP Feed and then, you can filter all invalid ROA’s and keep your Routing (and Internet Access) more Secure.
pkg_add freeradius--%freeradius3
add your wlan ap
client ruckus {
ipaddr = 1.2.3.4/32
secret = das-sag-ich-dir-nicht
}
add some users
# Admin to Admin Vlan (100)
admin Cleartext-Password := "das-sag-ich-dir-nicht"
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-Id = "100"
# Guests to Guest Vlan (200)
guest Cleartext-Password := "das-sag-ich-nur-dem-gast"
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-Id = "200"
enable Vlan rewrite on line 336 (set to 1)